forest_liana 7.0.0.beta.2 → 7.0.0.beta.6

data/app/services/forest_liana/line_stat_getter.rb

@@ -23,10 +23,12 @@ module ForestLiana
     end
 
     def perform
-      value = get_resource().eager_load(@includes)
+      value = get_resource().joins(@includes)
 
-      unless @params[:filters].blank?
-        value = FiltersParser.new(@params[:filters], value, @params[:timezone]).apply_filters
+      filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @resource.name)
+
+      unless filters.blank?
+        value = FiltersParser.new(filters, @resource, @params[:timezone]).apply_filters
       end
 
       Groupdate.week_start = :monday

data/app/services/forest_liana/permissions_checker.rb

@@ -1,13 +1,12 @@
 module ForestLiana
   class PermissionsChecker
     @@permissions_cached = Hash.new
-    @@scopes_cached = Hash.new
+    @@renderings_cached = Hash.new
     @@roles_acl_activated = false
-    # TODO: handle cache scopes per rendering
+
     @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
 
-    def initialize(resource, permission_name, rendering_id, user_id: nil, smart_action_request_info: nil, collection_list_parameters: nil, query_request_info: nil)
-      
+    def initialize(resource, permission_name, rendering_id, user_id: nil, smart_action_request_info: nil, collection_list_parameters: Hash.new, query_request_info: nil)
       @collection_name = resource.present? ? ForestLiana.name_for(resource) : nil
       @permission_name = permission_name
       @rendering_id = rendering_id
@@ -39,13 +38,16 @@ module ForestLiana
         permissions['data'] = ForestLiana::PermissionsFormatter.convert_to_new_format(permissions['data'], @rendering_id)
         @@permissions_cached[@rendering_id] = permissions
       end
-      add_scopes_to_cache(permissions)
+
+      # NOTICE: Add stats permissions to the RenderingPermissions
+      permissions['data']['renderings'][@rendering_id]['stats'] = permissions['stats']
+      add_rendering_permissions_to_cache(permissions)
     end
 
-    def add_scopes_to_cache(permissions)
+    def add_rendering_permissions_to_cache(permissions)
       permissions['data']['renderings'].keys.each { |rendering_id|
-        @@scopes_cached[rendering_id] = permissions['data']['renderings'][rendering_id]
-        @@scopes_cached[rendering_id]['last_fetch'] = Time.now
+        @@renderings_cached[rendering_id] = permissions['data']['renderings'][rendering_id]
+        @@renderings_cached[rendering_id]['last_fetch'] = Time.now
       } if permissions['data']['renderings']
     end
 
@@ -59,20 +61,17 @@ module ForestLiana
         return stat_with_parameters_allowed?
       end
 
-      
-
       if permissions && permissions[@collection_name] &&
         permissions[@collection_name]['collection']
         if @permission_name === 'actions'
           return smart_action_allowed?(permissions[@collection_name]['actions'])
         else
           if @permission_name === 'browseEnabled'
-            refresh_scope_cache if scope_cache_expired?
-            scope_permissions = get_scope_in_permissions
-            if scope_permissions
-              # NOTICE: current_scope will either contains conditions filter and
-              #         dynamic user values definition, or null for collection that does not use scopes
-              return false unless are_scopes_valid?(scope_permissions)
+            refresh_rendering_cache if rendering_cache_expired?
+
+            # NOTICE: In this case we need to check that that query is allowed
+            if @collection_list_parameters[:segmentQuery].present?
+              return false unless segment_query_allowed?
             end
           end
           return is_user_allowed(permissions[@collection_name]['collection'][@permission_name])
@@ -82,23 +81,27 @@ module ForestLiana
       end
     end
 
-    def get_scope_in_permissions
-      @@scopes_cached[@rendering_id] &&
-      @@scopes_cached[@rendering_id][@collection_name] &&
-      @@scopes_cached[@rendering_id][@collection_name]['scope']
+    def get_segments_in_permissions
+      @@renderings_cached[@rendering_id] &&
+      @@renderings_cached[@rendering_id][@collection_name] &&
+      @@renderings_cached[@rendering_id][@collection_name]['segments']
     end
 
-    def scope_cache_expired?
-      return true unless @@scopes_cached[@rendering_id] && @@scopes_cached[@rendering_id]['last_fetch']
+    def rendering_cache_expired?
+      return true unless @@renderings_cached[@rendering_id] && @@renderings_cached[@rendering_id]['last_fetch']
 
