lesli 5.0.0

data/app/models/concerns/user_guard.rb

@@ -0,0 +1,278 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails Development Platform.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+
+=end
+
+
+# User extension methods
+# Custom methods that belongs to a instance user
+module UserGuard
+    extend ActiveSupport::Concern
+
+
+    def max_object_level_permission
+
+        # get the max object level permission from roles assigned to the user
+        level = self.roles.map(&:object_level_permission).max()
+
+        # if user has no roles assigned, we return the lowest role available 
+        # NOTE: This should not be possible due the user needs a role to login
+        unless level 
+            return (self.account.roles.map(&:object_level_permission).min() + 1)
+        end
+
+        # return the level found
+        level
+    end
+
+    # @return [void]
+    # @description After creating a user, creates the necessary resources for them to access the different engines.
+    # @param *roles [String] One or more roles to be checked
+    # check role of the user
+    def has_roles? *roles
+        !roles.intersection(self.roles.map{ |r| r[:name] }).empty?
+    end
+
+
+    # @return [Boolean]
+    # @description Return true/false if a user has all the privileges to do an action based on a controllers list,
+    #     this validation includes the privileges that the user could have based on its roles and the privileges
+    #     that has been added to the specific user.
+    # @examples
+    #     validate privileges on a controller with the same actions on each one
+    #     controllers = ["cloud_house/companies", "cloud_house/projects"]
+    #     actions = ["index", "update"]
+    #
+    #     current_user.has_privileges?(controllers, actions)
+    def has_privileges?(controller, action)
+        begin
+            !self.privileges
+            .where("role_privileges.controller = ?", controller)
+            .where("role_privileges.action = ?", action)
+            .first.blank?
+        rescue => exception
+            #Honeybadger.notify(exception)
+            return false
+        end
+    end
+
+
+    # @return [Hash]
+    # @description Return a hash that contains all the abilities grouped by controller and define every action privilege. It also
+    #     evaluate if the user has the ability no matter if is given to the user by role or by itself.
+    # @examples
+    #     current_user.abilities_by_controller
+    def abilities_by_controller
+
+        # Abilities hash where we will save all the privileges the user has to
+        abilities = {}
+
+        # We check all the privileges the user has in the cache table according to his roles
+        # and create a key per controller (with the full controller name) that contains an array of all the 
+        # methods/actions with permission
+        # self.privileges.all.each do |privilege|
+        #     abilities[privilege.controller] = [] if abilities[privilege.controller].nil?
+        #     abilities[privilege.controller] << privilege.action
+        # end
+
+        abilities
+
+    end
+
+
+    # @return Boolean
+    # @description Check if user has enough privilege to work with the given role
+    def can_work_with_role?(role)
+
+        # get the role if only id is given
+        role = self.account.roles.find_by(:id => role) unless role.class.name == "Role"
+
+        # false if role not found
+        return false if role.blank?
+
+        # not valid role without object levelpermission defined
+        return false if role.object_level_permission.blank?
+
+        # owner role can work with all the roles
+        return true if !self.roles.find_by(name: 'owner').blank?
+
+        # get the max object level permission from the roles the user has assigned
+        user_role_level_max = self.roles.map(&:object_level_permission).max()
+
+        # check if user can work with the object level permission of the role is trying to modify
+        # Note: user only can assigned an object level permission below the max of his own roles
+        # Current user cannot assign role if
+        #       role to assign has greater object level permission than the greater role assigned to the current user
+        #       role to assign is the same of the greater role assigned to the current user
+        #       current user is not sysadmin or owner
+        return false if role.object_level_permission >= user_role_level_max
+
+        # user can work with this role :)
+        return true
+
+    end
+
+
+    # @return [nil,string]
+    # @description Checks configuration of all the roles assigned to the user
+    # if user has a role with "default path" to use as home to redirect after login
+    # IMPORTANT: This home path is used only the send the user after login, the user
