RubyGems - forest_liana - Versions diffs - 6.0.0.pre.beta.2 → 6.0.0.pre.beta.3 - Mend

forest_liana 6.0.0.pre.beta.2 → 6.0.0.pre.beta.3

Files changed (59) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2f88ccbd15c18a78b06d08ad2a17dfa2075d2b586728033cbe03564c95dd92e
-  data.tar.gz: e78f4892dc9ea07b8dbabb67d3183920f8ef41b6cb7ebe1edd8cb3d0c3b7ee2b
+  metadata.gz: 3ea2912357a0fabb3b4c6527d848f9b728d2394c83155cd77314e54f66c1d8e2
+  data.tar.gz: 69863c89f2668cb142f54ddc5a9fcc1c473417cef56fc307765e53a686572bd3
 SHA512:
-  metadata.gz: 2a1dfc618f2723448b2fea3b39a48be64fad619c87a3b7d9257e3be8292f1ae86632c38563a7c9d938fd9699a0d78bac50e521d390bb40077ab824996b987ed2
-  data.tar.gz: d1a6401e8e236b718f488e1a1b5641fb953a912c719a5ea1010f7f307c99e7b96fd9f153fc483ebd7dbef5861a5daf9c12e2bdc03f846b62850662ee1837209a
+  metadata.gz: 11e36ad5a50676182d85029fe634e2874328c537bff2679e5a99661393e5d23c84fa3e30c165c376c06c0e8bc013beffc8d0b2497408276322a0811de8fbf222
+  data.tar.gz: 3bb4aec7204cced667652ac92f1aef9e4897d282a578408603c2fd98b7b37079565ea39d58ef1d26ee4f62af545c41bd2e56666df4d0335f7b53a455c705f17a

data/app/controllers/forest_liana/actions_controller.rb CHANGED

@@ -1,7 +1,102 @@
 module ForestLiana
   class ActionsController < ForestLiana::BaseController
     def values
       render serializer: nil, json: {}, status: :ok
     end
+    def get_collection(collection_name)
+      ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
+    end
+    def get_action(collection_name)
+      collection = get_collection(collection_name)
+      begin
+         collection.actions.find {|action| ActiveSupport::Inflector.parameterize(action.name) == params[:action_name]}
+      rescue => error
+        FOREST_LOGGER.error "Smart Action get action retrieval error: #{error}"
+        nil
+      end
+    end
+    def get_record
+      model = ForestLiana::SchemaUtils.find_model_from_collection_name(params[:collectionName])
+      redord_getter = ForestLiana::ResourceGetter.new(model, {:id => params[:recordIds][0]})
+      redord_getter.perform
+      redord_getter.record
+    end
+    def get_smart_action_load_ctx(fields)
+      fields = fields.reduce({}) do |p, c|
+        ForestLiana::WidgetsHelper.set_field_widget(c)
+        p.update(c[:field] => c.merge!(value: nil))
+      end
+      {:record => get_record, :fields => fields}
+    end
+    def get_smart_action_change_ctx(fields)
+      fields = fields.reduce({}) do |p, c|
+        field = c.permit!.to_h.symbolize_keys
+        ForestLiana::WidgetsHelper.set_field_widget(field)
+        p.update(c[:field] => field)
+      end
+      {:record => get_record, :fields => fields}
+    end
+    def handle_result(result, formatted_fields, action)
+      if result.nil? || !result.is_a?(Hash)
+        return render status: 500, json: { error: 'Error in smart action load hook: hook must return an object' }
+      end
+      is_same_data_structure = ForestLiana::IsSameDataStructureHelper::Analyser.new(formatted_fields, result, 1)
+      unless is_same_data_structure.perform
+        return render status: 500, json: { error: 'Error in smart action hook: fields must be unchanged (no addition nor deletion allowed)' }
+      end
+      # Apply result on fields (transform the object back to an array), preserve order.
+      fields = action.fields.map do |field|
+        updated_field = result[field[:field]]
+        # Reset `value` when not present in `enums` (which means `enums` has changed).
+        if updated_field[:enums].is_a?(Array) && !updated_field[:enums].include?(updated_field[:value])
+          updated_field[:value] = nil
+        end
+        updated_field
+      end
+      render serializer: nil, json: { fields: fields}, status: :ok
+    end
+    def load
+      action = get_action(params[:collectionName])
+      if !action
+        render status: 500, json: {error: 'Error in smart action load hook: cannot retrieve action from collection'}
+      else
+        # Transform fields from array to an object to ease usage in hook, adds null value.
+        context = get_smart_action_load_ctx(action.fields)
+        formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
+        # Call the user-defined load hook.
+        result = action.hooks[:load].(context)
+        handle_result(result, formatted_fields, action)
+      end
+    end
+    def change
+      action = get_action(params[:collectionName])
+      if !action
+        render status: 500, json: {error: 'Error in smart action change hook: cannot retrieve action from collection'}
+      else
+        # Transform fields from array to an object to ease usage in hook.
+        context = get_smart_action_change_ctx(params[:fields])
+        formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
+        # Call the user-defined change hook.
+        result = action.hooks[:change][params[:changedField]].(context)
+        handle_result(result, formatted_fields, action)
+      end
+    end
   end
 end

