dscf-core 0.2.8 → 0.2.9

data/app/controllers/dscf/core/auth_controller.rb

@@ -4,22 +4,26 @@ module Dscf
       skip_before_action :authenticate_user, only: %i[login signup refresh]
       skip_before_action :validate_token_expiry, only: %i[login signup refresh]
       skip_before_action :validate_device_consistency, only: %i[login signup refresh]
+      skip_before_action :authorize_action!, only: %i[login signup refresh]
 
       def login
+        skip_authorization
         user = AuthService.authenticate_user(params[:email_or_phone], params[:password])
 
         if user&.valid_for_authentication?
           tokens = sign_in(user, request)
+          user_with_includes = User.includes(roles: :permissions, user_profile: {}).find(user.id)
           render_success(
             "auth.success.login",
             data: {
-              user: user,
+              user: user_with_includes,
               access_token: tokens[:access_token],
               refresh_token: tokens[:refresh_token].refresh_token
             },
             serializer_options: {
               user: {
-                serializer: Dscf::Core::UserAuthSerializer
+                serializer: Dscf::Core::UserAuthSerializer,
+                include: [:user_profile, roles: [:permissions]]
               }
             }
           )
@@ -29,6 +33,7 @@ module Dscf
       end
 
       def signup
+        skip_authorization
         user = User.new(user_params)
 
         return render_error("auth.errors.missing_email_or_phone") unless user.email.present? || user.phone.present?
@@ -36,15 +41,17 @@ module Dscf
         ActiveRecord::Base.transaction do
           if user.save
             assign_default_role(user)
+            user_with_includes = User.includes(roles: :permissions, user_profile: {}).find(user.id)
             render_success(
               "auth.success.signup",
               data: {
-                user: user
+                user: user_with_includes
               },
               status: :created,
               serializer_options: {
                 user: {
-                  serializer: Dscf::Core::UserAuthSerializer
+                  serializer: Dscf::Core::UserAuthSerializer,
+                  include: [:user_profile, roles: [:permissions]]
                 }
               }
             )
@@ -64,20 +71,23 @@ module Dscf
       end
 
       def me
+        user = User.includes(roles: :permissions, user_profile: {}).find(current_user.id)
         render_success(
           "auth.success.me",
           data: {
-            user: current_user
+            user: user
           },
           serializer_options: {
             user: {
-              serializer: Dscf::Core::UserAuthSerializer
+              serializer: Dscf::Core::UserAuthSerializer,
+              include: [:user_profile, roles: [:permissions]]
             }
           }
         )
       end
 
       def refresh
+        skip_authorization
         new_tokens = refresh_token
         if new_tokens
           render_success(
@@ -115,11 +125,6 @@ module Dscf
 
         UserRole.create!(user: user, role: role)
       end
-
-      def authentication_required?
-        # Skip authentication for login, signup, and refresh endpoints
-        %w[login signup refresh].exclude?(action_name)
-      end
     end
   end
 end

data/app/controllers/dscf/core/businesses_controller.rb

@@ -40,11 +40,6 @@ module Dscf
 
       private
 
-      # Enable authentication for this controller
-      def authentication_required?
-        true
-      end
-
       def model_params
         params.require(:business).permit(
           :name,

data/app/controllers/dscf/core/files_controller.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Dscf
+  module Core
+    # Controller for serving file attachments from MinIO storage
+    # Provides download endpoints for files uploaded via the Attachable concern
+    #
+    # @example Download a file
+    #   GET /dscf/core/files/:file_key
+    #   GET /dscf/core/files/:file_key?download=true  # Force download
+    #
+    class FilesController < ApplicationController
+      include Dscf::Core::FileUploadable
+
+      # Skip authentication for file downloads (files are accessed by file_key which acts as a token)
+      # Override this in your app if you need authenticated file access
+      skip_before_action :authenticate_request!, only: [:show], raise: false
+
+      # GET /dscf/core/files/:file_key
+      # Serves a file from MinIO storage
+      def show
+        attachment = FileAttachment.find_by(file_key: params[:file_key])
+
+        unless attachment
+          render json: {success: false, error: "File not found"}, status: :not_found
+          return
+        end
+
+        disposition = params[:download].present? ? "attachment" : "inline"
+
+        send_attachment(
+          attachment,
+          disposition: disposition
+        )
+      end
+    end
+  end
+end

