forest_liana 7.0.0.beta.4 → 7.0.1

data/app/services/forest_liana/resource_getter.rb

@@ -2,16 +2,19 @@ module ForestLiana
   class ResourceGetter < BaseGetter
     attr_accessor :record
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
-      @collection_name = ForestLiana.name_for(@resource)
+      @collection_name = ForestLiana.name_for(resource)
+      @user = forest_user
       @collection = get_collection(@collection_name)
       compute_includes()
     end
 
     def perform
-      @record = get_resource().eager_load(@includes).find(@params[:id])
+      records = get_resource().eager_load(@includes)
+      scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(records, @user, @collection_name, @params[:timezone])
+      @record = scoped_records.find(@params[:id])
     end
   end
 end

data/app/services/forest_liana/resource_updater.rb

@@ -3,15 +3,18 @@ module ForestLiana
     attr_accessor :record
     attr_accessor :errors
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
       @errors = nil
+      @user = forest_user
     end
 
     def perform
       begin
-        @record = @resource.find(@params[:id])
+        collection_name = ForestLiana.name_for(@resource)
+        scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, @user, collection_name, @params[:timezone])
+        @record = scoped_records.find(@params[:id])
 
         if has_strong_parameter
           @record.update(resource_params)

data/app/services/forest_liana/resources_getter.rb

@@ -4,7 +4,7 @@ module ForestLiana
     attr_reader :includes
     attr_reader :records_count
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
       @count_needs_includes = false
@@ -14,12 +14,13 @@ module ForestLiana
       @field_names_requested = field_names_requested
       get_segment
       compute_includes
-      @search_query_builder = SearchQueryBuilder.new(@params, @includes, @collection)
+      @user = forest_user
+      @search_query_builder = SearchQueryBuilder.new(@params, @includes, @collection, forest_user)
 
       prepare_query
     end
 
-    def self.get_ids_from_request(params)
+    def self.get_ids_from_request(params, user)
       attributes = params.dig('data', 'attributes')
       has_body_attributes = attributes != nil
       is_select_all_records_query = has_body_attributes && attributes[:all_records] == true
@@ -45,11 +46,11 @@ module ForestLiana
           collection: parent_collection_name,
           id: attributes[:parent_collection_id],
           association_name: attributes[:parent_association_name],
-        }))
+        }), user)
       else
         collection_name = attributes[:collection_name]
         model = ForestLiana::SchemaUtils.find_model_from_collection_name(collection_name)
-        resources_getter = ForestLiana::ResourcesGetter.new(model, attributes)
+        resources_getter = ForestLiana::ResourcesGetter.new(model, attributes, user)
       end
 
