lesli 5.0.3 → 5.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/config/lesli_manifest.js +2 -1
- data/app/assets/javascripts/lesli/users/confirmations.js +32 -0
- data/app/assets/javascripts/lesli/users/passwords.js +3 -3
- data/app/assets/javascripts/lesli/users/registrations.js +2 -2
- data/app/assets/javascripts/lesli/users/sessions.js +2 -2
- data/app/assets/stylesheets/lesli/users/confirmations.scss +28 -6
- data/app/controllers/lesli/interfaces/application/authorization.rb +2 -2
- data/app/controllers/lesli/interfaces/application/logger.rb +14 -38
- data/app/controllers/lesli/roles_controller.rb +3 -1
- data/app/controllers/users/confirmations_controller.rb +63 -27
- data/app/controllers/users/passwords_controller.rb +70 -30
- data/app/controllers/users/sessions_controller.rb +2 -4
- data/app/lib/lesli/system.rb +13 -5
- data/app/mailers/lesli/application_lesli_mailer.rb +8 -19
- data/app/mailers/lesli/devise_mailer.rb +29 -3
- data/app/models/concerns/account_initializer.rb +91 -0
- data/app/models/concerns/{user_guard.rb → user_security.rb} +7 -8
- data/app/models/lesli/account.rb +8 -26
- data/app/models/lesli/application_lesli_record.rb +1 -0
- data/app/models/lesli/descriptor/privilege.rb +38 -0
- data/app/models/lesli/descriptor.rb +18 -1
- data/app/models/lesli/role/power.rb +70 -0
- data/app/models/lesli/role/privilege.rb +38 -0
- data/app/models/lesli/role.rb +20 -15
- data/app/models/lesli/user/{role.rb → power.rb} +1 -1
- data/app/{services/lesli/role_service.rb → models/lesli/user/setting.rb} +10 -9
- data/app/models/lesli/user.rb +11 -20
- data/app/operators/lesli/descriptor_privilege_operator.rb +75 -0
- data/app/operators/lesli/role_power_operator.rb +108 -0
- data/app/operators/lesli/user_registration_operator.rb +121 -0
- data/app/services/lesli/user_service.rb +2 -4
- data/app/services/lesli/{user/session_service.rb → user_session_service.rb} +11 -4
- data/app/views/devise/confirmations/new.html.erb +0 -14
- data/app/views/devise/confirmations/show.html.erb +63 -0
- data/app/views/devise/passwords/edit.html.erb +78 -24
- data/app/views/devise/passwords/new.html.erb +1 -2
- data/app/views/lesli/emails/devise_mailer/confirmation_instructions.html.erb +1 -1
- data/app/views/lesli/emails/devise_mailer/reset_password_instructions.html.erb +23 -0
- data/app/views/lesli/partials/_application-lesli-header.html.erb +3 -1
- data/config/initializers/devise.rb +2 -0
- data/db/migrate/v1.0/0010000110_create_lesli_accounts.rb +2 -0
- data/db/{tables/0010001010_create_account_settings.rb → migrate/v1.0/0010001010_create_lesli_account_settings.rb} +5 -5
- data/db/{tables/0010003110_create_user_settings.rb → migrate/v1.0/0010003110_create_lesli_user_settings.rb} +4 -4
- data/db/migrate/v1.0/0010003210_create_lesli_user_sessions.rb +6 -2
- data/db/migrate/v1.0/{0010003410_create_lesli_user_roles.rb → 0010003410_create_lesli_user_powers.rb} +4 -4
- data/db/migrate/v1.0/0010005010_create_lesli_descriptors.rb +1 -1
- data/db/migrate/v1.0/{0010003910_create_lesli_user_agents.rb → 0010005510_create_lesli_role_powers.rb} +7 -9
- data/db/{tables/0010005710_create_role_privileges.rb → migrate/v1.0/0010005710_create_lesli_role_privileges.rb} +6 -6
- data/db/seed/development/users.rb +4 -4
- data/db/seed/tools.rb +4 -4
- data/lib/lesli/engine.rb +33 -10
- data/lib/lesli/version.rb +1 -1
- data/lib/sass/lesli/bulma/loader.scss +3 -0
- data/lib/sass/lesli/pages/devise-simple.scss +2 -1
