erp_tech_svcs 4.0.0 → 4.2.0

data/app/controllers/erp_tech_svcs/session_controller.rb

@@ -3,10 +3,10 @@ module ErpTechSvcs
     def create
       login = params[:login].strip
       if login(login, params[:password])
-        #log when someone logs in
+        # log when someone logs in
         ErpTechSvcs::ErpTechSvcsAuditLog.successful_login(current_user)
 
-        #set logout
+        # set logout
         session[:logout_to] = params[:logout_to]
 
         login_to = session[:return_to_url].blank? ? params[:login_to] : session[:return_to_url]
@@ -20,13 +20,16 @@ module ErpTechSvcs
 
     def destroy
       message = "You have logged out."
-      logged_out_user_id = current_user.id unless current_user === false
+      user = current_user
       logout_to = session[:logout_to]
 
+      # clear return_to_url
+      session[:return_to_url] = nil
+
       logout
 
-      #log when someone logs out
-      ErpTechSvcs::ErpTechSvcsAuditLog.successful_logout(logged_out_user_id) if logged_out_user_id
+      # log when someone logs out
+      ErpTechSvcs::ErpTechSvcsAuditLog.successful_logout(user) unless user.nil?
 
       if logout_to
         redirect_to logout_to, :notice => message

data/app/controllers/erp_tech_svcs/user_controller.rb

@@ -30,25 +30,21 @@ module ErpTechSvcs
 
     def reset_password
       begin
-        login_url = params[:login_url].blank? ? ErpTechSvcs::Config.login_url : params[:login_url]
         login = params[:login].strip
         if user = (User.where('username = ? or email = ?', login, login)).first
 
-          # generate new password with only letters
-          charset = %w{ A C D E F G H J K M N P Q R T V W X Y Z }
-          new_password = (0...8).map{ charset.to_a[rand(charset.size)] }.join
-
-          user.password_confirmation = new_password
-          if user.change_password!(new_password)
-            user.add_instance_attribute(:login_url, login_url)
-            user.add_instance_attribute(:domain, params[:domain])
-            user.deliver_reset_password_instructions!
-            message = "Password has been reset.  An email has been sent with further instructions to #{user.email}."
-            success = true
-          else
-            message = "Error re-setting password."
-            success = false
+          website = Website.find_by_host(request.host_with_port)
+          if website
+            user.add_instance_attribute(:website_id, website.id)
           end
+
+          user.add_instance_attribute(:reset_password_url, (params[:reset_password_url] || '/erp_app/reset_password'))
+          user.add_instance_attribute(:domain, params[:domain])
+          user.deliver_reset_password_instructions!
+
+          message = "Password has been reset. An email has been sent with further instructions to #{user.email}."
+          success = true
+
         else
           message = "Invalid user name or email address."
           success = false
@@ -57,6 +53,9 @@ module ErpTechSvcs
       rescue => ex
         Rails.logger.error ex.message
         Rails.logger.error ex.backtrace.join("\n")
+
+        ExceptionNotifier.notify_exception(ex) if defined? ExceptionNotifier
+
         render :json => {:success => false, :message => 'Error sending email.'}
       end
     end

data/app/mailers/user_mailer.rb

@@ -1,7 +1,7 @@
 class UserMailer < ActionMailer::Base
   default :from => ErpTechSvcs::Config.email_notifications_from
 
-  def activation_needed_email(user)
+  def activation_needed_email(user, dba_organization=nil)
     @user = user
     @url  = "#{get_domain(user.instance_attributes[:domain])}/users/activate/#{user.activation_token}"
     @url << "?login_url=#{@user.instance_attributes[:login_url]}" unless @user.instance_attributes[:login_url].nil?
@@ -11,15 +11,18 @@ class UserMailer < ActionMailer::Base
     mail(:to => user.email, :subject => "An account has been created and needs activation")
   end
 