+    #            and the role are not limited by this configuration
+    def has_role_with_default_path?()
+
+        # get the roles that contains a path
+        role = self.roles.where.not(path_default: [nil, ""])
+
+        # here we must order the results descendant because we must
+        # keep the path of the hightest object level permission role.
+        # Example: we should use the path of the admin role if user has
+        # admin & employee roles, also order by default_path, so we get first 
+        # the roles with path in case the user has roles with the same object level permission
+        role = role.order(object_level_permission: :desc).order(:path_default)
+
+        # get the first role found, due previously we sort in a descendant order
+        # the first role is going to be the one with highest object level permission
+        # this is going to return nil if no role was found
+        default_path = role.first&.path_default  || "/"
+
+        # if first loggin for account owner send him to the onboarding page
+        if self.account.onboarding? && self.has_roles?("owner")
+            default_path = "/onboarding"
+        end
+
+        default_path
+
+    end
+
+
+    # @return [nil,string]
+    # @description Checks configuration of all the roles assigned to the user
+    # if user has a role limited to a defined path
+    # if user has a high privilege role that overrides any other role configuration
+    def has_role_limited_to_path?()
+
+        # get the roles ordering in descendant mode because we must
+        # keep the path of the hightest object level permission role.
+        # Example: we should use the path of the admin role if user has
+        # admin & employee roles, also order by default_path, so we get first 
+        # the roles with path in case the user has roles with the same object level permission
+        role = self.roles.order(object_level_permission: :desc).order(:path_default)
+
+        # get the first role found, due previously we sort in a descendant order
+        # the first role is going to be the one with highest object level permission
+        # this is going to return nil if no role was found
+        role = role.first
+
+        # return the path of the role if is limited to a that specific path
+        return role.path_default_ if role.path_limited == true 
+
+        # return nil if role has no limits
+        return nil
+    end
+
+
+    # @return [void]
+    # @description Sets this user as inactive and removes complete access to the platform from them
+    # @example
+    #     old_user = User.last
+    #     old_user.revoke_access
+    def revoke_access
+        self.update(active: false)
+    end
+
+
+    # @return [void]
+    # @description Change user password forcing user to reset the password
+    def set_password_as_expired
+        self.update(password_expiration_at: Time.current)
+    end
+
+
+    # @return [void]
+    # @description Change user password forcing user to reset the password
+    # @todo validate object level permission
+    def password_reset
+        pass = SecureRandom.hex(10)
+        self.update(password: pass)
+        pass
+    end
+
+
+    # @return [void]
+    # @description After creating a user, creates the necessary resources for them to access the different engines.
+    def has_expired_password?
+        return false if self.password_expiration_at.blank?
+        return Time.current > self.password_expiration_at
+    end
+
+
+    # @return String
+    # @description Change user password forcing user to reset the password
+    def generate_password_reset_token
+        raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+
+        self.reset_password_token   = enc
+        self.reset_password_sent_at = Time.now.utc
+        save(validate: false)
+        raw
+    end
+
+
+    # @return [Boolean]
+    # @description check if user has a confirmed telephone number
+    def telephone_confirmed?
+        !!self.telephone_confirmed_at
+    end
+
+
+    # @return String
+    # @description Generate a token to validate telephone number
+    def generate_telephone_token(length=4)
+
+        raw, enc = Devise.token_generator.create(self.class, :telephone_confirmation_token, type:'number', length:length)
+
+        self.telephone_confirmation_token   = enc
+        self.telephone_confirmation_sent_at = Time.now.utc
+        self.telephone_confirmed_at = nil
+        save(validate: false)
+        raw
+    end
+
+
+    # @return String
+    # @description Mark telephone number as valid and confirmed
+    def confirm_telephone_number
+        self.telephone_confirmation_token   = nil
+        self.telephone_confirmation_sent_at = nil
+        self.telephone_confirmed_at = Time.now.utc
+        save(validate: false)
+    end
+end