- data/lib/tasks/lesli/controllers.rake +3 -6
- data/lib/tasks/lesli/db.rake +11 -1
- data/lib/tasks/lesli/role.rake +54 -0
- data/lib/vue/application.js +9 -2
- data/lib/vue/devise/passwords.js +3 -3
- data/lib/vue/layouts/application-header.vue +10 -3
- data/lib/webpack/core.js +2 -1
- data/readme.md +23 -7
- metadata +22 -18
- data/app/models/concerns/account_engines.rb +0 -249
- data/app/models/concerns/user_polyfill.rb +0 -134
- data/config/locales/translations.en.yml +0 -7
- data/config/locales/translations.es.yml +0 -7
- data/db/migrate/v1.0/0010001510_create_lesli_account_requests.rb +0 -45
- data/db/migrate/v1.0/0010003810_create_lesli_user_requests.rb +0 -44
- data/db/tables/0010005510_create_role_descriptors.rb +0 -44
@@ -0,0 +1,70 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
Lesli
|
4
|
+
|
5
|
+
Copyright (c) 2023, Lesli Technologies, S. A.
|
6
|
+
|
7
|
+
This program is free software: you can redistribute it and/or modify
|
8
|
+
it under the terms of the GNU General Public License as published by
|
9
|
+
the Free Software Foundation, either version 3 of the License, or
|
10
|
+
(at your option) any later version.
|
11
|
+
|
12
|
+
This program is distributed in the hope that it will be useful,
|
13
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
GNU General Public License for more details.
|
16
|
+
|
17
|
+
You should have received a copy of the GNU General Public License
|
18
|
+
along with this program. If not, see http://www.gnu.org/licenses/.
|
19
|
+
|
20
|
+
Lesli · Ruby on Rails SaaS Development Framework.
|
21
|
+
|
22
|
+
Made with ♥ by https://www.lesli.tech
|
23
|
+
Building a better future, one line of code at a time.
|
24
|
+
|
25
|
+
@contact hello@lesli.tech
|
26
|
+
@website https://www.lesli.tech
|
27
|
+
@license GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
|
28
|
+
|
29
|
+
// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~
|
30
|
+
// ·
|
31
|
+
=end
|
32
|
+
|
33
|
+
module Lesli
|
34
|
+
class Role::Power < ApplicationLesliRecord
|
35
|
+
belongs_to :role
|
36
|
+
belongs_to :descriptor
|
37
|
+
|
38
|
+
after_save :synchronize_privileges
|
39
|
+
after_destroy :synchronize_privileges
|
40
|
+
|
41
|
+
def synchronize_privileges
|
42
|
+
RolePowerOperator.new(self.role.id).synchronize
|
43
|
+
end
|
44
|
+
|
45
|
+
def self.index current_user, query, role
|
46
|
+
|
47
|
+
#role.descriptors
|
48
|
+
Descriptor
|
49
|
+
.joins(:privileges)
|
50
|
+
.left_joins(:role_descriptors)
|
51
|
+
.joins(%(
|
52
|
+
inner join system_controller_actions
|
53
|
+
on system_controller_actions.id = descriptor_privileges.system_controller_action_id
|
54
|
+
)).joins(%(
|
55
|
+
inner join system_controllers
|
56
|
+
on system_controllers.id = system_controller_actions.system_controller_id
|
57
|
+
))
|
58
|
+
.select(
|
59
|
+
"coalesce(role_descriptors.descriptor_id, descriptors.id) as id",
|
60
|
+
"descriptors.name as name",
|
61
|
+
"system_controllers.reference as reference",
|
62
|
+
"system_controllers.route as controller",
|
63
|
+
#"descriptors.category as action",
|
64
|
+
"system_controller_actions.name as action",
|
65
|
+
"system_controllers.engine as engine",
|
66
|
+
"case when role_descriptors.descriptor_id is null then false else true end as active"
|
67
|
+
)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
Lesli
|
4
|
+
|
5
|
+
Copyright (c) 2023, Lesli Technologies, S. A.
