lesli 5.0.13 → 5.0.14

data/app/models/lesli/user.rb

@@ -2,7 +2,7 @@
 
 Lesli
 
-Copyright (c) 2023, Lesli Technologies, S. A.
+Copyright (c) 2025, Lesli Technologies, S. A.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -19,7 +19,7 @@ along with this program. If not, see http://www.gnu.org/licenses/.
 
 Lesli · Ruby on Rails SaaS Development Framework.
 
-Made with ♥ by https://www.lesli.tech
+Made with ♥ by LesliTech
 Building a better future, one line of code at a time.
 
 @contact  hello@lesli.tech
@@ -36,59 +36,55 @@ module Lesli
         include UserExtensions
         #include UserActivities
 
-        # users belongs to an account only... and must have a role
+        validates(:email, 
+            format: { with: URI::MailTo::EMAIL_REGEXP },
+            presence: true, 
+            uniqueness: true
+        );
+
+        # devise implementation
+        devise( 
+            :database_authenticatable,
+            :registerable,
+            :rememberable,
+            :recoverable,
+            :validatable,
+            :confirmable,
+            :trackable
+        );
+        #:omniauthable, omniauth_providers: [:google_oauth2, :facebook]
+
+
+        # users belongs to an account only... 
         belongs_to :account, optional: true
 
+
         # user details are saved on separate table
         has_one :detail, inverse_of: :user, autosave: true, dependent: :destroy
         accepts_nested_attributes_for :detail, update_only: true
 
+
         # users data extensions
-        has_many :logs
-        has_many :codes
-        has_many :agents
         has_many :tokens
         has_many :settings
         has_many :sessions
-        has_many :requests
-        has_many :shortcuts
-        has_many :notifications, class_name: "LesliBell::Notification"
-        has_many :activities,   class_name: "User::Activity"
+        has_many :activities #, class_name: "Lesli::Item::Activity"
 
-        # users can have many roles and too many privileges through the roles
-        # every role adds a power to the user, power is just a role id
-        has_many :powers
-        has_many :roles, through: :powers, source: :role, class_name: "Lesli::Role"
-        has_many :privileges, through: :roles, class_name: "Lesli::Role::Privilege"
+        
 
+        has_many :shortcuts, class_name: "LesliShield::User::Shortcuts"
 
-        # devise implementation
-        #if !defined?(LesliSecurity)
-            devise( 
-                :database_authenticatable,
-                :registerable,
-                :rememberable,
-                :recoverable,
-                :validatable,
-                :confirmable,
-                :trackable);
-                #:omniauthable, omniauth_providers: [:google_oauth2, :facebook]
-        #end
-
-
-        # users belongs to an account only... and must have a role
-        belongs_to :account, optional: true
 
-        # users belongs to an account only... and must have a role
-        belongs_to :account, optional: true
-
-        validates :email, :presence => true
+        # users can have many roles and too many privileges through the roles
+        # lesliroles is a shortcut to Lesli::Roles
+        has_many :roles 
+        has_many :lesliroles, through: :roles, source: :role, class_name: "Lesli::Role"
+        has_many :privileges, through: :lesliroles, class_name: "Lesli::Role::Privilege"
 
 
         # callbacks
         before_create :before_create_user
-        after_create :after_confirmation_user, if: :confirmed?
-        #after_create :after_account_assignation
+        after_create :after_create_user
         #after_update :update_associated_services
 
 
@@ -102,7 +98,14 @@ module Lesli
         # @return [void]
         # @description Before creating a user we make sure there is no capitalized email
         def before_create_user
-            self.email = (self.email||"").downcase
+            self.email = self.email.downcase
+        end
+
+
+        def after_create_user
+            self.activities.create(title: "create_user", description:"User created")
+            after_confirmation_user
+            after_account_assignation
         end
 
 
@@ -110,23 +113,24 @@ module Lesli
         def after_confirmation_user
             return unless self.confirmed?
 
