kaui 0.7.2 → 0.8.0

data/app/controllers/kaui/engine_controller.rb

@@ -1,18 +1,16 @@
 class Kaui::EngineController < ApplicationController
-  before_filter :authenticate_user!
+
+  include Kaui::EngineControllerUtil
+
+  before_filter :authenticate_user!, :check_for_redirect_to_tenant_screen
 
   layout :get_layout
 
   # Common options for the Kill Bill client
   def options_for_klient(options = {})
-    {
-        # TODO Kaui doesn't support multi-tenancy yet
-        :api_key    => KillBillClient.api_key,
-        :api_secret => KillBillClient.api_secret,
-        :username   => current_user.kb_username || KillBillClient.username,
-        :password   => current_user.password || KillBillClient.password,
-        :session_id => current_user.kb_session_id
-    }.merge(options)
+    user_tenant_options = Kaui.current_tenant_user_options(current_user, session)
+    user_tenant_options.merge(options)
+    user_tenant_options
   end
 
   # Used for auditing purposes
@@ -20,38 +18,37 @@ class Kaui::EngineController < ApplicationController
     super
   end
 
+
   def current_ability
     # Redefined here to namespace Ability in the correct module
     @current_ability ||= Kaui::Ability.new(current_user)
   end
 
-  protected
-
-  def as_string(e)
-    if e.is_a?(KillBillClient::API::ResponseError)
-      "Error #{e.response.code}: #{as_string_from_response(e.response.body)}"
-    else
-      e.message
+  def check_for_redirect_to_tenant_screen
+    if !Kaui.is_user_assigned_valid_tenant?(current_user, session)
+      flash[:error] = "No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
+      session[:kb_tenant_id] = nil
+      redirect_to Kaui.tenant_home_path.call and return
     end
   end
 
-  def as_string_from_response(response)
-    error_message = response
-    begin
-      # BillingExceptionJson?
-      error_message = JSON.parse response
-    rescue => e
-    end
 
-    if error_message.respond_to? :[] and error_message['message'].present?
-      # Likely BillingExceptionJson
-      error_message = error_message['message']
+  private
+
+  def current_tenant_user
+    user = current_user
+    kb_tenant_id = session[:kb_tenant_id]
+    user_tenant = Kaui::Tenant.find_by_kb_tenant_id(kb_tenant_id) if kb_tenant_id
+    result = {
+        :username => user.kb_username,
+        :password => user.password,
+        :session_id => user.kb_session_id,
+    }
+    if user_tenant
+      result[:api_key] = user_tenant.api_key
+      result[:api_secret] = user_tenant.api_secret
     end
-    # Limit the error size to avoid ActionDispatch::Cookies::CookieOverflow
-    error_message[0..1000]
+    result
   end
 
-  def get_layout
-    layout ||= Kaui.config[:layout]
-  end
 end

data/app/controllers/kaui/engine_controller_util.rb

@@ -0,0 +1,33 @@
+module Kaui::EngineControllerUtil
+
+  protected
+
+  def get_layout
+    layout ||= Kaui.config[:layout]
+  end
+
+  def as_string(e)
+    if e.is_a?(KillBillClient::API::ResponseError)
+      "Error #{e.response.code}: #{as_string_from_response(e.response.body)}"
+    else
+      e.message
+    end
+  end
+
+  def as_string_from_response(response)
+    error_message = response
+    begin
+      # BillingExceptionJson?
+      error_message = JSON.parse response
+    rescue => e
+    end
+
+    if error_message.respond_to? :[] and error_message['message'].present?
+      # Likely BillingExceptionJson
+      error_message = error_message['message']
+    end
+    # Limit the error size to avoid ActionDispatch::Cookies::CookieOverflow
+    error_message[0..1000]
+  end
+
+end

data/app/controllers/kaui/login_proxy_controller.rb

@@ -0,0 +1,11 @@
+module Kaui
+  class LoginProxyController < Kaui::EngineController
+
+    def check_login
+      #
+      # Redirect to where we come from after going through all the Kaui filters ensuring correct authentication and kb_tenant_id
+      #
+      redirect_to params['path']
+    end
+  end
+end

data/app/controllers/kaui/sessions_controller.rb

@@ -2,5 +2,17 @@ module Kaui
   # Subclassed to specify the correct layout
   class SessionsController < Devise::SessionsController
     layout Kaui.config[:layout]
+
+    skip_before_filter :check_for_redirect_to_tenant_screen
+
+    protected
+
+    # Override after_sign_in_path_for to not have to rely on the default 'root' config which we want to keep on home#index
+    def after_sign_in_path_for(resource)
+      # Clear the tenant_id from the cookie to not rely on old cookie data
+      session[:kb_tenant_id] = nil
+      Kaui.tenant_home_path.call
+    end
+
   end
 end