data/app/controllers/dscf/core/permissions_controller.rb

@@ -0,0 +1,20 @@
+module Dscf
+  module Core
+    class PermissionsController < ApplicationController
+      include Dscf::Core::Common
+
+      private
+
+      def allowed_order_columns
+        %w[id code resource action engine active created_at updated_at]
+      end
+
+      def default_serializer_includes
+        {
+          index: [],
+          show: []
+        }
+      end
+    end
+  end
+end

data/app/controllers/dscf/core/role_permissions_controller.rb

@@ -0,0 +1,54 @@
+module Dscf
+  module Core
+    class RolePermissionsController < ApplicationController
+      before_action :set_role
+      before_action :require_permissions_manage!
+      before_action :set_role_permission, only: [:destroy]
+
+      def index
+        @clazz = Dscf::Core::RolePermission
+        render_success(data: @role.permissions)
+      end
+
+      def create
+        @clazz = Dscf::Core::RolePermission
+        role_permission = Dscf::Core::RolePermission.new(
+          role: @role,
+          permission_id: params[:permission_id]
+        )
+
+        if role_permission.save
+          render_success(data: role_permission, status: :created)
+        else
+          render_error(errors: role_permission.errors.full_messages[0],
+                       status: :unprocessable_entity)
+        end
+      end
+
+      def destroy
+        @clazz = Dscf::Core::RolePermission
+        @role_permission.destroy
+        render_success
+      end
+
+      private
+
+      def set_role
+        @role = Dscf::Core::Role.find(params[:role_id])
+      end
+
+      def set_role_permission
+        @role_permission = Dscf::Core::RolePermission.find_by!(
+          role: @role,
+          permission_id: params[:id]
+        )
+      end
+
+      def require_permissions_manage!
+        return if current_user.super_admin? || current_user.has_permission?("permissions.manage")
+
+        render_error("errors.unauthorized", status: :forbidden)
+      end
+    end
+  end
+end

data/app/controllers/dscf/core/roles_controller.rb

@@ -0,0 +1,30 @@
+module Dscf
+  module Core
+    class RolesController < ApplicationController
+      include Dscf::Core::Common
+
+      private
+
+      def model_params
+        params.require(:role).permit(:code, :name, :description, :active)
+      end
+
+      def eager_loaded_associations
+        [:permissions]
+      end
+
+      def allowed_order_columns
+        %w[id code name active created_at updated_at]
+      end
+
+      def default_serializer_includes
+        {
+          index: [:permissions],
+          show: [:permissions],
+          create: [:permissions],
+          update: [:permissions]
+        }
+      end
+    end
+  end
+end

data/app/controllers/dscf/core/user_roles_controller.rb

@@ -0,0 +1,56 @@
+module Dscf
+  module Core
+    class UserRolesController < ApplicationController
+      before_action :set_target_user
+      before_action :require_roles_assign!
+      before_action :set_user_role, only: [:destroy]
+
+      def index
+        @clazz = Dscf::Core::UserRole
+        user_roles = @target_user.user_roles.includes(:role)
+        render_success(data: user_roles)
+      end
+
+      def create
+        @clazz = Dscf::Core::UserRole
+        user_role = Dscf::Core::UserRole.new(
+          user: @target_user,
+          role_id: params[:role_id],
+          assigned_by: current_user
+        )
+
+        if user_role.save
+          render_success(data: user_role, status: :created)
+        else
+          render_error(errors: user_role.errors.full_messages[0],
+                       status: :unprocessable_entity)
+        end
+      end
+
+      def destroy
+        @clazz = Dscf::Core::UserRole
+        @user_role.destroy
+        render_success
+      end
+
+      private
+
+      def set_target_user
+        @target_user = Dscf::Core::User.find(params[:user_id])
+      end
+
+      def set_user_role
+        @user_role = Dscf::Core::UserRole.find_by!(
+          user: @target_user,
+          role_id: params[:id]
+        )
+      end
+
+      def require_roles_assign!
+        return if current_user.super_admin? || current_user.has_permission?("roles.assign")
+
+        render_error("errors.unauthorized", status: :forbidden)
+      end
+    end
+  end
+end

data/app/errors/dscf/core/file_upload_error.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Dscf
+  module Core
+    # Raised when file upload fails in strict mode
+    # This triggers a rollback of the entire transaction
+    class FileUploadError < StandardError; end
+  end
+end

data/app/jobs/dscf/core/audit_logger_job.rb

@@ -226,10 +226,8 @@ module Dscf
             action: "updated",
             changes: record_changes
           }
-        end
 
-        # Detect deleted records (in before but not in after)
-        before_map.each do |id, before_rec|
+          # Detect deleted records (in before but not in after)
           next if after_map[id]
 
           # Convert attributes to change format (old: value, new: nil)