decidim-odoo 0.1.0

data/README.md

@@ -0,0 +1,169 @@
+# Decidim::Odoo
+
+[![[CI] Lint](https://github.com/Platoniq/decidim-module-odoo/actions/workflows/lint.yml/badge.svg)](https://github.com/Platoniq/decidim-module-odoo/actions/workflows/lint.yml)
+[![[CI] Test](https://github.com/Platoniq/decidim-module-odoo/actions/workflows/test.yml/badge.svg)](https://github.com/Platoniq/decidim-module-odoo/actions/workflows/test.yml)
+[![Maintainability](https://api.codeclimate.com/v1/badges/2dada53525dd5a944089/maintainability)](https://codeclimate.com/github/Platoniq/decidim-module-odoo/maintainability)
+[![codecov](https://codecov.io/gh/Platoniq/decidim-module-odoo/branch/main/graph/badge.svg)](https://codecov.io/gh/Platoniq/decidim-module-odoo)
+
+A Decidim module to sync Odoo users who connect to the platform using Keycloak OpenID OAuth.
+
+This module allows the user to sign up in Decidim using the Odoo data. The process is described below:
+
+![Sequence Diagram](examples/sequence-diagram.png)
+
+When a user logs in to the system using Odoo Keycloak OAuth, the information of the user provided
+by the Odoo API is stored in a model.
+
+With this information, we can check if the user is a member or not depending on the values of the
+properties `member` and `coop_candidate`. If any of them is true, we will determine whether the user
+is a member. Taking this into account, every time we update the Odoo information of the user, we
+check this condition to create an authorization: `odoo_member` or delete it if the user is
+no longer a member.
+
+The Odoo information of a user is updated automatically the first time the user signs up in the
+system via OAuth, but it can be manually updated as described below:
+
+- By an admin in the `/admin/odoo/members` route syncing a single user or all the users in the 
+system
+- Using the `rake` task: `decidim:odoo:sync:members`. It will update all the users from all the
+organizations, so we recommend using it when the traffic in the platform is low. You can easily
+schedule it using [whenever](https://github.com/javan/whenever) adding the lines:
+
+```ruby
+every :day, at: "2:00am" do
+  rake "decidim:odoo:sync:members"
+end
+```
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "decidim-odoo", git: "https://github.com/Platoniq/decidim-module-odoo", branch: "main"
+```
+
+And then execute:
+
+```bash
+bundle
+```
+
+Install (and run) migrations:
+
+```
+bundle exec rails decidim_odoo:install:migrations
+bundle exec rails db:migrate
+```
+
+## Configuration
+
+In order to make the Odoo OAuth method with Keycloak available you need to add to your
+`config/secrets.yml` the entry below:
+
+```yaml
+  omniauth:
+    odoo_keycloak:
+      enabled: true
+      icon_path: media/images/odoo_logo.svg
+```
+
+The rest of the configuration can be done with an initializer file as the ones in
+[this directory](lib/generators/decidim/odoo/templates) or with environment variables:
+
+| ENV                                  | Description                                                                                                                                                                                                          | Example                      |
+|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|
+| OMNIAUTH_ODOO_KEYCLOAK_CLIENT_ID     | The Keycloak client ID                                                                                                                                                                                               | `your-client-id`             |
+| OMNIAUTH_ODOO_KEYCLOAK_CLIENT_SECRET | The Keycloak client secret                                                                                                                                                                                           | `your-client-secret`         |
+| OMNIAUTH_ODOO_KEYCLOAK_SITE          | The Keycloak site                                                                                                                                                                                                    | `https://example.org/oauth`  |
+| OMNIAUTH_ODOO_KEYCLOAK_REALM         | The Keycloak realm                                                                                                                                                                                                   | `example-realm`              |
+| OMNIAUTH_ODOO_KEYCLOAK_ICON_PATH     | **Optional**. The icon path for the "Sign in with Odoo" button. In order to replace the default one, you need to include it under `app/packs/images` directory and reference it here as `media/images/your-icon.svg` | `media/images/odoo_logo.svg` |
+| ODOO_API_BASE_URL                    | The base URL for the Odoo API                                                                                                                                                                                        | `https://example.org/api`    |
+| ODOO_API_API_KEY                     | The API key to authenticate with the API                                                                                                                                                                             | `your-api-key`               |
+
+> **IMPORTANT**: Remember to activate the verification method `odoo_member` in the
+> Decidim `/system` admin page for your organization.
+
+## Contributing
+
+See [Decidim](https://github.com/decidim/decidim).
+
+### Developing
+
+To start contributing to this project, first:
+
+- Install the basic dependencies (such as Ruby and PostgreSQL)
+- Clone this repository
+
+Decidim's main repository also provides a Docker configuration file if you
+prefer to use Docker instead of installing the dependencies locally on your
+machine.
+
+You can create the development app by running the following commands after
+cloning this project:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake development_app
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+Then to test how the module works in Decidim, start the development server:
+
+```bash
+$ cd development_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rails s
+```
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add the environment variables to the root directory of the project in a file
+named `.rbenv-vars`. If these are defined for the environment, you can omit
+defining these in the commands shown above.
+
+#### Code Styling
+
+Please follow the code styling defined by the different linters that ensure we
+are all talking with the same language collaborating on the same project. This
+project is set to follow the same rules that Decidim itself follows.
+
+[Rubocop](https://rubocop.readthedocs.io/) linter is used for the Ruby language.
+
+You can run the code styling checks by running the following commands from the
+console:
+
+```
+$ bundle exec rubocop
+```
+
+To ease up following the style guide, you should install the plugin to your
+favorite editor, such as:
+
+- Atom - [linter-rubocop](https://atom.io/packages/linter-rubocop)
+- Sublime Text - [Sublime RuboCop](https://github.com/pderichs/sublime_rubocop)
+- Visual Studio Code - [Rubocop for Visual Studio Code](https://github.com/misogi/vscode-ruby-rubocop)
+
+### Testing
+
+To run the tests run the following in the gem development path:
+
+```bash
+$ bundle
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rake test_app
+$ DATABASE_USERNAME=<username> DATABASE_PASSWORD=<password> bundle exec rspec
+```
+
+Note that the database user has to have rights to create and drop a database in
+order to create the dummy test app database.
+
+In case you are using [rbenv](https://github.com/rbenv/rbenv) and have the
+[rbenv-vars](https://github.com/rbenv/rbenv-vars) plugin installed for it, you
+can add these environment variables to the root directory of the project in a
+file named `.rbenv-vars`. In this case, you can omit defining these in the
+commands shown above.
+
+## License
+
+This engine is distributed under the [GNU AFFERO GENERAL PUBLIC LICENSE](LICENSE-AGPLv3.txt).