       # NOTICE: build IDs list.

data/app/services/forest_liana/scope_manager.rb

@@ -0,0 +1,102 @@
+module ForestLiana
+  class ScopeManager
+    @@scopes_cache = Hash.new
+    # 5 minutes exipration cache
+    @@scope_cache_expiration_delta = 300
+
+    def self.apply_scopes_on_records(records, forest_user, collection_name, timezone)
+      scope_filters = get_scope_for_user(forest_user, collection_name, as_string: true)
+
+      return records if scope_filters.blank?
+
+      FiltersParser.new(scope_filters, records, timezone).apply_filters
+    end
+
+    def self.append_scope_for_user(existing_filter, user, collection_name)
+      scope_filter = get_scope_for_user(user, collection_name, as_string: true)
+      filters = [existing_filter, scope_filter].compact
+
+      case filters.length
+      when 0
+        nil
+      when 1
+        filters[0]
+      else
+        "{\"aggregator\":\"and\",\"conditions\":[#{existing_filter},#{scope_filter}]}"
+      end
+    end
+
+    def self.get_scope_for_user(user, collection_name, as_string: false)
+      raise 'Missing required rendering_id' unless user['rendering_id']
+      raise 'Missing required collection_name' unless collection_name
+
+      collection_scope = get_collection_scope(user['rendering_id'], collection_name)
+
+      return nil unless collection_scope
+
+      filters = format_dynamic_values(user['id'], collection_scope)
+
+      as_string && filters ? JSON.generate(filters) : filters
+    end
+
+    def self.get_collection_scope(rendering_id, collection_name)
+      if !@@scopes_cache[rendering_id]
+        # when scope cache is unset wait for the refresh
+        refresh_scopes_cache(rendering_id)
+      elsif has_cache_expired?(rendering_id)
+        # when cache expired refresh the scopes without waiting for it
+        Thread.new { refresh_scopes_cache(rendering_id) }
+      end
+
+      @@scopes_cache[rendering_id][:scopes][collection_name]
+    end
+
+    def self.has_cache_expired?(rendering_id)
+      rendering_scopes = @@scopes_cache[rendering_id]
+      return true unless rendering_scopes
+
+      second_since_last_fetch = Time.now - rendering_scopes[:fetched_at]
+      second_since_last_fetch >= @@scope_cache_expiration_delta
+    end
+
+    def self.refresh_scopes_cache(rendering_id)
+      scopes = fetch_scopes(rendering_id)
+      @@scopes_cache[rendering_id] = {
+        :fetched_at => Time.now,
+        :scopes => scopes
+      }
+    end
+
+    def self.fetch_scopes(rendering_id)
+      query_parameters = { 'renderingId' => rendering_id }
+      response = ForestLiana::ForestApiRequester.get('/liana/scopes', query: query_parameters)
+
+      if response.is_a?(Net::HTTPOK)
+        JSON.parse(response.body)
+      else
+        raise 'Unable to fetch scopes'
+      end
+    end
+
+    def self.format_dynamic_values(user_id, collection_scope)
+      filter = collection_scope.dig('scope', 'filter')
+      return nil unless filter
+
+      dynamic_scopes_values = collection_scope.dig('scope', 'dynamicScopesValues')
+
+      # Only goes one level deep as required for now
+      filter['conditions'].map do |condition|
+        value = condition['value']
+        if value.is_a?(String) && value.start_with?('$currentUser')
+          condition['value'] = dynamic_scopes_values.dig('users', user_id, value)
+        end
+      end
+
+      filter
+    end
+
+    def self.invalidate_scope_cache(rendering_id)
+      @@scopes_cache.delete(rendering_id)
+    end
+  end
+end

data/app/services/forest_liana/search_query_builder.rb

@@ -4,12 +4,13 @@ module ForestLiana
 
     attr_reader :fields_searched
 
-    def initialize(params, includes, collection)
+    def initialize(params, includes, collection, user)
       @params = params
       @includes = includes
       @collection = collection
       @fields_searched = []
       @search = @params[:search]
+      @user = user
     end
 
     def perform(resource)
@@ -18,8 +19,10 @@ module ForestLiana
         ForestLiana::QueryHelper.get_tables_associated_to_relations_name(@resource)
       @records = search_param
 
-      unless @params[:filters].blank?
-        @records = FiltersParser.new(@params[:filters], @records, @params[:timezone]).apply_filters
+      filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @collection.name)
+
+      unless filters.blank?
+        @records = FiltersParser.new(filters, @records, @params[:timezone]).apply_filters
       end
 
       if @search

data/app/services/forest_liana/stat_getter.rb

@@ -2,9 +2,10 @@ module ForestLiana
   class StatGetter < BaseGetter
     attr_accessor :record
 
-    def initialize(resource, params)
+    def initialize(resource, params, forest_user)
       @resource = resource
       @params = params
+      @user = forest_user
       compute_includes()
     end
   end

data/app/services/forest_liana/value_stat_getter.rb

@@ -6,8 +6,10 @@ module ForestLiana
       return if @params[:aggregate].blank?
       resource = get_resource().eager_load(@includes)
 
-      unless @params[:filters].blank?
-        filter_parser = FiltersParser.new(@params[:filters], resource, @params[:timezone])
+      filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @resource.name)
+
+      unless filters.blank?
+        filter_parser = FiltersParser.new(filters, resource, @params[:timezone])
         resource = filter_parser.apply_filters
         raw_previous_interval = filter_parser.get_previous_interval_condition
 

data/config/routes.rb

@@ -20,6 +20,9 @@ ForestLiana::Engine.routes.draw do
   post '/stats/:collection' => 'stats#get'
   post '/stats' => 'stats#get_with_live_query'
 
