egov_utils 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39d1cac9552de528bbd6fb76ab0f766289d3b0cbe795e2b5de0b0ac48558619a
-  data.tar.gz: ae2f54428922bd3a8ff814e243ceacad6fc65e06dee028351dcb64baf771a64b
+  metadata.gz: a0d959fdb236578d9d04f1828e69794d06ef9b7e03696f4459a714da45528180
+  data.tar.gz: c74d6584c3ca4ba356a236d81decd35e9d5a45b09f0b84048f2f32f2d95597ce
 SHA512:
-  metadata.gz: 13f02bb9e196af53330637d00e8127de164b19284f99988edcbfed14f0722449f04a70bb24dfcf7f93d08780b3eef8ad746e9923a51cc9bcc4b1e7558b4ac436
-  data.tar.gz: 9f3036d67042d62b3ec567e01da3fdbc60dc8a904026f883c60608d923e124a673a76d63f12dd9c81d149a3347389337aeafbad68ad529cbd3eef2703eae0b13
+  metadata.gz: d208c342267f541e57835573f28bb10f173592f87b2c0a7a96427c7398cfcd11b2984a1ba4770d67f1ef6be0b04e32edd0586b3f887d0e5b3b56711961afad94
+  data.tar.gz: 7e06bb6d70942d28fa90266e3b9aa5e4bc0c8bf3790989c934b385e5cafc9e95559af1beae42e189b9210b4a49360d6d28435d58f7a71e88a18259482ad7348b

data/app/controllers/egov_utils/current_users_controller.rb

@@ -0,0 +1,26 @@
+module EgovUtils
+  class CurrentUsersController < ApplicationController
+    before_action :require_login
+
+    def edit; end
+
+    def update
+      current_user.update(update_params)
+
+      if current_user.valid?
+        redirect_to edit_current_user_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def update_params
+      params
+        .require(:user)
+        .permit(:email, :password, :password_confirmation, :firstname,
+                :lastname)
+    end
+  end
+end

data/app/controllers/egov_utils/groups_controller.rb

@@ -2,20 +2,36 @@ require_dependency "egov_utils/application_controller"
 
 module EgovUtils
   class GroupsController < ApplicationController
+    def index
+      @groups = EgovUtils::Group.
+                accessible_by(current_ability).
+                order(:provider).
+                page(params[:page] || 1)
+    end
 
-    load_and_authorize_resource
+    def new
+      @group = Group.new
+    end
 
-    def index
-      @groups = EgovUtils::Group.accessible_by(current_ability)
+    def edit
+      @group = Group.find(params[:id])
     end
 
-    def show
+    def update
+      @group = Group.find(params[:id])
+
+      if @group.update(update_params)
+        redirect_to egov_utils.groups_path, notice: t('success_updated')
+      else
+        render :edit
+      end
     end
 
     def create
+      @group = Group.new(create_params)
       respond_to do |format|
         if @group.save
-          format.html{ redirect_to egov_utils.users_path, notice: t('success_created') }
+          format.html{ redirect_to egov_utils.groups_path, notice: t('success_created') }
           format.json{ render json: @group, status: :created }
         else
           format.html{ render 'new' }
@@ -44,9 +60,19 @@ module EgovUtils
 
     private
 
-      def create_params
-        params.require(:group).permit(:name, :provider, :ldap_uid, :external_uid)
+    def create_params
+      params
+        .require(:group)
+        .permit(:name, :provider, :ldap_uid, :external_uid, roles: []) do |p|
+          p[:roles] = p[:roles].compact_blank
+        end
+    end
+
+    def update_params
+      params.require(:group).permit(:name, roles: []).tap do |p|
+        p[:roles] = p[:roles].compact_blank
       end
+    end
 
   end
 end

data/app/controllers/egov_utils/passwords_controller.rb

@@ -18,8 +18,11 @@ module EgovUtils
       if @user && @user.password_change_possible?
         @token = @user.generate_reset_password_token
         EgovUtils::UserMailer.with(host: mailer_host).password_reset(@user, @token).deliver_later if @user.save
+        flash[:notice] = t('notice_reset_email_sent')
+      elsif !@user.password_change_possible?
+        flash[:error] = t('notice_pw_reset_not_possible')
       end
-      redirect_to egov_utils.reset_passwords_path, notice: t('notice_reset_email_sent')
+      redirect_to egov_utils.reset_passwords_path
     end
 
     # New password for existing user - password reset

data/app/controllers/egov_utils/registration_requests_controller.rb

@@ -0,0 +1,59 @@
+module EgovUtils
+  class RegistrationRequestsController < ApplicationController
+    before_action :find_registration_request, only: %i[show update]
+    before_action :require_login, except: %i[new create]
+
+    def index
+      @registration_requests =
+        RegistrationRequest.order(created_at: :desc).page(params[:page] || 1)
+    end
+
+    def show; end
+
+    def new
+      @registration_request = RegistrationRequest.new
+    end
+
+    def create
+      @registration_request = RegistrationRequests::Create.run!(create_params)
+      if @registration_request.valid?
+        redirect_to egov_utils.new_session_path,
+                    notice: I18n.t('registration_request.create.success')
+      else
+        render :new
+      end
+    end
+
+    def update
+      RegistrationRequests::HandleRequest.run!(
+        update_params.merge(registration_request: @registration_request)
+      )
+
+      if @registration_request.valid?
+        redirect_to @registration_request,
+                    notice: I18n.t('registration_request.update.success')
+      else
+        render :show
+      end
+    end
+
+    private
+
+    def find_registration_request
+      @registration_request = EgovUtils::RegistrationRequest.find(params[:id])
+    end
+
+    def create_params
+      params
+        .require(:registration_request)
+        .permit(:mail, :firstname, :lastname, :organization, :note)
+    end
+
+    def update_params
+      params
+        .require(:registration_request)
+        .permit(:status, :reason, :internal_reason, roles: [])
+    end
+  end
+end
+

data/app/controllers/egov_utils/users_controller.rb

@@ -1,24 +1,28 @@
-require_dependency "egov_utils/application_controller"
-require_dependency "egov_utils/auth_source"
+# frozen_string_literal: true
+
+require_dependency 'egov_utils/application_controller'
+require_dependency 'egov_utils/auth_source'
 
 module EgovUtils
   class UsersController < ApplicationController
+    skip_before_action :require_login, only: %i[new create confirm edit update]
+    before_action :set_providers, only: %i[index search]
 
