erp_tech_svcs 4.0.0 → 4.2.0

data/app/controllers/api/v1/security_roles_controller.rb

@@ -0,0 +1,276 @@
+module Api
+  module V1
+    class SecurityRolesController < BaseController
+
+      def index
+        query = params[:query]
+        parent_iids = params[:parent]
+        include_admin = params[:include_admin]
+
+        security_roles = []
+
+        if parent_iids
+          parent = nil
+
+          # if the parent param is a comma separated string then
+          # there are multiple parents
+          parent_iids.split(',').each do |parent_iid|
+            parent = nil
+
+            # if the parent param is a colon separated string then
+            # the parent is nested from left to right
+            parent_iid.split(':').each do |nested_parent_iid|
+              if parent
+                parent = parent.children.where('internal_identifier = ?', nested_parent_iid).first
+              else
+                parent = SecurityRole.where('internal_identifier = ?', nested_parent_iid).first
+              end
+            end
+
+            security_roles = security_roles.concat parent.children
+          end
+
+          security_roles = SecurityRole.where(id: security_roles.collect(&:id))
+        elsif params[:user_id].present?
+          security_roles = User.find(params[:user_id]).party.security_roles
+        else
+          security_roles = nil
+        end
+
+        respond_to do |format|
+          format.tree do
+            nodes = [].tap do |nodes|
+              unless security_roles
+                security_roles = SecurityRole.roots
+              end
+
+              security_roles.all.each do |security_role|
+                nodes.push(security_role.to_tree_hash)
+              end
+            end
+
+            if include_admin
+              nodes.unshift SecurityRole.iid('admin').to_tree_hash
+            end
+
+            render :json => {success: true, security_roles: nodes}
+          end
+          format.json do
+            sort_hash = params[:sort].blank? ? {} : Hash.symbolize_keys(JSON.parse(params[:sort]).first)
+            sort = sort_hash[:property] || 'description'
+            dir = sort_hash[:direction] || 'ASC'
+            limit = params[:limit]
+            start = params[:start]
+
+            unless security_roles
+              security_roles = SecurityRole
+            end
+
+            if query
+              security_role_tbl = SecurityRole.arel_table
+              statement = security_roles.where(security_role_tbl[:description].matches("%#{query}%")
+                                               .or(security_role_tbl[:internal_identifier].matches("%#{query}%")))
+
+              total_count = statement.count
+              security_roles = statement.order("#{sort} #{dir}")
+            else
+              total_count = security_roles.count
+              security_roles = security_roles.order("#{sort} #{dir}")
+            end
+
+            if limit and start
+              security_roles = security_roles.limit(limit).offset(start)
+            end
+
+            if include_admin
+              security_roles = security_roles.all
+              security_roles.unshift SecurityRole.iid('admin')
+            end
+
+            render :json => {
+              success: true, total_count: total_count,
+              security_roles: security_roles.collect do |security_role|
+                security_role.to_data_hash
+              end
+            }
+          end
+        end
+      end
+
+      def available
+        type = params[:type]
+        id = params[:id]
+
+        sort = (params[:sort] || 'description').downcase
+        dir = (params[:dir] || 'asc').downcase
+        query_filter = params[:query_filter].strip rescue nil
+
+        statement = id.blank? ? SecurityRole : type.constantize.find(id).roles_not
+        statement = (params[:query_filter].blank? ? statement : statement.where("UPPER(security_roles.description) LIKE UPPER('%#{query_filter}%')"))
+        available = statement.paginate(:page => page, :per_page => per_page, :order => "#{sort} #{dir}")
+
+        render :json => {:total_count => statement.count, :security_roles => available.map { |security_role| security_role.to_data_hash }}
+      end
+
+      def selected
+        type = params[:type]
+        id = params[:id]
+
+        sort = (params[:sort] || 'description').downcase
+        dir = (params[:dir] || 'asc').downcase
+        query_filter = params[:query_filter].strip rescue nil
+
+        statement = id.blank? ? SecurityRole : type.constantize.find(id).roles
+        statement = (params[:query_filter].blank? ? statement : statement.where("UPPER(security_roles.description) LIKE UPPER('%#{query_filter}%')"))
+        selected = statement.paginate(:page => page, :per_page => per_page, :order => "#{sort} #{dir}")
+
+        render :json => {:total_count => statement.count, :security_roles => selected.map { |security_role| security_role.to_data_hash }}