data/Rakefile

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "decidim/dev/common_rake"
+require "generators/decidim/odoo/install_generator"
+
+def install_module(path)
+  Dir.chdir(path) do
+    system("bundle exec rake decidim_odoo:install:migrations")
+    system("bundle exec rake db:migrate")
+  end
+end
+
+def seed_db(path)
+  Dir.chdir(path) do
+    system("bundle exec rake db:seed")
+  end
+end
+
+desc "Generates a dummy app for testing"
+task test_app: "decidim:generate_external_test_app" do
+  ENV["RAILS_ENV"] = "test"
+  Decidim::Odoo::Generators::InstallGenerator.start
+  install_module("spec/decidim_dummy_app")
+end
+
+desc "Generates a development app."
+task :development_app do
+  Bundler.with_original_env do
+    generate_decidim_app(
+      "development_app",
+      "--app_name",
+      "#{base_app_name}_development_app",
+      "--path",
+      "..",
+      "--recreate_db",
+      "--demo"
+    )
+  end
+
+  Decidim::Odoo::Generators::InstallGenerator.start
+  install_module("development_app")
+  seed_db("development_app")
+end

data/app/commands/decidim/odoo/sync_user.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    class SyncUser < Rectify::Command
+      # Public: Initializes the command.
+      #
+      # user - A decidim user
+      def initialize(user)
+        @user = user
+      end
+
+      # Executes the command. Broadcasts these events:
+      #
+      # - :ok when everything is valid.
+      # - :invalid if we couldn't proceed.
+      #
+      # Returns nothing.
+      def call
+        update_user!
+        create_user!
+
+        ActiveSupport::Notifications.publish("decidim.odoo.user.updated", odoo_user.id)
+
+        broadcast(:ok, odoo_user)
+      rescue StandardError => e
+        broadcast(:invalid, e.message)
+      end
+
+      private
+
+      attr_reader :user, :odoo_user
+
+      def create_user!
+        @odoo_user = User.find_or_create_by(user: user, organization: user.organization)
+        @odoo_user.odoo_user_id = odoo_info[:id]
+        @odoo_user.ref = odoo_info[:ref]
+        @odoo_user.coop_candidate = odoo_info[:coop_candidate]
+        @odoo_user.member = odoo_info[:member]
+        @odoo_user.save!
+        # rubocop:disable Rails/SkipsModelValidations
+        @odoo_user.touch
+        # rubocop:enable Rails/SkipsModelValidations
+      end
+
+      def update_user!
+        user.nickname = odoo_info[:vat] if odoo_info[:vat]
+        user.name = odoo_info[:name] if odoo_info[:name]
+        user.save!
+      end
+
+      def odoo_info
+        @odoo_info ||= ::Decidim::Odoo::Api::FindPartner.new(user.odoo_identity.uid).result
+      end
+    end
+  end
+end

