lesli_security 0.3.0

data/app/controllers/lesli_security/role/activities_controller.rb

@@ -0,0 +1,76 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS development platform.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+
+=end
+
+module LesliSecurity
+    class Role::ActivitiesController < ApplicationController
+        # @return [HTML|JSON] HTML view for listing all activities associated to a *role*
+        # @description Retrieves and returns all the activities associated to a *Role*.
+        # The HTTP request has to specify wheter the HTML or the JSON text should be rendered
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     this.http.get(`127.0.0.1/administration/roles/1/activities.json`);
+        def index
+            respond_to do |format|
+                format.html {}
+                format.json do
+                    return respond_with_not_found unless @role
+
+                    respond_with_successful(Role::Activity.index(@role, @query))
+                end
+            end
+        end
+
+        # @return [Json] Json that contains all the information needed to create a new role_activity
+        # @description Retrieves and retuns all the information needed to create a new role_activity,
+        #     including the list of companies and contacts.
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     this.http.get('127.0.0.1/house/options/projects')
+        def options
+            respond_with_successful(Role::Activity.options(current_user, @query))
+        end
+        
+        private
+        
+        # @return [void]
+        # @description Sets the requested user based on the current_users's account
+        # @example
+        #     # Executing this method from a controller action:
+        #     set_role
+        #     puts @role
+        #     # This will either display nil or an instance of Role
+        def set_role
+            @role = current_user.account.roles.find_by(id: params[:role_id])
+        end
+    end
+end

data/app/controllers/lesli_security/role/descriptors_controller.rb

@@ -0,0 +1,97 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliSecurity
+    class Role::DescriptorsController < ApplicationController
+        before_action :set_role, only: %i[ index show update create destroy ]
+        before_action :set_role_descriptor, only: %i[ show update destroy ]
+
+        def index 
+            respond_with_successful(RoleDescriptorService.new(current_user).index(@role))
+        end
+
+        # POST /role/descriptors
+        def create
+
+            system_descriptor = Lesli::Descriptor.find_by(:id => role_descriptor_params[:id])
+            role_power = @role.powers.with_deleted.find_or_create_by(:descriptor => system_descriptor)
+
+            role_power.recover if role_power.deleted?
+            
+            respond_with_successful(role_power)
+        end
+
+        def update
+
+            # Get the descriptor we want to take the privileges to be activated and added
+            # into the role, this can be done through the role power table
+            system_descriptor = Lesli::Descriptor.find_by(:id => role_descriptor_params[:id])
+
+            # Check if the descriptor is already added to the role, if not, we create the new record
+            # assigning the descriptor to the role as power 
+            role_power = @role.powers.with_deleted.find_or_create_by(:descriptor => system_descriptor)
+
+            # Now we update the privileges that the role wants to inherit from the privileges
+            # available in the descriptor
+            respond_with_successful(role_power.update(role_descriptor_params))
+        end
+
+        # DELETE /role/descriptors/1
+        def destroy
+            return respond_with_not_found unless @role_descriptor
+
+            if @role_descriptor.destroy
+                #Role::Activity.log_destroy_descriptor(current_user, @role, @role_descriptor)
+                respond_with_successful
+            else
+                respond_with_error(@role_descriptor.errors.full_messages.to_sentence)
+            end
+        end
+
+        private
+
+        def set_role
+            @role = current_user.account.roles.find_by(id: params[:role_id])
+        end
+
+        def set_role_descriptor
+            return respond_with_not_found unless @role 
+            @role_descriptor = @role.powers.find_by(descriptor_id: params[:id])
+            #@role_descriptor = @role.descriptors.find_by(system_descriptors_id: params[:id])
+        end
+
+        # Only allow a list of trusted parameters through.
+        def role_descriptor_params
+            params.require(:role_descriptor).permit(:id, :pindex, :plist, :pshow, :pcreate, :pupdate, :pdestroy)
+        end
+    end
+end

