device-tracker 0.1.0

data/lib/device/tracker/controllers/devices_controller.rb

@@ -0,0 +1,315 @@
+require_relative 'application_controller'
+
+module Device
+  module Tracker
+
+    class DevicesController < ApplicationController
+
+      before do
+        protected!
+      end
+
+      get "/new" do
+        perform_admin_check
+
+        @device = Device.new
+
+        @operating_systems = OperatingSystem.select(:name, :id).distinct.order(:name)
+
+        erb :"devices/new"
+      end
+
+      post "/create" do
+        perform_admin_check
+
+        attributes = {
+          unid: params[:device][:unid],
+          manufacturer: params[:device][:manufacturer],
+          device: params[:device][:device],
+          description: params[:device][:description],
+          imei: params[:device][:imei],
+          serial_number: params[:device][:serial_number],
+          operating_system_id: params[:device][:operating_system_id]
+        }
+
+        if params[:device][:sim_card]
+          attributes[:sim_card] = true
+        end
+
+        if params[:device][:debug_device]
+          attributes[:debug_device] = true
+        end
+
+        attributes.each do |key, value|
+          flash[key] = value
+        end
+
+        @device = Device.new(attributes)
+
+        if @device.valid?
+          @device.save
+          create_flash "success", ["Created new device #{@device.full_name}"]
+          redirect "/devices/#{@device.id}"
+        else
+          create_flash "warning", @device.errors.full_messages
+          redirect back
+        end
+      end
+
+      get "/" do
+        @title = "All Devices"
+
+        @devices = Device.all
+        @users   = User.all
+
+        @show_search = true
+
+        if params[:device_name] && ! params[:device_name].empty?
+          @show_search = false
+          @devices = @devices.where("device like ? or manufacturer like ?", "%#{params[:device_name]}%", "%#{params[:device_name]}%")
+        end
+
+        @devices = @devices.sort { |a, b|  a.full_name <=> b.full_name }
+
+        erb :"devices/index"
+      end
+
+      get "/checked-out" do
+        @devices = Device.where(available: false).order(checked_out_since: :desc)
+        @users   = User.all
+
+        if params[:device_name] && ! params[:device_name].empty?
+          @devices = @devices.where("description like ?", "%#{params[:device_name]}%")
+        end
+
+        @title = "Checked out Devices"
+
+        erb :"devices/index"
+      end
+
+      get "/:device_id" do |device_id|
+
+        unless Device.exists?(device_id)
+          raise Sinatra::NotFound
+        end
+
+        @users = User.where(is_verified: true).order(email: :desc)
+
+        @device = Device.find(device_id)
+
+        if @device.missing?
+          @last_checkout_transaction = Transaction
+            .where(transaction_type: 'CHECKOUT', device_id: @device.id)
+            .order(id: :desc).first
+        end
+
+        @transactions = @device.transactions.order(created_at: :desc).take(10)
+
+        @current_user = get_logged_in_user
+
+        erb :"devices/show"
+      end
+
+      put "/:device_id" do |device_id|
+        perform_admin_check
+
+        unless Device.exists?(device_id)
+          raise Sinatra::NotFound
+        end
+
+        params[:device].each do |key, value|
+          flash[key.to_sym] = value
+        end
+
+        @device = Device.find(device_id)
+        @device.update(params[:device])
+
+        if @device.save
+
+          create_flash "success", ["The device has been successfully updated."]
+          redirect "/devices/#{device_id}"
+        else
+          create_flash "warning", @device.errors.full_messages
+          redirect back
+        end
+
+      end
+
+      # devices/users/1
+      get "/users/:user_id" do |user_id|
+
+        user = get_logged_in_user
+
+        if user[:id] != user_id.to_i
+          create_flash "warning", ["You don't have permission to view this page."]
+          redirect back
+        end
+
+        unless User.exists?(user_id)
+          raise Sinatra::NotFound
+        end
+
+        # Get the user
+        @user = User.find(user_id)
+
+        @devices = @user.devices
+
+        erb :"devices/users", devices: @devices
+      end
+
+      put "/:device_id/return" do |device_id|
+
+        unid = device_id.upcase
+
+        if Device.exists?(unid: unid)
+          @device = Device.find_by_unid(unid)
