lesli 5.0.3 → 5.0.5

data/app/controllers/lesli/application_lesli_controller.rb

@@ -17,7 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see http://www.gnu.org/licenses/.
 
-Lesli · Ruby on Rails SaaS development platform.
+Lesli · Ruby on Rails SaaS Development Framework.
 
 Made with ♥ by https://www.lesli.tech
 Building a better future, one line of code at a time.
@@ -27,7 +27,7 @@ Building a better future, one line of code at a time.
 @license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
 
 // · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
-// ·
+// · 
 =end
 
 module Lesli

data/app/controllers/lesli/interfaces/application/authorization.rb

@@ -69,10 +69,10 @@ module Lesli
                 # allowed core methods:
                 #   [:index, :create, :update, :destroy, :new, :show, :edit, :options, :search, :resources]
                 def authorize_privileges
-                    return true
+
                     # check if user has access to the requested controller
                     # this search is over all the privileges for all the roles of the user
-                    granted = current_user.has_privileges?(params[:controller], params[:action])
+                    granted = current_user.has_privileges_for?(params[:controller], params[:action])
 
                     # get the path to which the user is limited to
                     limited_path = current_user.has_role_limited_to_path?

data/app/controllers/lesli/interfaces/application/logger.rb

@@ -64,15 +64,14 @@ module Lesli
 
                 def log_account_requests
                     return unless Lesli.config.security.dig(:enable_analytics)
+                    return unless defined?(LesliAudit)
                     return unless current_user
-                    return unless session[:user_session_id]
 
                     # Try to save a unique record for this request configuration
-                    current_user.account.requests.upsert(
+                    current_user.account.audit.account_requests.upsert(
                         {
                             request_controller: controller_path,
                             request_action: action_name,
-                            request_method: request.method,
                             request_count: 1
                         },
                         
@@ -80,7 +79,7 @@ module Lesli
                         unique_by: %i[request_controller request_action created_at account_id],
 
                         # if request id is not unique, increase the counter for this configuration
-                        on_duplicate: Arel.sql("request_count = lesli_account_requests.request_count + 1")
+                        on_duplicate: Arel.sql("request_count = lesli_audit_account_requests.request_count + 1")
                     )
                 end
 
@@ -88,55 +87,32 @@ module Lesli
                 # this is disabled by default in the settings file
                 def log_user_requests
                     return unless Lesli.config.security.dig(:enable_analytics)
+                    return unless defined?(LesliAudit)
                     return unless current_user
                     return unless session[:user_session_id]
-
+                    
                     # Try to save a unique record for this request configuration
-                    current_user.requests.upsert(
+                    current_user.account.audit.user_requests.upsert(
                         {
-                            request_count: 1,
-                            session_id: session[:user_session_id]
+                            request_controller: controller_path,
+                            request_action: action_name,
+                            session_id: session[:user_session_id],
+                            user_id: current_user.id,
+                            request_count: 1
                         },
-                        
+                                
                         # group of columns to consider a request as unique
-                        unique_by: %i[created_at user_id session_id],
+                        unique_by: %i[request_controller request_action created_at user_id session_id],
 
                         # if request id is not unique
                         #   - increase the counter for this configuration
                         #   - update the datetime of the last request
                         on_duplicate: Arel.sql(
-                            'request_count = lesli_user_requests.request_count + 1,'\
-                            'updated_at = current_timestamp'
+                            'request_count = lesli_audit_user_requests.request_count + 1'
                         )
                     )
                 end
 
-                # Track user agents
-                # this is disabled by default in the settings file
-                def log_user_agent
-                    return unless Lesli.config.security.dig(:enable_analytics)
-                    return unless current_user
-                    return unless session[:user_session_id]
-
-                    user_agent = get_user_agent(false)
-
-                    # Try to save a unique record for this agent configuration
-                    current_user.agents.upsert(
-                        {
-                            os: user_agent[:os] || "unknown",
-                            platform: user_agent[:platform] || "unknown",
-                            browser: user_agent[:browser] || "unknown",
-                            version: user_agent[:version] || "unknown",
-                            count: 1
-                        },
-                        # group of columns to consider a agent as unique
-                        unique_by: %i[platform os browser version user_id],
-
-                        # if request id is not unique, increase the counter for this configuration
-                        on_duplicate: Arel.sql("count = lesli_user_agents.count + 1")
-                    )
-                end
-
                 # Track specific account activity
                 # this is disabled by default in the settings file
                 def log_account_activity(system_module, system_process, title = nil, payload = nil, description = nil)