data/app/controllers/forest_liana/resources_controller.rb CHANGED

@@ -16,18 +16,15 @@ module ForestLiana
     def index
       begin
         if request.format == 'csv'
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'export', @rendering_id)
-          return head :forbidden unless checker.is_authorized?
-        elsif params.has_key?(:searchToEdit)
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'searchToEdit', @rendering_id)
+          checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user_id: forest_user['id'])
           return head :forbidden unless checker.is_authorized?
         else
           checker = ForestLiana::PermissionsChecker.new(
             @resource,
-            'list',
+            'browseEnabled',
             @rendering_id,
-            nil,
-            get_collection_list_permission_info(forest_user, request)
+            user_id: forest_user['id'],
+            collection_list_parameters: get_collection_list_permission_info(forest_user, request)
           )
           return head :forbidden unless checker.is_authorized?
         end
@@ -59,10 +56,10 @@ module ForestLiana
       begin
         checker = ForestLiana::PermissionsChecker.new(
           @resource,
-          'list',
+          'browseEnabled',
           @rendering_id,
-          nil,
-          get_collection_list_permission_info(forest_user, request)
+          user_id: forest_user['id'],
+          collection_list_parameters: get_collection_list_permission_info(forest_user, request)
         )
         return head :forbidden unless checker.is_authorized?
@@ -89,7 +86,7 @@ module ForestLiana
     def show
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'show', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
         getter = ForestLiana::ResourceGetter.new(@resource, params)
@@ -104,7 +101,7 @@ module ForestLiana
     def create
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'create', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
         creator = ForestLiana::ResourceCreator.new(@resource, params)
@@ -127,7 +124,7 @@ module ForestLiana
     def update
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'update', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
         updater = ForestLiana::ResourceUpdater.new(@resource, params)
@@ -149,7 +146,7 @@ module ForestLiana
     end
     def destroy
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'delete', @rendering_id)
+      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
       @resource.destroy(params[:id]) if @resource.exists?(params[:id])
@@ -161,7 +158,7 @@ module ForestLiana
     end
     def destroy_bulk
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'delete', @rendering_id)
+      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
       ids = ForestLiana::ResourcesGetter.get_ids_from_request(params)
@@ -245,8 +242,8 @@ module ForestLiana
       @collection ||= ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
     end
-    # NOTICE: Return a formatted object containing the request condition filters and
-    #         the user id used by the scope validator class to validate if scope is
+    # NOTICE: Return a formatted object containing the request condition filters and
+    #         the user id used by the scope validator class to validate if scope is
     #         in request
     def get_collection_list_permission_info(user, collection_list_request)
       {

data/app/controllers/forest_liana/smart_actions_controller.rb CHANGED

@@ -19,14 +19,15 @@ module ForestLiana
     def check_permission_for_smart_route
       begin
         smart_action_request = get_smart_action_request
         if !smart_action_request.nil? && smart_action_request.has_key?(:smart_action_id)
           checker = ForestLiana::PermissionsChecker.new(
             find_resource(smart_action_request[:collection_name]),
             'actions',
             @rendering_id,
-            get_smart_action_permission_info(forest_user, smart_action_request)
+            user_id: forest_user['id'],
+            smart_action_request_info: get_smart_action_request_info
           )
           return head :forbidden unless checker.is_authorized?
         else
@@ -54,10 +55,14 @@ module ForestLiana
       end
     end
-    def get_smart_action_permission_info(user, smart_action_request)
+    # smart action permissions are retrieved from the action's endpoint and http_method
+    def get_smart_action_request_info
+      endpoint = request.fullpath
+      # Trim starting '/'
+      endpoint[0] = '' if endpoint[0] == '/'
       {
-        user_id: user['id'],
-        action_id: smart_action_request[:smart_action_id],
+        endpoint: endpoint,
+        http_method: request.request_method
       }
     end
   end

