lesli_shield 0.1.1 → 1.0.1

data/app/assets/stylesheets/lesli_shield/users.css

@@ -0,0 +1 @@
+

data/app/controllers/lesli_shield/application_controller.rb

@@ -1,4 +1,4 @@
 module LesliShield
-  class ApplicationController < ActionController::Base
-  end
+    class ApplicationController < ::Lesli::ApplicationLesliController
+    end
 end

data/app/controllers/lesli_shield/dashboards_controller.rb

@@ -1,4 +1,11 @@
 module LesliShield
-    class DashboardsController < Lesli::Shared::DashboardsController
+    class DashboardsController < ApplicationController
+        before_action :set_session, only: %i[  ]
+
+        def index
+        end
+
+        def show
+        end
     end
 end

data/app/controllers/lesli_shield/role/actions_controller.rb

@@ -0,0 +1,46 @@
+module LesliShield
+    class Role::ActionsController < ApplicationController
+        before_action :set_role_action, only: %i[update destroy ]
+
+        def update
+            # check saved
+            if @role_action.result.recover
+                success("Role privileges added successfully!")
+                respond_to do |format|
+                    format.turbo_stream
+                    render turbo_stream: turbo_stream.replace("application-lesli-notifications", partial: "lesli/partials/application-lesli-notifications")
+                    #format.html { redirect_to role_path(@role_action.role_id) }
+                end
+            else 
+                respond_with_error(@user.errors)
+            end
+        end
+
+        def destroy
+            # check saved
+            if @role_action.result.destroy
+                # success("Role privileges removed successfully!")
+                # respond_to do |format|
+                #     format.turbo_stream
+                #     #format.html { redirect_to role_path(@role_action.role_id) }
+                # end
+                return "hola"
+            else 
+                respond_with_error(@user.errors)
+            end
+        end
+
+        private
+
+        # Use callbacks to share common setup or constraints between actions.
+        def set_role_action
+            @role_action = Lesli::Role::ActionService.new(current_user).find(params[:id])
+        end
+
+        def role_action_params
+            params.require(:role_action).permit(
+                :role_id
+            )
+        end
+    end
+end

