dscf-core 0.2.4 → 0.2.6

data/app/controllers/dscf/core/businesses_controller.rb

@@ -0,0 +1,94 @@
+module Dscf
+  module Core
+    class BusinessesController < ApplicationController
+      include Dscf::Core::Common
+      include Dscf::Core::ReviewableController
+
+      def create
+        super do
+          business = @clazz.new(model_params)
+          business.user = current_user
+          business.reviews.build(
+            status: "draft",
+            context: "default"
+          )
+
+          if business.save && params[:business][:business_license].present?
+            document = business.documents.create!(
+              document_type: :business_license
+            )
+            document.files.attach(params[:business][:business_license])
+            document.save!
+          end
+
+          business
+        end
+      end
+
+      def update
+        unless @obj.editable?
+          return render_error(
+            errors: ["Cannot update Business after submission. Use modification request workflow instead."],
+            status: :unprocessable_entity
+          )
+        end
+
+        super
+      end
+
+      def my_business
+        index do
+          current_user.businesses
+        end
+      end
+
+      private
+
+      # Enable authentication for this controller
+      def authentication_required?
+        true
+      end
+
+      def model_params
+        params.require(:business).permit(
+          :name,
+          :description,
+          :contact_email,
+          :contact_phone,
+          :tin_number,
+          :business_type_id,
+          business_license: :file
+        )
+      end
+
+      def eager_loaded_associations
+        [
+          :business_type, :user, :documents,
+          reviews: {reviewed_by: :user_profile}
+        ]
+      end
+
+      def allowed_order_columns
+        %w[id name description contact_email contact_phone tin_number created_at updated_at]
+      end
+
+      def default_serializer_includes
+        {
+          index: [
+            :business_type, :user, :documents,
+            reviews: {reviewed_by: :user_profile}
+          ],
+          show: [
+            :business_type, :user, :documents,
+            reviews: {reviewed_by: :user_profile}
+          ],
+          create: %i[business_type user documents reviews],
+          update: [
+            :business_type, :user, :documents,
+            reviews: {reviewed_by: :user_profile}
+          ]
+        }
+      end
+    end
+  end
+end

