fat_free_crm 0.18.2 → 0.19.0

data/app/models/observers/lead_observer.rb

@@ -16,15 +16,13 @@ class LeadObserver < ActiveRecord::Observer
 
   def after_update(item)
     original = @@leads.delete(item.id)
-    if original&.status != "rejected" && item.status == "rejected"
-      return log_activity(item, :reject)
-    end
+    return log_activity(item, :reject) if original&.status != "rejected" && item.status == "rejected"
   end
 
   private
 
   def log_activity(item, event)
-    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.whodunnit)
+    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.request.whodunnit)
   end
 
   ActiveSupport.run_load_hooks(:fat_free_crm_lead_observer, self)

data/app/models/observers/opportunity_observer.rb

@@ -11,9 +11,7 @@ class OpportunityObserver < ActiveRecord::Observer
   @@opportunities = {}
 
   def after_create(item)
-    if item.campaign && item.stage == "won"
-      update_campaign_revenue(item.campaign, item.amount.to_f - item.discount.to_f)
-    end
+    update_campaign_revenue(item.campaign, item.amount.to_f - item.discount.to_f) if item.campaign && item.stage == "won"
   end
 
   def before_update(item)
@@ -38,7 +36,7 @@ class OpportunityObserver < ActiveRecord::Observer
   private
 
   def log_activity(item, event)
-    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.whodunnit)
+    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.request.whodunnit)
   end
 
   def update_campaign_revenue(campaign, revenue)

data/app/models/observers/task_observer.rb

@@ -26,7 +26,7 @@ class TaskObserver < ActiveRecord::Observer
   private
 
   def log_activity(item, event)
-    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.whodunnit)
+    item.send(item.class.versions_association_name).create(event: event, whodunnit: PaperTrail.request.whodunnit)
   end
 
   ActiveSupport.run_load_hooks(:fat_free_crm_task_observer, self)

data/app/models/polymorphic/email.rb

@@ -30,8 +30,8 @@
 #
 
 class Email < ActiveRecord::Base
-  belongs_to :mediator, polymorphic: true
-  belongs_to :user
+  belongs_to :mediator, polymorphic: true, optional: true # TODO: Is this really optional?
+  belongs_to :user, optional: true # TODO: Is this really optional?
 
   has_paper_trail class_name: 'Version', meta: { related: :mediator },
                   ignore: [:state]

data/app/models/polymorphic/task.rb

@@ -34,15 +34,15 @@ class Task < ActiveRecord::Base
   ALLOWED_VIEWS = %w[pending assigned completed]
 
   belongs_to :user
-  belongs_to :assignee, class_name: "User", foreign_key: :assigned_to
-  belongs_to :completor, class_name: "User", foreign_key: :completed_by
-  belongs_to :asset, polymorphic: true
+  belongs_to :assignee, class_name: "User", foreign_key: :assigned_to, optional: true # TODO: Is this really optional?
+  belongs_to :completor, class_name: "User", foreign_key: :completed_by, optional: true # TODO: Is this really optional?
+  belongs_to :asset, polymorphic: true, optional: true # TODO: Is this really optional?
 
   serialize :subscribed_users, Array
 
   # Tasks created by the user for herself, or assigned to her by others. That's
   # what gets shown on Tasks/Pending and Tasks/Completed pages.
-  scope :my, ->(*args) {
+  scope :my, lambda { |*args|
     options = args[0] || {}
     user_option = (options.is_a?(Hash) ? options[:user] : options) || User.current_user
     includes(:assignee)
@@ -55,24 +55,24 @@ class Task < ActiveRecord::Base
   scope :assigned_to, ->(user) { where(assigned_to: user.id) }
 
   # Tasks assigned by the user to others. That's what we see on Tasks/Assigned.
-  scope :assigned_by, ->(user) {
+  scope :assigned_by, lambda { |user|
     includes(:assignee)
       .where('user_id = ? AND assigned_to IS NOT NULL AND assigned_to != ?', user.id, user.id)
   }
 
