lesli 5.0.2 → 5.0.4

data/app/models/lesli/descriptor/privilege.rb

@@ -0,0 +1,38 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class Descriptor::Privilege < ApplicationLesliRecord
+        belongs_to :descriptor
+        belongs_to :action, class_name: "SystemController::Action"
+    end
+end

data/app/models/lesli/descriptor.rb

@@ -33,9 +33,26 @@ Building a better future, one line of code at a time.
 module Lesli
     class Descriptor < ApplicationLesliRecord
         belongs_to :account
-        #has_many :privileges
+        has_many :privileges
         #has_many :role_descriptors
+
+        # this scope is needed to allow to join with deleted descriptors
+        # join with deleted descriptors is needed to know which privileges we have to remove from the
+        # role_privileges table when a descriptor is removed from role_describers
+        has_many :role_descriptors_all, -> { with_deleted }, foreign_key: "descriptors_id", class_name: "Role::Descriptor"
         
         validates :name, presence: true
+
+        after_create :initialize_descriptor_privileges
+
+        def initialize_descriptor_privileges
+
+            descriptor_operator = DescriptorPrivilegeOperator.new(self)
+    
+            descriptor_operator.add_profile_privileges(self) if self.name == "profile"
+    
+            descriptor_operator.add_owner_privileges(self) if ["owner", "sysadmin"].include?(self.name)
+    
+        end
     end
 end

data/app/models/lesli/role/power.rb

@@ -0,0 +1,70 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli 
+    class Role::Power < ApplicationLesliRecord
+        belongs_to :role
+        belongs_to :descriptor
+
+        after_save :synchronize_privileges
+        after_destroy :synchronize_privileges
+
+        def synchronize_privileges
+            RolePowerOperator.new(self.role.id).synchronize
+        end
+
+        def self.index current_user, query, role
+
+            #role.descriptors
+            Descriptor
+            .joins(:privileges)
+            .left_joins(:role_descriptors)
+            .joins(%(
+                inner join system_controller_actions  
+                on system_controller_actions.id = descriptor_privileges.system_controller_action_id
+            )).joins(%(
+                inner join system_controllers  
+                on system_controllers.id = system_controller_actions.system_controller_id
+            ))
+            .select(
+                "coalesce(role_descriptors.descriptor_id, descriptors.id) as id", 
+                "descriptors.name as name", 
+                "system_controllers.reference as reference", 
+                "system_controllers.route as controller", 
+                #"descriptors.category as action", 
+                "system_controller_actions.name as action", 
+                "system_controllers.engine as engine", 
+                "case when role_descriptors.descriptor_id is null then false else true end as active"
+            )
+        end
+    end
+end

data/app/models/lesli/role/privilege.rb

@@ -0,0 +1,38 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class Role::Privilege < Lesli::ApplicationLesliRecord
+        belongs_to :role
+        has_many   :descriptors
+    end
+end

data/app/models/lesli/role.rb

@@ -32,24 +32,36 @@ Building a better future, one line of code at a time.
 
 module Lesli
     class Role < ApplicationLesliRecord
-
         belongs_to :account
 
-
         # Role resources
         has_many :activities
-        has_many :descriptors, dependent: :delete_all
-        has_many :privileges, class_name: "Role::Privilege", dependent: :delete_all
-        
+        has_many :powers, dependent: :delete_all
+        has_many :privileges,  dependent: :delete_all
+
+        # validations
+        validates :name, presence: :true
+        validates :object_level_permission, presence: :true
 
         # initializers for new roles
         after_create :after_create_role
 
+        # Return a list of roles that the user is able to work with
+        # according to object level permission
+        def self.list(current_user, query, params)
+            current_user.account.roles
+            .where("object_level_permission <= ?", current_user.max_object_level_permission)
+            .order(object_level_permission: :desc, name: :asc)
+            .select(:id, :name, :object_level_permission)
+        end
 
-        # validations
-        validates :name, presence: :true
-        validates :object_level_permission, presence: :true
+        # @return [Boolean]
+        # @description Returns if a role is assigned to users.
+        def has_users?
+            User::Role.where(role: self).count > 0
+        end
 