data/app/jobs/dscf/core/audit_logger_job.rb

@@ -0,0 +1,256 @@
+module Dscf
+  module Core
+    class AuditLoggerJob < ApplicationJob
+      queue_as :audit
+      retry_on StandardError, wait: 5.seconds, attempts: 3
+      discard_on ActiveRecord::RecordNotFound
+
+      def perform(record_id:, record_type:, before_main:, after_main:, before_associated:, after_associated:,
+                  action_name:, controller_name:, actor_id: nil, actor_type: nil,
+                  request_uuid: nil, ip_address: nil, user_agent: nil, configs: [])
+        # Find the auditable record
+        record = record_type.constantize.find_by(id: record_id)
+        return unless record
+
+        # Find the actor if present
+        actor = actor_id && actor_type ? actor_type.constantize.find_by(id: actor_id) : nil
+
+        # Calculate changes
+        all_changes = calculate_changes(
+          before_main: before_main,
+          after_main: after_main,
+          before_associated: before_associated,
+          after_associated: after_associated,
+          configs: configs
+        )
+
+        # Skip if no changes detected
+        # Check for empty structured format
+        return if all_changes.blank? ||
+                  (all_changes.is_a?(Hash) &&
+                   all_changes[:main].blank? &&
+                   all_changes[:associated].blank?)
+
+        # Resolve action label
+        action_label = resolve_action_label(action_name, configs)
+
+        # Create audit log
+        record.record_audit!(
+          action_label,
+          audited_changes: all_changes,
+          metadata: {
+            controller: controller_name,
+            action: action_name,
+            request_uuid: request_uuid
+          },
+          actor: actor,
+          request_uuid: request_uuid,
+          ip_address: ip_address,
+          user_agent: user_agent
+        )
+      rescue StandardError => e
+        Rails.logger.error "AuditLoggerJob failed: #{e.message}\n#{e.backtrace.first(5).join("\n")}"
+        raise
+      end
+
+      private
+
+      # Calculate all changes by comparing before/after snapshots
+      # Returns structured format: { main: { changes: {...} }, associated: { assoc_name: [...] } }
+      def calculate_changes(before_main:, after_main:, before_associated:, after_associated:, configs:)
+        structured_changes = {
+          main: {},
+          associated: {}
+        }
+
+        # Process each config
+        configs.each do |config|
+          # 1. Main record changes
+          main_changes = diff_records(before_main, after_main)
+          if main_changes.present?
+            filtered = filter_changes(main_changes, config[:only], config[:except])
+            if filtered.present?
+              structured_changes[:main][:changes] ||= {}
+              structured_changes[:main][:changes].merge!(filtered)
+            end
+          end
+
+          # 2. Associated record changes
+          config[:associated].each do |assoc_name|
+            assoc_key = assoc_name.to_sym
+            before_assoc = before_associated[assoc_key] || []
+            after_assoc = after_associated[assoc_key] || []
+
+            assoc_changes = diff_associated_records(before_assoc, after_assoc, assoc_name)
+            next unless assoc_changes.present?
+
+            # Apply filtering to associated changes
+            filtered_assoc_changes = filter_associated_changes(assoc_changes, config[:only], config[:except])
+            next unless filtered_assoc_changes.present?
+
+            # Structure: { "reviews.123" => { action: "created", changes: {...} } }
+            # Convert to: { reviews: [{ id: 123, action: "created", model: "Review", changes: {...} }] }
+            structured_changes[:associated][assoc_name.to_s] ||= []
+
+            filtered_assoc_changes.each do |key, value|
+              # Extract record ID from key like "reviews.123"
+              record_id = key.to_s.split(".").last
+              model_name = after_assoc.find { |r| r[:id].to_s == record_id }&.dig(:type) ||
+                           before_assoc.find { |r| r[:id].to_s == record_id }&.dig(:type) ||
+                           assoc_name.to_s.singularize.camelize
+
+              structured_changes[:associated][assoc_name.to_s] << {
+                id: record_id.to_i,
+                action: value[:action] || value["action"],
+                model: model_name,
+                changes: value[:changes] || value["changes"] || {}
+              }
+            end
+          end
+        end
+
+        # Return flat hash if no changes (for compatibility)
+        return {} if structured_changes[:main].empty? && structured_changes[:associated].empty?
+
+        structured_changes
+      end
+
+      # Diff two record states (before/after)
+      def diff_records(before, after)
+        return {} if after.blank?
+
+        # For create actions, before is nil - treat all attributes as new
+        if before.blank?
+          changes = {}
+          after_attrs = after[:attributes] || {}
+          after_attrs.each do |key, new_val|
+            # Skip timestamps and IDs for create
+            next if %w[id created_at updated_at].include?(key.to_s)
+            # Skip nil valbues
+            next if new_val.nil?
+
+            changes[key] = {old: nil, new: new_val}
+          end
+          return changes
+        end
+
+        return {} if before[:id] != after[:id]
+
+        changes = {}
+        before_attrs = before[:attributes] || {}
+        after_attrs = after[:attributes] || {}
+
+        # Find changed attributes
+        all_keys = (before_attrs.keys + after_attrs.keys).uniq
+        all_keys.each do |key|
+          old_val = before_attrs[key]
+          new_val = after_attrs[key]
+
+          # Skip if unchanged
+          next if old_val == new_val
+
+          changes[key] = {old: old_val, new: new_val}
+        end
+
+        changes
+      end
+
+      # Diff associated records (handle create/update/delete)
+      def diff_associated_records(before_list, after_list, assoc_name)
+        changes = {}
+
+        # Build ID maps
+        before_map = before_list.each_with_object({}) { |rec, h| h[rec[:id]] = rec if rec[:id] }
+        after_map = after_list.each_with_object({}) { |rec, h| h[rec[:id]] = rec if rec[:id] }
+
+        # Detect created records (in after but not in before)
+        after_map.each do |id, after_rec|
+          next if before_map[id]
+
+          changes["#{assoc_name}.#{id}"] = {
+            action: "created",
+            attributes: after_rec[:attributes]
+          }
+        end
+
+        # Detect updated records (in both, but with differences)
+        before_map.each do |id, before_rec|
+          after_rec = after_map[id]
+          next unless after_rec
+
+          record_changes = diff_records(before_rec, after_rec)
+          next unless record_changes.present?
+
+          changes["#{assoc_name}.#{id}"] = {
+            action: "updated",
+            changes: record_changes
+          }
+
+          # Detect deleted records (in before but not in after)
+          next if after_map[id]
+
+          changes["#{assoc_name}.#{id}"] = {
+            action: "deleted",
+            attributes: before_rec[:attributes]
+          }
+        end
+
+        changes
+      end
+
+      # Filter changes based on only/except rules
+      def filter_changes(changes, only, except)
+        return changes if only.blank? && except.blank?
+
+        filtered = changes.dup
+        filtered = filtered.slice(*only.map(&:to_s)) if only.present?
+        filtered = filtered.except(*except.map(&:to_s)) if except.present?
+        filtered
+      end
+
+      # Filter associated changes
+      # Input: { "reviews.46" => { action: "updated", changes: {...} } }
+      # Output: Same structure but with filtered changes
+      def filter_associated_changes(assoc_changes, only, except)
+        return assoc_changes if only.blank? && except.blank?
+
+        filtered = {}
+
+        assoc_changes.each do |key, record_data|
+          # Filter attributes (for created/deleted records)
+          if record_data[:attributes].present?
+            filtered_attrs = filter_changes(record_data[:attributes], only, except)
+            next if filtered_attrs.blank?
+
+            filtered[key] = record_data.merge(attributes: filtered_attrs)
+          # Filter changes (for updated records)
+          elsif record_data[:changes].present?
+            filtered_changes = filter_changes(record_data[:changes], only, except)
+            next if filtered_changes.blank?
+
+            filtered[key] = record_data.merge(changes: filtered_changes)
+          else
+            filtered[key] = record_data
+          end
+        end
+
+        filtered
+      end
+
+      # Resolve human-readable action label
+      def resolve_action_label(action, configs)
+        config = configs.find { |c| c[:action].present? }
+        return action.to_s.humanize unless config
+
+        case config[:action]
+        when String
+          config[:action]
+        when Hash
+          config[:action][action.to_sym] || config[:action][action.to_s] || action.to_s.humanize
+        else
+          action.to_s.humanize
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/dscf/core/auditable_model.rb