|
6
|
+
|
7
|
+
This program is free software: you can redistribute it and/or modify
|
8
|
+
it under the terms of the GNU General Public License as published by
|
9
|
+
the Free Software Foundation, either version 3 of the License, or
|
10
|
+
(at your option) any later version.
|
11
|
+
|
12
|
+
This program is distributed in the hope that it will be useful,
|
13
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
GNU General Public License for more details.
|
16
|
+
|
17
|
+
You should have received a copy of the GNU General Public License
|
18
|
+
along with this program. If not, see http://www.gnu.org/licenses/.
|
19
|
+
|
20
|
+
Lesli · Ruby on Rails SaaS Development Framework.
|
21
|
+
|
22
|
+
Made with ♥ by https://www.lesli.tech
|
23
|
+
Building a better future, one line of code at a time.
|
24
|
+
|
25
|
+
@contact hello@lesli.tech
|
26
|
+
@website https://www.lesli.tech
|
27
|
+
@license GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
|
28
|
+
|
29
|
+
// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~
|
30
|
+
// ·
|
31
|
+
=end
|
32
|
+
|
33
|
+
module Lesli
|
34
|
+
class Role::Privilege < Lesli::ApplicationLesliRecord
|
35
|
+
belongs_to :role
|
36
|
+
has_many :descriptors
|
37
|
+
end
|
38
|
+
end
|
data/app/models/lesli/role.rb
CHANGED
@@ -32,24 +32,36 @@ Building a better future, one line of code at a time.
|
|
32
32
|
|
33
33
|
module Lesli
|
34
34
|
class Role < ApplicationLesliRecord
|
35
|
-
|
36
35
|
belongs_to :account
|
37
36
|
|
38
|
-
|
39
37
|
# Role resources
|
40
38
|
has_many :activities
|
41
|
-
has_many :
|
42
|
-
has_many :privileges,
|
43
|
-
|
39
|
+
has_many :powers, dependent: :delete_all
|
40
|
+
has_many :privileges, dependent: :delete_all
|
41
|
+
|
42
|
+
# validations
|
43
|
+
validates :name, presence: :true
|
44
|
+
validates :object_level_permission, presence: :true
|
44
45
|
|
45
46
|
# initializers for new roles
|
46
47
|
after_create :after_create_role
|
47
48
|
|
49
|
+
# Return a list of roles that the user is able to work with
|
50
|
+
# according to object level permission
|
51
|
+
def self.list(current_user, query, params)
|
52
|
+
current_user.account.roles
|
53
|
+
.where("object_level_permission <= ?", current_user.max_object_level_permission)
|
54
|
+
.order(object_level_permission: :desc, name: :asc)
|
55
|
+
.select(:id, :name, :object_level_permission)
|
56
|
+
end
|
48
57
|
|
49
|
-
#
|
50
|
-
|
51
|
-
|
58
|
+
# @return [Boolean]
|
59
|
+
# @description Returns if a role is assigned to users.
|
60
|
+
def has_users?
|
61
|
+
User::Role.where(role: self).count > 0
|
62
|
+
end
|
52
63
|
|
64
|
+
private
|
53
65
|
|
54
66
|
def after_create_role
|
55
67
|
|
@@ -66,13 +78,6 @@ module Lesli
|
|
66
78
|
self.update_attribute("code", role_code)
|
67
79
|
end
|
68
80
|
|
69
|
-
|
70
|
-
# @return [Boolean]
|
71
|
-
# @description Returns if a role is assigned to users.
|
72
|
-
def has_users?
|
73
|
-
User::Role.where(role: self).count > 0
|
74
|
-
end
|
75
|
-
|
76
81
|
# @return [void]
|
77
82
|
# @param current_user [::User] The user that deleted the role
|
78
83
|
# @param [Role] The role that was deleted
|
@@ -31,15 +31,16 @@ Building a better future, one line of code at a time.