-      elapsed_seconds = date_difference_in_seconds(Time.now, @@scopes_cached[@rendering_id]['last_fetch'])
+      elapsed_seconds = date_difference_in_seconds(Time.now, @@renderings_cached[@rendering_id]['last_fetch'])
       elapsed_seconds >= @@expiration_in_seconds
     end
 
-    # This will happen only on rolesACLActivated (as scope cache will always be up to date on disabled)
-    def refresh_scope_cache
+    # This will happen only on rolesACLActivated (as segments cache will always be up to date on disabled)
+    def refresh_rendering_cache
       permissions = ForestLiana::PermissionsGetter::get_permissions_for_rendering(@rendering_id, rendering_specific_only: true)
-      add_scopes_to_cache(permissions)
+
+      # NOTICE: Add stats permissions to the RenderingPermissions
+      permissions['data']['renderings'][@rendering_id]['stats'] = permissions['stats']
+
+      add_rendering_permissions_to_cache(permissions)
     end
 
     # When acl disabled permissions are stored and retrieved by rendering
@@ -112,12 +115,12 @@ module ForestLiana
     end
 
     def get_live_query_permissions_content
-      permissions = get_permissions
+      permissions = @@renderings_cached[@rendering_id]
       permissions && permissions['stats'] && permissions['stats']['queries']
     end
-    
+
     def get_stat_with_parameters_content(statPermissionType)
-      permissions = get_permissions
+      permissions = @@renderings_cached[@rendering_id]
       permissions && permissions['stats'] && permissions['stats'][statPermissionType]
     end
 
@@ -154,11 +157,13 @@ module ForestLiana
       is_user_allowed(smart_action_permissions['triggerEnabled'])
     end
 
-    def are_scopes_valid?(scope_permissions)
-      return ForestLiana::ScopeValidator.new(
-        scope_permissions['filter'],
-        scope_permissions['dynamicScopesValues']['users']
-      ).is_scope_in_request?(@collection_list_parameters)
+    def segment_query_allowed?
+      segments_queries_permissions = get_segments_in_permissions
+
+      return false unless segments_queries_permissions
+
+      # NOTICE: @query_request_info matching an existing segment query
+      return segments_queries_permissions.include? @collection_list_parameters[:segmentQuery]
     end
 
     def live_query_allowed?
@@ -166,7 +171,7 @@ module ForestLiana
 
       return false unless live_queries_permissions
 
-      # NOTICE: @query_request_info matching an existing live query 
+      # NOTICE: @query_request_info matching an existing live query
       return live_queries_permissions.include? @query_request_info
     end
 
@@ -177,7 +182,7 @@ module ForestLiana
       return false unless pool_permissions
 
       # NOTICE: equivalent to Object.values in js & removes nil values
-      array_permission_infos = @query_request_info.values.filter_map{ |x| x unless x.nil? }
+      array_permission_infos = @query_request_info.values.select{ |x| !x.nil? }
 
       # NOTICE: Is there any pool_permissions containing the array_permission_infos
       return pool_permissions.any? {
@@ -201,7 +206,7 @@ module ForestLiana
     # Used only for testing purpose
     def self.empty_cache
       @@permissions_cached = Hash.new
-      @@scopes_cached = Hash.new
+      @@renderings_cached = Hash.new
       @@roles_acl_activated = false
       @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
     end

data/app/services/forest_liana/permissions_formatter.rb

@@ -13,7 +13,7 @@ module ForestLiana
             'actions' => convert_actions_permissions_to_new_format(permissions[collection_name]['actions'])
           }
 