data/app/controllers/lesli/interfaces/application/requester.rb

@@ -69,7 +69,7 @@ module Lesli
                     @query = {
                         search: params[:search] || nil,
                         pagination: {
-                            perPage: (params[:perPage] ? params[:perPage].to_i : 15),
+                            perPage: (params[:perPage] ? params[:perPage].to_i : 10),
                             page: (params[:page] ? params[:page].to_i : 1)
                         },
                         order: {

data/app/controllers/lesli/roles_controller.rb

@@ -36,7 +36,9 @@ module Lesli
 
         def list
             respond_to do |format|
-                format.json { respond_with_successful(RoleService.new(current_user, query).list(params)) }
+                format.json { 
+                    respond_with_successful(Role.list(current_user, query, params)) 
+                }
             end
         end
     end

data/app/controllers/lesli/shared/dashboards_controller.rb

@@ -0,0 +1,308 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+module Lesli
+    module Shared
+        class DashboardsController < ApplicationLesliController
+            before_action :set_dashboard, only: [:show, :update, :destroy, :options]
+
+            def index
+                respond_to do |format|
+                    format.html {}
+                    format.json do
+                        dynamic_info = self.class.dynamic_info
+                        model = dynamic_info[:model]
+
+                        dashboards = model.list(current_user, @query)
+                        respond_with_successful(dashboards)
+                    end
+                end
+            end
+
+            def show
+                respond_to do |format|
+                    format.html {}
+                    format.json do
+                        return respond_with_not_found unless @dashboard
+                        respond_with_successful(@dashboard.show)
+                    end
+                end
+            end
+
+            def new
+            end
+
+            def edit
+            end
+
+            # @controller_action_param :name [String] The name of the new dashboard
+            # @controller_action_param :default [Boolean] A flag that marks this dashboard as default or not. The default dashboard is the dashboard all users will have access to on the root page
+            # @controller_action_param :main    [Boolean] A flag that marks this dashboard as main. Since a user can have multiple dashboards, this is the one they will see on the root page when loging in
+            # @controller_action_param :roles_id [Integer] The id of the role that will have access to this dashboard
+            # @controller_action_param :user_main_id [Integer] The id of the user 
+            # @controller_action_param :component_attributes [Array] Array of hashes that represent the attributes of the dashboard components
+            # @controller_action_param :component_attributes.name [String] The name of this component given to the user
+            # @controller_action_param :component_attributes.component_id [String] An enum value, that indicates which component is being loaded
+            # @controller_action_param :component_attributes.layout [Integer] Number from 1 to 12, bigger numbers default to 12, smallest numbers default to 1. The column size that the UI component will use
+            # @controller_action_param :component_attributes.index [Integer] The position of the component in the layout
+            # @controller_action_param :component_attributes.configuration [Hash] Specific filtering and configuration of the components
+            # @return [Json] Json that contains wheter the creation of the dashboard was successful or not. 
+            #     If it is not successful, it returns an error message
+            # @description Creates a new dashboard associated to the *current_user*'s *account*
+            # @example
+            # # Executing this controller's action from javascript's frontend
+            #     let data = {
+            #         dashboard: {
+            #             name: "Sales Dashboard",
+            #             default: false,
+            #             roles_id: 3,
+            #             components_attributes: [
+            #                 {
+            #                     name: 'Projects Count',
+            #                     component_id: projects_component,
+            #                     layout: 4,
+            #                     index: 3,
+            #                     configuration: {}
+            #                 }, {
+            #                     name: 'New Customers Count',
+            #                     component_id: new_customers_component,
+            #                     layout: 4,
+            #                     index: 3,
+            #                     configuration: {}
+            #                 }
+            #             ]
+            #         }
+            #     };
+            #     this.http.post('127.0.0.1/help/dashboards', data);
+            def create
+                dynamic_info = self.class.dynamic_info
+                module_name = dynamic_info[:module_name]
+                model = dynamic_info[:model]
+                full_module_name = dynamic_info[:full_module_name].underscore
+
+                dashboard = model.new(dashboard_params)
+                dashboard["#{full_module_name}_account_id".to_sym] = current_user.account.id
+                dashboard.user_creator = current_user
+
+                if dashboard.save
+                    respond_with_successful(dashboard)
+                else
+                    respond_with_error(dashboard.errors.full_messages.to_sentence)
+                end
+            end
+
+            # @controller_action_param :name [String] The name of the new dashboard
+            # @controller_action_param :default [Boolean] A flag that marks this dashboard as default or not. The default dashboard is the dashboard all users will have access to on the root page
+            # @controller_action_param :main    [Boolean] A flag that marks this dashboard as main. Since a user can have multiple dashboards, this is the one they will see on the root page when loging in
+            # @controller_action_param :roles_id [Integer] The id of the role that will have access to this dashboard
+            # @controller_action_param :user_main_id [Integer] The id of the user 
+            # @controller_action_param :component_attributes [Array] Array of hashes that represent the attributes of the dashboard components
+            # @controller_action_param :component_attributes.name [String] The name of this component given to the user
+            # @controller_action_param :component_attributes.component_id [String] An enum value, that indicates which component is being loaded
+            # @controller_action_param :component_attributes.layout [Integer] Number from 1 to 12, bigger numbers default to 12, smallest numbers default to 1. The column size that the UI component will use
+            # @controller_action_param :component_attributes.index [Integer] The position of the component in the layout
+            # @controller_action_param :component_attributes.configuration [Hash] Specific filtering and configuration of the components
+            # @return [Json] Json that contains wheter the dashboard was successfully updated or not. 