   # Tasks created by the user or assigned to the user, i.e. the union of the two
   # scopes above. That's the tasks the user is allowed to see and track.
-  scope :tracked_by, ->(user) {
+  scope :tracked_by, lambda { |user|
     includes(:assignee)
       .where('user_id = ? OR assigned_to = ?', user.id, user.id)
   }
 
   # Show tasks which either belong to the user and are unassigned, or are assigned to the user
-  scope :visible_on_dashboard, ->(user) {
+  scope :visible_on_dashboard, lambda { |user|
     where('(user_id = :user_id AND assigned_to IS NULL) OR assigned_to = :user_id', user_id: user.id).where('completed_at IS NULL')
   }
 
-  scope :by_due_at, -> {
+  scope :by_due_at, lambda {
     order({
       "MySQL"      => "due_at NOT NULL, due_at ASC",
       "PostgreSQL" => "due_at ASC NULLS FIRST"
@@ -101,7 +101,7 @@ class Task < ActiveRecord::Base
   scope :completed_this_month, -> { where('completed_at >= ? AND completed_at < ?', Time.zone.now.beginning_of_month.utc, Time.zone.now.beginning_of_week.utc - 7.days) }
   scope :completed_last_month, -> { where('completed_at >= ? AND completed_at < ?', (Time.zone.now.beginning_of_month.utc - 1.day).beginning_of_month.utc, Time.zone.now.beginning_of_month.utc) }
 
-  scope :text_search, ->(query) {
+  scope :text_search, lambda { |query|
     query = query.gsub(/[^\w\s\-\.'\p{L}]/u, '').strip
     where('upper(name) LIKE upper(?)', "%#{query}%")
   }
@@ -155,6 +155,7 @@ class Task < ActiveRecord::Base
   #----------------------------------------------------------------------------
   def computed_bucket
     return bucket if bucket != "specific_time"
+
     if overdue?
       "overdue"
     elsif due_today?
@@ -174,6 +175,7 @@ class Task < ActiveRecord::Base
   #----------------------------------------------------------------------------
   def self.find_all_grouped(user, view)
     return {} unless ALLOWED_VIEWS.include?(view)
+
     settings = (view == "completed" ? Setting.task_completed : Setting.task_bucket)
     Hash[
       settings.map do |key, _value|
@@ -186,6 +188,7 @@ class Task < ActiveRecord::Base
   #----------------------------------------------------------------------------
   def self.bucket_empty?(bucket, user, view = "pending")
     return false if bucket.blank? || !ALLOWED_VIEWS.include?(view)
+
     if view == "assigned"
       assigned_by(user).send(bucket).pending.count
     else
@@ -197,6 +200,7 @@ class Task < ActiveRecord::Base
   #----------------------------------------------------------------------------
   def self.totals(user, view = "pending")
     return {} unless ALLOWED_VIEWS.include?(view)
+
     settings = (view == "completed" ? Setting.task_completed : Setting.task_bucket)
     settings.each_with_object(HashWithIndifferentAccess[all: 0]) do |key, hash|
       hash[key] = (view == "assigned" ? assigned_by(user).send(key).pending.count : my(user).send(key).send(view).count)

data/app/models/polymorphic/version.rb

@@ -12,8 +12,8 @@ class Version < PaperTrail::Version
   EVENTS = %w[all_events create view update destroy]
   DURATION = %w[one_hour one_day two_days one_week two_weeks one_month]
 
-  belongs_to :related, polymorphic: true
-  belongs_to :user, foreign_key: :whodunnit
+  belongs_to :related, polymorphic: true, optional: true # TODO: Is this really optional?
+  belongs_to :user, foreign_key: :whodunnit, optional: true # TODO: Is this really optional?
 