|
|
31
31
|
=end
|
32
32
|
|
33
33
|
module Lesli
|
34
|
-
class
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
34
|
+
class User::Setting < ApplicationRecord
|
35
|
+
belongs_to :user
|
36
|
+
|
37
|
+
validates :name, presence: true, on: :create
|
38
|
+
validates :value, presence: true, on: :create
|
39
|
+
|
40
|
+
after_update :after_update_settings
|
41
|
+
|
42
|
+
def after_update_settings
|
43
|
+
#Courier::One::Firebase::User.sync_user(self.user)
|
43
44
|
end
|
44
45
|
end
|
45
46
|
end
|
data/app/models/lesli/user.rb
CHANGED
@@ -33,10 +33,9 @@ Building a better future, one line of code at a time.
|
|
33
33
|
module Lesli
|
34
34
|
class User < ApplicationLesliRecord
|
35
35
|
|
36
|
-
include
|
36
|
+
include UserSecurity
|
37
37
|
include UserExtensions
|
38
38
|
#include UserActivities
|
39
|
-
#include UserPolyfill
|
40
39
|
|
41
40
|
# users belongs to an account only... and must have a role
|
42
41
|
belongs_to :account, optional: true
|
@@ -57,9 +56,10 @@ module Lesli
|
|
57
56
|
has_many :activities, class_name: "User::Activity"
|
58
57
|
|
59
58
|
# users can have many roles and too many privileges through the roles
|
60
|
-
|
61
|
-
has_many :
|
62
|
-
|
59
|
+
# every role adds a power to the user, power is just a role id
|
60
|
+
has_many :powers
|
61
|
+
has_many :roles, through: :powers, source: :role, class_name: "Lesli::Role"
|
62
|
+
has_many :privileges, through: :roles, class_name: "Lesli::Role::Privilege"
|
63
63
|
|
64
64
|
|
65
65
|
# devise implementation
|
@@ -88,7 +88,6 @@ module Lesli
|
|
88
88
|
|
89
89
|
# callbacks
|
90
90
|
before_create :before_create_user
|
91
|
-
after_create :after_create_user
|
92
91
|
#after_create :after_confirmation_user, if: :confirmed?
|
93
92
|
#after_create :after_account_assignation
|
94
93
|
#after_update :update_associated_services
|
@@ -108,26 +107,18 @@ module Lesli
|
|
108
107
|
end
|
109
108
|
|
110
109
|
|
111
|
-
#
|
112
|
-
|
113
|
-
|
114
|
-
# designed to be invoked directly
|
115
|
-
def after_create_user
|
116
|
-
|
117
|
-
# create user details
|
118
|
-
#User::Detail.find_or_create_by({ user: self })
|
110
|
+
# Initialize user settings and dependencies needed
|
111
|
+
def after_confirmation_user
|
112
|
+
return unless self.confirmed?
|
119
113
|
|
120
114
|
# create an alias based on user name
|
121
115
|
# defined in user extensions
|
122
116
|
self.set_alias
|
123
117
|
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
# Initialize user settings and dependencies needed
|
128
|
-
def after_confirmation_user
|
129
|
-
return unless self.confirmed?
|
118
|
+
# create user details
|
119
|
+
#User::Detail.find_or_create_by({ user: self })
|
130
120
|
|
121
|
+
# Minimum security settings required
|
131
122
|
self.settings.create_with(:value => false).find_or_create_by(:name => "mfa_enabled")
|
132
123
|
self.settings.create_with(:value => :email).find_or_create_by(:name => "mfa_method")
|
133
124
|
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
Lesli
|
4
|
+
|
5
|
+
Copyright (c) 2023, Lesli Technologies, S. A.
|
6
|
+
|
7
|
+
This program is free software: you can redistribute it and/or modify
|
8
|
+
it under the terms of the GNU General Public License as published by
|
9
|
+
the Free Software Foundation, either version 3 of the License, or
|
10
|
+
(at your option) any later version.