+            #     If it it not successful, it returns an error message
+            # @description Updates an existing dashboard associated to the *current_user*'s *account*.
+            # @example
+            # # Executing this controller's action from javascript's frontend
+            # let dashboard_id = 4;
+            # let data = {
+            #     dashboard: {
+            #         name: "Sales Dashboard",
+            #         default: false,
+            #         roles_id: 3,
+            #         components_attributes: [
+            #             {
+            #                 name: 'Projects Count',
+            #                 component_id: projects_component,
+            #                 layout: 4,
+            #                 index: 3,
+            #                 configuration: {}
+            #             }, {
+            #                 name: 'New Customers Count',
+            #                 component_id: new_customers_component,
+            #                 layout: 4,
+            #                 index: 3,
+            #                 configuration: {}
+            #             }
+            #         ]
+            #     }
+            # };
+            # this.http.put(`127.0.0.1/help/dashboards/${dashboard_id}`, data);
+            def update
+                return respond_with_not_found unless @dashboard
+
+                if @dashboard.update(dashboard_params)
+                    respond_with_successful(@dashboard.show)
+                else
+                    respond_with_error(@dashboard.errors.full_messages.to_sentence)
+                end
+            end
+
+            # @return [Json] Json that contains wheter the dashboard was successfully deleted or not. 
+            #     If it it not successful, it returns an error message
+            # @description Deletes an existing *dashboard* associated to the *current_user*'s *account*.
+            #     Since the dashboard has details, these are also deleted. However, if there
+            #     is an existing *cloud_object* associated to the *dashboard*, it cannot be deleted
+            # @example
+            #     # Executing this controller's action from javascript's frontend
+            #     let dashboard_id = 4;
+            #     this.http.delete(`127.0.0.1/help/dashboards/${dashboard_id}`);
+            def destroy
+                return respond_with_not_found unless @dashboard
+
+                if @dashboard.destroy
+                    respond_with_successful
+                else
+                    respond_with_error(@dashboard.errors.full_messages.to_sentence)
+                end
+            end
+
+            def options
+                dynamic_info = self.class.dynamic_info
+                model = dynamic_info[:module_model]
+
+                respond_with_successful(model.options(current_user, @query))
+            end
+
+            def resource_component
+                dynamic_info = self.class.dynamic_info
+                component_model = dynamic_info[:component_model]
+
+                component_id = sanitize(params[:component_id].to_sym)
+
+                # We verify if the method exists, and if it is in the available component list
+                if component_model.respond_to?(component_id) && component_model.component_ids[component_id]
+                    respond_with_successful(component_model.public_send(component_id, current_user, @query))
+                else
+                    respond_with_not_found()
+                end
+            end
+
+            private
+
+            # @return [void]
+            # @description Sets the variable @dashboard. The variable contains the *cloud_object* *dashboard* 
+            #     to be handled by the controller action that called this method
+            # @example
+            #     #suppose params[:id] = 1
+            #     puts @dashboard # will display nil
+            #     set_dashboard
+            #     puts @dashboard # will display an instance of CloudHelp:TicketDashboard
+            def set_dashboard
+                dynamic_info = self.class.dynamic_info
+
+                model = dynamic_info[:module_model]
+                module_name = dynamic_info[:module_name]
+                module_name_full = dynamic_info[:module_name_full].underscore
+
+                # When params[:id] is 'default' order of priority is:
+                # Main dashboard for user goes first
+                # Main dashboard for role goes second
+                # Default dashboard goes third
+                if params[:id] == "default"
+                    # Main dashboard for user
+                    @dashboard = model.find_by(
+                        #"#{full_module_name}_account_id".to_sym => current_user.account.id,
+                        account_id: current_user.account.id,
+                        main: true,
+                        #user_main_id: current_user.id
+                    )
+
+                    return if @dashboard
+                    
+                    # Main dashboard for role
+                    # @dashboard = model.find_by(
+                    #     :account_id => current_user.account.id,
+                    #     role_id: current_user.roles.first.id
+                    # )
+                    # return if @dashboard
+
+                    # Default dashboard
+                    @dashboard = model.find_by(
+                        account_id: current_user.account.id,
+                        default: true
+                    )
+                else
+                    @dashboard = model.find_by(
+                        id: params[:id],
+                        :account_id => current_user.account.id,
+                    )
+                end
+            end
+
+            def dashboard_params
+                params.require(:dashboard).permit(
+                    :name,
+                    :default,
+                    :roles_id,
+                    components_attributes: [
+                        :id,
+                        :name,
+                        :component_id,
+                        :layout,
+                        :index,
+                        {query_configuration: {}},
+                        {custom_configuration: {}},
+                        :_destroy
+                    ]
+                )
+            end
+
+            private
+
+            # Build the Rails models and engine information for 
+            # the current engine implementing the shared dashboards
+            # Example: For the LesliAudit engine
+            # {
+            #     :module_name => "audit", 
+            #     :module_name_full => "LesliAudit", 
+            #     :module_model => "LesliAudit::Dashboard", 
+            #     :module_model_component => "LesliAudit::Dashboard::Component"
+            # }
+            def self.dynamic_info
+
+                module_info = self.name.split("::")
+
+                module_name = module_info[0].sub("Lesli", "").downcase
+                
+                {
+                    module_name: module_name,
+                    module_name_full: module_info[0],
+                    module_model: "#{ module_info[0] }::Dashboard".constantize,
+                    module_model_component: "#{ module_info[0] }::Dashboard::Component".constantize
+                }
+            end
+        end
+    end
+end