   scope :default_order,  -> { order('created_at DESC') }
   scope :include_events, ->(*events) { where(event: events) }
@@ -35,6 +35,7 @@ class Version < PaperTrail::Version
                 .default_order
 
         break if query.empty?
+
         versions += query.select { |v| v.item.present? }
         versions.uniq! { |v| [v.item_id, v.item_type] }
         offset += limit * 2

data/app/models/setting.rb

@@ -55,6 +55,7 @@ class Setting < ActiveRecord::Base
     def [](name)
       # Return value if cached
       return cache[name] if cache.key?(name)
+
       # Check database
       if database_and_table_exists?
         if setting = find_by_name(name.to_s)
@@ -69,6 +70,7 @@ class Setting < ActiveRecord::Base
     #-------------------------------------------------------------------
     def []=(name, value)
       return nil unless database_and_table_exists?
+
       setting = find_by_name(name.to_s) || new(name: name)
       setting.value = value
       setting.save

data/app/models/users/permission.rb

@@ -18,9 +18,9 @@
 #
 
 class Permission < ActiveRecord::Base
-  belongs_to :user
-  belongs_to :group
-  belongs_to :asset, polymorphic: true
+  belongs_to :user, optional: true
+  belongs_to :group, optional: true
+  belongs_to :asset, polymorphic: true, optional: true
 
   validates_presence_of :user_id, unless: :group_id?
   validates_presence_of :group_id, unless: :user_id?

data/app/models/users/preference.rb

@@ -18,7 +18,7 @@
 #
 
 class Preference < ActiveRecord::Base
-  belongs_to :user
+  belongs_to :user, optional: true
 
   #-------------------------------------------------------------------
   def [](name)
@@ -26,6 +26,7 @@ class Preference < ActiveRecord::Base
     return super(name) if name.to_s == "user_id" # get the value of belongs_to
 
     return cached_prefs[name.to_s] if cached_prefs.key?(name.to_s)
+
     cached_prefs[name.to_s] = if user.present? && pref = Preference.find_by_name_and_user_id(name.to_s, user.id)
                                 Marshal.load(Base64.decode64(pref.value))
     end

data/app/models/users/user.rb

@@ -11,7 +11,7 @@
 #
 #  id                  :integer         not null, primary key
 #  username            :string(32)      default(""), not null
-#  email               :string(64)      default(""), not null
+#  email               :string(254)     default(""), not null
 #  first_name          :string(32)
 #  last_name           :string(32)
 #  title               :string(64)
@@ -23,24 +23,34 @@
 #  yahoo               :string(32)
 #  google              :string(32)
 #  skype               :string(32)
-#  password_hash       :string(255)     default(""), not null
+#  encrypted_password  :string(255)     default(""), not null
 #  password_salt       :string(255)     default(""), not null
-#  persistence_token   :string(255)     default(""), not null
-#  perishable_token    :string(255)     default(""), not null
-#  last_login_at       :datetime
-#  current_login_at    :datetime
-#  last_login_ip       :string(255)
-#  current_login_ip    :string(255)
-#  login_count         :integer         default(0), not null
+#  last_sign_in_at     :datetime
+#  current_sign_in_at  :datetime
+#  last_sign_in_ip     :string(255)
+#  current_sign_in_ip  :string(255)
+#  sign_in_count       :integer         default(0), not null
 #  deleted_at          :datetime
 #  created_at          :datetime
 #  updated_at          :datetime
 #  admin               :boolean         default(FALSE), not null
 #  suspended_at        :datetime
-#  single_access_token :string(255)
+#  unconfirmed_email   :string(254)     default(""), not null
+#  reset_password_token    :string(255)
+#  reset_password_sent_at  :datetime
+#  remember_token          :string(255)
+#  remember_created_at     :datetime
+#  authentication_token    :string(255)
+#  confirmation_token      :string(255)
+#  confirmed_at            :datetime
+#  confirmation_sent_at    :datetime
 #
 
 class User < ActiveRecord::Base
+  devise :database_authenticatable, :registerable, :confirmable,
+         :encryptable, :recoverable, :rememberable, :trackable
+  before_create :suspend_if_needs_approval
+
   has_one :avatar, as: :entity, dependent: :destroy  # Personal avatar.
   has_many :avatars                                  # As owner who uploaded it, ex. Contact avatar.
   has_many :comments, as: :commentable               # As owner who created a comment.
@@ -55,40 +65,38 @@ class User < ActiveRecord::Base
   has_many :lists
   has_and_belongs_to_many :groups
 