data/app/controllers/kaui/tenants_controller.rb

@@ -0,0 +1,60 @@
+module Kaui
+  class TenantsController < Kaui::EngineController
+
+    skip_before_filter :check_for_redirect_to_tenant_screen
+
+    def index
+      begin
+
+        # Retrieve current user and extract allowed list of tenants
+        user = current_user
+        allowed_user = Kaui::AllowedUser.find_by_kb_username(user.kb_username)
+        @tenants = (allowed_user.kaui_tenants if allowed_user) || []
+
+        #
+        # If there is nothing we check for override with KillBillClient.api_key/KillBillClient.api_secret
+        # If there is only one, we skip the tenant screen since the choice is obvious
+        # If not, we allow user to chose what he wants
+        #
+        case @tenants.size
+          when 0
+            # If KillBillClient.api_key and KillBillClient.api_secret are not set, the client library will throw
+            # an KillBillClient::API::Unauthorized exception which will end up in the rescue below
+            tenant = KillBillClient::Model::Tenant.find_by_api_key(KillBillClient.api_key, {
+                :session_id => user.kb_session_id
+            })
+            kb_tenant_id = tenant.tenant_id if tenant.present?
+            select_tenant_for_tenant_id(kb_tenant_id)
+          when 1
+            # If there is only one tenant defined we skip the screen and set the tenant for the user
+            select_tenant_for_tenant_id(@tenants[0].kb_tenant_id)
+          else
+            # Jump to default view allowing to chose which tenant to pick
+            respond_to do |format|
+              format.html # index.html.erb
+              format.json { render :json => @tenants }
+            end
+        end
+      rescue => e
+        flash[:error] = "Error while retrieving tenants: No tenants configured for users AND KillBillClient.api_key, KillBillClient.api_secret have not been set"
+        @tenants = []
+        # We then display the view with NO tenants and the flash error so user understands he does not have any configured tenants available
+      end
+
+    end
+
+    def select_tenant
+      kb_tenant_id = params[:kb_tenant_id]
+      select_tenant_for_tenant_id(kb_tenant_id)
+    end
+
+    private
+
+    def select_tenant_for_tenant_id(kb_tenant_id)
+      # Set kb_tenant_id in the session
+      session[:kb_tenant_id] = kb_tenant_id
+      redirect_to Kaui.home_path.call
+    end
+
+  end
+end

data/app/models/kaui/ability.rb

@@ -7,19 +7,36 @@ module Kaui
       user.permissions.each do |permission|
         # permission is something like invoice:item_adjust or payment:refund
         # We rely on a naming convention where the left part refers to a Kaui model
-        model, action = permission.split(':')
+        model, action = permission_to_model_action(permission)
         if model == '*' and action == '*'
           # All permissions!
           can :manage, :all
         elsif model == '*' and action != '*'
           # TODO
         elsif action == '*'
-          can :all, ('Kaui::' + model.capitalize).constantize rescue nil
+          # TODO Not sure the :all is really working (but we don't use it)
+          can :all, ('Kaui::' + model.camelize).constantize rescue nil
         else
-          can action.to_sym, ('Kaui::' + model.capitalize).constantize rescue nil
+          can action.to_sym, ('Kaui::' + model.camelize).constantize rescue nil
         end
       end
     rescue KillBillClient::API::Unauthorized => e
     end
+
+    def permission_to_model_action(permission)
+      #
+      # Permissions are defined in Kill Kill apis (https://github.com/killbill/killbill-api/blob/master/src/main/java/org/killbill/billing/security/Permission.java)
+      # and they look something like 'invoice:item_adjust' or 'payment:refund', where the first part is the Kill Bill module and the second the action.
+      #
+      # For most of those the Kill Bill module maps to the Kaui model, but for a few, the naming convention breaks, so in order to keep the API clean, we do the fix up
+      # in KAUI itself:
+      #
+      to_be_model, action = permission.split(':')
+      # Currently the only actions implemented for overdue and catalog (upload_config) are those implemented at the tenant level:
+      if to_be_model == 'tenant' || 'overdue' || 'catalog'
+        to_be_model = 'admin_tenant'
+      end
+      [to_be_model, action]
+    end
   end
 end

data/app/models/kaui/admin_tenant.rb

@@ -0,0 +1,10 @@
+class Kaui::AdminTenant < KillBillClient::Model::Tenant
+
+
+  class << self
+    def upload_catalog(catalog_xml, user = nil, reason = nil, comment = nil, options = {})
+      KillBillClient::Model::Catalog.upload_tenant_catalog(catalog_xml, user, reason, comment, options)
+    end
+  end
+
+end

