hubrise_app 0.1.2 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7967fa6921a0293b0bb9ba4dc2e34573fc34721bf62732c626d4e3ed7746cd1b
-  data.tar.gz: 0cfcc2aea23f782afcfd4b59019d63fbc38e9a77682df8130a3fe8273087bd35
+  metadata.gz: 752df0a174985157db351f3086761ff039dbeed5f8fc99e11aa9427438d1fdae
+  data.tar.gz: 4e563cb2b305f54bc88cfe3e197c7b00eb537060b01aa1b703a0261ca8736835
 SHA512:
-  metadata.gz: 778100fedf85bc588497d93161813e2eabe8c18f83d565d1fa691a949e85917a37a549a3fb38a96d7a6193094dd44bdd5d6eb759edf113bd0758573a3375ddd5
-  data.tar.gz: 84994e316f35f455815dd0d8ad6d735b2d2a7d1b96d84ba568027820498fbf727a4d9fda81e85a165f479556827f0a8e4d61d056e7afdce61503583110a03551
+  metadata.gz: 34248f447c609c2965bf013ead89c9399325d71578767aa21d1e5f9ccb4ceac2789dfa504f9dc25e030db89b11c537a9f0beb5abc2ef7bcaa3c8d535fd76db65
+  data.tar.gz: b28e0a2d75bf14d46f300bbc2b78b5429c7a9c4baee544e69b78d9ec34a609b089e5c28a67113790f9c56e8c01cfed58c2d0f131ad267ef0071f306e22819e04

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2016- HubRise (https://www.hubrise.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -1,5 +1,81 @@
-## Customization
-To override `oauth_controller` add `controllers/hubrise_app/override/oauth_controller.rb` to the host app
+![](https://github.com/hubrise/ruby-app/workflows/spec/badge.svg)
+
+
+## Installation
+
+Refer to https://github.com/HubRise/ruby-app/tree/master/spec/dummy/ for examples
+
+1. Install the gem (`gem "hubrise_app", git: "https://github.com/HubRise/ruby-app.git"` for now)
+2. Add `hubrise_app/config.yaml`
+3. Copy migrations with `rake hubrise_app:install:migrations` and migrate
+4. Mount engine routes with `mount HubriseApp::Engine => "/"`
+5. Define `hubrise_open_path` rails route (e.g. `get :hubrise_open, to: "application#open"`)
+6. Inherit your `ApplicationController` and apply fundamental `before_actions`:
+```
+class ApplicationController < HubriseApp::ApplicationController
+  before_action :ensure_authenticated!
+  before_action :ensure_app_instance_found!
+
+  def open
+    render plain: current_user.full_name + " | " + current_app_instance.hr_id
+  end
+end
+```
+
+## Intro
+
+This gem provides a framework for a Hubrise App with a Resource Based Access.
+This means that each Hubrise User will be able to create a connection (App Instance) to multiple Accounts and Locations. And this connection will be shared with any other Hubrise User that has access to the same reseources on Hubrise side automatically.
+
+### Note
+The main app's scopes (`account_scope` and `location_scope`) must not include any kind of `profile` access. Otherwise it will make no sense to share the connection with other users.
+
+## Documentation
+
+The framework is based on 3 different Oauth Workflows: `Connect Workflow`, `Login Workflow` and `Authorize Workflow`.
+And 4 main entities: `User`, `AppInstance`, `Account`, `Location`.
+
+### Connect Workflow
+Usualy this workflow gets triggered by clicking the "Install" button from the Hubrise App Market.
+It requests the main connection with the `location_scope` or `account_scope` (which are specified by developer during app creation).
+
+Once it has been completed a new `AppInstance` gets persisted in the DB.
+`Account` and `Location` instances are being created automaticaly depending on the scope and populated from the api.
+Note: this workflow is not responsible for creating a `User` record, it **only** happens in `Login Workflow`.
+
+- If there's a user already logged in - the new app instance gets associated with this user automatically. And the user gets redirected to `hubrise_open_path` with a `app_instance_id` params.
+
+- If there's no user logged in - the `Login Workflow` is triggered right away by redirecting to login oauth url.
+
+
+Code: https://github.com/HubRise/ruby-app/tree/master/app/controllers/hubrise_app/oauth_controller/action_connect_callback.rb
+
+### Login Workflow
+Usualy this workflow gets triggered after `Connect Workflow` or by the `ensure_authenticated!` filter for any anon access.
+It requests `profile_with_email` scope.
+Once completed - a new `User` gets persisted in the DB with a profile `access_token` and redirected to `hubrise_open_path`.
+
+
+### Authorize Workflow
+This workflow gets triggered by `ensure_app_instance_found!` whenever a logged in user does not have access (or it is expired) to `AppInstance` specified by `app_instance_id` param.
+If `app_instance_id` is not specified - its considered to be a broken request and a fatal error message is shown.
+
+Note: when a user opens already installed app by clicking the button from Hubrise Manager - it opens the `open_url` (specified by developer during app creation) with a `app_instance_id` param.
+
+This `app_instance_id` param is carried on from request to request using `default_url_options`: https://github.com/HubRise/ruby-app/tree/master/app/controllers/hubrise_app/application_controller/app_instance_methods.rb#L26
+
+
+A use case:
+1. UserA installs an app for Account1 - an `AppInstance` with `hr_id=abcd` being created
+2. UserA adds UserB as a manager to Account1 (via Hubrise Manager user roles table)
+3. UserB opens the installed app by clicking the button in the dashboard. It redirects to `open_url` with `app_instance_id=abcd`
+4. UserB hits the `ensure_authenticated!` wall and agrees - a `User` record being created
+5. UserB hits the `ensure_app_instance_found!` wall and agrees - a `UserAppInstace` being created for the user and `AppInstance` with `hr_id=abcd`
+6. UserB now has access to the `AppInstance`
+
+
+## Extension
+TODO
 