-            # create an alias based on user name
-            # defined in user extensions
-            self.set_alias
+            self.activities.create(title: "create_user", description:"User confirmed")
 
-            # create user details
-            User::Detail.find_or_create_by({ user: self })
+            # create an alias based on user name defined in user extensions
+            self.set_alias
 
             # Minimum security settings required
-            self.settings.create_with(:value => false).find_or_create_by(:name => "mfa_enabled")
-            self.settings.create_with(:value => :email).find_or_create_by(:name => "mfa_method")
+            #self.settings.create_with(:value => false).find_or_create_by(:name => "mfa_enabled")
+            #self.settings.create_with(:value => :email).find_or_create_by(:name => "mfa_method")
         end
 
         def after_account_assignation
             return unless self.account
 
             #Courier::One::Firebase::User.sync_user(self)
-            #Courier::Driver::Calendar.create_user_calendar(self, name: "Personal Calendar", default: true)
+            # Lesli::Courier.new(:lesli_calendar).from(:calendar_service, self).create({
+            #     name: "Personal Calendar", 
+            #     default: true
+            # })
         end
 
 

data/app/operators/lesli/controller_operator.rb

@@ -104,6 +104,8 @@ module Lesli
                 next if route[:controller].include? "rails"
                 next if route[:controller].include? "action_mailbox"
                 next if route[:controller].include? "active_storage"
+                next if route[:controller].include? "view_components"
+                next if route[:controller].include? "turbo/native/navigation"
 
                 if DEVISE_CONTROLLERS.include?(route[:controller])
                     list = "lesli"
@@ -118,7 +120,7 @@ module Lesli
             end
 
             # Get the list of controllers and actions from engines
-            Lesli::System.engines.each do |engine, engine_info|
+            LesliSystem.engines.each do |engine, engine_info|
 
                 # Do not process main Rails app
                 next if engine == "Root"

data/app/operators/lesli/{role_descriptor_operator.rb → role_operator.rb}

@@ -31,12 +31,45 @@ Building a better future, one line of code at a time.
 =end
 
 module Lesli
-    class RoleDescriptorOperator < Lesli::ApplicationLesliService
+    class RoleOperator < Lesli::ApplicationLesliService
 
-        @roles;
+        @role = nil
 
-        def initialize *roles
-            @roles = roles
+        def initialize role
+            @role = role
+        end
+
+        def add_profile_privileges
+
+            # Adding default system actions for profile descriptor
+            [
+                { controller: "lesli_admin/profiles", actions: ["show"] },      # enable profile view
+                { controller: "lesli/users", actions: ["options", "update"] },  # enable user edition
+                { controller: "lesli/abouts", actions: ["show"] },              # system status
+                { controller: "lesli/user/sessions", actions: ["index"] }       # session management
+            ].each do |controller_action|
+
+                controller_action[:actions].each do |action_name|
+
+                    system_controller_action = SystemController::Action.joins(:system_controller)
+                    .where("lesli_system_controllers.route = ?", controller_action[:controller])
+                    .where("lesli_system_controller_actions.name = ?", action_name)
+
+                    @role.actions.find_or_create_by(
+                        action: system_controller_action.first
+                    )
+                end
+            end
+        end
+
+        def add_owner_actions
+
+            # Adding default system actions for profile descriptor
+            actions = SystemController::Action.all 
+
+            actions.each do |action|
+                @role.actions.find_or_create_by(action: action)
+            end
         end
 