data/app/helpers/forest_liana/is_same_data_structure_helper.rb ADDED

@@ -0,0 +1,44 @@
+require 'set'
+module ForestLiana
+  module IsSameDataStructureHelper
+    class Analyser
+      def initialize(object, other, deep = 0)
+        @object = object
+        @other = other
+        @deep = deep
+      end
+      def are_objects(object, other)
+        object && other && object.is_a?(Hash) && other.is_a?(Hash)
+      end
+      def check_keys(object, other, step = 0)
+        unless are_objects(object, other)
+          return false
+        end
+        object_keys = object.keys
+        other_keys = other.keys
+        if object_keys.length != other_keys.length
+          return false
+        end
+        object_keys_set = object_keys.to_set
+        other_keys.each { |key|
+          if !object_keys_set.member?(key) || (step + 1 <= @deep && !check_keys(object[key], other[key], step + 1))
+            return false
+          end
+        }
+        return true
+      end
+      def perform
+        check_keys(@object, @other)
+      end
+    end
+  end
+end

data/app/helpers/forest_liana/widgets_helper.rb ADDED

@@ -0,0 +1,59 @@
+require 'set'
+module ForestLiana
+  module WidgetsHelper
+    @widget_edit_list = [
+      'address editor',
+      'belongsto typeahead',
+      'belongsto dropdown',
+      'boolean editor',
+      'checkboxes',
+      'color editor',
+      'date editor',
+      'dropdown',
+      'embedded document editor',
+      'file picker',
+      'json code editor',
+      'input array',
+      'multiple select',
+      'number input',
+      'point editor',
+      'price editor',
+      'radio button',
+      'rich text',
+      'text area editor',
+      'text editor',
+      'time input',
+    ]
+    @v1_to_v2_edit_widgets_mapping = {
+      address: 'address editor',
+      'belongsto select': 'belongsto dropdown',
+      'color picker': 'color editor',
+      'date picker': 'date editor',
+      price: 'price editor',
+      'JSON editor': 'json code editor',
+      'rich text editor': 'rich text',
+      'text area': 'text area editor',
+      'text input': 'text editor',
+    }
+    def self.set_field_widget(field)
+      if field[:widget]
+        if @v1_to_v2_edit_widgets_mapping[field[:widget].to_sym]
+          field[:widgetEdit] = {name: @v1_to_v2_edit_widgets_mapping[field[:widget].to_sym], parameters: {}}
+        elsif @widget_edit_list.include?(field[:widget])
+          field[:widgetEdit] = {name: field[:widget], parameters: {}}
+        end
+      end
+      if !field.key?(:widgetEdit)
+        field[:widgetEdit] = nil
+      end
+      field.delete(:widget)
+    end
+  end
+end

data/app/models/forest_liana/model/action.rb CHANGED

@@ -5,7 +5,7 @@ class ForestLiana::Model::Action
   extend ActiveModel::Naming
   attr_accessor :id, :name, :base_url, :endpoint, :http_method, :fields, :redirect,
-    :type, :download
+    :type, :download, :hooks
   def initialize(attributes = {})
     if attributes.key?(:global)
@@ -66,6 +66,7 @@ class ForestLiana::Model::Action
     @base_url ||= nil
     @type ||= "bulk"
     @download ||= false
+    @hooks = !@hooks.nil? ? @hooks.symbolize_keys : nil
   end
   def persisted?