data/app/models/kaui/allowed_user.rb

@@ -0,0 +1,8 @@
+module Kaui
+  class AllowedUser < ActiveRecord::Base
+    attr_accessible :kb_username, :description
+
+    has_many :kaui_allowed_user_tenants, :class_name => 'Kaui::AllowedUserTenant', :foreign_key => 'kaui_allowed_user_id'
+    has_many :kaui_tenants, :through => :kaui_allowed_user_tenants, :source => :kaui_tenant, :uniq => true
+  end
+end

data/app/models/kaui/allowed_user_tenant.rb

@@ -0,0 +1,6 @@
+module Kaui
+  class AllowedUserTenant < ActiveRecord::Base
+    belongs_to :kaui_allowed_user, :class_name => 'Kaui::AllowedUser', :foreign_key => 'kaui_allowed_user_id'
+    belongs_to :kaui_tenant, :class_name => 'Kaui::Tenant', :foreign_key => 'kaui_tenant_id'
+  end
+end

data/app/models/kaui/killbill_authenticatable.rb

@@ -5,10 +5,10 @@ module Devise
     module KillbillAuthenticatable
       extend ActiveSupport::Concern
 
-      def valid_killbill_password?(kb_username, kb_password, api_key, api_secret)
+      def valid_killbill_password?(kb_username, kb_password)
         # Simply try to look-up the permissions for that user - this will
         # Take care of the auth part
-        response = Kaui::User.find_permissions(kb_username, kb_password, api_key, api_secret)
+        response = Kaui::User.find_permissions(kb_username, kb_password)
         # Auth was successful, update the session id
         self.kb_session_id = response.session_id
         true
@@ -24,22 +24,9 @@ module Devise
 
         # Invoked by the KillbillAuthenticatable strategy to lookup the user
         # before attempting authentication
-        def find_for_killbill_authentication(kb_username, kb_password, api_key, api_secret)
-          kb_tenant_id = nil
-
-          # Only in the Multi-Tenancy usecase
-          if api_key.present?
-            tenant = KillBillClient::Model::Tenant.find_by_api_key api_key, {
-                                                                              :username => kb_username,
-                                                                              :password => kb_password,
-                                                                              :api_key => api_key,
-                                                                              :api_secret => api_secret
-                                                                            }
-            kb_tenant_id = tenant.tenant_id if tenant.present?
-          end
-
-          find_for_authentication(:kb_tenant_id => kb_tenant_id, :kb_username => kb_username) ||
-          new(:kb_tenant_id => kb_tenant_id, :kb_username => kb_username)
+        def find_for_killbill_authentication(kb_username)
+          find_for_authentication(:kb_username => kb_username) ||
+          new(:kb_username => kb_username)
         rescue KillBillClient::API::Unauthorized => e
           # Multi-Tenancy was enabled, but the tenant_id couldn't be retrieved because of bad credentials
           nil

data/app/models/kaui/tenant.rb

@@ -0,0 +1,13 @@
+require 'symmetric-encryption'
+
+module Kaui
+  class Tenant < ActiveRecord::Base
+
+    attr_accessible :name, :api_key, :api_secret, :kb_tenant_id
+    attr_encrypted :api_secret
+
+    has_many :kaui_allowed_user_tenants, :class_name => 'Kaui::AllowedUserTenant', :foreign_key => 'kaui_tenant_id'
+    has_many :kaui_allowed_users, :through => :kaui_allowed_user_tenants, :source => :kaui_allowed_user
+
+  end
+end

data/app/models/kaui/user.rb

@@ -7,33 +7,31 @@ module Kaui
     # Managed by Devise
     attr_accessor :password
 
-    attr_accessible :kb_tenant_id, :kb_username, :kb_session_id, :password
+    attr_accessible :kb_username, :kb_session_id, :password
 
     # Called by Devise to perform authentication
     # Throws KillBillClient::API::Unauthorized on failure
-    def self.find_permissions(kb_username, kb_password, api_key=KillBillClient.api_key, api_secret=KillBillClient.api_secret)
+    def self.find_permissions(kb_username, kb_password)
       do_find_permissions :username => kb_username,
-                          :password => kb_password,
-                          :api_key => api_key,
-                          :api_secret => api_secret
+                          :password => kb_password
     end
 
     # Called by CanCan to perform authorization
     # Throws KillBillClient::API::Unauthorized on failure
-    def permissions(api_key=KillBillClient.api_key, api_secret=KillBillClient.api_secret)
-      User.do_find_permissions :session_id => kb_session_id,
-                               :api_key => api_key,
-                               :api_secret => api_secret
+    def permissions()
+      User.do_find_permissions :session_id => kb_session_id
     end
 