data/app/controllers/users/confirmations_controller.rb

@@ -1,30 +1,66 @@
 # frozen_string_literal: true
-
 class Users::ConfirmationsController < Devise::ConfirmationsController
-  # GET /resource/confirmation/new
-  # def new
-  #   super
-  # end
-
-  # POST /resource/confirmation
-  # def create
-  #   super
-  # end
-
-  # GET /resource/confirmation?confirmation_token=abcdef
-  # def show
-  #   super
-  # end
-
-  # protected
-
-  # The path used after resending confirmation instructions.
-  # def after_resending_confirmation_instructions_path_for(resource_name)
-  #   super(resource_name)
-  # end
-
-  # The path used after confirmation.
-  # def after_confirmation_path_for(resource_name, resource)
-  #   super(resource_name, resource)
-  # end
+
+    def show
+
+        # delete all previus messages
+        flash.clear
+
+        # get the confirmation token sent through get params
+        token = params[:confirmation_token]
+
+        # validate that token were sent
+        if token.blank?
+            return flash[:danger] = I18n.t("core.users/confirmations.messages_warning_invalid_token")
+        end
+
+        # check if token belongs to a unconfirmed user
+        user = Lesli::User.find_by(:confirmation_token => token, :confirmed_at => nil)
+
+        # validate that user were found
+        if user.blank?
+            return flash[:danger] = I18n.t("core.users/confirmations.messages_warning_invalid_token")
+        end
+
+        # register a log with a validation atempt for the user
+        log = user.logs.create({ description: "confirmation_atempt_successful" })
+
+        registration_operator = Lesli::UserRegistrationOperator.new(user)
+
+        # confirm the user
+        registration_operator.confirm
+
+        # let the user knows that the confirmation is done
+        flash[:success] = I18n.t("core.users/confirmations.messages_success_email_updated")
+        
+        # if new account, launch account onboarding in another thread, 
+        # so the user can continue with the registration process
+        registration_operator.create_account if user.account.blank?
+        #Thread.new { registration_operator.create_account } if user.account.blank?
+
+    end
+
+    
+    # @controller_action_param :email [String] The registered user email
+    # @return [Json] Json that contains wheter the email confirmation was sent or not. 
+    #     If it is not successful, it returs an error message
+    # @description Resends a email confirmation an already registered user
+    # @example
+    #     # Executing this controller's action from javascript's frontend
+    #     let email = 'john.doe@email.com';
+    #     let data = {
+    #         user: {
+    #             email: email
+    #         }
+    #     };
+    #     this.http.post('127.0.0.1/conformation', data);
+    def create
+        super do |resource|
+            if successfully_sent?(resource)
+                return respond_with_successful
+            else
+                return respond_with_error(resource.errors.full_messages.to_sentence)
+            end
+        end
+    end
 end