-    skip_before_action :require_login, only: [:new, :create, :confirm, :edit, :update]
-
-    load_and_authorize_resource only: [:index, :new, :create, :show, :destroy, :edit, :update]
+    load_and_authorize_resource only: %i[index new create show destroy edit update]
 
     def index
-      providers
-      @groups = EgovUtils::Group.accessible_by(current_ability).order(:provider)
-      @new_user = EgovUtils::User.new(generate_password: true)
+      params[:default_scope] ||= :without_deleted
       azahara_schema_index do |users|
         users.add_sort('provider')
       end
+      @entities =
+        @users.entities.includes(:groups).page(params[:page] || 1).per(50)
+      if params[:search]
+        @entities = @entities.search(params[:search])
+      end
     end
 
-    def new
-    end
+    def new; end
 
     def create
       @user.mail ||= @user.login
@@ -34,25 +38,27 @@ module EgovUtils
             end
             flash[:notice] = t('activerecord.successful.messages.created', model: User.model_name.human)
           end
-          format.html{ redirect_to main_app.root_path }
-          format.json{ render json: @user, status: :created }
+          format.html { redirect_to main_app.root_path }
+          format.json { render json: @user, status: :created }
         else
-          format.html{ render 'new' }
-          format.json{ render json: @user.errors.full_messages, status: :unprocessable_entity }
+          format.html { render 'new' }
+          format.json { render json: @user.errors.full_messages, status: :unprocessable_entity }
         end
       end
     end
 
-    def show
-    end
+    def show; end
 
-    def edit
-    end
+    def edit; end
 
     def update
       @user.update(update_params)
 
-      redirect_to users_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      if @user.valid?
+        redirect_to users_path, notice: t('activerecord.successful.messages.updated', model: User.model_name.human)
+      else
+        render :edit
+      end
     end
 
     def destroy
@@ -81,29 +87,46 @@ module EgovUtils
       authorize!(:read, User)
       authorize!(:read, Group)
       user_results = []; group_results = []
-      providers.each do |provider|
-        user_results.concat( provider.search_user(params[:q]) )
-        group_results.concat( provider.search_group(params[:q]) )
+      @providers.each do |provider|
+        user_results.concat(provider.search_user(params[:q]))
+        group_results.concat(provider.search_group(params[:q]))
       end if params[:q].present?
       respond_to do |format|
-        format.json{ render json: {users: user_results, groups: group_results} }
+        format.json do
+          render json: { users: user_results, groups: group_results }
+        end
       end
     end
 
+    def unarchive
+      user = User.with_deleted.find(params[:id])
+      user.restore
+      redirect_to users_path, notice: t('activerecord.successful.messages.unarchived', model: User.model_name.human)
+    end
+
     private
 
-      def providers
-         @providers = EgovUtils::AuthSource.providers.collect{|p| EgovUtils::AuthSource.new(p)}
+    def set_providers
+      @providers = EgovUtils::AuthSource.providers.map do |p|
+        EgovUtils::AuthSource.new(p)
       end
+    end
 
-      def create_params
-        params_to_permit = [:login, :mail, :password, :password_confirmation, :provider, :firstname, :lastname]
-        params_to_permit << :generate_password if current_user.logged?
-        params.require(:user).permit(*params_to_permit)
-      end
+    def create_params
+      params_to_permit = %i[login mail password password_confirmation provider firstname lastname]
+      params_to_permit << :generate_password if current_user.logged?
+      params.require(:user).permit(*params_to_permit)
+    end
 
-      def update_params
-        params.require(:user).permit(:days_before_inactive)
-      end
+    def update_params
+      params
+        .require(:user)
+        .permit(
+          :days_before_inactive, :days_before_archive, :password,
+          :password_confirmation, roles: []
+        ).tap do |p|
+          p[:roles] = p[:roles].compact_blank
+        end
+    end
   end
 end

data/app/jobs/egov_utils/registration_requests/check_auto_accept_job.rb

@@ -0,0 +1,12 @@
+module EgovUtils
+  module RegistrationRequests
+    class CheckAutoAcceptJob
+      include Sidekiq::Worker
+
+      def perform(request_id)
+        CheckAutoAccept.run!(registration_request: request_id)
+      end
+    end
+  end
+end
+

data/app/mailers/egov_utils/registration_request_mailer.rb

@@ -0,0 +1,31 @@
+module EgovUtils
+  class RegistrationRequestMailer < ApplicationMailer
+    before_action { @host = params && params[:host] || Rails.application.config.action_mailer.default_url_options[:host] }
+
+    def created(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.created.subject'))
+    end
+
+    def accepted(request_id, user_id, password)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+      @user = User.find(user_id)
+      @password = password
+
+      mail(to: @user.mail, subject: I18n.t('mailers.registration_requests.accepted.subject'))
+    end
+
+    def auto_accepted(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.auto_accepted.subject'))
+    end
+
+    def rejected(request_id)
+      @request = EgovUtils::RegistrationRequest.find(request_id)
+
+      mail(to: @request.mail, subject: I18n.t('mailers.registration_requests.rejected.subject'))
+    end
+  end
+end