-  def reset_password_email(user)
+  def reset_password_email(user, dba_organization=nil)
     @user = user
-    @url  = "#{get_domain(user.instance_attributes[:domain])}#{@user.instance_attributes[:login_url]}"
+    @reset_password_token = @user.reset_password_token
+
+    @url  = "#{get_domain(user.instance_attributes[:domain])}#{@user.instance_attributes[:reset_password_url]}?token=#{@reset_password_token}"
+    
     mail(:to => user.email, :subject => "Your password has been reset")
   end
 
   def get_domain(domain)
     domain = domain || ErpTechSvcs::Config.installation_domain
-    domain = "http://#{domain}" if domain.index('http').nil?
-    domain
+
+   "#{ErpTechSvcs::Config.file_protocol}://#{domain}"
   end
 end

data/app/models/audit_log.rb

@@ -1,6 +1,24 @@
+# create_table :audit_logs do |t|
+#   t.string :application
+#   t.string :description
+#   t.integer :party_id
+#   t.text :additional_info
+#   t.references :audit_log_type
+#
+#   #polymorphic columns
+#   t.references :event_record, :polymorphic => true
+#
+#   t.timestamps
+# end
+# add_index :audit_logs, :party_id
+# add_index :audit_logs, [:event_record_id, :event_record_type], :name => 'event_record_index'
+# add_index :audit_logs, :audit_log_type_id, :name => 'audit_logs_audit_log_type_id_idx'
+
 class AuditLog < ActiveRecord::Base
   attr_protected :created_at, :updated_at
 
+  is_tenantable
+
   validates :party_id, :presence => {:message => 'cannot be blank'}
   validates :description, :presence => {:message => 'cannot be blank'}
   validates :audit_log_type, :presence => {:message => 'cannot be blank'}
@@ -8,78 +26,135 @@ class AuditLog < ActiveRecord::Base
   belongs_to :audit_log_type
   belongs_to :party
   belongs_to :event_record, :polymorphic => true
-  has_many   :audit_log_items, :dependent => :destroy
+  has_many :audit_log_items, :dependent => :destroy
 
   alias :items :audit_log_items
   alias :type :audit_log_type
 
-  def get_item_by_item_type_internal_identifier(item_type_internal_identifier)
-    self.items.includes(:audit_log_item_type)
-              .where(:audit_log_item_types => {:internal_identifier => item_type_internal_identifier}).first
-  end
+  class << self
 
-  #allow items to be looked up by method calls
-  def respond_to?(m, include_private_methods = false)
-    (super ? true : get_item_by_item_type_internal_identifier(m.to_s)) rescue super
-  end
+    # Filter records
+    #
+    # @param filters [Hash] a hash of filters to be applied,
+    # @param statement [ActiveRecord::Relation] the query being built
+    # @return [ActiveRecord::Relation] the query being built
+    def apply_filters(filters, statement=nil)
+      audit_log_tbl = self.arel_table
 
-  #allow items to be looked up by method calls
-  def method_missing(m, *args, &block)
-    if self.respond_to?(m)
-      item = get_item_by_item_type_internal_identifier(m.to_s)
-      (item.nil?) ? super : (return item.audit_log_item_value)
-    else
-      super
+      unless statement
+        statement = self
+      end
+
+      # filter by tenant
+      unless filters[:tenant].blank?
+        statement = statement.by_tenant(filters[:tenant])
+      end
+
+      # filter by logged by
+      unless filters[:logged_by].blank?
+        statement = statement.where(party_id: filters[:logged_by].split(','))
+      end
+
+      # filter by start_at
+      unless filters[:start_date].blank?
+        statement = statement.where(audit_log_tbl[:created_at].gteq(filters[:start_date]))
+      end
+
+      # filter by end_at
+      unless filters[:end_date].blank?
+        statement = statement.where(audit_log_tbl[:created_at].lteq(filters[:end_date]))
+      end
+
+      statement
     end
-  end
 