         # Syncronize the descriptor privileges with the role privilege cache table 
@@ -54,50 +87,39 @@ module Lesli
             #   - the power has active that group of actions, this means that, if the power has
             #     not marked as active the pshow, pindex, etc column the power is not active
             #     even if it is assigned and active to a descriptor
-            records = Descriptor.joins(%(
-                INNER JOIN lesli_descriptor_privileges
-                ON lesli_descriptor_privileges.descriptor_id = lesli_descriptors.id
+            records = Lesli::Role.joins(%(
+                INNER JOIN "lesli_role_actions" 
+                ON "lesli_role_actions"."role_id" = "lesli_roles"."id"
             )).joins(%(
                 INNER JOIN lesli_system_controller_actions 
-                ON lesli_system_controller_actions.id = lesli_descriptor_privileges.action_id
+                ON lesli_system_controller_actions.id = lesli_role_actions.action_id
             )).joins(%(
                 INNER JOIN lesli_system_controllers 
                 ON lesli_system_controllers.id = lesli_system_controller_actions.system_controller_id
-            )).joins(%(
-                INNER JOIN lesli_role_powers 
-                ON lesli_role_powers.descriptor_id = lesli_descriptors.id
             )).select(%(
+                lesli_role_actions.role_id as role_id,
                 lesli_system_controllers.route as controller, 
                 lesli_system_controller_actions.name as action,
-                case 
-                when lesli_role_powers.deleted_at is not null then false
-                when NULLIF(lesli_system_controller_actions.name = 'list' and lesli_role_powers.plist = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'index' and lesli_role_powers.pindex = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'show' and lesli_role_powers.pshow = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'new' and lesli_role_powers.pcreate = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'create' and lesli_role_powers.pcreate = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'edit' and lesli_role_powers.pupdate = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'update' and lesli_role_powers.pupdate = true, false) then true
-                when NULLIF(lesli_system_controller_actions.name = 'destroy' and lesli_role_powers.pdestroy = true, false) then true
-                else false 
-                end as active,
-                lesli_role_powers.role_id as role_id
+                true as active
             )).with_deleted
 
 
             # get privileges only for the given role, this is needed to sync only modified roles
-            records = records.where("lesli_role_powers.role_id" => @roles)
+            records = records.where("lesli_role_actions.role_id" => @role)
+
 
             # we use the deleted_at column to know if a privilege is enable or disable, NULL values
             # at the deleted_at column means privilege is active, so if we sort by deleted_at column
             # all the active privileges will be at the top, then the uniq method is going to take
             # always the active values, to completely disable a privilege for a specific controller/action
-            # we have to disable in all the descriptors
-            records = records.order("lesli_role_powers.deleted_at DESC")
-            
+            # we have to disable in all the roles
+            records = records.order("lesli_role_actions.deleted_at DESC")
+
+
             # convert the results to json so it is easy to insert/update
             records = records.as_json(only: [:controller, :action, :role_id, :active])
 
+            
             # IMPORTANT: We must save only uniq privileges in the role_privilege table
             # this means that it does not matters how many times we defined a privilege dependency
             # we insert the privilege only once.
@@ -112,6 +134,7 @@ module Lesli
                 [privilege["controller"], privilege["action"], privilege["role_id"]]
             end
 
+
             # small check to ensure I have records to update/insert
             return if records.blank?
 

data/app/operators/lesli/user_registration_operator.rb

@@ -80,6 +80,7 @@ module Lesli
                 account = Account.create!({
                     user: resource,     # set user as owner of his just created account
                     name: "Lesli",      # temporary company name
+                    email: resource.email,
                     status: :active     # account is active due user already confirmed his email
                 })
             end
@@ -94,14 +95,14 @@ module Lesli
 
             # add owner role to user only if multi-account is allowed
             if allow_multiaccount == true
-                resource.powers.create({ role: account.roles.find_by(name: "owner") })
+                #resource.powers.create({ role: account.roles.find_by(name: "owner") })
             end
 
             # add profile role to user only if multi-account is allowed
             if allow_multiaccount == false
                 # Assigning default role if defined in account settings
                 # Otherwise, the default role is "limited"
-                default_role_id = account.settings.find_by(:name => "default_role_id")&.value
+                #default_role_id = account.settings.find_by(:name => "default_role_id")&.value
                     
                 if default_role_id.present?
                     resource.user_roles.create({ role: account.roles.find_by(:id => default_role_id)})

data/app/services/lesli/application_lesli_service.rb

@@ -46,7 +46,7 @@ module Lesli
         # Service constructor
         # current_user is always required to initialize a service object
         # current user is used to get the data only from the account context
-        def initialize current_user, query={}
+        def initialize current_user=nil, query={}
 