data/app/models/egov_utils/group.rb

@@ -25,9 +25,7 @@ module EgovUtils
 
     def ldap_members
       if provider.present?
-        Rails.cache.fetch("#{cache_key}/ldap_members", expires_in: 2.hours) do
-          auth_source.group_members(ldap_dn)
-        end
+        auth_source.group_members(ldap_dn)
       else
         []
       end

data/app/models/egov_utils/registration_request.rb

@@ -0,0 +1,21 @@
+module EgovUtils
+  class RegistrationRequest < ApplicationRecord
+    validates :mail, :firstname, :lastname, :organization, presence: true
+    validate :check_user_already_exists!
+
+    attr_accessor :roles
+
+    def fullname
+      "#{firstname} #{lastname}"
+    end
+
+    private
+
+    def check_user_already_exists!
+      return unless User.find_by(mail: mail)
+
+      errors.add(:mail, :taken)
+    end
+  end
+end
+

data/app/models/egov_utils/user.rb

@@ -3,7 +3,13 @@ require 'request_store_rails'
 
 module EgovUtils
   class User < Principal
+    acts_as_paranoid without_default_scope: true
+
     DEFAULT_ROLE = nil
+    SEARCH_FIELDS = [
+      'login', 'firstname', 'lastname', 'mail',
+      "CONCAT(firstname, ' ', lastname)", "CONCAT(lastname, ' ', firstname)"
+    ].freeze
 
     has_and_belongs_to_many :groups
 
@@ -36,6 +42,12 @@ module EgovUtils
       not_in_group(group).where(provider: nil)
     }
 
+    scope :search, lambda { |search_term|
+      search_term = search_term.to_s
+      term = SEARCH_FIELDS.map { |field| "#{field} ILIKE :search" }.join(' OR ')
+      where(term, search: "%#{sanitize_sql_like(search_term)}%")
+    }
+
     attribute :generate_password, :boolean, default: false
 
     def self.authenticate(login, password, active_only=true)

data/app/services/egov_utils/archive_users.rb

@@ -0,0 +1,12 @@
+module EgovUtils
+  class ArchiveUsers
+    def call
+      EgovUtils::User
+        .where.not(days_before_archive: nil, active: true).each do |user|
+        next if user.last_login_at > Time.now - user.days_before_archive.days
+
+        user.destroy
+      end
+    end
+  end
+end

data/app/services/egov_utils/refresh_groups.rb

@@ -0,0 +1,28 @@
+module EgovUtils
+  class RefreshGroups
+
+    def call
+      hsh = groups.each_with_object({}) do |group, memo|
+        infos = group.ldap_members
+        infos.each do |info|
+          memo[info] ||= []
+          memo[info] << group
+        end
+      end
+
+      hsh.each do |info, groups|
+        user = EgovUtils::User.find_by(login: info[:login])
+        next unless user
+
+        all_groups = user.groups.where(ldap_uid: nil) + groups
+        user.update(info.merge(groups: all_groups))
+      end
+    end
+
+    private
+
+    def groups
+      EgovUtils::Group.where.not(ldap_uid: nil)
+    end
+  end
+end

data/app/services/egov_utils/refresh_user_groups.rb

@@ -6,7 +6,7 @@ module EgovUtils
     end
 
     def call
-      group_ids = (current_non_ldap_group + ldap_groups).compact.map(&:id)
+      group_ids = (current_non_ldap_groups + ldap_groups).compact.map(&:id)
       user.group_ids = group_ids
       user
     end
@@ -18,14 +18,13 @@ module EgovUtils
     def ldap_groups
       return [] if user.provider.blank?
 
-      @ldap_groups ||= begin
+      @ldap_groups ||=
         EgovUtils::Group.where(provider: user.provider).to_a.select do |g|
           user.auth_source.member?(user.ldap_dn, g.external_uid)
         end
-      end
     end
 
-    def current_non_ldap_group
+    def current_non_ldap_groups
       @current_non_ldap_groups ||= user.groups.where(ldap_uid: nil)
     end
   end

data/app/services/egov_utils/registration_requests/check_auto_accept.rb

@@ -0,0 +1,31 @@
+module EgovUtils
+  module RegistrationRequests
+    class CheckAutoAccept < ActiveInteraction::Base
+      record :registration_request, class: 'EgovUtils::RegistrationRequest'
+
+      def execute
+        member = nil
+        EgovUtils::Group.where.not(provider: nil).detect do |g|
+          member = g.ldap_members.detect do |m|
+            m[:login] == registration_request.mail
+          end
+        end
+
+        return unless member
+
+        registration_request.update(
+          status: 'accepted',
+          internal_note:
+            'Automaticky schválen na základě členství v LDAP skupině'
+        )
+
+        EgovUtils::RegistrationRequestMailer
+          .auto_accepted(registration_request.id)
+          .deliver_now
+
+        registration_request
+      end
+    end
+  end
+end
+

data/app/services/egov_utils/registration_requests/create.rb

@@ -0,0 +1,25 @@
+module EgovUtils
+  module RegistrationRequests
+    class Create < ActiveInteraction::Base
+      string :mail
+      string :firstname
+      string :lastname
+      string :organization
+      string :note
+
+      def execute
+        request = RegistrationRequest.create(inputs.merge(status: :pending))
+
+        if request.persisted?
+          EgovUtils::RegistrationRequestMailer.created(request.id).deliver_now
+          CheckAutoAcceptJob.perform_async(request.id)
+        else
+          errors.merge!(request.errors)
+        end
+
+        request
+      end
+    end
+  end
+end
+