@@ -0,0 +1,34 @@
+module Dscf
+  module Core
+    module AuditableModel
+      extend ActiveSupport::Concern
+
+      included do
+        has_many :audit_logs,
+                 as: :auditable,
+                 class_name: "Dscf::Core::AuditLog",
+                 dependent: :destroy
+      end
+
+      def record_audit!(action_name, audited_changes: {}, metadata: {}, actor: nil, request_uuid: nil, ip_address: nil, user_agent: nil)
+        audit_logs.create!(
+          action: action_name,
+          audited_changes: audited_changes.presence || {},
+          metadata: metadata.presence || {},
+          actor: actor,
+          request_uuid: request_uuid,
+          ip_address: ip_address,
+          user_agent: user_agent
+        )
+      end
+
+      def audit_history(limit: 50)
+        audit_logs.order(created_at: :desc).limit(limit)
+      end
+
+      def last_audit
+        audit_logs.order(created_at: :desc).first
+      end
+    end
+  end
+end

data/app/models/concerns/dscf/core/reviewable_model.rb

@@ -20,12 +20,45 @@ module Dscf
         return current_review.status if current_review
 
         # Return default initial status for zero-config
-        "pending"
+        "draft"
       end
 
       def build_review_for(context = :default)
         reviews.build(context: context.to_s)
       end
+
+      # Helper methods for common status checks
+      def draft?(context = :default)
+        current_status_for(context) == "draft"
+      end
+
+      def pending?(context = :default)
+        current_status_for(context) == "pending"
+      end
+
+      def approved?(context = :default)
+        current_status_for(context) == "approved"
+      end
+
+      def rejected?(context = :default)
+        current_status_for(context) == "rejected"
+      end
+
+      def modification_requested?(context = :default)
+        current_status_for(context) == "modify"
+      end
+
+      # Check if resource can be edited via regular update endpoint
+      # Only draft records can be edited freely
+      # For modify status, use resubmit action with update_model: true
+      def editable?(context = :default)
+        draft?(context)
+      end
+
+      # Check if resource has been submitted
+      def submitted?(context = :default)
+        !draft?(context)
+      end
     end
   end
 end