-          permissions_new_format['renderings'][rendering_id][collection_name] = { 'scope' => permissions[collection_name]['scope'] }
+          permissions_new_format['renderings'][rendering_id][collection_name] = { 'segments' => permissions[collection_name]['segments'] }
         }
 
         permissions_new_format

data/app/services/forest_liana/permissions_getter.rb

@@ -23,19 +23,16 @@ module ForestLiana
       #     },
       #   },
       # },
-      # rederings => {
+      # renderings => {
       #   {rendering_id} => {
       #       {collection_id} => {
-      #         scope => {
-      #           dynamicScopesValues => {},
-      #           filter => {}
-      #         }
+      #         segments => ['query1', 'query2']
       #       }
       #     }
       #   }
       # }
       # With `rendering_specific_only` this returns only the permissions related data specific to the provided rendering
-      # For now this only includes scopes
+      # For now this only includes scopes (but scopes are not used anymore in permissions)
       def get_permissions_for_rendering(rendering_id, rendering_specific_only: false)
         begin
           query_parameters = { 'renderingId' => rendering_id }

data/app/services/forest_liana/pie_stat_getter.rb

@@ -7,8 +7,10 @@ module ForestLiana
         timezone_offset = @params[:timezone].to_i
         resource = get_resource().eager_load(@includes)
 
-        unless @params[:filters].blank?
-          resource = FiltersParser.new(@params[:filters], resource, @params[:timezone]).apply_filters
+        filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @resource.name)
+
+        unless filters.blank?
+          resource = FiltersParser.new(filters, resource, @params[:timezone]).apply_filters
         end
 
         result = resource
@@ -53,7 +55,8 @@ module ForestLiana
       if @params[:aggregate].downcase == 'sum'
         field = @params[:aggregate_field].downcase
       else
-        field = Rails::VERSION::MAJOR >= 5 || @includes.size > 0 ? 'id' : 'all'
+        # `count_id` is required only for rails v5
+        field = Rails::VERSION::MAJOR == 5 || @includes.size > 0 ? 'id' : 'all'
       end
       "#{@params[:aggregate].downcase}_#{field} #{order}"
     end

data/app/services/forest_liana/resource_getter.rb

@@ -2,16 +2,19 @@ module ForestLiana
   class ResourceGetter < BaseGetter
     attr_accessor :record
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
-      @collection_name = ForestLiana.name_for(@resource)
+      @collection_name = ForestLiana.name_for(resource)
+      @user = forest_user
       @collection = get_collection(@collection_name)
       compute_includes()
     end
 
     def perform
-      @record = get_resource().eager_load(@includes).find(@params[:id])
+      records = get_resource().eager_load(@includes)
+      scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(records, @user, @collection_name, @params[:timezone])
+      @record = scoped_records.find(@params[:id])
     end
   end
 end

data/app/services/forest_liana/resource_updater.rb

@@ -3,15 +3,18 @@ module ForestLiana
     attr_accessor :record
     attr_accessor :errors
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
       @errors = nil
+      @user = forest_user
     end
 
     def perform
       begin
-        @record = @resource.find(@params[:id])
+        collection_name = ForestLiana.name_for(@resource)
+        scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, @user, collection_name, @params[:timezone])
+        @record = scoped_records.find(@params[:id])
 
         if has_strong_parameter
           @record.update(resource_params)

data/app/services/forest_liana/resources_getter.rb

@@ -4,7 +4,7 @@ module ForestLiana
     attr_reader :includes
     attr_reader :records_count
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
       @count_needs_includes = false
@@ -14,12 +14,13 @@ module ForestLiana
       @field_names_requested = field_names_requested
       get_segment
       compute_includes
-      @search_query_builder = SearchQueryBuilder.new(@params, @includes, @collection)
+      @user = forest_user
+      @search_query_builder = SearchQueryBuilder.new(@params, @includes, @collection, forest_user)
 
       prepare_query
     end
 
-    def self.get_ids_from_request(params)
+    def self.get_ids_from_request(params, user)
       attributes = params.dig('data', 'attributes')
       has_body_attributes = attributes != nil
       is_select_all_records_query = has_body_attributes && attributes[:all_records] == true
@@ -45,11 +46,11 @@ module ForestLiana
           collection: parent_collection_name,
           id: attributes[:parent_collection_id],
           association_name: attributes[:parent_association_name],
-        }))
+        }), user)
       else
         collection_name = attributes[:collection_name]
         model = ForestLiana::SchemaUtils.find_model_from_collection_name(collection_name)
-        resources_getter = ForestLiana::ResourcesGetter.new(model, attributes)
+        resources_getter = ForestLiana::ResourcesGetter.new(model, attributes, user)
       end
 