data/app/services/egov_utils/registration_requests/handle_request.rb

@@ -0,0 +1,57 @@
+module EgovUtils
+  module RegistrationRequests
+    class HandleRequest < ActiveInteraction::Base
+      record :registration_request, class: 'EgovUtils::RegistrationRequest'
+      string :status
+      string :reason, default: nil
+      string :internal_reason, default: nil
+      array :roles, default: [] do
+        string
+      end
+
+      def execute
+        registration_request.update(
+          status: status,
+          reason: reason,
+          internal_reason: internal_reason
+        )
+
+        case status
+        when 'accepted'
+          user = create_user!
+          EgovUtils::RegistrationRequestMailer
+            .accepted(registration_request.id, user.id, password)
+            .deliver_now
+        when 'rejected'
+          EgovUtils::RegistrationRequestMailer
+            .rejected(registration_request.id)
+            .deliver_now
+        end
+
+        registration_request
+      end
+
+      private
+
+      def create_user!
+        user = User.create(
+          mail: registration_request.mail,
+          login: registration_request.mail,
+          firstname: registration_request.firstname,
+          lastname: registration_request.lastname,
+          password: password,
+          password_confirmation: password,
+          roles: roles.compact_blank,
+          must_change_password: true,
+          active: true,
+          last_login_at: Time.current
+        )
+      end
+
+      def password
+        @password ||= SecureRandom.hex(8)
+      end
+    end
+  end
+end
+

data/app/views/egov_utils/current_users/edit.html.haml

@@ -0,0 +1,12 @@
+%h1= t('.title')
+= bootstrap_form_for(current_user, url: current_user_path) do |form|
+  = form.text_field :login
+  = form.text_field :firstname
+  = form.text_field :lastname
+  .passwords
+    %h2= t('.password_change')
+    %em= t('.password_change_note')
+    = form.password_field :password
+    = form.password_field :password_confirmation
+  = form.submit
+

data/app/views/egov_utils/groups/_form.html.haml

@@ -1 +1,6 @@
 = form.text_field(:name)
+= bootstrap_form_for(@group) do |f|
+  = f.text_field :name
+  = f.collection_check_boxes :roles, EgovUtils::UserUtils::Role.roles, :first, ->(role) { I18n.t("roles.#{role.first}") }
+  .form-actions
+    = f.submit

data/app/views/egov_utils/groups/_groups_tab.html.haml

@@ -18,8 +18,3 @@
           %td.roles{data: {roles: group.roles, id: group.id}}= group.roles.join(', ')
         - else
           %td
-
-:javascript
-  $(function(){
-    $('#groups tbody').roles({ url: '#{roles_path(entity_class: 'EgovUtils::Group')}' });
-  });

data/app/views/egov_utils/groups/edit.html.haml

@@ -0,0 +1,4 @@
+%h1= t('.title')
+
+= render 'form'
+

data/app/views/egov_utils/groups/index.html.haml

@@ -1,21 +1,30 @@
-%ul.nav.nav-tabs{role: 'tablist'}
-  %li.nav-item
-    = link_to(EgovUtils::User.model_name.human(count: :other), users_path, id: 'users_tab', class: 'nav-link', 'data-toggle'=>'tab', 'aria-controls'=>'users_container')
-  %li.nav-item
-    = link_to(EgovUtils::Group.model_name.human(count: :other), groups_path, id: 'groups_tab', class: 'nav-link active', 'data-toggle'=>'tab', 'aria-controls'=>'groups_container')
+%h1= EgovUtils::Group.model_name.human(count: 2)
 
-.tab-content
-  #users_container.tab-pane.fade{role: 'tabpanel', 'aria-labelledby'=>'users_tab'}
-    = render 'egov_utils/users/users_tab', users: @users
-  #groups_container.tab-pane.fade.show.active{role: 'tabpanel', 'aria-labelledby'=>'groups_tab'}
-    = render 'egov_utils/groups/groups_tab', groups: @groups
-  #create_container.tab-pane.fade{role: 'tabpanel', 'aria-labelledby'=>'create_tab'}
-    %h3= t('label_ldap')
-    = render 'egov_utils/users/ldap_search'
-    %h3= t('label_new')
-    = bootstrap_form_for(EgovUtils::User.new) do |f|
-      = render 'egov_utils/users/form', form: f
+= link_to t('helpers.action.egov_utils.group.new'), egov_utils.new_group_path, class: 'btn btn-primary'
 
-$.ajax('url').done(function(response){
-  $('#cast-2-rizeni-pred-soudem-prvniho-stupne').html(response);
-});
+%table.table.table-striped
+  %thead
+    %tr
+      %th= EgovUtils::Group.human_attribute_name('name')
+      %th= EgovUtils::Group.human_attribute_name('provider')
+      %th= EgovUtils::Group.human_attribute_name('roles')
+      %th= t('label_actions')
+  %tbody
+    - if @groups.empty?
+      %tr
+        %td{colspan: 4}= t('label_no_entries')
+    - @groups.each do |group|
+      %tr
+        %td= link_to(group.name, group)
+        %td= group.provider
+        %td= group.roles.map { I18n.t("roles.#{_1}") }.join(', ')
+        %td
+          - if can?(:manage, group)
+            = link_to(t('label_edit'), edit_group_path(group), class: 'btn btn-secondary btn-sm')
+
+.row
+  .col-md-4
+    = page_entries_info @groups
+  .col-md-4
+    = paginate @groups
+  .col-md-4

data/app/views/egov_utils/groups/new.html.haml

@@ -0,0 +1,4 @@
+%h1= t('.title')
+
+= render 'form'
+

data/app/views/egov_utils/registration_request_mailer/accepted.html.erb

@@ -0,0 +1,12 @@
+<p>
+v aplikaci <%= t(:app_name) %> Vám byl vytvořen přístup.
+Vaše přístupové údaje jsou:
+</p>
+<ul>
+  <li>login: <%= @user.login %></li>
+  <li>heslo: <%= @password %></li>
+</ul>
+
+<p>
+Po prvním přihlášení budete vyzváni ke změně hesla.
+</p>

