egov_utils 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3af04b2760bc38581e430b5ad1195fbf621e0ac1e2d013fb256be44ca6a3ce4
-  data.tar.gz: bee321a601dfc6cd190770b16f58dc10c001d75588ae25274f5d7ee33061863c
+  metadata.gz: a0d959fdb236578d9d04f1828e69794d06ef9b7e03696f4459a714da45528180
+  data.tar.gz: c74d6584c3ca4ba356a236d81decd35e9d5a45b09f0b84048f2f32f2d95597ce
 SHA512:
-  metadata.gz: 3fb0a3419d585ab1cb4b5d8abf72204839fdb4d182720cefd0a2a2c0452b512fe6e52778676644e7a085bbedc21c1a3dd2e1b0437c691343e8b83f955529950f
-  data.tar.gz: e147fd2ecbee0e689636b62cec8865f3041f12a9aa9e3b8871d18e334bd61ba7498b883d08a021c0fff58598ac916e3f69df22201b8c08afc50cdc1a01a5a4d2
+  metadata.gz: d208c342267f541e57835573f28bb10f173592f87b2c0a7a96427c7398cfcd11b2984a1ba4770d67f1ef6be0b04e32edd0586b3f887d0e5b3b56711961afad94
+  data.tar.gz: 7e06bb6d70942d28fa90266e3b9aa5e4bc0c8bf3790989c934b385e5cafc9e95559af1beae42e189b9210b4a49360d6d28435d58f7a71e88a18259482ad7348b

data/app/controllers/egov_utils/current_users_controller.rb

@@ -0,0 +1,26 @@
+module EgovUtils
+  class CurrentUsersController < ApplicationController
+    before_action :require_login
+
+    def edit; end
+
+    def update
+      current_user.update(update_params)
+
+      if current_user.valid?
+        redirect_to edit_current_user_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def update_params
+      params
+        .require(:user)
+        .permit(:email, :password, :password_confirmation, :firstname,
+                :lastname)
+    end
+  end
+end

data/app/controllers/egov_utils/groups_controller.rb

@@ -2,20 +2,36 @@ require_dependency "egov_utils/application_controller"
 
 module EgovUtils
   class GroupsController < ApplicationController
+    def index
+      @groups = EgovUtils::Group.
+                accessible_by(current_ability).
+                order(:provider).
+                page(params[:page] || 1)
+    end
 
-    load_and_authorize_resource
+    def new
+      @group = Group.new
+    end
 
-    def index
-      @groups = EgovUtils::Group.accessible_by(current_ability)
+    def edit
+      @group = Group.find(params[:id])
     end
 
-    def show
+    def update
+      @group = Group.find(params[:id])
+
+      if @group.update(update_params)
+        redirect_to egov_utils.groups_path, notice: t('success_updated')
+      else
+        render :edit
+      end
     end
 
     def create
+      @group = Group.new(create_params)
       respond_to do |format|
         if @group.save
-          format.html{ redirect_to egov_utils.users_path, notice: t('success_created') }
+          format.html{ redirect_to egov_utils.groups_path, notice: t('success_created') }
           format.json{ render json: @group, status: :created }
         else
           format.html{ render 'new' }
@@ -44,9 +60,19 @@ module EgovUtils
 
     private
 
-      def create_params
-        params.require(:group).permit(:name, :provider, :ldap_uid, :external_uid)
+    def create_params
+      params
+        .require(:group)
+        .permit(:name, :provider, :ldap_uid, :external_uid, roles: []) do |p|
+          p[:roles] = p[:roles].compact_blank
+        end
+    end
+
+    def update_params
+      params.require(:group).permit(:name, roles: []).tap do |p|
+        p[:roles] = p[:roles].compact_blank
       end
+    end
 
   end
 end

data/app/controllers/egov_utils/passwords_controller.rb

@@ -18,8 +18,11 @@ module EgovUtils
       if @user && @user.password_change_possible?
         @token = @user.generate_reset_password_token
         EgovUtils::UserMailer.with(host: mailer_host).password_reset(@user, @token).deliver_later if @user.save
+        flash[:notice] = t('notice_reset_email_sent')
+      elsif !@user.password_change_possible?
+        flash[:error] = t('notice_pw_reset_not_possible')
       end
-      redirect_to egov_utils.reset_passwords_path, notice: t('notice_reset_email_sent')
+      redirect_to egov_utils.reset_passwords_path
     end
 