+      end
+
+      def add
+        begin
+          type = params[:type]
+          id = params[:id]
+          security_role_ids = JSON.parse(params[:security_role_ids])
+
+          assign_to = type.constantize.find(id)
+          security_role_ids.each do |role_id|
+            role = SecurityRole.find(role_id)
+            case type
+            when 'User'
+              assign_to.add_role(role)
+            when 'Group'
+              assign_to.add_role(role)
+            when 'Capability'
+              role.add_capability(assign_to)
+            end
+          end
+
+          render :json => {:success => true, :message => 'Security Roles(s) Added'}
+        rescue => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => ex.message}
+        end
+      end
+
+      def remove
+        begin
+          type = params[:type]
+          id = params[:id]
+          security_role_ids = JSON.parse(params[:security_role_ids])
+
+          assign_to = type.constantize.find(id)
+          security_role_ids.each do |role_id|
+            role = SecurityRole.find(role_id)
+            case type
+            when 'User'
+              assign_to.remove_role(role)
+            when 'Group'
+              assign_to.remove_role(role)
+            when 'Capability'
+              role.remove_capability(assign_to)
+            end
+          end
+
+          render :json => {:success => true, :message => 'Security Roles(s) Removed'}
+        rescue => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => ex.message}
+        end
+      end
+
+      def create
+        begin
+          ActiveRecord::Base.connection.transaction do
+            security_role = SecurityRole.create!(description: params[:description].strip,
+                                                internal_identifier: params[:internal_identifier].strip)
+
+
+            if params[:parent]
+              security_role.move_to_child_of(SecurityRole.iid(params[:parent]))
+            end
+
+            render :json => {
+                     success: true,
+                     security_role: security_role.to_data_hash,
+                     message: 'Role created successfully'
+                   }
+          end
+        rescue ActiveRecord::RecordInvalid => invalid
+          Rails.logger.error invalid.record.errors
+
+          message = "<ul>"
+          invalid.record.errors.collect do |e, m|
+            message << "<li>#{e} #{m}</li>"
+          end
+          message << "</ul>"
+
+          render :json => {:success => false, :message => message}
+        rescue StandardError => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+          
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Error creating Security Role'}
+        end
+      end
+
+      def update
+        begin
+          ActiveRecord::Base.connection.transaction do
+            security_role = SecurityRole.find(params[:id])
+            security_role.description = params[:description].strip
+            security_role.internal_identifier = params[:internal_identifier].strip
+
+            security_role.save!
+
+            render json: {success: true, security_role: security_role.to_data_hash}
+          end
+        rescue ActiveRecord::RecordInvalid => invalid
+          Rails.logger.error invalid.record.errors
+
+          message = "<ul>"
+          invalid.record.errors.collect do |e, m|
+            message << "<li>#{e} #{m}</li>"
+          end
+          message << "</ul>"
+
+          render :json => {:success => false, :message => message}
+        rescue StandardError => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Error updating Security Role'}
+        end
+      end
+
+      def destroy
+        security_role = SecurityRole.find(params[:id])
+
+        render json: {success: security_role.destroy}
+      end
+
+
+      def page
+        offset = params[:start].to_f
+        offset > 0 ? (offset / params[:limit].to_f).to_i + 1 : 1
+      end
+
+      def per_page
+        params[:limit].nil? ? 10 : params[:limit].to_i
+      end
+
+    end # SecurityRolesController
+  end # V1
+end # Api

data/app/controllers/api/v1/users_controller.rb

@@ -0,0 +1,262 @@
+module Api
+  module V1
+    class UsersController < BaseController
+
+      def index
+        username = params[:username]
+        sort_hash = params[:sort].blank? ? {} : Hash.symbolize_keys(JSON.parse(params[:sort]).first)
+        sort = sort_hash[:property] || 'username'
+        dir = sort_hash[:direction] || 'ASC'
+        limit = params[:limit] || 25
+        start = params[:start] || 0
+
+        # scope users by dba_organization and any of its children dba_orgs
+        dba_organization = current_user.party.dba_organization
+        dba_org_ids = dba_organization.child_dba_organizations.collect(&:id)
+        dba_org_ids.push(dba_organization.id)
+        dba_org_ids.uniq!