data/app/views/egov_utils/registration_request_mailer/auto_accepted.html.erb

@@ -0,0 +1,8 @@
+<p>
+Vaše žádost o registraci do aplikace <%= t(:app_name) %> byla automaticky schválena.
+</p>
+
+<p>
+  Do aplikace se můžete přihlásit za pomoci vašeho emailu, který jste zadali při žádosti a hesla, které používáte do jiných systémů MSp.
+</p>
+

data/app/views/egov_utils/registration_request_mailer/created.html.erb

@@ -0,0 +1,12 @@
+<p>
+Vaše žádost o registraci do aplikace <%= t(:app_name) %> byla přijata.
+</p>
+
+<ul>
+  <li>E-mail: <%= @request.mail %></li>
+  <li>Jméno: <%= @request.firstname %></li>
+  <li>Příjmení: <%= @request.lastname %></li>
+  <li>Organizace: <%= @request.organization %></li>
+  <li>Poznámka: <%= @request.note %></li>
+</ul>
+

data/app/views/egov_utils/registration_request_mailer/rejected.html.erb

@@ -0,0 +1,6 @@
+<p>
+vaše žádost o registraci do aplikace <%= t(:app_name) %> byla zamítnuta.
+</p>
+
+<p>Odůvodnění: <%= @request.note %></p>
+

data/app/views/egov_utils/registration_requests/index.html.haml

@@ -0,0 +1,29 @@
+%h1= t('.title')
+
+%table.table.table-striped
+  %thead
+    %th= EgovUtils::RegistrationRequest.human_attribute_name('fullname')
+    %th= EgovUtils::RegistrationRequest.human_attribute_name('created_at')
+    %th= EgovUtils::RegistrationRequest.human_attribute_name('status')
+    %th= t('label_actions')
+  %tbody
+    - if @registration_requests.empty?
+      %tr
+        %td{colspan: 4}= t('label_no_entries')
+    - @registration_requests.each do |request|
+      %tr
+        %td
+          %div= request.fullname
+          %small= request.mail
+        %td= l(request.created_at)
+        %td= t("registration_request.statuses.#{request.status}")
+        %td
+          = link_to t('.show'), egov_utils.registration_request_path(request), class: 'btn btn-secondary btn-sm'
+
+.row
+  .col-md-4
+    = page_entries_info @registration_requests
+  .col-md-4
+    = paginate @registration_requests
+  .col-md-4
+

data/app/views/egov_utils/registration_requests/new.html.haml

@@ -0,0 +1,9 @@
+%h1= t('.title')
+
+= bootstrap_form_for(@registration_request) do |f|
+  = f.text_field(:mail)
+  = f.text_field(:firstname)
+  = f.text_field(:lastname)
+  = f.text_field(:organization)
+  = f.text_field(:note)
+  = f.submit t(:label_registration_request)

data/app/views/egov_utils/registration_requests/show.html.haml

@@ -0,0 +1,51 @@
+%h1= t('.title', name: @registration_request.fullname)
+
+%table.table.table-striped
+  %tbody
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('mail')
+      %td= @registration_request.mail
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('firstname')
+      %td= @registration_request.firstname
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('lastname')
+      %td= @registration_request.lastname
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('organization')
+      %td= @registration_request.organization
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('note')
+      %td= @registration_request.note
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('created_at')
+      %td= l(@registration_request.created_at)
+    %tr
+      %th= EgovUtils::RegistrationRequest.human_attribute_name('status')
+      %td= t("registration_request.statuses.#{@registration_request.status}")
+    - if @registration_request.status != 'pending'
+      %tr
+        %th= EgovUtils::RegistrationRequest.human_attribute_name('reason')
+        %td= @registration_request.reason
+      %tr
+        %th= EgovUtils::RegistrationRequest.human_attribute_name('internal_reason')
+        %td= @registration_request.internal_reason
+
+- if @registration_request.status == 'pending'
+  = bootstrap_form_for(@registration_request, url: '#') do |f|
+    = f.text_area(:reason)
+    = f.text_area(:internal_reason)
+    = f.hidden_field(:status, value: nil)
+    = f.collection_check_boxes :roles, EgovUtils::UserUtils::Role.roles, :first, ->(role) { I18n.t("roles.#{role.first}") }
+
+    = f.submit t('.accept'), class: 'btn btn-success', data: { value: 'accepted' }
+    = f.submit t('.reject'), class: 'btn btn-danger', data: { value: 'rejected' }
+
+:javascript
+  $(function() {
+    $('input[type=submit]').click(function(e) {
+      var status = $(this).data('value');
+      $('#registration_request_status').val(status);
+    });
+  });
+

data/app/views/egov_utils/sessions/new.html.haml

@@ -6,3 +6,6 @@
   = link_to t('label_signup'), egov_utils.new_user_path, class: 'btn btn-secondary'
 - if EgovUtils::Settings.allow_password_reset?
   = link_to t('label_forgotten_password'), egov_utils.reset_passwords_path
+
+%br
+= link_to t('.registration_request'), new_registration_request_path

data/app/views/egov_utils/users/edit.html.haml

@@ -1,4 +1,13 @@
+%h1= t('.title')
+
 = bootstrap_form_for(@user) do |f|
   = f.text_field :days_before_inactive
+  = f.text_field :days_before_archive
+  = f.collection_check_boxes :roles, EgovUtils::UserUtils::Role.roles, :first, ->(role) { I18n.t("roles.#{role.first}") }
+  - if @user.password_change_possible?
+    %h2= t('.password_change')
+    %em= t('.password_change_note')
+    = f.password_field :password
+    = f.password_field :password_confirmation
   .form-actions
     = f.submit