+
+          user = @device.user
+
+          current_user = get_logged_in_user
+          if current_user[:id] == @device.user.id
+            report_transaction("#{user.email} returned #{@device.device}", Transaction.return, @device)
+          else
+            report_transaction("#{current_user[:email]} returned #{@device.device} on behalf of #{@device.user.email}", Transaction.return, @device)
+          end
+
+          @device.user = nil
+          @device.available = true
+          @device.checked_out_since = nil
+
+          @device.save
+
+          create_flash "success", ["The device has been successfully returned, thank you."]
+          redirect back
+        else
+          create_flash "warning", ["Device not found with id #{device_id}."]
+          redirect back
+        end
+      end
+
+      put "/:device_id/checkout" do |device_id|
+
+        unid = device_id.upcase
+
+        if Device.exists?(unid: unid)
+
+          @user = User.find(session[:user][:id])
+
+          device = Device.find_by_unid(unid)
+          device.user = @user
+
+          device.available = false
+          device.checked_out_since = Time.now.utc.iso8601
+
+          if device.save
+            report_transaction("#{@user.email} checked out #{device.device}.", Transaction.checkout, device)
+
+            create_flash "success", ["You have successfully checked out the device."]
+            redirect back
+
+          else
+            create_flash "warning", device.errors.full_messages
+            redirect back
+          end
+
+        end
+
+      end
+
+      # /devices/<%= @device.id %>/assign
+      put "/:device_id/assign" do |device_id|
+        perform_admin_check
+
+        if Device.exists?(device_id)
+
+          user_id = params[:user_id]
+
+          if user_id.nil?
+            create_flash "warning", ["You must select a user to assign the device to"]
+            redirect back
+          end
+
+          @current_user  = User.find(session[:user][:id])
+          if ! User.exists?(user_id)
+            create_flash "danger", ["User not found with id #{user_id}"]
+          end
+
+          @assigned_user = User.find(user_id)
+
+          device = Device.find(device_id)
+          device.user = @assigned_user
+
+          device.available = false
+          device.checked_out_since = Time.now.utc.iso8601
+
+          if device.save
+            report_transaction("#{@current_user.email} checked out #{device.device} on behalf of #{@assigned_user.email}", Transaction.checkout, device)
+          end
+
+          create_flash "success", ["You have successfully assigned out the device to #{@assigned_user.name}."]
+          redirect back
+
+        end
+      end
+
+      post "/:device_id/send_reminder" do |device_id|
+        perform_admin_check
+
+        if Device.exists?(device_id)
+
+          @device = Device.find(device_id)
+          @device_url = request.base_url + '/devices/' + device_id
+
+          body = ERB.new(File.read(EMAILS_PATH + "/reminder.erb")).result(binding)
+
+          begin
+            Pony.mail(
+              :to => [@device.user.email],
+              :from => 'no-reply@device-tracker',
+              :subject => 'Reminder | Device Tracker',
+              :html_body => body
+            )
+          rescue Net::OpenTimeout => e
+            puts "ERROR: Error sending email"
+          end
+
+          # Send email
+          create_flash "success", ["A reminder email has been sent out to #{@device.user.name}."]
+          redirect "/devices/#{device_id}"
+
+        else
+          # Feedback
+          create_flash "warning", ["Sorry but that device doesn't exists.."]
+          redirect "/devices/#{device_id}"
+        end
+
+      end
+
+      get "/:device_id/edit" do |device_id|
+        perform_admin_check
+
+        unless Device.exists?(device_id)
+          raise Sinatra::NotFound
+        end
+
+        @device = Device.find(device_id)
+        @operating_systems = OperatingSystem.select(:name, :id).distinct.order(:name)
+
+        erb :"devices/edit"
+      end
+
+      delete "/:device_id" do |device_id|
+        perform_admin_check
+
+        unless Device.exists?(device_id)
+          raise Sinatra::NotFound
+        end
+
+        @device = Device.find(device_id).destroy
+        create_flash "success", ["Deleted device #{@device.unid}"]
+        redirect "/devices"
+      end
+
+    end
+  end
+end