data/app/models/concerns/user_polyfill.rb

@@ -0,0 +1,134 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Your Smart Business Assistant. 
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// ·
+
+=end
+
+
+# DEPRECATED METHODS
+# We still need to keep the definition of this methods to bring compatibility to old installations of Lesli
+module UserPolyfill
+    extend ActiveSupport::Concern
+
+    def has_privileges3?(controllers, actions)
+
+        begin
+
+            # This query fetch all the privileges actions that the user have through role descriptor assignments
+            sql_role_privile_actions = self.role_privilege_actions
+            .select(
+                "status",
+                "system_controller_actions.name as action",
+                "system_controllers.name as controller"
+            )
+            .joins(system_action: [:system_controller])
+            .where("system_controllers.name in (?)", controllers)
+            .where("system_controller_actions.name in (?)", actions)
+            .to_sql
+
+
+            # This query fetch all the privileges actions that the user have through privileges actions added to the specific user
+            sql_user_privilege_actions = self.user_privilege_actions
+            .select(
+                "status",
+                "system_controller_actions.name as action",
+                "system_controllers.name as controller"
+            )
+            .joins(system_action: [:system_controller])
+            .where("system_controllers.name in (?)", controllers)
+            .where("system_controller_actions.name in (?)", actions)
+            .to_sql
+
+
+            # This query is on charge of evaluate if the user have every specific privilege action
+            # no matter if is given indirectly by role or directly to the user. Then, after getting each
+            # specific boolean value of every privilege action, the query evalueate if is there some privilege
+            # action on false, if there is a false then the return of the method will be false, but if every
+            # privilege action is on true the permission is granted.
+            # This is possible by the union of the two previous queries
+            granted = ActiveRecord::Base.connection.exec_query("
+                select
+                    bool_and(grouped_privileges.status) as value
+                from (
+                    select
+                        privilege_actions.controller,
+                        privilege_actions.action,
+                        BOOL_OR(privilege_actions.status) as status
+                    from (
+                        #{sql_role_privile_actions}
+                        union
+                        #{sql_user_privilege_actions}
+                    ) AS privilege_actions
+                    group by (
+                        controller,
+                        action
+                    )
+                ) AS grouped_privileges
+            ")
+            .first["value"]
+
+            return false if granted.blank?
+
+            return granted
+
+        rescue => exception
+
+            Honeybadger.notify(exception)
+            return false
+
+        end
+
+    end
+
+
+    # @return [void]
+    # @description After creating a user, creates the necessary resources for them to access the different engines.
+    # check role of the user
+    def is_role? *roles
+        LC::Debug.deprecation("Use has_roles?(role1, role2 ... rolen) instead")
+        return has_roles?(roles)
+    end
+
+    def log_activity request_method, request_controller, request_action, request_url, description = nil
+        LC::Debug.deprecation("Use user.activities, user.logs or log_user_comments instead")
+    end
+
+    def generate_password_token
+        LC::Debug.deprecation("use generate_reset_password_token instead and build the email manually")
+    end
+
+    def self.send_password_reset(user)
+        LC::Debug.deprecation("use generate_reset_password_token instead and build the email manually")
+    end
+
+    def send_welcome_email
+        LC::Debug.deprecation("use generate_reset_password_token instead and build the email manually")
+    end
+end

data/app/models/lesli/account/log.rb

@@ -0,0 +1,57 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS development platform.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class Account::Log < ApplicationRecord
+        belongs_to :account
+
+        def self.log(system_module_action, system_process, title=nil, description=nil, payload=nil)
+            Account.first.activities.create(
+                system_module: system_module_action,
+                system_process: system_process,
+                description: description,
+                title: title,
+                payload: payload
+            )
+        end
+        
+        def self.log_email(system_module_action, title="email_sent", description="email", payload=nil)
+            Account&.first&.logs&.create(
+                system_module: system_module_action,
+                system_process: "mailer",
+                description: description,
+                payload: payload,
+                title: title
+            )
+        end
+    end
+end

data/app/models/lesli/account.rb

@@ -0,0 +1,76 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.dev
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class Account < ApplicationLesliRecord
+
+
+        # accounts always belongs to a user
+        belongs_to :user, optional: true
+
+
+        # account resources
+        has_many :users
+        has_many :roles
+        has_many :files
+        has_many :cronos
+        has_many :settings
+        has_many :locations
+        has_many :feedbacks
+        has_many :descriptors
+        has_many :activities, class_name: "Account::Activity"
+        has_many :currencies, class_name: "Account::Currency"
+        has_many :logs
+
+
+
+        # account statuses
+        enum status: [
+            :registered,
+            :onboarding,
+            :active,
+            :suspended
+        ]
+
+
+        # company region (GDPR)
+        enum region: {
+            latin_america: "latin_america",
+            united_states: "united_states",
+            european_union: "european_union"
+        }
+
+
+        # required a name for the lesli account
+        validates :company_name, :presence => true
+    end
+end

data/app/models/lesli/application_lesli_record.rb

@@ -0,0 +1,37 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Your Smart Business Assistant. 
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// ·
+=end
+
+module Lesli 
+    class ApplicationLesliRecord < ApplicationRecord
+        self.abstract_class = true
+    end
+end

data/app/models/lesli/profile.rb

@@ -0,0 +1,4 @@
+module Lesli
+  class Profile < ApplicationRecord
+  end
+end

data/app/models/lesli/system_controller/action.rb

@@ -0,0 +1,37 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class SystemController::Action < ApplicationLesliRecord
+        belongs_to :system_controller
+    end
+end

data/app/models/lesli/system_controller.rb

@@ -0,0 +1,37 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class SystemController < ApplicationLesliRecord
+        has_many :actions
+    end
+end