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/app/controllers/hubrise_app/application_controller/app_instance_methods.rb

@@ -0,0 +1,28 @@
+module HubriseApp::ApplicationController::AppInstanceMethods
+  extend ActiveSupport::Concern
+  included do
+    helper_method :current_app_instance
+  end
+
+  def hr_app_instance_id
+    params[:app_instance_id]
+  end
+
+  def current_app_instance
+    if current_user
+      @app_instance ||= HubriseApp::Services::ResolveAppInstance.run(current_user.app_instances, hr_app_instance_id, self)
+    end
+  end
+
+  def ensure_app_instance_found!
+    if hr_app_instance_id.blank?
+      render(plain: "Something went wrong. Please try to reopen from Hubrise Dashboard.")
+    elsif current_app_instance.nil?
+      redirect_to(build_hubrise_oauth_authorize_url, allow_other_host: true)
+    end
+  end
+
+  def default_url_options
+    super.merge(app_instance_id: hr_app_instance_id || current_app_instance&.hr_id)
+  end
+end

data/app/controllers/hubrise_app/application_controller/hubrise_gateway_methods.rb

@@ -0,0 +1,25 @@
+module HubriseApp::ApplicationController::HubriseGatewayMethods
+  def hubrise_gateway
+    @hubrise_gateway ||= HubriseApp::HubriseGateway.new
+  end
+
+  def build_hubrise_oauth_login_url
+    hubrise_gateway.build_login_authorization_url(build_hubrise_oauth_login_callback_url)
+  end
+
+  def build_hubrise_oauth_authorize_url
+    hubrise_gateway.build_app_authorization_url(hr_app_instance_id, build_hubrise_oauth_authorize_callback_url)
+  end
+
+  def build_hubrise_oauth_login_callback_url
+    hubrise_app.hubrise_oauth_login_callback_url
+  end
+
+  def build_hubrise_oauth_authorize_callback_url
+    hubrise_app.hubrise_oauth_authorize_callback_url
+  end
+
+  def build_hubrise_open_url
+    main_app.hubrise_open_path
+  end
+end