|
11
|
+
|
12
|
+
This program is distributed in the hope that it will be useful,
|
13
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
GNU General Public License for more details.
|
16
|
+
|
17
|
+
You should have received a copy of the GNU General Public License
|
18
|
+
along with this program. If not, see http://www.gnu.org/licenses/.
|
19
|
+
|
20
|
+
Lesli · Ruby on Rails SaaS Development Framework.
|
21
|
+
|
22
|
+
Made with ♥ by https://www.lesli.tech
|
23
|
+
Building a better future, one line of code at a time.
|
24
|
+
|
25
|
+
@contact hello@lesli.tech
|
26
|
+
@website https://www.lesli.tech
|
27
|
+
@license GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
|
28
|
+
|
29
|
+
// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~
|
30
|
+
// ·
|
31
|
+
=end
|
32
|
+
|
33
|
+
module Lesli
|
34
|
+
class DescriptorPrivilegeOperator < Lesli::ApplicationLesliService
|
35
|
+
|
36
|
+
@descriptor = nil
|
37
|
+
|
38
|
+
def initialize descriptor
|
39
|
+
@descriptor = descriptor
|
40
|
+
end
|
41
|
+
|
42
|
+
def add_profile_privileges(descriptor)
|
43
|
+
|
44
|
+
# Adding default system actions for profile descriptor
|
45
|
+
[
|
46
|
+
{ controller: "lesli_admin/profiles", actions: ["show"] }, # enable profile view
|
47
|
+
{ controller: "lesli/users", actions: ["options", "update"] }, # enable user edition
|
48
|
+
{ controller: "lesli/abouts", actions: ["show"] }, # system status
|
49
|
+
{ controller: "lesli/user/sessions", actions: ["index"] } # session management
|
50
|
+
].each do |controller_action|
|
51
|
+
|
52
|
+
controller_action[:actions].each do |action_name|
|
53
|
+
|
54
|
+
system_controller_action = SystemController::Action.joins(:system_controller)
|
55
|
+
.where("lesli_system_controllers.route = ?", controller_action[:controller])
|
56
|
+
.where("lesli_system_controller_actions.name = ?", action_name)
|
57
|
+
|
58
|
+
descriptor.privileges.find_or_create_by(
|
59
|
+
action: system_controller_action.first
|
60
|
+
)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def add_owner_privileges(descriptor)
|
66
|
+
|
67
|
+
# Adding default system actions for profile descriptor
|
68
|
+
actions = SystemController::Action.all
|
69
|
+
|
70
|
+
actions.each do |action|
|
71
|
+
descriptor.privileges.find_or_create_by(action: action)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
Lesli
|
4
|
+
|
5
|
+
Copyright (c) 2023, Lesli Technologies, S. A.
|
6
|
+
|
7
|
+
This program is free software: you can redistribute it and/or modify
|
8
|
+
it under the terms of the GNU General Public License as published by
|
9
|
+
the Free Software Foundation, either version 3 of the License, or
|
10
|
+
(at your option) any later version.
|
11
|
+
|
12
|
+
This program is distributed in the hope that it will be useful,
|
13
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
GNU General Public License for more details.
|
16
|
+
|
17
|
+
You should have received a copy of the GNU General Public License
|
18
|
+
along with this program. If not, see http://www.gnu.org/licenses/.
|
19
|
+
|
20
|
+
Lesli · Ruby on Rails SaaS Development Framework.
|
21
|
+
|
22
|
+
Made with ♥ by https://www.lesli.tech
|
23
|
+
Building a better future, one line of code at a time.