data/app/models/dscf/core/audit_log.rb

@@ -0,0 +1,26 @@
+# app/models/dscf/core/audit_log.rb
+module Dscf
+  module Core
+    class AuditLog < ApplicationRecord
+      self.table_name = "dscf_core_audit_logs"
+
+      belongs_to :auditable, polymorphic: true
+      belongs_to :actor, polymorphic: true, optional: true
+
+      validates :action, presence: true
+
+      scope :for_auditable, ->(obj) { where(auditable_type: obj.class.name, auditable_id: obj.id) }
+      scope :by_actor, ->(actor) { where(actor_type: actor.class.name, actor_id: actor.id) }
+      scope :for_action, ->(name) { where(action: name.to_s) }
+      scope :recent, -> { order(created_at: :desc) }
+
+      def self.ransackable_attributes(_auth_object = nil)
+        %w[id auditable_type auditable_id action created_at updated_at]
+      end
+
+      def self.ransackable_associations(_auth_object = nil)
+        %w[auditable actor]
+      end
+    end
+  end
+end

data/app/models/dscf/core/business.rb

@@ -22,6 +22,10 @@ module Dscf
         %w[business_type_id contact_email contact_phone created_at description id id_value name tin_number
            updated_at user_id]
       end
+
+      def self.ransackable_associations(_auth_object = nil)
+        %w[user business_type documents reviews]
+      end
     end
   end
 end

data/app/models/dscf/core/document.rb

@@ -5,14 +5,15 @@ module Dscf
       belongs_to :verified_by, polymorphic: true, optional: true
       validates :document_type, presence: true
 
-      has_one_attached :file
-
+      has_many_attached :files
       enum :document_type, {business_license: 0, drivers_license: 1, claim: 2}
 
-      def file_url
-        return nil unless file.attached?
+      def file_urls
+        return [] unless files.attached?
 
-        Rails.application.routes.url_helpers.rails_blob_url(file, only_path: true)
+        files.map do |file|
+          Rails.application.routes.url_helpers.rails_blob_url(file, only_path: true)
+        end
       end
     end
   end

data/app/serializers/dscf/core/audit_log_serializer.rb

@@ -0,0 +1,40 @@
+module Dscf
+  module Core
+    class AuditLogSerializer < ActiveModel::Serializer
+      attributes :id, :action, :audited_changes, :metadata,
+                 :request_uuid, :ip_address, :user_agent,
+                 :created_at, :updated_at
+
+      attribute :actor do
+        if object.actor
+          {
+            id: object.actor.id,
+            type: object.actor_type,
+            name: self.class.actor_display_name(object.actor)
+          }
+        end
+      end
+
+      attribute :auditable do
+        {
+          id: object.auditable_id,
+          type: object.auditable_type
+        }
+      end
+
+      def self.actor_display_name(actor)
+        return nil unless actor
+
+        if actor.respond_to?(:full_name) && actor.full_name.present?
+          actor.full_name
+        elsif actor.respond_to?(:name) && actor.name.present?
+          actor.name
+        elsif actor.respond_to?(:email)
+          actor.email
+        else
+          "#{actor.class.name.demodulize} ##{actor.id}"
+        end
+      end
+    end
+  end
+end

data/app/serializers/dscf/core/business_serializer.rb

@@ -6,6 +6,7 @@ module Dscf
       belongs_to :user, serializer: Dscf::Core::UserSerializer
       belongs_to :business_type, serializer: Dscf::Core::BusinessTypeSerializer
       has_many :reviews, serializer: Dscf::Core::ReviewSerializer
+      has_many :documents, serializer: Dscf::Core::DocumentSerializer
     end
   end
 end

data/app/serializers/dscf/core/document_serializer.rb

@@ -0,0 +1,17 @@
+module Dscf
+  module Core
+    class DocumentSerializer < ActiveModel::Serializer
+      attributes :id, :document_type, :file_urls, :is_verified, :verified_at, :created_at, :updated_at
+      include Rails.application.routes.url_helpers
+
+      belongs_to :documentable, polymorphic: true
+      belongs_to :verified_by, polymorphic: true, optional: true
+
+      def file_urls
+        return [] unless object.files.attached?
+
+        object.files.map { |file| url_for(file) }
+      end
+    end
+  end
+end