data/app/controllers/concerns/decidim/odoo/admin/members/filterable.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module Decidim
+  module Odoo
+    module Admin
+      module Members
+        module Filterable
+          extend ActiveSupport::Concern
+
+          included do
+            include Decidim::Admin::Filterable
+
+            private
+
+            def base_query
+              collection
+            end
+
+            def search_field_predicate
+              :user_name_or_user_nickname_or_user_email_cont
+            end
+
+            def filters
+              [:member_eq, :coop_candidate_eq]
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/decidim/odoo/admin/members_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    module Admin
+      class MembersController < Decidim::Admin::ApplicationController
+        include Decidim::Paginable
+        include Decidim::Odoo::Admin::Members::Filterable
+
+        helper Decidim::HumanizeBooleansHelper
+        helper Decidim::Messaging::ConversationHelper
+        helper Decidim::Odoo::Admin::OdooHelper
+
+        def index
+          enforce_permission_to :read, :officialization
+          @odoo_users = filtered_collection
+        end
+
+        def sync
+          Decidim::Odoo::SyncUsersJob.perform_later(current_organization.id, params[:id])
+          flash[:notice] = t("success", scope: "decidim.odoo.admin.members.sync")
+          redirect_to decidim_odoo_admin.members_path
+        end
+
+        private
+
+        def collection
+          @collection ||= Decidim::Odoo::User.where(organization: current_organization).left_outer_joins(:user).order(updated_at: :desc)
+        end
+      end
+    end
+  end
+end

data/app/forms/decidim/odoo/verifications/odoo_member.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "digest"
+
+module Decidim
+  module Odoo
+    module Verifications
+      class OdooMember < Decidim::AuthorizationHandler
+        validate :user_valid
+
+        def metadata
+          super.merge(
+            uid: uid,
+            odoo_user_ref: odoo_user&.ref
+          )
+        end
+
+        def unique_id
+          Digest::SHA512.hexdigest("#{uid}-#{Rails.application.secrets.secret_key_base}")
+        end
+
+        protected
+
+        def organization
+          current_organization || user&.organization
+        end
+
+        def uid
+          odoo_user&.odoo_user_id
+        end
+
+        def odoo_user
+          @odoo_user ||= Decidim::Odoo::User.find_by(user: user)
+        end
+
+        def odoo_api_user
+          @odoo_api_user ||= begin
+            Decidim::Odoo::Api::FindPartner.new(uid).result
+          rescue Decidim::Odoo::Error => _e
+            nil
+          end
+        end
+
+        def user_valid
+          errors.add(:user, "decidim.odoo.errors.not_found") if odoo_user.blank? && odoo_api_user.blank?
+          if (odoo_user && !odoo_user.odoo_member?) || (odoo_api_user && !odoo_api_user[:member] && !odoo_api_user[:coop_candidate])
+            errors.add(:user, "decidim.odoo.errors.not_member")
+          end
+        end
+      end
+    end
+  end
+end

data/app/helpers/decidim/odoo/admin/odoo_helper.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    module Admin
+      module OdooHelper
+        def boolean_class(boolean)
+          boolean ? "success" : "alert"
+        end
+
+        def last_sync_class(datetime)
+          return unless datetime
+          return "alert" if datetime < 1.week.ago
+          return "warning" if datetime < 1.day.ago
+
+          "success"
+        end
+      end
+    end
+  end
+end