|
24
|
+
|
25
|
+
@contact hello@lesli.tech
|
26
|
+
@website https://www.lesli.tech
|
27
|
+
@license GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
|
28
|
+
|
29
|
+
// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~
|
30
|
+
// ·
|
31
|
+
=end
|
32
|
+
|
33
|
+
module Lesli
|
34
|
+
class RolePowerOperator < Lesli::ApplicationLesliService
|
35
|
+
|
36
|
+
@roles;
|
37
|
+
|
38
|
+
def initialize *roles
|
39
|
+
@roles = roles
|
40
|
+
end
|
41
|
+
|
42
|
+
# Syncronize the descriptor privileges with the role privilege cache table
|
43
|
+
def synchronize
|
44
|
+
|
45
|
+
# bulk all the descriptor privileges
|
46
|
+
# this script was built manually for performance, maintenance
|
47
|
+
# and to make it easy to read for future changes, basically what it does
|
48
|
+
# is get the controllers and actions assigned to a descriptor through the
|
49
|
+
# system_descriptor_privileges table and create an array of hashes with
|
50
|
+
# all the raw privileges (this includes duplicated privileges)
|
51
|
+
records = Descriptor.joins(%(
|
52
|
+
INNER JOIN lesli_descriptor_privileges
|
53
|
+
ON lesli_descriptor_privileges.descriptor_id = lesli_descriptors.id
|
54
|
+
)).joins(%(
|
55
|
+
INNER JOIN lesli_system_controller_actions
|
56
|
+
ON lesli_system_controller_actions.id = lesli_descriptor_privileges.action_id
|
57
|
+
)).joins(%(
|
58
|
+
INNER JOIN lesli_system_controllers
|
59
|
+
ON lesli_system_controllers.id = lesli_system_controller_actions.system_controller_id
|
60
|
+
)).joins(%(
|
61
|
+
INNER JOIN lesli_role_powers
|
62
|
+
ON lesli_role_powers.descriptor_id = lesli_descriptors.id
|
63
|
+
)).select(
|
64
|
+
"lesli_system_controllers.route as controller",
|
65
|
+
"lesli_system_controller_actions.name as action",
|
66
|
+
"case when lesli_role_powers.deleted_at is null then true else false end as active",
|
67
|
+
"lesli_role_powers.role_id as role_id"
|
68
|
+
).with_deleted
|
69
|
+
|
70
|
+
|
71
|
+
# get privileges only for the given role, this is needed to sync only modified roles
|
72
|
+
records = records.where("lesli_role_powers.role_id" => @roles)
|
73
|
+
|
74
|
+
# we use the deleted_at column to know if a privilege is enable or disable, NULL values
|
75
|
+
# at the deleted_at column means privilege is active, so if we sort by deleted_at column
|
76
|
+
# all the active privileges will be at the top, then the uniq method is going to take
|
77
|
+
# always the active values, to completely disable a privilege for a specific controller/action
|
78
|
+
# we have to disable in all the descriptors
|
79
|
+
records = records.order("lesli_role_powers.deleted_at DESC")
|
80
|
+
|
81
|
+
# convert the results to json so it is easy to insert/update
|
82
|
+
records = records.as_json(only: [:controller, :action, :role_id, :active])
|
83
|
+
|
84
|
+
# IMPORTANT: We must save only uniq privileges in the role_privilege table
|
85
|
+
# this means that it does not matters how many times we defined a privilege dependency
|
86
|
+
# we insert the privilege only once.
|
87
|
+
# Example: If we defined that we need access to UsersController#index in 20 descriptors,
|
88
|
+
# in the role_privileges will be only one record for that specific controller and action
|
89
|
+
records = records.uniq do |privilege|
|
90
|
+
|
91
|
+
# NOTE: If can disable a privilege that belongs to a descriptor,
|
92
|
+
# however, if the same privilege is define in another active descriptor,
|
93
|
+
# the role that has both descriptor will be able to access the resources
|
94
|
+
# of that privilege, that is a normal and desire behavior.
|
95
|
+
[privilege["controller"], privilege["action"], privilege["role_id"]]
|
96
|
+
end
|
97
|
+
|
98
|
+
# small check to ensure I have records to update/insert
|
99
|
+
return if records.blank?