data/lib/device/tracker/controllers/heartbeat_controller.rb

@@ -0,0 +1,55 @@
+require_relative 'application_controller'
+
+module Device
+  module Tracker
+
+    class HeartbeatController < ApplicationController
+
+      post "/" do
+        begin
+          heartbeat = JSON.parse(request.body.read)
+        rescue Exception => e
+          halt 412, {
+            error: true,
+            message: "#{e.message}"
+          }.to_json
+        end
+
+        # {"heartbeat": {"device_id": "BBCFM003", "longitude": 53.470096, "latitude": -2.281457}}
+        if valid_heartbeat?(heartbeat)
+
+          heartbeat = heartbeat["heartbeat"]
+
+          unid = heartbeat["device_id"].upcase
+
+          if Device.exists?(unid: unid)
+            device = Device.find_by_unid(unid)
+
+            Heartbeat.create({
+              longitude: heartbeat["longitude"],
+              latitude: heartbeat["latitude"],
+              device_id: device.id
+            })
+
+            halt 201, {
+              error: false,
+              message: "Heartbeat for device: #{unid} received."
+            }.to_json
+          else
+            halt 404, {
+              error: true,
+              message: "The device with id: #{unid} doesn't exist."
+            }.to_json
+          end
+
+        else
+          halt 412, {
+            error: true,
+            message: "Manformed heartbeat received, so will not be processed."
+          }.to_json
+        end
+
+      end
+    end
+  end
+end

data/lib/device/tracker/controllers/os_controller.rb

@@ -0,0 +1,43 @@
+require_relative 'application_controller'
+module Device
+  module Tracker
+    class OSController < ApplicationController
+
+      before do
+        perform_admin_check
+      end
+
+      get "/manage" do
+        @os = OperatingSystem.all.order(:name)
+        erb :"os/manage"
+      end
+
+      post "/create" do
+
+        @os = OperatingSystem.create(params[:os])
+
+        if @os.valid?
+          @os.save
+          create_flash "success", ["Successfully added #{@os.name}"]
+          redirect back
+        else
+          create_flash "warning", @os.errors.full_messages
+          redirect back
+        end
+      end
+
+      delete "/:os_id/delete" do |os_id|
+
+        if OperatingSystem.exists?(os_id)
+          OperatingSystem.destroy(os_id)
+          create_flash "success", ["Operating system deleted."]
+          redirect back
+        else
+          create_flash "warning", ["Operating system not found."]
+          redirect back
+        end
+      end
+
+    end
+  end
+end

data/lib/device/tracker/controllers/transactions_controller.rb

@@ -0,0 +1,21 @@
+require_relative 'application_controller'
+
+module Device
+  module Tracker
+    class TransactionsController < ApplicationController
+
+      get "/" do
+
+        @transactions = Transaction.limit(100).order(created_at: :desc).all
+
+        erb :"transactions/index"
+      end
+
+      get "/:device_id" do |device_id|
+        @transactions = Transaction.where(device_id: device_id).limit(100).order(created_at: :desc).all
+        erb :"transactions/index"
+      end
+
+    end
+  end
+end