     # Verify the Kill Bill session hasn't timed-out
-    def authenticated_with_killbill?(api_key=KillBillClient.api_key, api_secret=KillBillClient.api_secret)
-      subject = KillBillClient::Model::Security.find_subject :session_id => kb_session_id,
-                                                             :api_key => api_key,
-                                                             :api_secret => api_secret
-      subject.is_authenticated
-    rescue KillBillClient::API::Unauthorized => e
-      false
+    def authenticated_with_killbill?()
+
+      begin
+        subject = KillBillClient::Model::Security.find_subject :session_id => kb_session_id
+        result = subject.is_authenticated
+        return result
+      rescue KillBillClient::API::Unauthorized => e
+        false
+      end
     end
 
     private

data/app/views/kaui/admin_allowed_users/index.html.erb

@@ -0,0 +1,23 @@
+<% if can? :view, Kaui::AdminTenant %>
+    <% unless @allowed_users.empty? %>
+    <table id="allowed-users-table" class="table table-condensed">
+      <thead>
+      <tr>
+        <th>Name</th>
+        <th>Description</th>
+      </tr>
+      </thead>
+      <tbody>
+      <% @allowed_users.each do |u | %>
+          <tr>
+            <td><%= link_to u.kb_username, admin_allowed_user_path(u.id) %></td>
+            <td><%= u.description %></td>
+          </tr>
+      <% end %>
+      </tbody>
+    </table>
+    <% end %>
+<% end %>
+<% if can? :create, Kaui::AdminTenant %>
+<h3><%= link_to 'Add a new Allowed User', new_admin_allowed_user_path %></h3>
+<% end %>

data/app/views/kaui/admin_allowed_users/new.html.erb

@@ -0,0 +1,22 @@
+<% if can? :create, Kaui::AdminTenant %>
+    <%= form_for @allowed_user, url: admin_allowed_users_path, :html => {:class => 'form-horizontal'} do |f| %>
+        <fieldset>
+          <div class="control-group">
+            <%= f.label :kb_username, 'Name', :class => 'control-label' %>
+            <div class="controls">
+              <%= f.text_field :kb_username, :class => 'input-small', :required => true %>
+            </div>
+          </div>
+          <div class="control-group">
+            <%= f.label :description, 'Description', :class => 'control-label' %>
+            <div class="controls">
+              <%= f.text_field :description, :class => 'input-small', :required => false %>
+            </div>
+          </div>
+          <div class="form-actions">
+            <%= button_tag 'Configure a new Allowed User', :class => 'btn btn-primary' %>
+          </div>
+        </fieldset>
+    <% end %>
+<% end %>
+

data/app/views/kaui/admin_allowed_users/show.html.erb

@@ -0,0 +1,53 @@
+<% if can? :view, Kaui::AdminTenant %>
+    <dl class="dl-horizontal">
+      <dt>Name:</dt>
+      <dd><%= @allowed_user.kb_username %>&nbsp;</dd>
+      <dt>Tenant ID:</dt>
+      <dd><%= @allowed_user.description %>&nbsp;</dd>
+    </dl>
+
+    <% unless @allowed_user.kaui_tenants.empty? %>
+        <h3>Configured tenants:</h3>
+        <table id="allowed-user-tenants-table" class="table table-condensed">
+          <thead>
+          <tr>
+            <th>Name</th>
+            <th>Tenant Id</th>
+            <th>Api Key</th>
+          </tr>
+          </thead>
+          <tbody>
+          <% @allowed_user.kaui_tenants.each do |t| %>
+              <tr>
+                <td><%= link_to t.name, admin_tenant_path(t.id) %></td>
+                <td><%= t.kb_tenant_id %></td>
+                <td><%= t.api_key %></td>
+              </tr>
+          <% end %>
+          </tbody>
+        </table>
+    <% end %>
+<% end %>
+
+<% if can? :create, Kaui::AdminTenant %>
+    <%= form_for(@allowed_user, :url => {:action => :add_tenant}, :html => {:method => :post, :class => "form-horizontal"}) do |f| %>
+
+        <fieldset>
+          <%= f.hidden_field(:id) %>
+          <div class="control-group">
+            <%= label_tag :tenant_name, "Available Tenants:", :class => "control-label" %>
+            <div class="controls">
+              <%= select_tag :tenant_id, options_for_select(@tenants.map { |t| [t.name, t.id] }) %>
+            </div>
+          </div>
+          <div class="form-actions">
+            <%= f.submit 'Chose Tenant', :class => 'btn btn-primary' %>
+            <%= link_to 'Back', :back, :class => 'btn' %>
+          </div>
+        </fieldset>
+    <% end %>
+<% end %>
+
+<div class="form-actions">
+  <%= link_to 'Back', :back, :class => 'btn' %>
+</div>