data/app/services/forest_liana/apimap_sorter.rb CHANGED

@@ -39,6 +39,7 @@ module ForestLiana
       'redirect',
       'download',
       'fields',
+      'hooks',
     ]
     KEYS_ACTION_FIELD = [
       'field',

data/app/services/forest_liana/permissions_checker.rb CHANGED

@@ -1,100 +1,161 @@
 module ForestLiana
   class PermissionsChecker
-    @@permissions_per_rendering = Hash.new
+    @@permissions_cached = Hash.new
+    @@scopes_cached = Hash.new
+    @@roles_acl_activated = false
+    # TODO: handle cache scopes per rendering
     @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
-    def initialize(resource, permission_name, rendering_id, smart_action_parameters = nil, collection_list_parameters = nil)
+    def initialize(resource, permission_name, rendering_id, user_id:, smart_action_request_info: nil, collection_list_parameters: nil)
+      @user_id = user_id
       @collection_name = ForestLiana.name_for(resource)
       @permission_name = permission_name
       @rendering_id = rendering_id
-      @smart_action_parameters = smart_action_parameters
+      @smart_action_request_info = smart_action_request_info
       @collection_list_parameters = collection_list_parameters
     end
     def is_authorized?
-      (is_permission_expired? || !is_allowed?) ? retrieve_permissions_and_check_allowed : true
-    end
-    private
+      # User is still authorized if he already was and the permission has not expire
+      # if !have_permissions_expired && is_allowed
+      return true unless have_permissions_expired? || !is_allowed
-    def get_permissions
-      @@permissions_per_rendering &&
-        @@permissions_per_rendering[@rendering_id] &&
-        @@permissions_per_rendering[@rendering_id]['data']
+      fetch_permissions
+      is_allowed
     end
-    def get_last_retrieve
-      @@permissions_per_rendering &&
-        @@permissions_per_rendering[@rendering_id] &&
-        @@permissions_per_rendering[@rendering_id]['last_retrieve']
-    end
+    private
-    def smart_action_allowed?(smart_actions_permissions)
-      if !@smart_action_parameters||
-          !@smart_action_parameters[:user_id] ||
-          !@smart_action_parameters[:action_id] ||
-          !smart_actions_permissions ||
-          !smart_actions_permissions[@smart_action_parameters[:action_id]]
-        return false
+    def fetch_permissions
+      permissions = ForestLiana::PermissionsGetter::get_permissions_for_rendering(@rendering_id)
+      @@roles_acl_activated = permissions['meta']['rolesACLActivated']
+      permissions['last_fetch'] = Time.now
+      if @@roles_acl_activated
+        @@permissions_cached = permissions
+      else
+        permissions['data'] = ForestLiana::PermissionsFormatter.convert_to_new_format(permissions['data'], @rendering_id)
+        @@permissions_cached[@rendering_id] = permissions
       end
-      @user_id = @smart_action_parameters[:user_id]
-      @action_id = @smart_action_parameters[:action_id]
-      @smart_action_permissions = smart_actions_permissions[@action_id]
-      @allowed = @smart_action_permissions['allowed']
-      @users = @smart_action_permissions['users']
-      return @allowed && (@users.nil?|| @users.include?(@user_id.to_i))
+      add_scopes_to_cache(permissions)
     end
-    def collection_list_allowed?(scope_permissions)
-      return ForestLiana::ScopeValidator.new(
-        scope_permissions['filter'],
-        scope_permissions['dynamicScopesValues']['users']
-      ).is_scope_in_request?(@collection_list_parameters)
+    def add_scopes_to_cache(permissions)
+      permissions['data']['renderings'].keys.each { |rendering_id|
+        @@scopes_cached[rendering_id] = permissions['data']['renderings'][rendering_id]
+        @@scopes_cached[rendering_id]['last_fetch'] = Time.now
+      } if permissions['data']['renderings']
     end
-    def is_allowed?
-      permissions = get_permissions
+    def is_allowed
+      permissions = get_permissions_content
       if permissions && permissions[@collection_name] &&
         permissions[@collection_name]['collection']
         if @permission_name === 'actions'
           return smart_action_allowed?(permissions[@collection_name]['actions'])
-        # NOTICE: Permissions[@collection_name]['scope'] will either contains conditions filter and
-        #         dynamic user values definition, or null for collection that does not use scopes
-        elsif @permission_name === 'list' and permissions[@collection_name]['scope']
-          return collection_list_allowed?(permissions[@collection_name]['scope'])