data/app/views/egov_utils/users/index.html.haml

@@ -1,26 +1,43 @@
-%ul.nav.nav-tabs{role: 'tablist'}
-  %li.nav-item
-    = link_to(EgovUtils::User.model_name.human(count: :other), '#users_container', id: 'users_tab', class: 'nav-link active', 'data-toggle'=>'tab', 'aria-controls'=>'users_container')
-  %li.nav-item
-    = link_to(EgovUtils::Group.model_name.human(count: :other), '#groups_container', id: 'groups_tab', class: 'nav-link', 'data-toggle'=>'tab', 'aria-controls'=>'groups_container')
-  %li.nav-item.dropdown
-    %a.nav-link.dropdown-toggle{'data-toggle'=>'dropdown', 'href'=>'#', 'role'=>'button'}
-      = t('label_new')
-    .dropdown-menu
-      = link_to(t('label_new'), '#create', id: 'create_tab', class: 'dropdown-item', 'data-toggle'=>'tab', 'aria-controls'=>'create')
-      = link_to(t('label_ldap'), '#create_ldap', id: 'create_tab', class: 'dropdown-item', 'data-toggle'=>'tab', 'aria-controls'=>'create_ldap')
+%h1= EgovUtils::User.model_name.human(count: 2)
 
-.tab-content
-  #users_container.tab-pane.fade.show.active{role: 'tabpanel', 'aria-labelledby'=>'users_tab'}
-    = render 'egov_utils/users/users_tab', users: @users
-  #groups_container.tab-pane.fade{role: 'tabpanel', 'aria-labelledby'=>'groups_tab'}
-    = render 'egov_utils/groups/groups_tab', groups: @groups
-  #create_ldap.tab-pane.fade{role: 'tabpanel', 'aria-labelledby'=>'create_tab'}
-    %h3= t('label_ldap')
-    = render 'egov_utils/users/ldap_search'
-  #create.tab-pane.fade{role: 'tabpanel', 'aria-labelledby'=>'create_tab'}
-    %h3= t('label_new')
-    = bootstrap_form_for(@new_user) do |f|
-      = render 'egov_utils/users/form', form: f
-      .form-actions
-        = f.submit
+= bootstrap_form_tag(url: egov_utils.users_path, method: :get, layout: :inline) do |f|
+  .form-group
+    = f.text_field :search, value: params[:search], label: false, placeholder: t('label_search'), skip_label: true
+    = f.submit 'Vyhledat', class: 'btn btn-primary btn-sm'
+
+%table.table.table-striped
+  %thead
+    %th= EgovUtils::User.human_attribute_name('fullname')
+    %th= EgovUtils::User.human_attribute_name('provider')
+    %th= EgovUtils::User.human_attribute_name('roles')
+    %th= EgovUtils::User.human_attribute_name('groups')
+    %th= t('label_actions')
+  %tbody
+    - if @entities.empty?
+      %tr
+        %td{colspan: 4}= t('label_no_entries')
+    - @entities.each do |user|
+      %tr
+        %td
+          %div= user.fullname
+          %small= user.login
+        %td= 'LDAP' if user.provider
+        %td= user.all_role_names.map { I18n.t("roles.#{_1}") }.join(', ')
+        %td= user.groups.map(&:name).join(', ')
+        %td
+          - unless user.active?
+            = button_to(t('label_approve'), approve_user_path(user), class: 'btn btn-primary btn-sm')
+          - if can?(:edit, user)
+            = link_to(t('label_edit'), edit_user_path(user), class: 'btn btn-secondary btn-sm')
+          - if can?(:delete, user)
+            - if user.deleted?
+              = button_to(t('label_unarchive'), unarchive_user_path(user), method: :patch, class: 'btn btn-danger btn-sm')
+            - else
+              = button_to(t('label_archive'), user_path(user), method: :delete, class: 'btn btn-danger btn-sm')
+
+.row
+  .col-md-4
+    = page_entries_info @entities
+  .col-md-4
+    = paginate @entities
+  .col-md-4

data/config/locales/cs.yml

@@ -42,6 +42,7 @@ cs:
   notice_signeup_with_mail: Registrace proběhla úspěšně, byl Vám odeslán potvrzovací e-mail, prosím zkontrolujte svou poštu.
   notice_password_changed: Heslo bylo úspěšně změněno
   notice_reset_email_sent: E-mail s instrukcemi pro změnu hesla byl odeslán na zadanou e-mailovou adresu.
+  notice_pw_reset_not_possible: Není možné resetovat heslo, protože váš účet je spravován mimo databázi aplikace VTS. Vaše přihlašovací heslo je stejné jako do ostatních systémů MSp. V případě nutnosti se, prosím, obraťte na technickou podporu Vaší organizace.
   success_user_confirm: Váše e-mailová adresa byla potvrzena. Nyní se již můžete přihlásit.
   error_password_expired: Platnost vašeho hesla vypršela. Prosím změňte ho.
   warning_password_not_changed: Heslo nebylo změněno, zadali jste všechna hesla správně?
@@ -68,6 +69,9 @@ cs:
   label_add_group_member: Přidat uživatele
   label_forgotten_password: Zapomněli jste heslo?
   label_reset_password: Obnova hesla
+  label_archive: Archivovat
+  label_unarchive: Obnovit
+  label_registration_request: Zažádat o přístup
 
   text_born_on_at: "Narozen %{date} v %{place}"
 