     # New password for existing user - password reset

data/app/controllers/egov_utils/people_controller.rb

@@ -1,7 +1,7 @@
 module EgovUtils
   class PeopleController < ApplicationController
 
-    load_and_authorize_resource
+    load_and_authorize_resource only: :index
 
     def index
       @people_schema = PersonSchema.new

data/app/controllers/egov_utils/registration_requests_controller.rb

@@ -0,0 +1,59 @@
+module EgovUtils
+  class RegistrationRequestsController < ApplicationController
+    before_action :find_registration_request, only: %i[show update]
+    before_action :require_login, except: %i[new create]
+
+    def index
+      @registration_requests =
+        RegistrationRequest.order(created_at: :desc).page(params[:page] || 1)
+    end
+
+    def show; end
+
+    def new
+      @registration_request = RegistrationRequest.new
+    end
+
+    def create
+      @registration_request = RegistrationRequests::Create.run!(create_params)
+      if @registration_request.valid?
+        redirect_to egov_utils.new_session_path,
+                    notice: I18n.t('registration_request.create.success')
+      else
+        render :new
+      end
+    end
+
+    def update
+      RegistrationRequests::HandleRequest.run!(
+        update_params.merge(registration_request: @registration_request)
+      )
+
+      if @registration_request.valid?
+        redirect_to @registration_request,
+                    notice: I18n.t('registration_request.update.success')
+      else
+        render :show
+      end
+    end
+
+    private
+
+    def find_registration_request
+      @registration_request = EgovUtils::RegistrationRequest.find(params[:id])
+    end
+
+    def create_params
+      params
+        .require(:registration_request)
+        .permit(:mail, :firstname, :lastname, :organization, :note)
+    end
+
+    def update_params
+      params
+        .require(:registration_request)
+        .permit(:status, :reason, :internal_reason, roles: [])
+    end
+  end
+end
+

data/app/controllers/egov_utils/users_controller.rb

@@ -1,24 +1,28 @@
-require_dependency "egov_utils/application_controller"
-require_dependency "egov_utils/auth_source"
+# frozen_string_literal: true
+
+require_dependency 'egov_utils/application_controller'
+require_dependency 'egov_utils/auth_source'
 
 module EgovUtils
   class UsersController < ApplicationController
+    skip_before_action :require_login, only: %i[new create confirm edit update]
+    before_action :set_providers, only: %i[index search]
 
-    skip_before_action :require_login, only: [:new, :create, :confirm, :edit, :update]
-
-    load_and_authorize_resource only: [:index, :new, :create, :show, :destroy, :edit, :update]
+    load_and_authorize_resource only: %i[index new create show destroy edit update]
 
     def index
-      providers
-      @groups = EgovUtils::Group.accessible_by(current_ability).order(:provider)
-      @new_user = EgovUtils::User.new(generate_password: true)
+      params[:default_scope] ||= :without_deleted
       azahara_schema_index do |users|
         users.add_sort('provider')
       end
+      @entities =
+        @users.entities.includes(:groups).page(params[:page] || 1).per(50)
+      if params[:search]
+        @entities = @entities.search(params[:search])
+      end
     end
 
-    def new
-    end
+    def new; end
 
     def create
       @user.mail ||= @user.login
@@ -34,25 +38,27 @@ module EgovUtils
             end
             flash[:notice] = t('activerecord.successful.messages.created', model: User.model_name.human)
           end
-          format.html{ redirect_to main_app.root_path }
-          format.json{ render json: @user, status: :created }
+          format.html { redirect_to main_app.root_path }
+          format.json { render json: @user, status: :created }
         else
-          format.html{ render 'new' }
-          format.json{ render json: @user.errors.full_messages, status: :unprocessable_entity }
+          format.html { render 'new' }
+          format.json { render json: @user.errors.full_messages, status: :unprocessable_entity }
         end
       end
     end
 