data/lib/device/tracker/controllers/users_controller.rb

@@ -0,0 +1,193 @@
+require_relative 'application_controller'
+
+module Device
+  module Tracker
+    class UsersController < ApplicationController
+
+      before do
+
+        if ! %w[new create].include? request.path_info.split('/')[1]
+          protected!
+        end
+
+        if %w[manage].include? request.path_info.split('/')[1]
+          perform_admin_check
+        end
+      end
+
+      get "/manage" do
+
+        @users = User.all
+
+        erb :"users/manage", users: @users
+      end
+
+      get "/new" do
+        erb :"users/new"
+      end
+
+      get "/:user_id/edit" do |user_id|
+        # TODO Move this out into its own function
+        user = get_logged_in_user
+
+        if user[:is_admin] != true and user[:id] != user_id.to_i
+          create_flash "warning", ["You don't have permission to view this page."]
+          redirect back
+        end
+
+        if User.exists?(user_id)
+          @user = User.find(user_id)
+          @is_admin = user[:is_admin]
+          erb :"users/edit"
+        else
+          create_flash "warning", ["Sorry, but that user doesn't exist"]
+          redirect back
+        end
+      end
+
+      put "/:user_id" do |user_id|
+
+        if get_logged_in_user[:is_admin] != true and get_logged_in_user[:id] != user_id.to_i
+          create_flash "warning", ["You don't have permission to view this page."]
+          redirect back
+        end
+
+        if User.exists?(user_id)
+
+          attributes = {
+            username: params[:user][:username],
+            email: params[:user][:email],
+            name: params[:user][:name]
+          }
+
+          # Only admins have access to these attributes
+          if is_admin?
+            attributes[:is_admin] = (!params[:user][:is_admin].nil? and params[:user][:is_admin] == "on")
+            attributes[:is_verified] = (!params[:user][:is_verified].nil? and params[:user][:is_verified] == "on")
+          end
+
+          # Should we change the password?
+
+          if change_password?(params)
+            attributes[:password] = params[:user][:password]
+            attributes[:password_confirmation] = params[:user][:password_confirmation]
+          end
+
+          user = User.find(user_id)
+          users_previous_verification = user.is_verified
+
+          if user.update(attributes)
+            if user.is_verified && users_previous_verification == false
+              verification_email(user)
+            end
+            create_flash "success", ["The account was successfully updated."]
+            redirect back
+          else
+            create_flash "warning", user.errors.full_messages
+            redirect back
+          end
+        end
+
+        create_flash "warning", ["I'm sorry but that user does not exist!"]
+        redirect back
+
+      end
+
+      post "/create" do
+
+        user = User.new
+
+        attributes = {
+          username: params[:user][:username],
+          password: params[:user][:password],
+          password_confirmation: params[:user][:password_confirmation],
+          name: params[:user][:name],
+          email: params[:user][:email]
+        }
+
+        user.username = attributes[:username]
+        user.password = attributes[:password]
+        user.email = attributes[:email]
+        user.name = attributes[:name]
+        user.password_confirmation = attributes[:password_confirmation]
+
+        attributes.each do |key, value|
+          flash[key] = value if key != :password
+        end
+
+        if user.valid? and user.save
+
+          report_transaction("#{user.email} registered a new account.", Transaction.registration)
+
+          # Account is awaiting activation
+          admin_email_registration(request, user)
+          create_flash "info", ["Registration successful, please wait for your account to be activated."]
+          redirect "/"
+        else
+          create_flash "warning", [user.errors.full_messages.first]
+          redirect back
+        end
+      end
+
+      delete "/:user_id/delete" do |user_id|
+        if User.exists?(user_id)
+          user = User.find(user_id)
+
+          email = user.email
+
+          if user.devices.count > 0
+            Device.where(user_id: user.id).update_all(available: true, checked_out_since: nil, user_id: nil)
+          end
+
+          if user.destroy
+            report_transaction("#{email} was deleted by #{get_logged_in_user[:email]}.", Transaction.deletion)
+          end
+
+          create_flash "success", ["The user account has been successfully removed!"]
+        else
+          create_flash "warning", ["Unable to remove the user account, try again."]
+        end
+
+        redirect back
+      end
+
+      def verification_email(user)
+
+        @user = user
+        @get_started_link = request.base_url + '/devices'
+        body = ERB.new(File.read(EMAILS_PATH + "/verification.erb")).result(binding)
+
+        begin
+          Pony.mail(
+            :to => [@user.email],
+            :from => 'no-reply@device-tracker',
+            :subject => 'Account Verified | Device Tracker',
+            :html_body => body
+          )
+        rescue Net::OpenTimeout => e
+          puts "ERROR: Error sending email"
+        end
+
+      end
+
+      def admin_email_registration(request, user)
+        @user = user
+        @verification_link = request.base_url + '/users/' + user.id.to_s + '/edit'
+
+        body = ERB.new(File.read(EMAILS_PATH + "/registration.erb")).result(binding)
+
+        begin
+          Pony.mail(
+            :to => [User.where(is_admin: true).map {|u| u.email }],
+            :from => 'no-reply@device-tracker',
+            :subject => 'New Registration | Device Tracker',
+            :html_body => body
+          )
+        rescue Net::OpenTimeout => e
+          puts "ERROR: Error sending email"
+        end
+      end
+
+    end
+  end
+end