data/app/controllers/lesli_security/role/privileges_controller.rb

@@ -0,0 +1,47 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliSecurity
+    class Role::PrivilegesController < ApplicationController
+        before_action :set_role, only: %i[ index ]
+
+        def index 
+            respond_with_successful(RoleDescriptorService.new(current_user).privileges(@role))
+        end
+
+        private
+
+        def set_role
+            @role = current_user.account.roles.find_by(id: params[:role_id])
+        end
+    end
+end

data/app/controllers/lesli_security/roles_controller.rb

@@ -0,0 +1,185 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliSecurity
+    class RolesController < ApplicationController
+        before_action :set_role, only: %i[ show update destroy ]
+
+        def index
+            respond_to do |format|
+                format.html { }
+                format.json {
+                    respond_with_successful(RoleService.new(current_user, query).index)
+                    #respond_with_pagination(RoleService.new(current_user, query).index)
+                }
+            end
+        end
+
+        def show
+            respond_to do |format|
+                format.html {  }
+                format.json { respond_with_successful(@role.show) }
+            end
+        end
+
+        # @return [HTML] HTML view for creating a new role
+        # @description returns an HTML view with a form so users can create a new role
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     this.url.go('/roles/new')
+        def new
+        end
+
+        # @return [HTML] HTML view for editing the role
+        # @description returns an HTML view with a form so users edit an existing role
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     let role_id = 3;
+        #     this.url.go(`/roles/${role_id}/edit`)
+        def edit
+        end
+
+        # @return [Json] Json that contains wheter the creation of the role was successful or not.
+        #     If it is not successful, it returns an error message
+        # @description Creates a new role associated to the *current_user*'s *account*.
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     let data = {
+        #         role: {
+        #             name: "Change Request"
+        #         }
+        #     };
+        #     this.http.post('127.0.0.1/house/roles', data);
+        def create
+
+            role = RoleService.new(current_user).create(role_params)
+
+            if role.successful?
+                respond_with_successful(role.result) 
+            else
+                respond_with_error(role.errors_as_sentence)
+            end
+        end
+
+        # @controller_action_param :name [String] The name of the role
+        # @return [Json] Json that contains wheter the role was successfully updated or not.
+        #     If it it not successful, it returns an error message
+        # @description Updates an existing role associated to the *current_user*'s *account*.
+        def update
+            # Respond with 404 if role was not found
+            return respond_with_not_found unless @role.found?
+
+            # check if current user can work with role
+            unless current_user.can_work_with_role?(@role.resource)
+                return respond_with_error(I18n.t("core.roles.messages_danger_updating_role_object_level_permission_too_high"))
+            end
+
+            # Update role information
+            @role.update(role_params)
+
+            # check if the update went OK
+            unless @role.successful?
+                respond_with_error(@role.errors)
+            end
+
+            respond_with_successful(@role)
+        end
+
+        # @return [Json] Json that contains wheter the role was successfully deleted or not.
+        #     If it it not successful, it returns an error message
+        # @description Deletes an existing *role* associated to the *current_user*'s *account*.
+        def destroy
+            return respond_with_not_found unless @role.found?
+
+            # Validation: check if the role has still associated users
+            if @role.has_users?
+                return respond_with_error(I18n.t("core.roles.messages_danger_users_assigned_validation"))
+            end
+
+            @role.destroy
+
+            # Check if the deletion went ok
+            unless @role.successful?
+                return respond_with_error(@role.errors)
+            end
+
+            respond_with_successful
+        end
+
+        # @return [JSON]
+        # @description Gets all the specific options for roles CRUD
+        def options
+            respond_with_successful(RoleService.new(current_user).options)
+        end
+
+        private
+
+        # @return [void]
+        # @description Sets the requested user based on the current_users's account
+        # @example
+        #     # Executing this method from a controller action:
+        #     set_role
+        #     puts @role
+        #     # This will either display nil or an instance of Role
+        def set_role
+            @role = RoleService.new(current_user, @query).find(params[:id])
+            return respond_with_not_found unless @role.found?
+        end
+
+        # @return [Parameters] Allowed parameters for the role
+        # @description Sanitizes the parameters received from an HTTP call to only allow the specified ones.
+        #     Allowed params are detail_attributes: [:name, :active, :object_level_permission]
+        # @example
+        #     # suppose params contains {
+        #     #    "role": {
+        #     #        "name": "Admin",
+        #     #        "word": Hello
+        #     #    }
+        #     #}
+        #     filtered_params = role_params
+        #     puts filtered_params
+        #     # will remove all unpermitted attributes and only print {
+        #     #    "name": "Admin",
+        #     #}
+        def role_params
+            params.fetch(:role, {}).permit(
+                :name,
+                :active,
+                :only_my_data,
+                :default_path,
+                :limit_to_path,
+                :object_level_permission
+            )
+        end
+
+    end
+end