-  class << self
     def custom_application_log_message(party, msg)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','custom_message'),
-        :description => "#{party.description}: #{msg}"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'custom_message'),
+          :description => "#{party.description}: #{msg}"
       )
     end
 
     def party_logout(party)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','successful_logout'),
-        :description => "#{party.description} has logged out"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'successful_logout'),
+          :description => "#{party.description} has logged out"
       )
     end
 
     def party_login(party)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','successful_login'),
-        :description => "#{party.description} has logged in"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'successful_login'),
+          :description => "#{party.description} has logged in"
       )
     end
 
     def party_access(party, url)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','accessed_area'),
-        :description => "#{party.description} has accessed area #{url}"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'accessed_area'),
+          :description => "#{party.description} has accessed area #{url}"
       )
     end
 
     def party_failed_access(party, url)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','accessed_area'),
-        :description => "#{party.description} has tried to access a restricted area #{url}"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'accessed_area'),
+          :description => "#{party.description} has tried to access a restricted area #{url}"
       )
     end
 
     def party_session_timeout(party)
       self.create(
-        :party_id => party.id,
-        :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application','session_timeout'),
-        :description => "#{party.description} session has expired"
+          :party_id => party.id,
+          :audit_log_type => AuditLogType.find_by_type_and_subtype_iid('application', 'session_timeout'),
+          :description => "#{party.description} session has expired"
       )
     end
   end
+
+  def get_item_by_item_type_internal_identifier(item_type_internal_identifier)
+    self.items.includes(:audit_log_item_type)
+        .where(:audit_log_item_types => {:internal_identifier => item_type_internal_identifier}).first
+  end
+
+  # convert to hash of data
+  #
+  def to_data_hash
+    data = to_hash(only: [:id, :application, :additional_info, :description, :created_at])
+
+    data[:party] = party.to_data_hash
+
+    if event_record.respond_to?(:to_data_hash)
+      data[:event_record] = event_record.to_data_hash
+    else
+      data[:event_record] = {id: event_record.id, type: event_record.class.name}
+    end
+
+    if type
+      data[:audit_log_type] = audit_log_type.to_data_hash
+    end
+
+    data
+  end
+
+  # allow items to be looked up by method calls
+  def respond_to?(m, include_private_methods = false)
+    (super ? true : get_item_by_item_type_internal_identifier(m.to_s)) rescue super
+  end
+
+  # allow items to be looked up by method calls
+  def method_missing(m, *args, &block)
+    if self.respond_to?(m)
+      item = get_item_by_item_type_internal_identifier(m.to_s)
+      (item.nil?) ? super : (return item.audit_log_item_value)
+    else
+      super
+    end
+  end
+
 end

data/app/models/audit_log_item.rb

@@ -1,3 +1,16 @@
+# create_table :audit_log_items do |t|
+#   t.references :audit_log
+#   t.references :audit_log_item_type
+#   t.string :audit_log_item_value
+#   t.string :audit_log_item_old_value
+#   t.string :description
+#
+#   t.timestamps
+# end
+#
+# add_index :audit_log_items, :audit_log_id, :name => 'audit_log_items_audit_log_id_idx'
+# add_index :audit_log_items, :audit_log_item_type_id, :name => 'audit_log_items_audit_log_item_type_id_idx'
+
 class AuditLogItem < ActiveRecord::Base
   attr_protected :created_at, :updated_at
 