@@ -80,17 +84,22 @@ cs:
   models: &my_models
     egov_utils/user:
       one: Uživatel
-      other: Uživatelé
+      few: Uživatelé
+      other: Uživatelů
     egov_utils/group:
       one: Skupina
-      other: Skupiny
+      few: Skupiny
+      other: Skupin
     egov_utils/address:
       one: Adresa
-      other: Adresy
+      few: Adresy
+      other: Adres
 
   model_attributes: &my_attributes
     egov_utils/user:
       days_before_inactive: Počet dní od posledního přihlášení před deaktivací
+      days_before_archive: Počet dní od deaktivace před automatickou archivací
+      groups: Skupiny
       login: Přihlašovací email
       mail: E-mail
       password_confirmation: Potvrzení hesla
@@ -98,8 +107,10 @@ cs:
       lastname: Příjmení
       fullname: Jméno a příjmení
       roles: Role
+      provider: Typ
       generate_password: Generovat heslo
     egov_utils/group:
+      name: 'Název'
       roles: Role
     egov_utils/address:
       full_address: Adresa
@@ -131,6 +142,17 @@ cs:
       name: Název
       ico: IČO
       legal_form: Právní forma
+    egov_utils/registration_request:
+      mail: E-mail
+      firstname: Jméno
+      lastname: Příjmení
+      organization: Organizace
+      note: Poznámka
+      created_at: Vytvořeno
+      status: Status
+      fullname: Jméno
+      reason: Odůvodnění
+      internal_reason: Interní poznámka
 
   models_errors: &my_model_errors
     profile:
@@ -139,6 +161,7 @@ cs:
   model_help_messages: &my_help_messages
     egov_utils/user:
       days_before_inactive: Pokud ponecháte pole prázdné, uživatelský účet nebude expirovat.
+      days_before_archive: Pokud ponecháte pole prázdné, uživatelský účet nebude expirovat.
       generate_password: Heslo bude vygenerováno a posláno uživateli na e-mail, při prvním přihlášení bude heslo muset změnit.
 
 
@@ -156,6 +179,8 @@ cs:
       mail: E-mailová adresa
 
   submits: &my_submits
+    group:
+      update: 'Aktualizovat skupinu'
     user:
       update: Aktualizovat uživatele
     password_change:
@@ -181,8 +206,13 @@ cs:
         created: "%{model} úspěšně vytvořen"
         updated: "%{model} úspěšně aktualizován"
         destroyed: "%{model} úspěšně smazán"
+        unarchived: "%{model} úspěšně obnoven"
 
   helpers:
+    action:
+      egov_utils:
+        group:
+          new: 'Nová skupina'
     label:
       <<: *my_labels
     submit:
@@ -196,3 +226,51 @@ cs:
       in_past: Musí být v minulosti
       after_1920: Musí být po roce 1920
       fileuid_format: Nesprávný tvar spisové značky
+
+  egov_utils:
+    current_users:
+      edit:
+        title: Úprava profilu
+        password_change: Změna hesla
+        password_change_note: Pokud necháte pole prázdná, heslo nebude aktualizováno.
+    groups:
+      edit:
+        title: 'Úprava skupiny'
+    registration_requests:
+      new:
+        title: 'Žádost o registraci'
+      index:
+        show: 'Detail žádosti'
+        title: 'Žádosti o přístup do aplikace'
+      show:
+        title: 'Žádost o registraci - %{name}'
+        accept: 'Přijmout žádost'
+        reject: 'Odmítnout žádost'
+    sessions:
+      new:
+        registration_request: 'Žádost o registraci'
+    users:
+      edit:
+        title: Úprava uživatele
+        password_change: Změna hesla
+        password_change_note: Pokud necháte pole prázdná, heslo nebude aktualizováno.
+  registration_request:
+    statuses:
+      pending: K vyřízení
+      accepted: Schválen
+      rejected: Zamítnut
+    create:
+      success: 'Žádost o registraci úspěšně vytvořena. Váš požadavek bude vyřízen v nejbližších dnech.'
+    update:
+      success: 'Žádost úspěšně uložena'
+
+  mailers:
+    registration_requests:
+      created:
+        subject: 'Žádost o vytvoření účtu v aplikaci VTS přijata'
+      accepted:
+        subject: 'Žádost o vytvoření účtu v aplikaci VTS schválena'
+      auto_accepted:
+        subject: 'Žádost o vytvoření účtu v aplikaci VTS přijata'
+      rejected:
+        subject: 'Žádost o vytvoření účtu v aplikaci VTS odmítnuta'

data/config/routes.rb

@@ -10,7 +10,10 @@ EgovUtils::Engine.routes.draw do
     get :search, on: :collection
     post :approve, on: :member
     get :confirm, on: :member
+    patch :unarchive, on: :member
   end
+  resource :current_user, only: %i[edit update]
+  resources :registration_requests, only: %i[new create show index update]
 
   resources :people do
     get :addresses
@@ -24,7 +27,7 @@ EgovUtils::Engine.routes.draw do
   end
   resources :roles
 
-  resources :passwords, only: [:index, :edit, :update] do
+  resources :passwords, only: %i[index edit update] do
     collection do
       get 'reset'
       post 'send_reset_token'
@@ -38,6 +41,8 @@ EgovUtils::Engine.routes.draw do
   get '/address/validate_ruian' => 'addresses#validate_ruian', as: :validate_ruian
   get '/organizations/district_courts' => 'organizations#district_courts', as: :district_courts_organizations
 
+  resource :settings, only: %i[show update]
+
   namespace :redmine do
     resources :issues, only: :index
   end

data/db/migrate/20230407114921_add_deleted_at_to_egov_utils_users.rb

@@ -0,0 +1,6 @@
+class AddDeletedAtToEgovUtilsUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :egov_utils_users, :deleted_at, :datetime
+    add_index :egov_utils_users, :deleted_at
+  end
+end

data/db/migrate/20230408123813_create_egov_utils_registration_requests.rb

@@ -0,0 +1,16 @@
+class CreateEgovUtilsRegistrationRequests < ActiveRecord::Migration[6.1]
+  def change
+    create_table :egov_utils_registration_requests do |t|
+      t.string :mail
+      t.string :firstname
+      t.string :lastname
+      t.string :organization
+      t.string :note
+      t.string :status
+      t.string :reason
+      t.string :internal_reason
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20230412063325_add_days_before_archive_to_egov_utils_users.rb