data/app/controllers/hubrise_app/application_controller/session_methods.rb

@@ -0,0 +1,33 @@
+module HubriseApp::ApplicationController::SessionMethods
+  extend ActiveSupport::Concern
+  included do
+    protect_from_forgery with: :reset_session
+    helper_method :current_user, :logged_in?
+  end
+
+  def login(user)
+    session[:user_id] = user.id
+    @current_user  = user
+  end
+
+  def logout
+    session[:user_id] = nil
+  end
+
+  def current_user
+    @current_user ||= User.where(id: session[:user_id]).take
+  end
+
+  def logged_in?
+    !!current_user
+  end
+
+  def ensure_authenticated!
+    unless logged_in?
+      redirect_to(build_hubrise_oauth_login_url, allow_other_host: true)
+      return
+    end
+
+    yield if block_given?
+  end
+end

data/app/controllers/hubrise_app/application_controller.rb

@@ -1,70 +1,7 @@
 module HubriseApp
   class ApplicationController < ActionController::Base
-    protect_from_forgery with: :reset_session
-    helper_method :current_hr_user, :current_hr_app_instance, :logged_in?
-
-    protected
-
-    ###########
-    # SESSION #
-    ###########
-
-    def login(hr_user)
-      session[:user_id] = hr_user.id
-      @current_hr_user  = hr_user
-    end
-
-    def logout
-      session[:user_id] = nil
-    end
-
-    def current_hr_user
-      @current_hr_user ||= HrUser.where(id: session[:user_id]).take
-    end
-
-    def logged_in?
-      !!current_hr_user
-    end
-
-    def ensure_authenticated!
-      redirect_to(build_hubrise_oauth_login_url) unless logged_in?
-    end
-
-    ##############
-    # HR METHODS #
-    ##############
-
-    def hr_app_instance_id
-      params[:app_instance_id]
-    end
-
-    def default_url_options
-      super.merge(app_instance_id: hr_app_instance_id || current_hr_app_instance&.hr_id)
-    end
-
-    def current_hr_app_instance
-      @hr_app_instance ||= current_hr_user && begin
-        current_hr_user.hr_app_instances.where(hr_id: hr_app_instance_id).includes(:hr_account, :hr_location).take
-      end
-    end
-
-    def build_hubrise_oauth_login_url
-      HubriseGateway.build_login_authorization_url(
-        hubrise_app.hubrise_oauth_login_callback_url
-      )
-    end
-
-    def build_hubrise_oauth_authorize_url
-      HubriseGateway.build_app_authorization_url(hr_app_instance_id,
-                                                 hubrise_app.hubrise_oauth_authorize_callback_url)
-    end
-
-    def ensure_hr_app_instance_found!
-      if hr_app_instance_id.blank?
-        render(plain: "Something went wrong. Please try to reopen from Hubrise Dashboard.")
-      elsif current_hr_app_instance.nil?
-        redirect_to(build_hubrise_oauth_authorize_url)
-      end
-    end
+    include AppInstanceMethods
+    include HubriseGatewayMethods
+    include SessionMethods
   end
 end

data/app/controllers/hubrise_app/callback_controller/action_disconnect.rb

@@ -0,0 +1,5 @@
+module HubriseApp::CallbackController::ActionDisconnect
+  def disconnect
+    head 200
+  end
+end

data/app/controllers/hubrise_app/callback_controller/action_event.rb

@@ -0,0 +1,5 @@
+module HubriseApp::CallbackController::ActionEvent
+  def event
+    head 200
+  end
+end

data/app/controllers/hubrise_app/callback_controller.rb

@@ -1,26 +1,31 @@
 module HubriseApp
-  class CallbackController < ActionController::Base
+  class CallbackController < ApplicationController
     skip_before_action :verify_authenticity_token
-    before_action :ensure_hr_app_instance_found!
+    before_action :ensure_app_instance_found!
+    before_action :verify_event!, only: :event
 
-    def event
-      Services::HandleEvent.run(current_hr_app_instance, params.permit!.to_h)
-      head 200
-    end
+    include ActionEvent
+    include ActionDisconnect
+
+    protected
 