data/app/jobs/decidim/odoo/auto_verification_job.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    class AutoVerificationJob < ApplicationJob
+      queue_as :default
+
+      def perform(odoo_user_id)
+        @odoo_user = Decidim::Odoo::User.find(odoo_user_id)
+        @odoo_user.odoo_member? ? create_auth : remove_auth
+      rescue ActiveRecord::RecordNotFound => _e
+        Rails.logger.error "AutoVerificationJob: ERROR: model not found for odoo user #{odoo_user_id}"
+      end
+
+      private
+
+      def create_auth
+        return unless (handler = Decidim::AuthorizationHandler.handler_for("odoo_member", user: @odoo_user.user))
+
+        Decidim::Verifications::AuthorizeUser.call(handler, @odoo_user.organization) do
+          on(:ok) do
+            Rails.logger.info "AutoVerificationJob: Success: created for user #{handler.user.id}"
+          end
+
+          on(:invalid) do
+            Rails.logger.error "AutoVerificationJob: ERROR: not created for user #{handler.user&.id}"
+          end
+        end
+      end
+
+      def remove_auth
+        Decidim::Authorization.where(user: @odoo_user.user, name: "odoo_member").each do |auth|
+          Decidim::Verifications::DestroyUserAuthorization.call(auth) do
+            on(:ok) do
+              Rails.logger.info "AutoVerificationJob: Success: removed for user #{auth.user.id}"
+            end
+
+            on(:invalid) do
+              Rails.logger.error "AutoVerificationJob: ERROR: not removed for user #{auth.user&.id}"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/app/jobs/decidim/odoo/omniauth_user_sync_job.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    class OmniauthUserSyncJob < ApplicationJob
+      queue_as :default
+
+      def perform(data)
+        user = Decidim::User.find(data[:user_id])
+        return unless user.odoo_identity?
+
+        Decidim::Odoo::SyncUser.call(user) do
+          on(:ok) do |odoo_user|
+            Rails.logger.info "OmniauthUserSyncJob: Success: Odoo user #{odoo_user.id} created for user #{odoo_user.user&.id}"
+          end
+
+          on(:invalid) do |message|
+            Rails.logger.error "OmniauthUserSyncJob: ERROR: Odoo user creation error #{message}"
+          end
+        end
+      end
+    end
+  end
+end

data/app/jobs/decidim/odoo/sync_users_job.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    class SyncUsersJob < ApplicationJob
+      queue_as :default
+
+      def perform(organization_id, odoo_user_id = nil)
+        odoo_users = Decidim::Odoo::User.where(decidim_organization_id: organization_id)
+        odoo_users = odoo_users.where(id: odoo_user_id) if odoo_user_id
+        Rails.logger.warn "SyncUsersJob: WARN: No results found for: organization_id='#{organization_id}' and odoo_user_id='#{odoo_user_id}'" if odoo_users.empty?
+
+        odoo_users.each do |odoo_user|
+          Decidim::Odoo::OmniauthUserSyncJob.perform_later(user_id: odoo_user.user.id)
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/decidim/odoo/user_override.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    module UserOverride
+      extend ActiveSupport::Concern
+
+      included do
+        has_one :odoo_user, class_name: "Decidim::Odoo::User", foreign_key: "decidim_user_id", dependent: :destroy
+
+        def odoo_identity
+          identities.find_by(provider: Decidim::Odoo::OMNIAUTH_PROVIDER_NAME)
+        end
+
+        def odoo_identity?
+          identities.exists?(provider: Decidim::Odoo::OMNIAUTH_PROVIDER_NAME)
+        end
+      end
+    end
+  end
+end

data/app/models/decidim/odoo/user.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Decidim
+  module Odoo
+    class User < ApplicationRecord
+      belongs_to :organization, class_name: "Decidim::Organization", foreign_key: "decidim_organization_id"
+      belongs_to :user, class_name: "Decidim::User", foreign_key: "decidim_user_id"
+
+      validates :user, uniqueness: true
+      validates :odoo_user_id, uniqueness: { scope: :organization }
+      validates :ref, uniqueness: { scope: :organization }
+
+      def odoo_member?
+        member || coop_candidate
+      end
+    end
+  end
+end

data/app/packs/entrypoints/decidim_odoo.js

@@ -0,0 +1,2 @@
+// Images
+require.context("../images", true)

data/app/packs/images/odoo_logo.svg

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16">
+ <circle stroke="#FFF" fill-opacity="0" cx="8" cy="8" r="3.84" stroke-width="1.92"/>
+</svg>