-  has_paper_trail class_name: 'Version', ignore: [:perishable_token]
+  has_paper_trail class_name: 'Version', ignore: [:last_sign_in_at]
 
   scope :by_id, -> { order('id DESC') }
-  scope :without, ->(user) { where('id != ?', user.id).by_name }
+  # TODO: /home/clockwerx/.rbenv/versions/2.5.3/lib/ruby/gems/2.5.0/gems/activerecord-5.2.3/lib/active_record/scoping/named.rb:175:in `scope': You tried to define a scope named "without" on the model "User", but ActiveRecord::Relation already defined an instance method with the same name. (ArgumentError)
+  scope :without_user, ->(user) { where('id != ?', user.id).by_name }
   scope :by_name, -> { order('first_name, last_name, email') }
 
-  scope :text_search, ->(query) {
+  scope :text_search, lambda { |query|
     query = query.gsub(/[^\w\s\-\.'\p{L}]/u, '').strip
     where('upper(username) LIKE upper(:s) OR upper(email) LIKE upper(:s) OR upper(first_name) LIKE upper(:s) OR upper(last_name) LIKE upper(:s)', s: "%#{query}%")
   }
 
   scope :my, ->(current_user) { accessible_by(current_user.ability) }
 
-  scope :have_assigned_opportunities, -> {
+  scope :have_assigned_opportunities, lambda {
     joins("INNER JOIN opportunities ON users.id = opportunities.assigned_to")
       .where("opportunities.stage <> 'lost' AND opportunities.stage <> 'won'")
       .select('DISTINCT(users.id), users.*')
   }
 
-  acts_as_authentic do |c|
-    c.session_class = Authentication
-    c.validates_uniqueness_of_login_field_options = { case_sensitive: false, message: :username_taken }
-    c.validates_length_of_login_field_options     = { minimum: 1, message: :missing_username }
-    c.validates_uniqueness_of_email_field_options = { message: :email_in_use }
-    c.validates_length_of_password_field_options  = { minimum: 0, allow_blank: true, if: :require_password? }
-    c.ignore_blank_passwords = true
-    c.crypto_provider = Authlogic::CryptoProviders::Sha512
-  end
-
-  # Store current user in the class so we could access it from the activity
-  # observer without extra authentication query.
-  cattr_accessor :current_user
-
-  validates_presence_of :email, message: :missing_email
+  validates :email,
+            presence: { message: :missing_email },
+            length: { minimum: 3, maximum: 254 },
+            uniqueness: { message: :email_in_use, case_sensitive: false },
+            format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, on: :create }
+  validates :username,
+            uniqueness: { message: :username_taken, case_sensitive: false },
+            presence: { message: :missing_username },
+            format: { with: /[a-z0-9_-]+/i }
+  validates :password,
+            presence: { if: :password_required? },
+            confirmation: true
 
   #----------------------------------------------------------------------------
   def name
@@ -107,7 +115,23 @@ class User < ActiveRecord::Base
 
   #----------------------------------------------------------------------------
   def awaits_approval?
-    suspended? && login_count == 0 && Setting.user_signup == :needs_approval
+    suspended? && sign_in_count == 0 && Setting.user_signup == :needs_approval
+  end
+
+  def active_for_authentication?
+    super && confirmed? && !awaits_approval? && !suspended?
+  end
+
+  def inactive_message
+    if !confirmed?
+      super
+    elsif awaits_approval?
+      I18n.t(:msg_account_not_approved)
+    elsif suspended?
+      I18n.t(:msg_invalig_login)
+    else
+      super
+    end
   end
 
   #----------------------------------------------------------------------------
@@ -116,12 +140,6 @@ class User < ActiveRecord::Base
   end
   alias pref preference
 
-  #----------------------------------------------------------------------------
-  def deliver_password_reset_instructions!
-    reset_perishable_token!
-    UserMailer.password_reset_instructions(self).deliver_now
-  end
-
   # Override global I18n.locale if the user has individual local preference.
   #----------------------------------------------------------------------------
   def set_individual_locale
@@ -130,10 +148,6 @@ class User < ActiveRecord::Base
 