         else
-          return permissions[@collection_name]['collection'][@permission_name]
+          if @permission_name === 'browseEnabled'
+            refresh_scope_cache if scope_cache_expired?
+            scope_permissions = get_scope_in_permissions
+            if scope_permissions
+              # NOTICE: current_scope will either contains conditions filter and
+              #         dynamic user values definition, or null for collection that does not use scopes
+              return false unless are_scopes_valid?(scope_permissions)
+            end
+          end
+          return is_user_allowed(permissions[@collection_name]['collection'][@permission_name])
         end
       else
         false
       end
     end
-    def retrieve_permissions
-      @@permissions_per_rendering[@rendering_id] = Hash.new
-      permissions = ForestLiana::PermissionsGetter.new(@rendering_id).perform()
-      @@permissions_per_rendering[@rendering_id]['data'] = permissions
-      @@permissions_per_rendering[@rendering_id]['last_retrieve'] = Time.now
+    def get_scope_in_permissions
+      @@scopes_cached[@rendering_id] &&
+      @@scopes_cached[@rendering_id][@collection_name] &&
+      @@scopes_cached[@rendering_id][@collection_name]['scope']
+    end
+    def scope_cache_expired?
+      return true unless @@scopes_cached[@rendering_id] && @@scopes_cached[@rendering_id]['last_fetch']
+      elapsed_seconds = date_difference_in_seconds(Time.now, @@scopes_cached[@rendering_id]['last_fetch'])
+      elapsed_seconds >= @@expiration_in_seconds
+    end
+    # This will happen only on rolesACLActivated (as scope cache will always be up to date on disabled)
+    def refresh_scope_cache
+      permissions = ForestLiana::PermissionsGetter::get_permissions_for_rendering(@rendering_id, rendering_specific_only: true)
+      add_scopes_to_cache(permissions)
+    end
+    # When acl disabled permissions are stored and retrieved by rendering
+    def get_permissions
+      @@roles_acl_activated ? @@permissions_cached : @@permissions_cached[@rendering_id]
+    end
+    def get_permissions_content
+      permissions = get_permissions
+      permissions && permissions['data'] && permissions['data']['collections']
+    end
+    def get_last_fetch
+      permissions = get_permissions
+      permissions && permissions['last_fetch']
+    end
+    def get_smart_action_permissions(smart_actions_permissions)
+      endpoint = @smart_action_request_info[:endpoint]
+      http_method = @smart_action_request_info[:http_method]
+      return nil unless endpoint && http_method
+      schema_smart_action = ForestLiana::Utils::BetaSchemaUtils.find_action_from_endpoint(@collection_name, endpoint, http_method)
+      schema_smart_action &&
+        schema_smart_action.name &&
+        smart_actions_permissions &&
+        smart_actions_permissions[schema_smart_action.name]
+    end
+    def is_user_allowed(permission_value)
+      return false if permission_value.nil?
+      return permission_value if permission_value.in? [true, false]
+      permission_value.include?(@user_id.to_i)
+    end
+    def smart_action_allowed?(smart_actions_permissions)
+      smart_action_permissions = get_smart_action_permissions(smart_actions_permissions)
+      return false unless smart_action_permissions
+      is_user_allowed(smart_action_permissions['triggerEnabled'])
+    end
+    def are_scopes_valid?(scope_permissions)
+      return ForestLiana::ScopeValidator.new(
+        scope_permissions['filter'],
+        scope_permissions['dynamicScopesValues']['users']
+      ).is_scope_in_request?(@collection_list_parameters)
     end
     def date_difference_in_seconds(date1, date2)
       (date1 - date2).to_i
     end
-    def is_permission_expired?
-      last_retrieve = get_last_retrieve
-      return true if last_retrieve.nil?
+    def have_permissions_expired?
+      last_fetch = get_last_fetch
+      return true unless last_fetch
-      elapsed_seconds = date_difference_in_seconds(Time.now, last_retrieve)
+      elapsed_seconds = date_difference_in_seconds(Time.now, last_fetch)
       elapsed_seconds >= @@expiration_in_seconds
     end
-    def retrieve_permissions_and_check_allowed
-      retrieve_permissions
-      is_allowed?
+    # Used only for testing purpose
+    def self.empty_cache
+      @@permissions_cached = Hash.new
+      @@scopes_cached = Hash.new
+      @@roles_acl_activated = false
+      @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
     end
   end
 end