data/app/views/decidim/odoo/admin/members/index.html.erb

@@ -0,0 +1,58 @@
+<div class="card">
+  <div class="card-divider">
+    <h2 class="card-title">
+      <%= t(".title") %>
+      <%= link_to t(".sync_all"), decidim_odoo_admin.sync_members_path, class: "button tiny button--title" %>
+    </h2>
+  </div>
+  <%= admin_filter_selector %>
+  <div class="card-section">
+    <% if @odoo_users.any? %>
+      <table class="table-list odoo-groups">
+        <thead>
+        <tr>
+          <th><%= t(".odoo_id") %></th>
+          <th><%= t(".ref") %></th>
+          <th><%= t(".name") %></th>
+          <th><%= t(".alias") %></th>
+          <th><%= t(".coop_candidate") %></th>
+          <th><%= t(".member") %></th>
+          <th><%= t(".last_sync") %></th>
+          <th><%= t(".actions") %></th>
+        </tr>
+        </thead>
+        <tbody>
+        <% @odoo_users.each do |odoo_user| %>
+          <tr>
+            <td><%= odoo_user.odoo_user_id %></td>
+            <td><%= odoo_user.ref %></td>
+            <% if odoo_user.user.nickname.present? %>
+              <td><%= link_to odoo_user.user.name, decidim.profile_path(odoo_user.user.nickname) %></td>
+              <td><%= link_to odoo_user.user.nickname, decidim.profile_path(odoo_user.user.nickname) %></td>
+            <% else %>
+              <td><%= odoo_user.user.name %></td>
+              <td><%= odoo_user.user.nickname %></td>
+            <% end %>
+            <td class="<%= boolean_class(odoo_user.coop_candidate) %>"><%= content_tag :strong, humanize_boolean(odoo_user.coop_candidate) %></td>
+            <td class="<%= boolean_class(odoo_user.member) %>"><%= content_tag :strong, humanize_boolean(odoo_user.member) %></td>
+            <td class="<%= last_sync_class(odoo_user.updated_at) %>"><%= l(odoo_user.updated_at, format: :decidim_short) %></td>
+            <td class="table-list__actions">
+              <%= icon_link_to "reload", decidim_odoo_admin.sync_members_path(id: odoo_user.id), t(".sync"), class: "action-icon--reload" %>
+              <% if allowed_to? :show_email, :user, user: odoo_user.user %>
+                <%= icon_link_to "envelope-open", decidim_admin.show_email_officialization_path(user_id: odoo_user.user.id), t(".show_email"), class: "action-icon action-icon--show-email", data: { full_name: odoo_user.user.name, toggle: "show-email-modal" } %>
+              <% end %>
+              <%= icon_link_to "envelope-closed", current_or_new_conversation_path_with(odoo_user.user), t(".contact"), class:"action-icon--new" %>
+            </td>
+          </tr>
+        <% end %>
+        </tbody>
+      </table>
+      <%= paginate @odoo_users, theme: "decidim" %>
+    <% else %>
+      <p class="callout warning">
+        <%= t(".empty") %>
+      </p>
+    <% end %>
+  </div>
+</div>
+<%= render partial: "decidim/admin/officializations/show_email_modal" %>

data/config/assets.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+base_path = File.expand_path("..", __dir__)
+
+Decidim::Webpacker.register_path("#{base_path}/app/packs")
+Decidim::Webpacker.register_entrypoints(
+  decidim_oddo: "#{base_path}/app/packs/entrypoints/decidim_odoo.js"
+)

data/config/i18n-tasks.yml

@@ -0,0 +1,8 @@
+---
+
+base_locale: en
+locales: [en]
+ignore_unused:
+  - decidim.admin.filters.*
+  - decidim.authorization_handlers.odoo_member.*
+  - decidim.odoo.errors.*

data/config/locales/en.yml

@@ -0,0 +1,41 @@
+---
+en:
+  decidim:
+    admin:
+      filters:
+        coop_candidate_eq:
+          label: Is coop candidate
+          values:
+            'false': 'No'
+            'true': 'Yes'
+        member_eq:
+          label: Is member
+          values:
+            'false': 'No'
+            'true': 'Yes'
+    authorization_handlers:
+      odoo_member:
+        explanation: Get verified when the user is member or coop. candidate in Odoo
+        name: Odoo Membership
+    odoo:
+      admin:
+        members:
+          index:
+            actions: Actions
+            alias: Alias
+            contact: Contact
+            coop_candidate: Coop candidate
+            empty: There are no members from Odoo
+            last_sync: Last synchronization
+            member: Member
+            name: Name
+            odoo_id: Odoo ID
+            ref: Ref
+            show_email: Show email
+            sync: Synchronize with Odoo
+            sync_all: Synchronize all with Odoo
+            title: Odoo Members
+          sync:
+            success: The synchronization has started. It may take a few minutes
+      errors:
+        not_found: Odoo user not found