             # make the current user globaly available in the service object
             @current_user = current_user
@@ -89,7 +89,7 @@ module Lesli
 
 
         # Standard method to create new resource into the database
-        def create resource
+        def create params
             # Example:
             # user = current_user.account.users.new(params)
 
@@ -98,8 +98,7 @@ module Lesli
             # else
             #     self.error(user.errors.full_messages.to_sentence)
             # end
-
-            self.resource = resource if resource
+            self.resource = params
             self
         end
 
@@ -152,6 +151,11 @@ module Lesli
 
         private
 
+        def response resource = nil
+            self.resource = resource
+            self
+        end
+
         attr_reader :current_user
 
         attr_reader :resource

data/app/services/lesli/role/action_service.rb

@@ -0,0 +1,58 @@
+module Lesli
+    class Role::ActionService < Lesli::ApplicationLesliService 
+
+            def index params
+
+                role_actions = {}
+
+                Lesli::Role::Action.joins(system_controller_action: :system_controller)
+                .select(
+                    :id,
+                    :role_id,
+                    :action_id,
+                    :deleted_at,
+                    "lesli_system_controllers.id as controller_id",
+                    "lesli_system_controllers.name as controller_name",
+                    "lesli_system_controller_actions.name as controller_action_name",
+                    "case when lesli_role_actions.deleted_at is null then TRUE else FALSE end active"
+                ).each do |action|
+                    unless role_actions.has_key?(action[:controller_name])
+                        role_actions[action[:controller_name]] = {
+                            list:nil,
+                            index: nil,
+                            show:nil,
+                            create:nil,
+                            update:nil,
+                            destroy:nil
+                        }
+                    end
+
+                    if  action[:controller_action_name] == "list"
+                        role_actions[action[:controller_name]][:list] = action
+                    end
+
+                    if  action[:controller_action_name] == "index"
+                        role_actions[action[:controller_name]][:index] = action
+                    end
+
+                    if  action[:controller_action_name] == "show"
+                        role_actions[action[:controller_name]][:show] = action
+                    end
+
+                    if  action[:controller_action_name] == "create"
+                        role_actions[action[:controller_name]][:create] = action
+                    end
+
+                    if  action[:controller_action_name] == "update"
+                        role_actions[action[:controller_name]][:update] = action
+                    end
+
+                    if  action[:controller_action_name] == "destroy"
+                        role_actions[action[:controller_name]][:destroy] = action
+                    end
+                end
+
+                role_actions
+            end
+        end
+end