       # NOTICE: build IDs list.

data/app/services/forest_liana/scope_manager.rb

@@ -0,0 +1,102 @@
+module ForestLiana
+  class ScopeManager
+    @@scopes_cache = Hash.new
+    # 5 minutes exipration cache
+    @@scope_cache_expiration_delta = 300
+
+    def self.apply_scopes_on_records(records, forest_user, collection_name, timezone)
+      scope_filters = get_scope_for_user(forest_user, collection_name, as_string: true)
+
+      return records if scope_filters.blank?
+
+      FiltersParser.new(scope_filters, records, timezone).apply_filters
+    end
+
+    def self.append_scope_for_user(existing_filter, user, collection_name)
+      scope_filter = get_scope_for_user(user, collection_name, as_string: true)
+      filters = [existing_filter, scope_filter].compact
+
+      case filters.length
+      when 0
+        nil
+      when 1
+        filters[0]
+      else
+        "{\"aggregator\":\"and\",\"conditions\":[#{existing_filter},#{scope_filter}]}"
+      end
+    end
+
+    def self.get_scope_for_user(user, collection_name, as_string: false)
+      raise 'Missing required rendering_id' unless user['rendering_id']
+      raise 'Missing required collection_name' unless collection_name
+
+      collection_scope = get_collection_scope(user['rendering_id'], collection_name)
+
+      return nil unless collection_scope
+
+      filters = format_dynamic_values(user['id'], collection_scope)
+
+      as_string && filters ? JSON.generate(filters) : filters
+    end
+
+    def self.get_collection_scope(rendering_id, collection_name)
+      if !@@scopes_cache[rendering_id]
+        # when scope cache is unset wait for the refresh
+        refresh_scopes_cache(rendering_id)
+      elsif has_cache_expired?(rendering_id)
+        # when cache expired refresh the scopes without waiting for it
+        Thread.new { refresh_scopes_cache(rendering_id) }
+      end
+
+      @@scopes_cache[rendering_id][:scopes][collection_name]
+    end
+
+    def self.has_cache_expired?(rendering_id)
+      rendering_scopes = @@scopes_cache[rendering_id]
+      return true unless rendering_scopes
+
+      second_since_last_fetch = Time.now - rendering_scopes[:fetched_at]
+      second_since_last_fetch >= @@scope_cache_expiration_delta
+    end
+
+    def self.refresh_scopes_cache(rendering_id)
+      scopes = fetch_scopes(rendering_id)
+      @@scopes_cache[rendering_id] = {
+        :fetched_at => Time.now,
+        :scopes => scopes
+      }
+    end
+
+    def self.fetch_scopes(rendering_id)
+      query_parameters = { 'renderingId' => rendering_id }
+      response = ForestLiana::ForestApiRequester.get('/liana/scopes', query: query_parameters)
+
+      if response.is_a?(Net::HTTPOK)
+        JSON.parse(response.body)
+      else
+        raise 'Unable to fetch scopes'
+      end
+    end
+
+    def self.format_dynamic_values(user_id, collection_scope)
+      filter = collection_scope.dig('scope', 'filter')
+      return nil unless filter
+
+      dynamic_scopes_values = collection_scope.dig('scope', 'dynamicScopesValues')
+
+      # Only goes one level deep as required for now
+      filter['conditions'].map do |condition|
+        value = condition['value']
+        if value.is_a?(String) && value.start_with?('$currentUser')
+          condition['value'] = dynamic_scopes_values.dig('users', user_id, value)
+        end
+      end
+
+      filter
+    end
+
+    def self.invalidate_scope_cache(rendering_id)
+      @@scopes_cache.delete(rendering_id)
+    end
+  end
+end

data/app/services/forest_liana/search_query_builder.rb

@@ -4,12 +4,13 @@ module ForestLiana
 
     attr_reader :fields_searched
 
-    def initialize(params, includes, collection)
+    def initialize(params, includes, collection, user)
       @params = params
       @includes = includes
       @collection = collection
       @fields_searched = []
       @search = @params[:search]
+      @user = user
     end
 
     def perform(resource)
@@ -18,8 +19,10 @@ module ForestLiana
         ForestLiana::QueryHelper.get_tables_associated_to_relations_name(@resource)
       @records = search_param
 
-      unless @params[:filters].blank?
-        @records = FiltersParser.new(@params[:filters], @records, @params[:timezone]).apply_filters
+      filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @collection.name)
+
+      unless filters.blank?
+        @records = FiltersParser.new(filters, @records, @params[:timezone]).apply_filters
       end
 
       if @search