data/config/locales/en.yml

@@ -33,3 +33,27 @@ en:
       show: "Failed to retrieve business type details"
       create: "Failed to create business type"
       update: "Failed to update business type"
+
+  business:
+    success:
+      index: "Businesses retrieved successfully"
+      show: "Business details retrieved successfully"
+      create: "Business created successfully"
+      update: "Business updated successfully"
+      submit: "Business submitted successfully"
+      approve: "Business approved successfully"
+      reject: "Business rejected successfully"
+      request_modification: "Business modification requested successfully"
+      resubmit: "Business resubmitted successfully"
+      my_business: "Businesses retrieved successfully"
+    errors:
+      index: "Failed to retrieve businesses"
+      show: "Business not found"
+      create: "Failed to create business"
+      update: "Failed to update business"
+      submit: "Failed to submit business"
+      approve: "Failed to approve business"
+      reject: "Failed to reject business"
+      request_modification: "Failed to request modification for business"
+      resubmit: "Failed to resubmit business"
+      my_business: "Failed to retrieve businesses"

data/config/routes.rb

@@ -1,4 +1,17 @@
 Dscf::Core::Engine.routes.draw do
+  resources :businesses do
+    collection do
+      get "my_business"
+    end
+    member do
+      patch "submit"
+      patch "approve"
+      patch "reject"
+      patch "request_modification"
+      patch "resubmit"
+    end
+  end
+
   post "auth/login", to: "auth#login"
   post "auth/logout", to: "auth#logout"
   post "auth/signup", to: "auth#signup"

data/db/migrate/20250926102025_create_dscf_core_reviews.rb

@@ -3,7 +3,7 @@ class CreateDscfCoreReviews < ActiveRecord::Migration[8.0]
     create_table :dscf_core_reviews do |t|
       t.references :reviewable, polymorphic: true, null: false
       t.string :context
-      t.string :status, default: "pending"
+      t.string :status, default: "draft"
       t.jsonb :feedback
       t.references :reviewed_by, polymorphic: true
       t.datetime :reviewed_at

data/db/migrate/20251023000000_create_dscf_core_audit_logs.rb

@@ -0,0 +1,25 @@
+class CreateDscfCoreAuditLogs < ActiveRecord::Migration[6.1]
+  def change
+    create_table :dscf_core_audit_logs do |t|
+      t.references :auditable, polymorphic: true, null: false
+
+      t.string :action, null: false
+      t.jsonb :audited_changes, null: false, default: {}
+      t.jsonb :metadata, default: {}
+
+      t.references :actor, polymorphic: true
+
+      t.string :request_uuid
+      t.string :ip_address
+      t.string :user_agent
+
+      t.timestamps
+    end
+
+    add_index :dscf_core_audit_logs, %i[auditable_type auditable_id], name: "index_audit_logs_on_auditable"
+    add_index :dscf_core_audit_logs, %i[actor_type actor_id], name: "index_audit_logs_on_actor"
+    add_index :dscf_core_audit_logs, :request_uuid
+    add_index :dscf_core_audit_logs, :created_at
+    add_index :dscf_core_audit_logs, :action
+  end
+end

data/lib/dscf/core/version.rb

@@ -1,5 +1,5 @@
 module Dscf
   module Core
-    VERSION = "0.2.4".freeze
+    VERSION = "0.2.6".freeze
   end
 end

data/spec/factories/auditable_test_model.rb

@@ -0,0 +1,11 @@
+FactoryBot.define do
+  factory :auditable_test_model, class: "AuditableTestModel" do
+    name { Faker::Company.name }
+    description { Faker::Company.catch_phrase }
+    contact_email { Faker::Internet.email }
+    contact_phone { Faker::PhoneNumber.phone_number }
+    tin_number { Faker::Number.number(digits: 10).to_s }
+    user
+    business_type
+  end
+end

data/spec/factories/dscf/core/audit_logs.rb

@@ -0,0 +1,12 @@
+FactoryBot.define do
+  factory :audit_log, class: "Dscf::Core::AuditLog" do
+    auditable { association :business }
+    action { "update" }
+    audited_changes { {"name" => ["Old name", "New name"]} }
+    metadata { {} }
+    actor { association :user }
+    request_uuid { SecureRandom.uuid }
+    ip_address { "127.0.0.1" }
+    user_agent { "RSpec" }
+  end
+end

data/spec/factories/dscf/core/documents.rb

@@ -15,7 +15,7 @@ FactoryBot.define do
     end
 
     after(:build) do |document|
-      document.file.attach(
+      document.files.attach(
         io: File.open(Rails.root.join("app", "fixtures", "images", "logo.jpg")),
         filename: "logo.jpg",
         content_type: "image/jpeg"