-    def disconnect
-      Services::DisconnectAppInstance.run(current_hr_app_instance)
-      head 200
+    def current_app_instance
+      HubriseApp::Services::ResolveAppInstance.run(AppInstance, params[:app_instance_id], self)
     end
 
-    protected
+    def ensure_app_instance_found!
+      head(404) unless current_app_instance
+    end
 
-    def current_hr_app_instance
-      @hr_app_instance ||= HubriseApp::HrAppInstance.where(hr_id: params[:app_instance_id]).take
+    def event_params
+      params.require(:callback).permit!.to_h
     end
 
-    def ensure_hr_app_instance_found!
-      head(404) unless current_hr_app_instance
+    def verify_event!
+      unless hubrise_gateway.valid_hmac?(request.raw_post,
+                                         request.headers["X-Hubrise-Hmac-Sha256"])
+        render(plain: "Invalid HubRise HMAC", status: 401)
+      end
     end
   end
 end

data/app/controllers/hubrise_app/oauth_controller/action_authorize_callback.rb

@@ -0,0 +1,13 @@
+module HubriseApp::OauthController::ActionAuthorizeCallback
+  # authorize access to specific app_instance (expirable)
+  def authorize_callback
+    ensure_authenticated! do
+      if current_app_instance
+        HubriseApp::Services::AssignAppInstance.run(current_user, current_app_instance, self)
+        redirect_to(build_hubrise_open_url)
+      else
+        render(plain: "Something went wrong. Please try to reinstall the app")
+      end
+    end
+  end
+end

data/app/controllers/hubrise_app/oauth_controller/action_connect_callback.rb

@@ -0,0 +1,12 @@
+module HubriseApp::OauthController::ActionConnectCallback
+  def connect_callback
+    @app_instance = HubriseApp::Services::ConnectAppInstance.run(api_client_from_oauth_code, self)
+
+    if logged_in?
+      HubriseApp::Services::AssignAppInstance.run(current_user, @app_instance, self)
+      redirect_to(build_hubrise_open_url)
+    else
+      redirect_to(build_hubrise_oauth_login_url, allow_other_host: true)
+    end
+  end
+end

data/app/controllers/hubrise_app/oauth_controller/action_login_callback.rb

@@ -0,0 +1,7 @@
+module HubriseApp::OauthController::ActionLoginCallback
+  def login_callback
+    user = HubriseApp::Refresher::User.from_api_client(api_client_from_oauth_code)
+    login(user)
+    redirect_to(build_hubrise_open_url)
+  end
+end

data/app/controllers/hubrise_app/oauth_controller.rb

@@ -1,44 +1,19 @@
 module HubriseApp
   class OauthController < ApplicationController
-    before_action :ensure_authenticated!, only: :authorize_callback
-
-    def login_callback
-      hr_user = HrUser.refresh_or_create_via_api_client(api_client_from_oauth_code)
-      login(hr_user)
-      redirect_to(main_app.hubrise_open_path)
-    end
-
-    def connect_callback
-      @hr_app_instance = HrAppInstance.refresh_or_create_via_api_client(api_client_from_oauth_code)
-
-      Services::ConnectAppInstance.run(current_hr_app_instance, hubrise_callback_event_url: hubrise_callback_event_url)
-
-      if logged_in?
-        current_hr_user.assign_hr_app_instance(current_hr_app_instance)
-        redirect_to(main_app.hubrise_open_path)
-      else
-        redirect_to(build_hubrise_oauth_login_url)
-      end
-    end
-
-    # authorize access to specific app_instance (expirable)
-    def authorize_callback
-      if current_hr_app_instance
-        current_hr_user.assign_hr_app_instance(current_hr_app_instance)
-        redirect_to(main_app.hubrise_open_path)
-      else
-        render(plain: "Something went wrong. Please try to reinstall the app")
-      end
-    end
+    include ActionLoginCallback
+    include ActionConnectCallback
+    include ActionAuthorizeCallback
 