-    def show
-    end
+    def show; end
 
-    def edit
-    end
+    def edit; end
 
     def update
       @user.update(update_params)
 
-      redirect_to users_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      if @user.valid?
+        redirect_to users_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      else
+        render :edit
+      end
     end
 
     def destroy
@@ -81,29 +87,46 @@ module EgovUtils
       authorize!(:read, User)
       authorize!(:read, Group)
       user_results = []; group_results = []
-      providers.each do |provider|
-        user_results.concat( provider.search_user(params[:q]) )
-        group_results.concat( provider.search_group(params[:q]) )
+      @providers.each do |provider|
+        user_results.concat(provider.search_user(params[:q]))
+        group_results.concat(provider.search_group(params[:q]))
       end if params[:q].present?
       respond_to do |format|
-        format.json{ render json: {users: user_results, groups: group_results} }
+        format.json do
+          render json: { users: user_results, groups: group_results }
+        end
       end
     end
 
+    def unarchive
+      user = User.with_deleted.find(params[:id])
+      user.restore
+      redirect_to users_path, notice: t('activerecord.successful.messages.unarchived', model: User.model_name.human)
+    end
+
     private
 
-      def providers
-         @providers = EgovUtils::AuthSource.providers.collect{|p| EgovUtils::AuthSource.new(p)}
+    def set_providers
+      @providers = EgovUtils::AuthSource.providers.map do |p|
+        EgovUtils::AuthSource.new(p)
       end
+    end
 
-      def create_params
-        params_to_permit = [:login, :mail, :password, :password_confirmation, :provider, :firstname, :lastname]
-        params_to_permit << :generate_password if current_user.logged?
-        params.require(:user).permit(*params_to_permit)
-      end
+    def create_params
+      params_to_permit = %i[login mail password password_confirmation provider firstname lastname]
+      params_to_permit << :generate_password if current_user.logged?
+      params.require(:user).permit(*params_to_permit)
+    end
 
-      def update_params
-        params.require(:user).permit(:days_before_inactive)
-      end
+    def update_params
+      params
+        .require(:user)
+        .permit(
+          :days_before_inactive, :days_before_archive, :password,
+          :password_confirmation, roles: []
+        ).tap do |p|
+          p[:roles] = p[:roles].compact_blank
+        end
+    end
   end
 end

data/app/jobs/egov_utils/registration_requests/check_auto_accept_job.rb

@@ -0,0 +1,12 @@
+module EgovUtils
+  module RegistrationRequests
+    class CheckAutoAcceptJob
+      include Sidekiq::Worker
+
+      def perform(request_id)
+        CheckAutoAccept.run!(registration_request: request_id)
+      end
+    end
+  end
+end
+

data/app/mailers/egov_utils/registration_request_mailer.rb

@@ -0,0 +1,31 @@
+module EgovUtils
+  class RegistrationRequestMailer < ApplicationMailer
+    before_action { @host = params && params[:host] || Rails.application.config.action_mailer.default_url_options[:host] }
+
+    def created(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.created.subject'))
+    end
+
+    def accepted(request_id, user_id, password)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+      @user = User.find(user_id)
+      @password = password
+
+      mail(to: @user.mail, subject: I18n.t('mailers.registration_requests.accepted.subject'))
+    end
+
+    def auto_accepted(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.auto_accepted.subject'))
+    end
+
+    def rejected(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.rejected.subject'))
+    end
+  end
+end

data/app/models/egov_utils/group.rb

@@ -25,9 +25,7 @@ module EgovUtils
 
     def ldap_members
       if provider.present?
-        Rails.cache.fetch("#{cache_key}/ldap_members", expires_in: 2.hours) do
-          auth_source.group_members(ldap_dn)
-        end
+        auth_source.group_members(ldap_dn)
       else
         []
       end