data/app/services/lesli/role_service.rb

@@ -0,0 +1,232 @@
+=begin
+
+Lesli
+
+Copyright (c) 2025, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by LesliTech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class RoleService < Lesli::ApplicationLesliService
+
+        def find id 
+            self.resource = current_user.account.roles.find_by_id(id)
+            self
+        end 
+
+        # Return a list of roles that the user is able to work with
+        # according to object level permission
+        def list(params)
+            current_user.account.roles
+            .where("permission_level <= ?", current_user.max_object_level_permission)
+            .order(permission_level: :desc, name: :asc)
+            .select(:id, :name, :permission_level)
+        end
+
+
+        # @return [Array] Paginated index of users.
+        # @description Return a paginated array of users, used mostly in frontend views
+        def index 
+
+            current_user.account.roles.where.not(
+                :name => ["owner"]
+            ).joins("
+                left join (
+                    select
+                        count(1) users,
+                        role_id
+                    from lesli_user_roles
+                    inner join lesli_users as u
+                        on u.id = lesli_user_roles.user_id
+                        and u.deleted_at is null
+                    where lesli_user_roles.deleted_at is null
+                    group by (role_id)
+                ) users on users.role_id = lesli_roles.id
+            ").joins(%(
+                left join (
+                    select
+                        count(1) actions,
+                        role_id
+                    from lesli_role_actions
+                    group by role_id
+                ) actions on actions.role_id = lesli_roles.id
+            )).where("lesli_roles.permission_level <= ?", current_user.max_object_level_permission)
+            .select(
+                :id, 
+                :name, 
+                :active, 
+                :isolated, 
+                :description,
+                :path_default, 
+                :object_level_permission, 
+                "users.users",
+                "actions.actions"
+            )
+            .page(query[:pagination][:page])
+            .per(query[:pagination][:perPage])
+            .order(object_level_permission: :desc, name: :asc)
+        end
+
+        # @overwrite
+        # @return {Object}
+        # @description Retrives the role
+        def show
+            self.resource
+        end
+
+        # @overwrite
+        # @return {Object}
+        # @param {params} Hash of the permitted attributes for a role
+        # @description Creates a new role
+        def create params
+
+            role = current_user.account.roles.new(params)
+
+            unless current_user.can_work_with_role?(role)
+                self.error(I18n.t("core.roles.messages_danger_creating_role_object_level_permission_too_high"))
+            end
+
+            # check if user can work with that object level permission
+            if role.object_level_permission.to_f >= current_user.roles.map(&:object_level_permission).max()
+                self.error(I18n.t("core.roles.messages_danger_creating_role_object_level_permission_too_high"))
+            end
+
+            # do not create if errors found
+            return self unless self.successful?
+
+            # Try to save role and logs if it went OK
+            if role.save
+                self.resource = role
+                #Role::Activity.log_create(current_user, self.resource)
+            else
+                self.error(role.errors.full_messages.to_sentence)
+            end
+
+            self
+        end
+
+        # @overwrite
+        # @return {Object}
+        # @param {params} Hash of the permitted attributes for a role
+        # @description Updates role's attributes and saves logs if it went without problem
+        def update params
+            old_attributes = self.resource.attributes
+
+            unless self.resource.update(params)
+                self.error(self.resource.errors.full_messages.to_sentence)
+            end
+
+            if self.successful?
+                new_attributes = self.resource.attributes
+
+                #LesliSecurity::Role::Activity.log_update(current_user, role, old_attributes, new_attributes)
+            end
+
+            self
+        end
+
+        # @overwrite
+        # @return {Object}
+        # @description Deletes the role 
+        def destroy
+            unless self.resource.destroy
+                self.error(self.resource.errors.full_messages.to_sentence)
+            end
+
+            if self.successful?
+                LesliSecurity::Role::Activity.log_destroy(current_user, self.resource)
+            end
+
+            self
+        end
+
+        def options 
+            { 
+                :object_level_permissions => self.roles_with_object_level_permission
+            }
+        end 
+
+        private 
+
+        def roles_with_object_level_permission
+            levels = {}
+
+            # get all the different object level permission registered in the roles
+            existing_levels = current_user.account.roles
+            .select(:object_level_permission)
+            .order(object_level_permission: :desc)
+            .distinct
+            .map { |level| level.object_level_permission }
+
+            # Build the next available object levels
+            # basically we need to add the possibles object level permissions between the
+            # existing ones
+            existing_levels.each_with_index do |level_current, i|
+
+                level_next = 0
+
+                # get the next OLP in the list of the existing roles
+                level_next = existing_levels.to_a[i+1] unless existing_levels.to_a[i+1].nil?
+
+                # calculate the new next level, basically we get the level right in the middle
+                # between the existing levels, example:
+                #   1000    existing level
+                #    750    new projected level
+                #    500    existing level
+                level_new = (level_current + level_next) / 2
+
+                # add the levels to the levels object
+                levels[level_current] = []
+
+                next if level_next == 0
+
+                levels[level_new] = []
+
+            end
+
+            # Get all the existing roles
+            current_user.account.roles
+            .select(:id, :name, :object_level_permission)
+            .where.not(object_level_permission: nil).each do |role|
+                levels[role.object_level_permission] = [] if levels[role.object_level_permission].blank?
+                # push the role grouping by the object level permission
+                levels[role.object_level_permission].push(role)
+            end
+
+            levels_sorted = []
+
+            levels.keys.each do |key|
+                levels_sorted.push({
+                    level: key,
+                    roles: levels[key]
+                })
+            end
+
+            levels_sorted
+        end
+    end
+end