+  # Scopes
+  post '/scope-cache-invalidation' => 'scopes#invalidate_scope_cache'
+
   # Stripe Integration
   get '(*collection)_stripe_payments' => 'stripe#payments'
   get ':collection/:id/stripe_payments' => 'stripe#payments'

data/lib/forest_liana/version.rb

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "7.0.0.beta.4"
+  VERSION = "7.0.1"
 end

data/spec/dummy/app/controllers/forest/islands_controller.rb

@@ -0,0 +1,5 @@
+class Forest::IslandsController < ForestLiana::SmartActionsController
+  def test
+    render json: { success: 'You are OK.' }
+  end
+end

data/spec/dummy/config/routes.rb

@@ -1,3 +1,7 @@
 Rails.application.routes.draw do
+  namespace :forest do
+    post '/actions/test' => 'islands#test'
+  end
+
   mount ForestLiana::Engine => "/forest"
 end

data/spec/dummy/lib/forest_liana/collections/island.rb

@@ -0,0 +1,7 @@
+class Forest::Island
+  include ForestLiana::Collection
+
+  collection :Island
+
+  action 'Test'
+end

data/spec/requests/actions_controller_spec.rb

@@ -1,16 +1,42 @@
 require 'rails_helper'
 
 describe 'Requesting Actions routes', :type => :request  do
+  let(:rendering_id) { 13 }
+  let(:scope_filters) { nil }
+
   before(:each) do
     allow(ForestLiana::IpWhitelist).to receive(:is_ip_whitelist_retrieved) { true }
     allow(ForestLiana::IpWhitelist).to receive(:is_ip_valid) { true }
-    Island.create(name: 'Corsica')
+    Island.create(id: 1, name: 'Corsica')
+
+    ForestLiana::ScopeManager.invalidate_scope_cache(rendering_id)
+    allow(ForestLiana::ScopeManager).to receive(:get_scope_for_user).and_return(scope_filters)
   end
 
   after(:each) do
     Island.destroy_all
   end
-  
+
+  let(:token) {
+    JWT.encode({
+      id: 38,
+      email: 'michael.kelso@that70.show',
+      first_name: 'Michael',
+      last_name: 'Kelso',
+      team: 'Operations',
+      rendering_id: rendering_id,
+      exp: Time.now.to_i + 2.weeks.to_i
+    }, ForestLiana.auth_secret, 'HS256')
+  }
+
+  let(:headers) {
+    {
+      'Accept' => 'application/json',
+      'Content-Type' => 'application/json',
+      'Authorization' => "Bearer #{token}"
+    }
+  }
+
   describe 'hooks' do
     foo = {
         field: 'foo',
@@ -126,25 +152,25 @@ describe 'Requesting Actions routes', :type => :request  do
       }
 
       it 'should respond 200' do
-        post '/forest/actions/my_action/hooks/load', params: JSON.dump(params), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/my_action/hooks/load', params: JSON.dump(params), headers: headers
         expect(response.status).to eq(200)
         expect(JSON.parse(response.body)).to eq({'fields' => [foo.merge({:value => nil}).stringify_keys]})
       end
 
       it 'should respond 500 with bad params' do
-        post '/forest/actions/my_action/hooks/load', params: {}
+        post '/forest/actions/my_action/hooks/load', params: {}, headers: headers
         expect(response.status).to eq(500)
         expect(JSON.parse(response.body)).to eq({'error' => 'Error in smart action load hook: cannot retrieve action from collection'})
       end
 
       it 'should respond 500 with bad hook result type' do
-        post '/forest/actions/fail_action/hooks/load', params: JSON.dump(params), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/fail_action/hooks/load', params: JSON.dump(params), headers: headers
         expect(response.status).to eq(500)
         expect(JSON.parse(response.body)).to eq({'error' => 'Error in smart action load hook: hook must return an array of fields'})
       end
 
       it 'should respond 500 with bad hook result data structure' do
-        post '/forest/actions/cheat_action/hooks/load', params: JSON.dump(params), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/cheat_action/hooks/load', params: JSON.dump(params), headers: headers
         expect(response.status).to eq(500)
         expect(JSON.parse(response.body)).to eq({'error' => 'Error in smart action load hook: hook must return an array of fields'})
       end
@@ -164,7 +190,7 @@ describe 'Requesting Actions routes', :type => :request  do
       }
 
       it 'should respond 200' do
-        post '/forest/actions/my_action/hooks/change', params: JSON.dump(params), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/my_action/hooks/change', params: JSON.dump(params), headers: headers
         expect(response.status).to eq(200)
         expected = updated_foo.clone.merge({:value => 'baz'})
         expected[:widgetEdit] = nil
@@ -173,13 +199,13 @@ describe 'Requesting Actions routes', :type => :request  do
       end
 