   # Generate the value of single access token if it hasn't been set already.
   #----------------------------------------------------------------------------
-  def set_single_access_token
-    self.single_access_token ||= update_attribute(:single_access_token, Authlogic::Random.friendly_token)
-  end
-
   def to_json(_options = nil)
     [name].to_json
   end
@@ -142,6 +156,10 @@ class User < ActiveRecord::Base
     [name].to_xml
   end
 
+  def password_required?
+    !persisted? || !password.nil? || !password_confirmation.nil?
+  end
+
   # Returns permissions ability object.
   #----------------------------------------------------------------------------
   def ability
@@ -171,14 +189,21 @@ class User < ActiveRecord::Base
     !sum.nil?
   end
 
-  private
-
   # Define class methods
   #----------------------------------------------------------------------------
   class << self
     def can_signup?
       %i[allowed needs_approval].include? Setting.user_signup
     end
+
+    # Overrides Devise sign-in to use either username or email (case-insensitive)
+    #----------------------------------------------------------------------------
+    def find_for_database_authentication(warden_conditions)
+      conditions = warden_conditions.dup
+      if login = conditions.delete(:email)
+        where(conditions.to_h).where(["lower(username) = :value OR lower(email) = :value", { value: login.downcase }]).first
+      end
+    end
   end
 
   ActiveSupport.run_load_hooks(:fat_free_crm_user, self)

data/app/views/accounts/_top_section.html.haml

@@ -8,7 +8,7 @@
       %tr
         %td
           .label #{t :assigned_to}:
-          = user_select(:account, User.without(current_user), current_user)
+          = user_select(:account, User.without_user(current_user), current_user)
         %td= spacer
         %td
           .label #{t :category}:

data/app/views/accounts/edit.js.haml

@@ -28,4 +28,4 @@
   - elsif params[:cancel].false?                    # Called from title of the landing page...
     $('#edit_#{entity_name}').html('#{ j render(partial: "edit") }');
     crm.flip_form('edit_#{entity_name}');
-    crm.set_title('edit_#{entity_name}', "#{t :edit} #{h @entity.name}");
+    crm.set_title('edit_#{entity_name}', "#{t :edit} #{j @entity.name}");

data/app/views/accounts/update.js.haml

@@ -5,7 +5,7 @@
 - if @entity.errors.empty?
   - if called_from_landing_page?
     crm.flip_form('edit_#{entity_name}');
-    crm.set_title('edit_#{entity_name}', '#{h @entity.name}');
+    crm.set_title('edit_#{entity_name}', '#{j @entity.name}');
     = refresh_sidebar(:show, :summary)
   - else
     $('##{id}').replaceWith('#{ j render(partial: entity_name, collection: [ @entity ]) }');
@@ -16,4 +16,4 @@
   $('##{id}').effect("shake", { duration:250, distance: 6 });
   $('##{dom_id(@entity, :edit)} input[type!=hidden]').first().focus();
 
-= hook(:entity_update, self, {entity: @entity})
+= hook(:entity_update, self, {entity: @entity})

data/app/views/admin/users/_user.html.haml

@@ -34,14 +34,14 @@
       = " " + t(:at) + " " + user.company unless user.company.blank?
 
       %span.black= "|"
-      - if user.current_login_at && user.login_count > 0
-        = t('pluralize.login', user.login_count)
+      - if user.last_sign_in_at && user.sign_in_count > 0
+        = t('pluralize.login', user.sign_in_count)
         %span.black= "|"
 
       - if user.awaits_approval?
         %b.cool= t(:user_awaits_approval)
-      - elsif user.current_login_at
-        %span.cool= t(:last_logged_in, timeago(user.current_login_at)).html_safe
+      - elsif user.last_sign_in_at
+        %span.cool= t(:last_logged_in, timeago(user.current_sign_in_at)).html_safe
       - else
         %span.warn= t(:user_never_logged_in)
     %dt{ style: "padding: 2px 0px 0px 0px" }