+        private
 
         def after_create_role
 
@@ -66,13 +78,6 @@ module Lesli
             self.update_attribute("code", role_code)
         end
 
-
-        # @return [Boolean]
-        # @description Returns if a role is assigned to users.
-        def has_users?
-            User::Role.where(role: self).count > 0
-        end
-
         # @return [void]
         # @param current_user [::User] The user that deleted the role
         # @param [Role] The role that was deleted

data/app/models/lesli/user/{role.rb → power.rb}

@@ -31,7 +31,7 @@ Building a better future, one line of code at a time.
 =end
 
 module Lesli
-    class User::Role < ApplicationLesliRecord
+    class User::Power < ApplicationLesliRecord
         belongs_to :user
         belongs_to :role
         has_many :roles

data/app/{services/lesli/role_service.rb → models/lesli/user/setting.rb}

@@ -31,15 +31,16 @@ Building a better future, one line of code at a time.
 =end
 
 module Lesli
-    class RoleService < ApplicationLesliService
-
-        # Return a list of roles that the user is able to work with
-        # according to object level permission
-        def list params
-            current_user.account.roles
-            .where("object_level_permission <= ?", current_user.max_object_level_permission)
-            .order(object_level_permission: :desc, name: :asc)
-            .select(:id, :name, :object_level_permission)
+    class User::Setting < ApplicationRecord
+        belongs_to :user
+
+        validates :name, presence: true, on: :create
+        validates :value, presence: true, on: :create
+
+        after_update :after_update_settings
+
+        def after_update_settings
+            #Courier::One::Firebase::User.sync_user(self.user)
         end
     end
 end

data/app/models/lesli/user.rb

@@ -33,10 +33,9 @@ Building a better future, one line of code at a time.
 module Lesli
     class User < ApplicationLesliRecord
 
-        include UserGuard
+        include UserSecurity
         include UserExtensions
         #include UserActivities
-        #include UserPolyfill
 
         # users belongs to an account only... and must have a role
         belongs_to :account, optional: true
@@ -57,9 +56,10 @@ module Lesli
         has_many :activities,   class_name: "User::Activity"
 
         # users can have many roles and too many privileges through the roles
-        has_many :user_roles, class_name: "Lesli::User::Role" 
-        has_many :roles, class_name: "Lesli::Role", through: :user_roles, source: :role
-        #has_many :privileges,       through: :roles
+        # every role adds a power to the user, power is just a role id
+        has_many :powers
+        has_many :roles, through: :powers, source: :role, class_name: "Lesli::Role"
+        has_many :privileges, through: :roles, class_name: "Lesli::Role::Privilege"
 
 
         # devise implementation
@@ -88,7 +88,6 @@ module Lesli
 
         # callbacks
         before_create :before_create_user
-        after_create :after_create_user
         #after_create :after_confirmation_user, if: :confirmed?
         #after_create :after_account_assignation
         #after_update :update_associated_services
@@ -108,26 +107,18 @@ module Lesli
         end
 
 
-        # @return [void]
-        # @description After creating a user, creates the necessary resources for them to access the different engines.
-        #     At the current time, it only creates a default calendar. This is an *after_create* method, and is not
-        #     designed to be invoked directly
-        def after_create_user
-
-            # create user details
-            #User::Detail.find_or_create_by({ user: self })
+        # Initialize user settings and dependencies needed
+        def after_confirmation_user
+            return unless self.confirmed?
 