|
100
|
+
|
101
|
+
# bulk update/insert into role privilege cache table
|
102
|
+
# IMPORTANT: Due to the importance and how delicate this process is, it is better
|
103
|
+
# to copy the controller name and actions from the system, instead of
|
104
|
+
# just have a reference to the system_controller_actions table
|
105
|
+
Lesli::Role::Privilege.with_deleted.upsert_all(records, unique_by: [:controller, :action, :role_id])
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
@@ -0,0 +1,121 @@
|
|
1
|
+
=begin
|
2
|
+
|
3
|
+
Lesli
|
4
|
+
|
5
|
+
Copyright (c) 2023, Lesli Technologies, S. A.
|
6
|
+
|
7
|
+
This program is free software: you can redistribute it and/or modify
|
8
|
+
it under the terms of the GNU General Public License as published by
|
9
|
+
the Free Software Foundation, either version 3 of the License, or
|
10
|
+
(at your option) any later version.
|
11
|
+
|
12
|
+
This program is distributed in the hope that it will be useful,
|
13
|
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
GNU General Public License for more details.
|
16
|
+
|
17
|
+
You should have received a copy of the GNU General Public License
|
18
|
+
along with this program. If not, see http://www.gnu.org/licenses/.
|
19
|
+
|
20
|
+
Lesli · Ruby on Rails Development Platform.
|
21
|
+
|
22
|
+
Made with ♥ by https://www.lesli.tech
|
23
|
+
Building a better future, one line of code at a time.
|
24
|
+
|
25
|
+
@contact hello@lesli.tech
|
26
|
+
@website https://www.lesli.tech
|
27
|
+
@license GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
|
28
|
+
|
29
|
+
// · ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~ ~·~
|
30
|
+
// ·
|
31
|
+
|
32
|
+
=end
|
33
|
+
|
34
|
+
module Lesli
|
35
|
+
class UserRegistrationOperator < Lesli::ApplicationLesliService
|
36
|
+
|
37
|
+
def initialize(current_user)
|
38
|
+
@resource = current_user
|
39
|
+
@current_user = current_user
|
40
|
+
end
|
41
|
+
|
42
|
+
def confirm
|
43
|
+
|
44
|
+
if current_user.blank?
|
45
|
+
failures.push(I18n.t("core.shared.messages_warning_user_not_found"))
|
46
|
+
return self
|
47
|
+
end
|
48
|
+
|
49
|
+
# confirm the user
|
50
|
+
current_user.confirm
|
51
|
+
|
52
|
+
# force token deletion so we are sure nobody will be able to use the token again
|
53
|
+
resource.update(confirmation_token: nil)
|
54
|
+
|
55
|
+
# send a welcome email to user as is confirmed
|
56
|
+
#UserMailer.with(user: resource).welcome.deliver_later
|
57
|
+
|
58
|
+
# initialize user dependencies
|
59
|
+
current_user.after_confirmation_user
|
60
|
+
|
61
|
+
end
|
62
|
+
|
63
|
+
def create_account
|
64
|
+
|
65
|
+
if resource.blank?
|
66
|
+
failures.push(I18n.t("core.shared.messages_warning_user_not_found"))
|
67
|
+
return self
|
68
|
+
end
|
69
|
+
|
70
|
+
if resource.account
|
71
|
+
failures.push(I18n.t("core.users.messages_info_user_already_belongs_to_account"))
|
72
|
+
return self
|
73
|
+
end
|
74
|
+
|
75
|
+
# check if instance is for multi-account
|
76
|
+
allow_multiaccount = Lesli.config.security.dig(:allow_multiaccount)
|
77
|
+
|
78
|
+
# create new account for the new user only if multi-account is allowed
|
79
|
+
if allow_multiaccount === true
|
80
|
+
account = Account.create!({
|
81
|
+
user: resource, # set user as owner of his just created account
|
82
|
+
company_name: "Lesli", # temporary company name
|
83
|
+
status: :active # account is active due user already confirmed his email
|
84
|
+
})
|
85
|
+
end
|
86
|
+
|
87
|
+
# if multi-account is not allowed user belongs to the first account in instance
|
88
|
+
if allow_multiaccount === false
|
89
|
+
account = Account.first
|
90
|
+
end
|
91
|
+
|
92
|
+
# add user to his own account
|
93
|
+
resource.account = account
|
94
|
+
|
95
|
+
# add owner role to user only if multi-account is allowed
|
96
|
+
if allow_multiaccount == true
|
97
|
+
resource.powers.create({ role: account.roles.find_by(name: "owner") })
|
98
|
+
end
|
99
|
+
|
100
|
+
# add profile role to user only if multi-account is allowed
|
101
|
+
if allow_multiaccount == false
|
102
|
+
# Assigning default role if defined in account settings
|
103
|
+
# Otherwise, the default role is "limited"
|
104
|
+
default_role_id = account.settings.find_by(:name => "default_role_id")&.value
|
105
|
+
|
106
|
+
if default_role_id.present?