+
+        users = User.joins(:party).joins("inner join party_relationships as dba_reln on
+                          (dba_reln.party_id_from = parties.id
+                          and
+                          dba_reln.party_id_to in (#{dba_org_ids.join(',')})
+                          and
+                          dba_reln.role_type_id_to = #{RoleType.iid('dba_org').id}
+                          )")
+
+        # TODO update for more advance searching
+        if params[:query_filter].present?
+          username = params[:query_filter].strip
+        end
+
+        if username.blank?
+          total_count = users.uniq.count
+          users = users.order("#{sort} #{dir}").offset(start).limit(limit)
+        else
+          users = users.where('username like ? or email like ?', "%#{username}%", "%#{username}%")
+          total_count = users.uniq.count
+          users = users.order("#{sort} #{dir}").offset(start).limit(limit)
+        end
+
+        render :json => {total_count: total_count, users: users.uniq.collect(&:to_data_hash)}
+      end
+
+      def create
+        begin
+          ActiveRecord::Base.connection.transaction do
+            current_user.with_capability(:create, 'User') do
+
+              user = User.new(
+                :email => params[:email],
+                :username => params[:username],
+                :password => params[:password],
+                :password_confirmation => params[:password_confirmation]
+              )
+
+              # set this to tell activation where to redirect_to for login and temp password
+              login_url = params[:login_url] || '/erp_app/login'
+
+              # if a website was selected then set it so we can use the any templates in that website
+              unless params['website_id'].blank?
+                user.add_instance_attribute(:website_id, params['website_id'])
+              end
+
+              #set this to tell activation where to redirect_to for login and temp password
+              user.add_instance_attribute(:login_url, login_url)
+              user.add_instance_attribute(:temp_password, params[:password])
+
+              if params[:auto_activate] == 'yes'
+                user.skip_activation_email = true
+              end
+
+              user.save!
+              if params[:auto_activate] == 'yes'
+                user.activate!
+              end
+
+              if params[:party_id]
+                user.party = Party.find(params[:party_id])
+                user.save!
+              else
+                individual = Individual.create(:gender => params[:gender],
+                                               :current_first_name => params[:first_name],
+                                               :current_last_name => params[:last_name])
+                user.party = individual.party
+                user.save
+
+                user.party.created_by_party = current_user.party
+                user.party.save!