             # create an alias based on user name
             # defined in user extensions
             self.set_alias
 
-        end
-
-
-        # Initialize user settings and dependencies needed
-        def after_confirmation_user
-            return unless self.confirmed?
+            # create user details
+            #User::Detail.find_or_create_by({ user: self })
 
+            # Minimum security settings required
             self.settings.create_with(:value => false).find_or_create_by(:name => "mfa_enabled")
             self.settings.create_with(:value => :email).find_or_create_by(:name => "mfa_method")
         end

data/app/operators/lesli/descriptor_privilege_operator.rb

@@ -0,0 +1,75 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class DescriptorPrivilegeOperator < Lesli::ApplicationLesliService
+
+        @descriptor = nil
+
+        def initialize descriptor
+            @descriptor = descriptor
+        end
+
+        def add_profile_privileges(descriptor)
+
+            # Adding default system actions for profile descriptor
+            [
+                { controller: "lesli_admin/profiles", actions: ["show"] },      # enable profile view
+                { controller: "lesli/users", actions: ["options", "update"] },  # enable user edition
+                { controller: "lesli/abouts", actions: ["show"] },              # system status
+                { controller: "lesli/user/sessions", actions: ["index"] }       # session management
+            ].each do |controller_action|
+
+                controller_action[:actions].each do |action_name|
+
+                    system_controller_action = SystemController::Action.joins(:system_controller)
+                    .where("lesli_system_controllers.route = ?", controller_action[:controller])
+                    .where("lesli_system_controller_actions.name = ?", action_name)
+
+                    descriptor.privileges.find_or_create_by(
+                        action: system_controller_action.first
+                    )
+                end
+            end
+        end
+
+        def add_owner_privileges(descriptor)
+
+            # Adding default system actions for profile descriptor
+            actions = SystemController::Action.all
+
+            actions.each do |action|
+                descriptor.privileges.find_or_create_by(action: action)
+            end
+        end
+    end
+end

data/app/operators/lesli/role_power_operator.rb

@@ -0,0 +1,108 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module Lesli
+    class RolePowerOperator < Lesli::ApplicationLesliService
+
+        @roles;
+
+        def initialize *roles
+            @roles = roles
+        end
+
+        # Syncronize the descriptor privileges with the role privilege cache table 
+        def synchronize 
+
+            # bulk all the descriptor privileges
+            # this script was built manually for performance, maintenance
+            # and to make it easy to read for future changes, basically what it does 
+            # is get the controllers and actions assigned to a descriptor through the 
+            # system_descriptor_privileges table and create an array of hashes with
+            # all the raw privileges (this includes duplicated privileges)
+            records = Descriptor.joins(%(
+                INNER JOIN lesli_descriptor_privileges
+                ON lesli_descriptor_privileges.descriptor_id = lesli_descriptors.id
+            )).joins(%(
+                INNER JOIN lesli_system_controller_actions 
+                ON lesli_system_controller_actions.id = lesli_descriptor_privileges.action_id
+            )).joins(%(
+                INNER JOIN lesli_system_controllers 
+                ON lesli_system_controllers.id = lesli_system_controller_actions.system_controller_id
+            )).joins(%(
+                INNER JOIN lesli_role_powers 
+                ON lesli_role_powers.descriptor_id = lesli_descriptors.id
+            )).select(
+                "lesli_system_controllers.route as controller", 
+                "lesli_system_controller_actions.name as action",
+                "case when lesli_role_powers.deleted_at is null then true else false end as active",
+                "lesli_role_powers.role_id as role_id"
+            ).with_deleted
+
+
+            # get privileges only for the given role, this is needed to sync only modified roles
+            records = records.where("lesli_role_powers.role_id" => @roles)
+
+            # we use the deleted_at column to know if a privilege is enable or disable, NULL values
+            # at the deleted_at column means privilege is active, so if we sort by deleted_at column
+            # all the active privileges will be at the top, then the uniq method is going to take
+            # always the active values, to completely disable a privilege for a specific controller/action
+            # we have to disable in all the descriptors
+            records = records.order("lesli_role_powers.deleted_at DESC")
+            
+            # convert the results to json so it is easy to insert/update
+            records = records.as_json(only: [:controller, :action, :role_id, :active])
+
+            # IMPORTANT: We must save only uniq privileges in the role_privilege table
+            # this means that it does not matters how many times we defined a privilege dependency
+            # we insert the privilege only once.
+            # Example: If we defined that we need access to UsersController#index in 20 descriptors,
+            # in the role_privileges will be only one record for that specific controller and action
+            records = records.uniq do |privilege|
+
+                # NOTE: If can disable a privilege that belongs to a descriptor, 
+                # however, if the same privilege is define in another active descriptor, 
+                # the role that has both descriptor will be able to access the resources 
+                # of that privilege, that is a normal and desire behavior.
+                [privilege["controller"], privilege["action"], privilege["role_id"]]
+            end
+
+            # small check to ensure I have records to update/insert
+            return if records.blank?
+
+            # bulk update/insert into role privilege cache table
+            # IMPORTANT: Due to the importance and how delicate this process is, it is better
+            #            to copy the controller name and actions from the system, instead of 
+            #            just have a reference to the system_controller_actions table
+            Lesli::Role::Privilege.with_deleted.upsert_all(records, unique_by: [:controller, :action, :role_id])
+        end 
+    end
+end