data/app/models/egov_utils/registration_request.rb

@@ -0,0 +1,21 @@
+module EgovUtils
+  class RegistrationRequest < ApplicationRecord
+    validates :mail, :firstname, :lastname, :organization, presence: true
+    validate :check_user_already_exists!
+
+    attr_accessor :roles
+
+    def fullname
+      "#{firstname} #{lastname}"
+    end
+
+    private
+
+    def check_user_already_exists!
+      return unless User.find_by(mail: mail)
+
+      errors.add(:mail, :taken)
+    end
+  end
+end
+

data/app/models/egov_utils/user.rb

@@ -3,7 +3,13 @@ require 'request_store_rails'
 
 module EgovUtils
   class User < Principal
+    acts_as_paranoid without_default_scope: true
+
     DEFAULT_ROLE = nil
+    SEARCH_FIELDS = [
+      'login', 'firstname', 'lastname', 'mail',
+      "CONCAT(firstname, ' ', lastname)", "CONCAT(lastname, ' ', firstname)"
+    ].freeze
 
     has_and_belongs_to_many :groups
 
@@ -36,6 +42,12 @@ module EgovUtils
       not_in_group(group).where(provider: nil)
     }
 
+    scope :search, lambda { |search_term|
+      search_term = search_term.to_s
+      term = SEARCH_FIELDS.map { |field| "#{field} ILIKE :search" }.join(' OR ')
+      where(term, search: "%#{sanitize_sql_like(search_term)}%")
+    }
+
     attribute :generate_password, :boolean, default: false
 
     def self.authenticate(login, password, active_only=true)

data/app/services/egov_utils/archive_users.rb

@@ -0,0 +1,12 @@
+module EgovUtils
+  class ArchiveUsers
+    def call
+      EgovUtils::User
+        .where.not(days_before_archive: nil, active: true).each do |user|
+        next if user.last_login_at > Time.now - user.days_before_archive.days
+
+        user.destroy
+      end
+    end
+  end
+end

data/app/services/egov_utils/refresh_groups.rb

@@ -0,0 +1,28 @@
+module EgovUtils
+  class RefreshGroups
+
+    def call
+      hsh = groups.each_with_object({}) do |group, memo|
+        infos = group.ldap_members
+        infos.each do |info|
+          memo[info] ||= []
+          memo[info] << group
+        end
+      end
+
+      hsh.each do |info, groups|
+        user = EgovUtils::User.find_by(login: info[:login])
+        next unless user
+
+        all_groups = user.groups.where(ldap_uid: nil) + groups
+        user.update(info.merge(groups: all_groups))
+      end
+    end
+
+    private
+
+    def groups
+      EgovUtils::Group.where.not(ldap_uid: nil)
+    end
+  end
+end

data/app/services/egov_utils/refresh_user_groups.rb

@@ -6,7 +6,7 @@ module EgovUtils
     end
 
     def call
-      group_ids = (current_non_ldap_group + ldap_groups).compact.map(&:id)
+      group_ids = (current_non_ldap_groups + ldap_groups).compact.map(&:id)
       user.group_ids = group_ids
       user
     end
@@ -18,14 +18,13 @@ module EgovUtils
     def ldap_groups
       return [] if user.provider.blank?
 
-      @ldap_groups ||= begin
+      @ldap_groups ||=
         EgovUtils::Group.where(provider: user.provider).to_a.select do |g|
           user.auth_source.member?(user.ldap_dn, g.external_uid)
         end
-      end
     end
 