     protected
 
-    def current_hr_app_instance
-      @hr_app_instance ||= HrAppInstance.where(hr_id: api_client_from_oauth_code.app_instance_id).take
+    def current_app_instance
+      @app_instance ||= HubriseApp::Services::ResolveAppInstance.run(
+                          AppInstance, api_client_from_oauth_code.app_instance_id, self
+                        )
     end
 
     def api_client_from_oauth_code
-      @api_client_from_oauth_code ||= HubriseGateway.build_api_client_from_authorization_code(params[:code])
+      @api_client ||= hubrise_gateway.build_api_client_from_authorization_code(params[:code])
     end
   end
 end

data/app/controllers/hubrise_app/sessions_controller.rb

@@ -0,0 +1,9 @@
+module HubriseApp
+  class SessionsController < ApplicationController
+    before_action :ensure_authenticated!
+
+    def destroy
+      logout
+    end
+  end
+end

data/app/lib/hubrise_app/config_loader.rb

@@ -0,0 +1,5 @@
+class HubriseApp::ConfigLoader
+  def self.load
+    Rails.application.config_for("hubrise_app/config").deep_symbolize_keys
+  end
+end

data/app/lib/hubrise_app/hubrise_gateway.rb

@@ -1,34 +1,58 @@
 class HubriseApp::HubriseGateway
   HUBRISE_LOGIN_SCOPE = "profile_with_email".freeze
-  HUBRISE_API_VERSION = :v1
 
-  class << self
-    def build_api_client(params = {})
-      HubriseClient::V1.new(
-        HubriseApp::CONFIG[:hubrise_client_id],
-        HubriseApp::CONFIG[:hubrise_client_secret],
-        params.merge(
-          oauth_host: HubriseApp::CONFIG[:hubrise_oauth_host],
-          oauth_port: HubriseApp::CONFIG[:hubrise_oauth_port],
-          api_host: HubriseApp::CONFIG[:hubrise_api_host],
-          api_port: HubriseApp::CONFIG[:hubrise_api_port],
-          use_https: HubriseApp::CONFIG[:hubrise_use_https]
-        )
+  def initialize(config = HubriseApp::CONFIG)
+    @config = config
+  end
+
+  def build_api_client(params = {})
+    HubriseClient::V1.new(
+      @config[:hubrise_client_id],
+      @config[:hubrise_client_secret],
+      params.merge(
+        oauth_host: @config[:hubrise_oauth_host],
+        oauth_port: @config[:hubrise_oauth_port],
+        api_host: @config[:hubrise_api_host],
+        api_port: @config[:hubrise_api_port],
+        use_https: @config[:hubrise_use_https]
       )
-    end
+    )
+  end
 
-    def build_api_client_from_authorization_code(authorization_code)
-      build_api_client.tap do |api_client|
-        api_client.authorize!(authorization_code)
-      end
-    end
+  def build_api_client_from_app_instance(app_instance)
+    build_api_client(
+      access_token: app_instance.access_token,
+      app_instance_id: app_instance.hr_id,
+      account_id: app_instance.hr_account_id,
+      location_id: app_instance.hr_location_id,
+      catalog_id: app_instance.hr_catalog_id,
+      customer_list_id: app_instance.hr_customer_list_id
+    )
+  end
 
-    def build_login_authorization_url(redirect_uri)
-      build_api_client.build_authorization_url(redirect_uri, HUBRISE_LOGIN_SCOPE)
+  def build_api_client_from_authorization_code(authorization_code)
+    build_api_client.tap do |api_client|
+      api_client.authorize!(authorization_code)
     end
+  end
 