data/app/operators/lesli/user_registration_operator.rb

@@ -0,0 +1,121 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails Development Platform.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+
+=end
+
+module Lesli
+    class UserRegistrationOperator < Lesli::ApplicationLesliService
+
+        def initialize(current_user)
+            @resource = current_user
+            @current_user = current_user
+        end
+
+        def confirm
+
+            if current_user.blank?
+                failures.push(I18n.t("core.shared.messages_warning_user_not_found")) 
+                return self
+            end
+
+            # confirm the user
+            current_user.confirm
+
+            # force token deletion so we are sure nobody will be able to use the token again
+            resource.update(confirmation_token: nil)
+
+            # send a welcome email to user as is confirmed
+            #UserMailer.with(user: resource).welcome.deliver_later
+
+            # initialize user dependencies
+            current_user.after_confirmation_user
+
+        end
+
+        def create_account
+
+            if resource.blank?
+                failures.push(I18n.t("core.shared.messages_warning_user_not_found")) 
+                return self
+            end
+
+            if resource.account
+                failures.push(I18n.t("core.users.messages_info_user_already_belongs_to_account")) 
+                return self
+            end
+
+            # check if instance is for multi-account
+            allow_multiaccount = Lesli.config.security.dig(:allow_multiaccount)
+
+            # create new account for the new user only if multi-account is allowed
+            if allow_multiaccount === true
+                account = Account.create!({
+                    user: resource,            # set user as owner of his just created account
+                    company_name: "Lesli",     # temporary company name
+                    status: :active            # account is active due user already confirmed his email
+                })
+            end
+
+            # if multi-account is not allowed user belongs to the first account in instance
+            if allow_multiaccount === false
+                account = Account.first
+            end
+
+            # add user to his own account
+            resource.account = account
+
+            # add owner role to user only if multi-account is allowed
+            if allow_multiaccount == true
+                resource.powers.create({ role: account.roles.find_by(name: "owner") })
+            end
+
+            # add profile role to user only if multi-account is allowed
+            if allow_multiaccount == false
+                # Assigning default role if defined in account settings
+                # Otherwise, the default role is "limited"
+                default_role_id = account.settings.find_by(:name => "default_role_id")&.value
+                    
+                if default_role_id.present?
+                    resource.user_roles.create({ role: account.roles.find_by(:id => default_role_id)})
+                else
+                    resource.user_roles.create({ role: account.roles.find_by(name: "limited") })
+                end
+            end
+
+            # update user :)
+            resource.save
+
+            # initialize user dependencies
+            resource.after_account_assignation
+
+        end
+    end
+end

data/app/services/lesli/user_service.rb

@@ -37,8 +37,7 @@ module Lesli
         # Return a list of users that belongs to the account of the current_user
         # this list is meant to be used in selectors, autocomplets, etc
         def list params=nil
-            #users = current_user.account.users
-            users = Lesli::Account.first.users
+            users = current_user.account.users
 
             if params[:role].present?
                 # add simple quotes to the roles so the sql can manage the query
@@ -61,9 +60,8 @@ module Lesli
                 :id,
                 :email,
                 "CONCAT_WS(' ', first_name, last_name) as name",
-                :alias
+                "COALESCE(alias, email) as alias"
             ).as_json
         end
-
     end
 end