data/app/controllers/users/passwords_controller.rb

@@ -1,34 +1,71 @@
 # frozen_string_literal: true
 
 class Users::PasswordsController < Devise::PasswordsController
-  # GET /resource/password/new
-  # def new
-  #   super
-  # end
-
-  # POST /resource/password
-  # def create
-  #   super
-  # end
-
-  # GET /resource/password/edit?reset_password_token=abcdef
-  # def edit
-  #   super
-  # end
-
-  # PUT /resource/password
-  # def update
-  #   super
-  # end
-
-  # protected
-
-  # def after_resetting_password_path_for(resource)
-  #   super(resource)
-  # end
-
-  # The path used after sending reset password instructions
-  # def after_sending_reset_password_instructions_path_for(resource_name)
-  #   super(resource_name)
-  # end
+
+    # Sends an email with a token, so the user can reset their password
+    def create
+
+        if params[:user].blank?
+            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        if params[:user][:email].blank?
+            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        user = Lesli::User.find_by(:email => params[:user][:email])
+
+        if user.blank?
+            # Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email", {
+            #     email: (params[:user][:email] || "")
+            # })
+            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
+        end
+
+        unless user.active
+            # user.logs.create({title: "password_creation_failed", description: "user_not_active"})
+            # Account::Activity.log("core", "/password/create", "password_creation_failed", "user_not_active")
+            return respond_with_error(I18n.t("core.users/passwords.messages_danger_inactive_user"))
+        end
+
+        token = user.generate_password_reset_token
+
+        #user.logs.create({ title: "password_creation_successful" })
+
+        begin
+            Lesli::DeviseMailer.reset_password_instructions(user, token).deliver_now
+            respond_with_successful
+        rescue => exception
+            #Honeybadger.notify(exception)
+            respond_with_error(exception.message)
+        end
+    end
+
+    def update
+        super do |resource|
+
+            # check if password update was ok
+            if resource.errors.empty?
+
+                # reset password expiration due the user just updated his password
+                if resource.has_expired_password?
+                    resource.update(password_expiration_at: nil)
+                end
+
+                resource.logs.create(title: "password_reset_successful")
+
+                return respond_with_successful
+
+            else
+
+                resource.logs.create(title: "password_reset_error") if resource.id
+
+                return respond_with_error(resource.errors.full_messages.to_sentence)
+
+            end
+
+        end
+    end
 end

data/app/controllers/users/sessions_controller.rb

@@ -89,7 +89,8 @@ class Users::SessionsController < Devise::SessionsController
 
 
         # create a new session for the user
-        current_session = Lesli::User::SessionService.new(user).create(get_user_agent, request.remote_ip)
+        current_session = Lesli::UserSessionService.new(user)
+        .create(get_user_agent(false), request.remote_ip)
 
         # make session id globally available
         session[:user_session_id] = current_session[:id]
@@ -109,9 +110,6 @@ class Users::SessionsController < Devise::SessionsController
         # respond successful and send the path user should go
         #respond_with_successful({ default_path: user.has_role_with_default_path?() })
         respond_with_successful({ default_path: "/" })
-
-        log_user_agent()
-
     end
 
     private