|
107
|
+
resource.user_roles.create({ role: account.roles.find_by(:id => default_role_id)})
|
108
|
+
else
|
109
|
+
resource.user_roles.create({ role: account.roles.find_by(name: "limited") })
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
# update user :)
|
114
|
+
resource.save
|
115
|
+
|
116
|
+
# initialize user dependencies
|
117
|
+
resource.after_account_assignation
|
118
|
+
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
@@ -37,8 +37,7 @@ module Lesli
|
|
37
37
|
# Return a list of users that belongs to the account of the current_user
|
38
38
|
# this list is meant to be used in selectors, autocomplets, etc
|
39
39
|
def list params=nil
|
40
|
-
|
41
|
-
users = Lesli::Account.first.users
|
40
|
+
users = current_user.account.users
|
42
41
|
|
43
42
|
if params[:role].present?
|
44
43
|
# add simple quotes to the roles so the sql can manage the query
|
@@ -61,9 +60,8 @@ module Lesli
|
|
61
60
|
:id,
|
62
61
|
:email,
|
63
62
|
"CONCAT_WS(' ', first_name, last_name) as name",
|
64
|
-
|
63
|
+
"COALESCE(alias, email) as alias"
|
65
64
|
).as_json
|
66
65
|
end
|
67
|
-
|
68
66
|
end
|
69
67
|
end
|
@@ -32,17 +32,24 @@ Building a better future, one line of code at a time.
|
|
32
32
|
=end
|
33
33
|
|
34
34
|
module Lesli
|
35
|
-
class
|
35
|
+
class UserSessionService < ApplicationLesliService
|
36
36
|
|
37
37
|
# create a new session
|
38
38
|
def create(user_agent, remote_ip, session_source="devise_standard_session")
|
39
39
|
|
40
40
|
# register a new unique session
|
41
41
|
current_session = current_user.sessions.create({
|
42
|
-
:
|
43
|
-
|
42
|
+
:remote => remote_ip,
|
43
|
+
|
44
|
+
:agent_os => user_agent[:os] || "unknown",
|
45
|
+
:agent_platform => user_agent[:platform] || "unknown",
|
46
|
+
:agent_browser => user_agent[:browser] || "unknown",
|
47
|
+
:agent_version => user_agent[:version] || "unknown",
|
48
|
+
|
44
49
|
:session_source => session_source,
|
45
|
-
:last_used_at => Date2.new.get
|
50
|
+
:last_used_at => Date2.new.get,
|
51
|
+
|
52
|
+
:usage_count => 1
|
46
53
|
})
|
47
54
|
|
48
55
|
# register a successful sign-in log for the current user
|
@@ -1,16 +1,2 @@
|
|
1
1
|
<h2>Resend confirmation instructions</h2>
|
2
2
|
|
3
|
-
<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
|
4
|
-
<%= render "devise/shared/error_messages", resource: resource %>
|
5
|
-
|
6
|
-
<div class="field">
|
7
|
-
<%= f.label :email %><br />
|
8
|
-
<%= f.email_field :email, autofocus: true, autocomplete: "email", value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
|
9
|
-
</div>
|
10
|
-
|
11
|
-
<div class="actions">
|
12
|
-
<%= f.submit "Resend confirmation instructions" %>
|
13
|
-
</div>
|
14
|
-
<% end %>
|
15
|
-
|
16
|
-
<%= render "devise/shared/links" %>
|