       it 'should respond 500 with bad params' do
-        post '/forest/actions/my_action/hooks/change', params: JSON.dump({ data: { attributes: { collection_name: 'Island' }}}), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/my_action/hooks/change', params: JSON.dump({ data: { attributes: { collection_name: 'Island' }}}), headers: headers
         expect(response.status).to eq(500)
         expect(JSON.parse(response.body)).to eq({'error' => 'Error in smart action change hook: fields params is mandatory'})
       end
 
       it 'should respond 500 with bad hook result type' do
-        post '/forest/actions/fail_action/hooks/change', params: JSON.dump(params), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/fail_action/hooks/change', params: JSON.dump(params), headers: headers
         expect(response.status).to eq(500)
         expect(JSON.parse(response.body)).to eq({'error' => 'Error in smart action load hook: hook must return an array of fields'})
       end
@@ -196,7 +222,7 @@ describe 'Requesting Actions routes', :type => :request  do
             }
           }
         }
-        post '/forest/actions/enums_action/hooks/change', params: JSON.dump(p), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/enums_action/hooks/change', params: JSON.dump(p), headers: headers
         expect(response.status).to eq(200)
 
         expected_enum = updated_enum.clone.merge({ :enums => %w[c d e], :value => nil, :widgetEdit => nil})
@@ -219,7 +245,7 @@ describe 'Requesting Actions routes', :type => :request  do
             }
           }
         }
-        post '/forest/actions/multiple_enums_action/hooks/change', params: JSON.dump(p), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/multiple_enums_action/hooks/change', params: JSON.dump(p), headers: headers
         expect(response.status).to eq(200)
 
         expected_multiple_enum = updated_multiple_enum.clone.merge({ :enums => %w[c d z], :widgetEdit => nil, :value => %w[c]})
@@ -243,7 +269,7 @@ describe 'Requesting Actions routes', :type => :request  do
           }
         }
 
-        post '/forest/actions/multiple_enums_action/hooks/change', params: JSON.dump(p), headers: { 'CONTENT_TYPE' => 'application/json' }
+        post '/forest/actions/multiple_enums_action/hooks/change', params: JSON.dump(p), headers: headers
         expect(response.status).to eq(200)
 
         expected_multiple_enum = wrongly_updated_multiple_enum.clone.merge({ :enums => %w[c d z], :widgetEdit => nil, :value => nil })
@@ -255,4 +281,66 @@ describe 'Requesting Actions routes', :type => :request  do
       end
     end
   end
+
+  describe 'calling the action' do
+    before(:each) do
+      allow_any_instance_of(ForestLiana::PermissionsChecker).to receive(:is_authorized?) { true }
+    end
+
+    let(:all_records) { false }
+    let(:params) {
+      {
+        data: {
+          attributes: {
+            collection_name: 'Island',
+            ids: ['1'],
+            all_records: all_records,
+            smart_action_id: 'Island-Test'
+          },
+          type: 'custom-action-requests'
+        },
+        timezone: 'Europe/Paris'
+      }
+    }
+
+    describe 'without scopes' do
+      it 'should respond 200 and perform the action' do
+        post '/forest/actions/test', params: JSON.dump(params), headers: headers
+        expect(response.status).to eq(200)
+        expect(JSON.parse(response.body)).to eq({'success' => 'You are OK.'})
+      end
+    end
+
+    describe 'with scopes' do
+      describe 'when record is in scope' do
+        let(:scope_filters) { JSON.generate({ field: 'name', operator: 'equal', value: 'Corsica' }) }
+
+        it 'should respond 200 and perform the action' do
+          post '/forest/actions/test', params: JSON.dump(params), headers: headers
+          expect(response.status).to eq(200)
+          expect(JSON.parse(response.body)).to eq({'success' => 'You are OK.'})
+        end
+      end
+
+      describe 'when record is out of scope' do
+        let(:scope_filters) { JSON.generate({ field: 'name', operator: 'equal', value: 'Ré' }) }
+
+        it 'should respond 400 and NOT perform the action' do
+          post '/forest/actions/test', params: JSON.dump(params), headers: headers
+          expect(response.status).to eq(400)
+          expect(JSON.parse(response.body)).to eq({ 'error' => 'Smart Action: target record not found' })
+        end
+
+        describe 'and all_records are targeted' do
+          let(:all_records) { true }
+
+          it 'should respond 200 and perform the action' do
+            post '/forest/actions/test', params: JSON.dump(params), headers: headers
+            expect(response.status).to eq(200)
+            expect(JSON.parse(response.body)).to eq({'success' => 'You are OK.'})
+          end
+        end
+      end
+    end
+  end
 end