data/app/controllers/lesli_security/user/roles_controller.rb

@@ -0,0 +1,98 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliSecurity
+    class User::RolesController < ApplicationController
+        before_action :set_user, only: [:index, :create, :destroy]
+        before_action :set_user_role, only: [:destroy]
+
+        # Get the list of assigned roles of the requested user
+        # we filter the roles according to the object level permission
+        # of the current_user
+        def index 
+            respond_with_successful(@user.available_roles)
+        end
+
+        def create
+
+            # get the role to assign to the user
+            role = current_user.account.roles.find(user_role_params[:id])
+
+            unless current_user.can_work_with_role?(role)
+                return respond_with_error(I18n.t("core.roles.messages_danger_cannot_assign_level_of_role"))
+            end
+
+            # create new role for user if it does not exist
+            user_role = @user.result.powers.with_deleted.find_or_create_by({ role: role })
+
+            # if role was soft deleted we need to recover it instead of create a new record
+            user_role.recover if user_role.deleted?
+
+            respond_with_successful()
+
+            #User.log_activity_create_user_role(current_user, @user, role)
+        end
+
+        # DELETE /user/:user_id/roles/:role_id
+        def destroy
+
+            # get the role to assign to the user
+            role = current_user.account.roles.find(@user_role.role.id)
+
+            unless current_user.can_work_with_role?(role)
+                return respond_with_error(I18n.t("core.roles.messages_danger_cannot_modify_role"))
+            end
+
+            @user_role.destroy
+
+            respond_with_successful()
+
+            #User.log_activity_destroy_user_role(current_user, @user, role)
+        end
+
+        private
+
+        # Use callbacks to share common setup or constraints between actions.
+        def set_user
+            @user = UserService.new(current_user).find(params[:user_id])
+        end
+
+        def set_user_role
+            @user_role = @user.result.powers.find_by(:role_id => params[:id])
+        end
+
+        # Only allow a trusted parameter "white list" through.
+        def user_role_params
+            params.require(:user_role).permit(:id)
+        end
+    end
+end

data/app/controllers/lesli_security/user/sessions_controller.rb

@@ -0,0 +1,71 @@
+=begin
+
+Lesli
+
+Copyright (c) 2023, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by https://www.lesli.tech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliSecurity
+    class User::SessionsController < ApplicationController
+        before_action :set_user_session, only: [:destroy]
+
+        # GET /user/sessions
+        def index
+            respond_to do |format|
+                format.html {}
+                format.json do
+                    return respond_with_pagination(UserService.new(current_user, query).sessions(session[:user_session_id]))
+                end
+            end
+        end
+
+        # DELETE /user/sessions/1
+        def destroy
+            return respond_with_not_found unless @user_session
+
+            if @user_session.delete
+                current_user.logs.create({title: "close_session",description: "by_user: " + current_user.email})
+                respond_with_successful
+            else
+                respond_with_error(@user_session.errors.full_messages.to_sentence)
+            end
+        end
+
+        private
+
+        # Use callbacks to share common setup or constraints between actions.
+        def set_user_session
+            @user_session = User::Session.find_by(id: params[:id])
+        end
+
+        # Only allow a trusted parameter "white list" through.
+        def user_session_params
+            params.require(:user_session).permit(:id,)
+        end
+    end
+end