-    def build_app_authorization_url(hr_app_instance_id, redirect_uri)
-      build_api_client.build_authorization_url(redirect_uri, nil, app_instance_id: hr_app_instance_id)
-    end
+  def build_login_authorization_url(redirect_uri)
+    build_api_client.build_authorization_url(redirect_uri, HUBRISE_LOGIN_SCOPE)
+  end
+
+  def build_app_authorization_url(hr_app_instance_id, redirect_uri)
+    build_api_client.build_authorization_url(redirect_uri, nil, app_instance_id: hr_app_instance_id)
+  end
+
+  def valid_hmac?(body, request_hmac)
+    calculated_hmac = OpenSSL::HMAC.hexdigest(
+                        OpenSSL::Digest.new("sha256"),
+                        @config[:hubrise_client_secret],
+                        body
+                      )
+    ActiveSupport::SecurityUtils.secure_compare(
+      calculated_hmac,
+      request_hmac || ""
+    )
   end
 end

data/app/lib/hubrise_app/refresher/account.rb

@@ -0,0 +1,15 @@
+module HubriseApp::Refresher
+  class Account < Base
+    class << self
+      def fetch_attributes(resource, api_client)
+        {
+          api_data: if api_client.location_id
+                      api_client.get_location(api_client.location_id).data["account"]
+                    else
+                      api_client.get_account(resource.hr_id).data
+                    end.except("id")
+        }
+      end
+    end
+  end
+end

data/app/lib/hubrise_app/refresher/app_instance.rb

@@ -0,0 +1,24 @@
+module HubriseApp::Refresher
+  class AppInstance < Base
+    class << self
+      def run(resource, api_client, *refresher_args)
+        resource.update!(
+          access_token: api_client.access_token,
+          account: HubriseApp::Refresher::Account.from_api_client(
+            api_client, *refresher_args
+          ),
+          location: HubriseApp::Refresher::Location.from_api_client(
+            api_client, *refresher_args
+          ),
+          catalog: HubriseApp::Refresher::Catalog.from_api_client(
+            api_client, *refresher_args
+          ),
+          customer_list: HubriseApp::Refresher::CustomerList.from_api_client(
+            api_client, *refresher_args
+          )
+        )
+        resource
+      end
+    end
+  end
+end

data/app/lib/hubrise_app/refresher/base.rb

@@ -0,0 +1,45 @@
+class HubriseApp::Refresher::Base
+  REFRESH_THRESHOLD = 1.day
+
+  class << self
+    def from_api_client(api_client, *args)
+      hr_id = api_client.public_send(id_key)
+      if hr_id
+        run(
+          model_factory.find_or_initialize_by(hr_id: hr_id),
+          api_client,
+          *args
+        )
+      end
+    end
+
+    def run(resource, api_client, force: false)
+      return resource if !stale?(resource) && !force
+
+      resource.update!(
+        fetch_attributes(resource, api_client).merge(
+          refreshed_at: Time.now,
+        )
+      )
+      resource
+    end
+
+    protected
+
+    def fetch_attributes(_resource, _api_client)
+      {}
+    end
+
+    def stale?(resource)
+      resource.refreshed_at.nil? || Time.now - resource.refreshed_at > REFRESH_THRESHOLD
+    end
+
+    def model_factory
+      const_get("::" + self.name.demodulize)
+    end
+
+    def id_key
+      self.name.demodulize.underscore + "_id"
+    end
+  end
+end

data/app/lib/hubrise_app/refresher/catalog.rb

@@ -0,0 +1,13 @@
+module HubriseApp::Refresher
+  class Catalog < Base
+    class << self
+      def fetch_attributes(resource, api_client)
+        {
+          api_data: api_client.get_catalog(resource.hr_id, hide_data: true)
+                              .data
+                              .except("id")
+        }
+      end
+    end
+  end
+end

data/app/lib/hubrise_app/refresher/customer_list.rb

@@ -0,0 +1,13 @@
+module HubriseApp::Refresher
+  class CustomerList < Base
+    class << self
+      def fetch_attributes(resource, api_client)
+        {
+          api_data: api_client.get_customer_list(resource.hr_id)
+                              .data
+                              .except("id")
+        }
+      end
+    end
+  end
+end

data/app/lib/hubrise_app/refresher/location.rb

@@ -0,0 +1,13 @@
+module HubriseApp::Refresher
+  class Location < Base
+    class << self
+      def fetch_attributes(resource, api_client)
+        {
+          api_data: api_client.get_location(resource.hr_id)
+                              .data
+                              .except("id", "account")
+        }
+      end
+    end
+  end
+end