@@ -5,4 +18,21 @@ class AuditLogItem < ActiveRecord::Base
   belongs_to :audit_log
 
   alias :type  :audit_log_item_type
+
+  # convert to hash of data
+  #
+  def to_data_hash
+    data = to_hash(only: [:id,
+                          {audit_log_item_value: :new_value},
+                          {audit_log_item_old_value: :old_value},
+                          :description,
+                          :created_at,
+                          :updated_at])
+
+    if audit_log_item_type
+      data[:audit_log_item_type] = audit_log_item_type.to_data_hash
+    end
+
+    data
+  end
 end

data/app/models/audit_log_item_type.rb

@@ -5,4 +5,5 @@ class AuditLogItemType < ActiveRecord::Base
   acts_as_erp_type
 
   has_many :audit_log_items
+
 end

data/app/models/audit_log_type.rb

@@ -1,3 +1,22 @@
+#  create_table :audit_log_types do |t|
+#    t.string :description
+#    t.string :error_code
+#    t.string :comments
+#    t.string :internal_identifier
+#    t.string :external_identifier
+#    t.string :external_id_source
+#
+#    # awesome nested set columns
+#    t.integer :parent_id
+#    t.integer :lft
+#    t.integer :rgt
+#
+#    t.timestamps
+#  end
+#
+#  add_index :audit_log_types, :internal_identifier, :name => 'audit_log_types_internal_identifier_idx'
+#  add_index :audit_log_types, :parent_id, :name => 'audit_log_types_parent_id_idx'
+
 class AuditLogType < ActiveRecord::Base
   attr_protected :created_at, :updated_at
   

data/app/models/capability.rb

@@ -1,6 +1,19 @@
+# create_table :capabilities do |t|
+#   t.string :description
+#   t.references :capability_type
+#   t.references :capability_resource, :polymorphic => true
+#   t.integer :scope_type_id
+#   t.text :scope_query
+#   t.timestamps
+# end
+#
+# add_index :capabilities, :capability_type_id
+# add_index :capabilities, :scope_type_id
+# add_index :capabilities, [:capability_resource_id, :capability_resource_type], :name => 'capability_resource_index'
+
 class Capability < ActiveRecord::Base
   attr_protected :created_at, :updated_at
-  
+
   belongs_to :scope_type
   belongs_to :capability_type
   belongs_to :capability_resource, :polymorphic => true
@@ -13,11 +26,11 @@ class Capability < ActiveRecord::Base
   def update_description
     if description.blank?
       desc = "#{capability_type.description} #{capability_resource_type}"
-      case scope_type 
+      case scope_type
       when ScopeType.find_by_internal_identifier('class')
         self.description = "#{desc}"
       when ScopeType.find_by_internal_identifier('instance')
-        self.description = "#{desc} Instance"
+        self.description = "#{desc} #{capability_resource.to_s} Instance"
       when ScopeType.find_by_internal_identifier('query')
         self.description = "#{desc} Scope"
       end
@@ -29,7 +42,7 @@ class Capability < ActiveRecord::Base
     SecurityRole.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
                         AND capability_accessors.capability_accessor_record_type = 'SecurityRole' 
                         AND capability_accessors.capability_accessor_record_id = security_roles.id").
-                where("capability_accessors.id IS NULL")
+      where("capability_accessors.id IS NULL")
   end
 
   def remove_all_roles
@@ -44,7 +57,7 @@ class Capability < ActiveRecord::Base
     User.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
                         AND capability_accessors.capability_accessor_record_type = 'User' 
                         AND capability_accessors.capability_accessor_record_id = users.id").
-        where("capability_accessors.id IS NULL")
+      where("capability_accessors.id IS NULL")
   end
 
   def users
@@ -55,11 +68,14 @@ class Capability < ActiveRecord::Base
     Group.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
                         AND capability_accessors.capability_accessor_record_type = 'Group' 
                         AND capability_accessors.capability_accessor_record_id = groups.id").
-          where("capability_accessors.id IS NULL")
+      where("capability_accessors.id IS NULL")
   end
 
   def groups
     Group.joins(:capability_accessors).where(:capability_accessors => {:capability_id => self.id })
   end
 
+  def to_data_hash
+    to_hash(only: [:id, :description])
+  end
 end

data/app/models/extensions/tracked_status_type.rb

@@ -0,0 +1,3 @@
+TrackedStatusType.class_eval do
+  include ErpTechSvcs::Utils::DefaultNestedSetMethods
+end