-    def current_non_ldap_group
+    def current_non_ldap_groups
       @current_non_ldap_groups ||= user.groups.where(ldap_uid: nil)
     end
   end

data/app/services/egov_utils/registration_requests/check_auto_accept.rb

@@ -0,0 +1,31 @@
+module EgovUtils
+  module RegistrationRequests
+    class CheckAutoAccept < ActiveInteraction::Base
+      record :registration_request, class: 'EgovUtils::RegistrationRequest'
+
+      def execute
+        member = nil
+        EgovUtils::Group.where.not(provider: nil).detect do |g|
+          member = g.ldap_members.detect do |m|
+            m[:login] == registration_request.mail
+          end
+        end
+
+        return unless member
+
+        registration_request.update(
+          status: 'accepted',
+          internal_note:
+            'Automaticky schválen na základě členství v LDAP skupině'
+        )
+
+        EgovUtils::RegistrationRequestMailer
+          .auto_accepted(registration_request.id)
+          .deliver_now
+
+        registration_request
+      end
+    end
+  end
+end
+

data/app/services/egov_utils/registration_requests/create.rb

@@ -0,0 +1,25 @@
+module EgovUtils
+  module RegistrationRequests
+    class Create < ActiveInteraction::Base
+      string :mail
+      string :firstname
+      string :lastname
+      string :organization
+      string :note
+
+      def execute
+        request = RegistrationRequest.create(inputs.merge(status: :pending))
+
+        if request.persisted?
+          EgovUtils::RegistrationRequestMailer.created(request.id).deliver_now
+          CheckAutoAcceptJob.perform_async(request.id)
+        else
+          errors.merge!(request.errors)
+        end
+
+        request
+      end
+    end
+  end
+end
+

data/app/services/egov_utils/registration_requests/handle_request.rb

@@ -0,0 +1,57 @@
+module EgovUtils
+  module RegistrationRequests
+    class HandleRequest < ActiveInteraction::Base
+      record :registration_request, class: 'EgovUtils::RegistrationRequest'
+      string :status
+      string :reason, default: nil
+      string :internal_reason, default: nil
+      array :roles, default: [] do
+        string
+      end
+
+      def execute
+        registration_request.update(
+          status: status,
+          reason: reason,
+          internal_reason: internal_reason
+        )
+
+        case status
+        when 'accepted'
+          user = create_user!
+          EgovUtils::RegistrationRequestMailer
+            .accepted(registration_request.id, user.id, password)
+            .deliver_now
+        when 'rejected'
+          EgovUtils::RegistrationRequestMailer
+            .rejected(registration_request.id)
+            .deliver_now
+        end
+
+        registration_request
+      end
+
+      private
+
+      def create_user!
+        user = User.create(
+          mail: registration_request.mail,
+          login: registration_request.mail,
+          firstname: registration_request.firstname,
+          lastname: registration_request.lastname,
+          password: password,
+          password_confirmation: password,
+          roles: roles.compact_blank,
+          must_change_password: true,
+          active: true,
+          last_login_at: Time.current
+        )
+      end
+
+      def password
+        @password ||= SecureRandom.hex(8)
+      end
+    end
+  end
+end
+

data/app/views/egov_utils/current_users/edit.html.haml

@@ -0,0 +1,12 @@
+%h1= t('.title')
+= bootstrap_form_for(current_user, url: current_user_path) do |form|
+  = form.text_field :login
+  = form.text_field :firstname
+  = form.text_field :lastname
+  .passwords
+    %h2= t('.password_change')
+    %em= t('.password_change_note')
+    = form.password_field :password
+    = form.password_field :password_confirmation
+  = form.submit
+

data/app/views/egov_utils/groups/_form.html.haml

@@ -1 +1,6 @@
 = form.text_field(:name)
+= bootstrap_form_for(@group) do |f|
+  = f.text_field :name
+  = f.collection_check_boxes :roles, EgovUtils::UserUtils::Role.roles, :first, ->(role) { I18n.t("roles.#{role.first}") }
+  .form-actions
+    = f.submit

data/app/views/egov_utils/groups/_groups_tab.html.haml

@@ -18,8 +18,3 @@
           %td.roles{data: {roles: group.roles, id: group.id}}= group.roles.join(', ')
         - else
           %td
-
-:javascript
-  $(function(){
-    $('#groups tbody').roles({ url: '#{roles_path(entity_class: 'EgovUtils::Group')}' });
-  });

data/app/views/egov_utils/groups/edit.html.haml

@@ -0,0 +1,4 @@
+%h1= t('.title')
+
+= render 'form'
+