+
+                # add employee role to party
+                party = individual.party
+                party.add_role_type(RoleType.find_or_create('employee', 'Employee'))
+
+                # associate the new party to the dba_organization of the user creating this user
+                relationship_type = RelationshipType.find_or_create(RoleType.find_or_create('dba_org', 'Doing Business As Organization'),
+                                                                    RoleType.find_or_create('employee', 'Employee'))
+                party.create_relationship(relationship_type.description,
+                                          current_user.party.dba_organization.id,
+                                          relationship_type)
+              end
+
+              render :json => {:success => true, user: user.to_data_hash}
+            end
+          end
+        rescue ErpTechSvcs::Utils::CompassAccessNegotiator::Errors::UserDoesNotHaveCapability => ex
+          render :json => {:success => false, :message => ex.message, :user => nil}
+        rescue ActiveRecord::RecordInvalid => invalid
+          Rails.logger.error invalid.record.errors
+
+          message = "<ul>"
+          invalid.record.errors.collect do |e, m|
+            message << "<li>#{e} #{m}</li>"
+          end
+          message << "</ul>"
+
+          render :json => {:success => false, :message => message, :user => nil}
+        rescue StandardError => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Error creating user', :user => nil}
+        end
+      end
+
+      def update
+        begin
+          ActiveRecord::Base.transaction do
+
+            if params[:id]
+              user = User.find(params[:id])
+              party = user.party
+            else
+              user = current_user
+              party = user.party
+            end
+
+            if params[:password].present?
+              user.password = params[:password].strip
+              if params[:password_confirmation].present?
+                user.password_confirmation = params[:password_confirmation].strip
+              else
+                user.password_confirmation = params[:password].strip
+              end
+            end
+
+            if params[:username].present?
+              user.username = params[:username].strip
+            end
+
+            if params[:status]
+              user.activation_state = params[:status]
+            end
+
+            if params[:email].present?
+              user.email = params[:email].strip
+            end
+
+            user.save!
+
+            business_party = party.business_party
+
+            # update business party information
+            if params[:first_name].present?
+              business_party.current_first_name = params[:first_name].strip
+            end
+
+            if params[:last_name].present?
+              business_party.current_last_name = params[:last_name].strip
+            end
+
+            user.party.updated_by_party = current_user.party
+            user.party.save!
+
+            render :json => {:success => true, :message => 'User updated', :user => user.to_data_hash}
+
+          end
+        rescue ActiveRecord::RecordInvalid => invalid
+          Rails.logger.error invalid.record.errors
+
+          render :json => {:success => false, :message => invalid.record.errors.full_messages, :user => nil}
+        rescue StandardError => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Error updating user', :user => nil}
+        end
+
+      end
+
+      def reset_password
+        begin
+          user = User.find(params[:id])
+
+          user.add_instance_attribute(:reset_password_url, (params[:reset_password_url] || '/erp_app/reset_password'))
+          user.add_instance_attribute(:domain, params[:domain])
+          user.deliver_reset_password_instructions!
+          message = "Password has been reset. An email has been sent with further instructions to #{user.email}."
+          success = true
+          render :json => {:success => success, :message => message}
+        rescue => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Could not reset password'}
+        end
+      end
+
+      def destroy
+        user = User.find(params[:id])
+
+        # get the party as it will also destroy the user
+        party = user.party
+        party.destroy
+
+        render :json => {:success => true}
+      end
+
+      def effective_security
+        user = User.find(params[:id])
+
+        render :json => {:success => true, :capabilities => user.class_capabilities_to_hash}
+      end
+
+      def update_security
+        begin
+          ActiveRecord::Base.transaction do
+            user = User.find(params[:id])
+
+            user.remove_all_security_roles
+            user.add_security_roles(params[:security_role_iids].split(','))
+
+            user.remove_all_groups
+            user.add_groups(params[:group_ids].split(',').map{|group_id| Group.find(group_id)})
+
+            user.remove_all_capabilities
+            user.add_capabilities(params[:capability_ids].split(',').map{|capability_id| Capability.find(capability_id)})
+
+            render json: {success: true}
+          end
+        rescue ActiveRecord::RecordInvalid => invalid
+          Rails.logger.error invalid.record.errors
+
+          render :json => {:success => false, :message => invalid.record.errors.full_messages, :user => nil}
+        rescue StandardError => ex
+          Rails.logger.error ex.message
+          Rails.logger.error ex.backtrace.join("\n")
+
+          ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
+          render :json => {:success => false, :message => 'Error updating security', :user => nil}
+        end
+      end
+
+    end # UsersController
+  end # V1
+end # Api