@@ -0,0 +1,5 @@
+class AddDaysBeforeArchiveToEgovUtilsUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :egov_utils_users, :days_before_archive, :integer, default: 30
+  end
+end

data/lib/egov_utils/version.rb

@@ -1,3 +1,3 @@
 module EgovUtils
-  VERSION = '1.1.1'
+  VERSION = '1.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: egov_utils
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Ondřej Ezr
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-26 00:00:00.000000000 Z
+date: 2023-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -58,6 +58,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: active_interaction
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement
@@ -510,11 +524,13 @@ files:
 - app/attributes/egov_utils/region.rb
 - app/controllers/egov_utils/addresses_controller.rb
 - app/controllers/egov_utils/application_controller.rb
+- app/controllers/egov_utils/current_users_controller.rb
 - app/controllers/egov_utils/groups_controller.rb
 - app/controllers/egov_utils/organizations_controller.rb
 - app/controllers/egov_utils/passwords_controller.rb
 - app/controllers/egov_utils/people_controller.rb
 - app/controllers/egov_utils/redmine/issues_controller.rb
+- app/controllers/egov_utils/registration_requests_controller.rb
 - app/controllers/egov_utils/roles_controller.rb
 - app/controllers/egov_utils/sessions_controller.rb
 - app/controllers/egov_utils/users_controller.rb
@@ -525,7 +541,9 @@ files:
 - app/helpers/egov_utils/roles_helper.rb
 - app/helpers/egov_utils/users_helper.rb
 - app/jobs/egov_utils/application_job.rb
+- app/jobs/egov_utils/registration_requests/check_auto_accept_job.rb
 - app/mailers/egov_utils/application_mailer.rb
+- app/mailers/egov_utils/registration_request_mailer.rb
 - app/mailers/egov_utils/user_mailer.rb
 - app/models/ability.rb
 - app/models/egov_utils/abstract_person.rb
@@ -538,6 +556,7 @@ files:
 - app/models/egov_utils/natural_person.rb
 - app/models/egov_utils/person.rb
 - app/models/egov_utils/principal.rb
+- app/models/egov_utils/registration_request.rb
 - app/models/egov_utils/user.rb
 - app/resources/egov_utils/legal_form.rb
 - app/resources/egov_utils/love.rb
@@ -549,7 +568,12 @@ files:
 - app/schemas/egov_utils/natural_person_schema.rb
 - app/schemas/egov_utils/person_schema.rb
 - app/schemas/egov_utils/user_schema.rb
+- app/services/egov_utils/archive_users.rb
+- app/services/egov_utils/refresh_groups.rb
 - app/services/egov_utils/refresh_user_groups.rb
+- app/services/egov_utils/registration_requests/check_auto_accept.rb
+- app/services/egov_utils/registration_requests/create.rb
+- app/services/egov_utils/registration_requests/handle_request.rb
 - app/validators/birthday_validator.rb
 - app/validators/email_validator.rb
 - app/validators/fileuid_validator.rb
@@ -559,9 +583,12 @@ files:
 - app/views/common/_modal.html.haml
 - app/views/common/modal_action.js.erb
 - app/views/egov_utils/addresses/_form.html.haml
+- app/views/egov_utils/current_users/edit.html.haml
 - app/views/egov_utils/groups/_form.html.haml
 - app/views/egov_utils/groups/_groups_tab.html.haml
+- app/views/egov_utils/groups/edit.html.haml
 - app/views/egov_utils/groups/index.html.haml
+- app/views/egov_utils/groups/new.html.haml
 - app/views/egov_utils/groups/new_users.html.haml
 - app/views/egov_utils/groups/show.html.haml
 - app/views/egov_utils/passwords/edit.html.haml
@@ -569,6 +596,13 @@ files:
 - app/views/egov_utils/passwords/reset.html.haml
 - app/views/egov_utils/people/_form.html.haml
 - app/views/egov_utils/redmine/issues/index.html.haml
+- app/views/egov_utils/registration_request_mailer/accepted.html.erb
+- app/views/egov_utils/registration_request_mailer/auto_accepted.html.erb
+- app/views/egov_utils/registration_request_mailer/created.html.erb
+- app/views/egov_utils/registration_request_mailer/rejected.html.erb
+- app/views/egov_utils/registration_requests/index.html.haml
+- app/views/egov_utils/registration_requests/new.html.haml
+- app/views/egov_utils/registration_requests/show.html.haml
 - app/views/egov_utils/roles/index.html.haml
 - app/views/egov_utils/sessions/new.html.haml
 - app/views/egov_utils/user_mailer/account_information.html.erb
@@ -617,6 +651,9 @@ files:
 - db/migrate/20180424143207_add_titles_to_natural_people.rb
 - db/migrate/20220331113917_add_days_before_inactive_to_egov_utils_users.rb
 - db/migrate/20220624070709_migrate_person_residence_to_addresses.rb
+- db/migrate/20230407114921_add_deleted_at_to_egov_utils_users.rb
+- db/migrate/20230408123813_create_egov_utils_registration_requests.rb
+- db/migrate/20230412063325_add_days_before_archive_to_egov_utils_users.rb
 - lib/azahara_schema_currency.rb
 - lib/azahara_schema_currency/aggregation_attribute_patch.rb
 - lib/azahara_schema_currency/association_attribute_patch.rb