data/app/controllers/lesli_shield/roles_controller.rb

@@ -0,0 +1,182 @@
+=begin
+
+Lesli
+
+Copyright (c) 2025, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by LesliTech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+module LesliShield
+    class RolesController < ApplicationController
+        before_action :set_role, only: %i[ show update destroy ]
+
+        def index
+            @roles = respond_as_pagination(Lesli::RoleService.new(current_user, query).index)
+        end
+
+        def show
+            @role = @role.show
+            @role_actions = Lesli::Role::ActionService.new(current_user, query).index(nil)
+        end
+
+        # @return [HTML] HTML view for creating a new role
+        # @description returns an HTML view with a form so users can create a new role
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     this.url.go('/roles/new')
+        def new
+        end
+
+        # @return [HTML] HTML view for editing the role
+        # @description returns an HTML view with a form so users edit an existing role
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     let role_id = 3;
+        #     this.url.go(`/roles/${role_id}/edit`)
+        def edit
+        end
+
+        # @return [Json] Json that contains wheter the creation of the role was successful or not.
+        #     If it is not successful, it returns an error message
+        # @description Creates a new role associated to the *current_user*'s *account*.
+        # @example
+        #     # Executing this controller's action from javascript's frontend
+        #     let data = {
+        #         role: {
+        #             name: "Change Request"
+        #         }
+        #     };
+        #     this.http.post('127.0.0.1/house/roles', data);
+        def create
+
+            role = RoleService.new(current_user).create(role_params)
+
+            if role.successful?
+                respond_with_successful(role.result) 
+            else
+                respond_with_error(role.errors_as_sentence)
+            end
+        end
+
+        # @controller_action_param :name [String] The name of the role
+        # @return [Json] Json that contains wheter the role was successfully updated or not.
+        #     If it it not successful, it returns an error message
+        # @description Updates an existing role associated to the *current_user*'s *account*.
+        def update
+            # Respond with 404 if role was not found
+            return respond_with_not_found unless @role.found?
+
+            # check if current user can work with role
+            # unless current_user.can_work_with_role?(@role.resource)
+            #     return respond_with_error(I18n.t("core.roles.messages_danger_updating_role_object_level_permission_too_high"))
+            # end
+
+            # Update role information
+            @role.update(role_params)
+
+            # check if the update went OK
+            if @role.successful?
+                success("Role updated successfully!")
+                respond_to do |format|
+                    format.turbo_stream
+                    format.html { redirect_to @role }
+                end
+            else
+                respond_with_error(@role.errors)
+            end
+        end
+
+        # @return [Json] Json that contains wheter the role was successfully deleted or not.
+        #     If it it not successful, it returns an error message
+        # @description Deletes an existing *role* associated to the *current_user*'s *account*.
+        def destroy
+            return respond_with_not_found unless @role.found?
+
+            # Validation: check if the role has still associated users
+            if @role.has_users?
+                return respond_with_error(I18n.t("core.roles.messages_danger_users_assigned_validation"))
+            end
+
+            @role.destroy
+
+            # Check if the deletion went ok
+            unless @role.successful?
+                return respond_with_error(@role.errors)
+            end
+
+            respond_with_successful
+        end
+
+        # @return [JSON]
+        # @description Gets all the specific options for roles CRUD
+        def options
+            respond_with_successful(RoleService.new(current_user).options)
+        end
+
+        private
+
+        # @return [void]
+        # @description Sets the requested user based on the current_users's account
+        # @example
+        #     # Executing this method from a controller action:
+        #     set_role
+        #     puts @role
+        #     # This will either display nil or an instance of Role
+        def set_role
+            @role = Lesli::RoleService.new(current_user, @query).find(params[:id])
+            return respond_with_not_found unless @role.found?
+        end
+
+        # @return [Parameters] Allowed parameters for the role
+        # @description Sanitizes the parameters received from an HTTP call to only allow the specified ones.
+        #     Allowed params are detail_attributes: [:name, :active, :object_level_permission]
+        # @example
+        #     # suppose params contains {
+        #     #    "role": {
+        #     #        "name": "Admin",
+        #     #        "word": Hello
+        #     #    }
+        #     #}
+        #     filtered_params = role_params
+        #     puts filtered_params
+        #     # will remove all unpermitted attributes and only print {
+        #     #    "name": "Admin",
+        #     #}
+        def role_params
+            params.require(:role).permit(
+                :name,
+                :active,
+                :description,
+                :path_default,
+                :path_limited,
+                :isolated,
+                :permission_level
+            )
+        end
+
+    end
+end

data/app/controllers/lesli_shield/sessions_controller.rb

@@ -0,0 +1,67 @@
+module LesliShield
+  class SessionsController < ApplicationController
+    before_action :set_session, only: %i[ show edit update destroy ]
+
+    # GET /sessions
+    def index
+        respond_to do |format|
+            format.html {
+                @sessions = respond_as_pagination(Lesli::User::SessionService.new(current_user, query).index())
+            }
+            format.json { 
+                respond_with_pagination(UserSessionService.new(current_user, query).index())
+            }
+        end
+    end
+
+    # GET /sessions/1
+    def show
+    end
+
+    # GET /sessions/new
+    def new
+      @session = Session.new
+    end
+
+    # GET /sessions/1/edit
+    def edit
+    end
+
+    # POST /sessions
+    def create
+      @session = Session.new(session_params)
+
+      if @session.save
+        redirect_to @session, notice: "Session was successfully created."
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    # PATCH/PUT /sessions/1
+    def update
+      if @session.update(session_params)
+        redirect_to @session, notice: "Session was successfully updated.", status: :see_other
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    # DELETE /sessions/1
+    def destroy
+      @session.destroy!
+      redirect_to sessions_path, notice: "Session was successfully destroyed.", status: :see_other
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_session
+        @session = Session.find(params.expect(:id))
+      end
+
+      # Only allow a list of trusted parameters through.
+      def session_params
+        params.fetch(:session, {})
+      end
+  end
+end

data/app/controllers/lesli_shield/settings_controller.rb

@@ -0,0 +1,61 @@
+module LesliShield
+    class SettingsController < ApplicationController
+        #before_action :set_setting, only: %i[ show edit update destroy ]
+
+        # GET /settings
+        def index
+            @settings = Setting.all
+        end
+
+        # GET /settings/1
+        def show
+        end
+
+        # GET /settings/new
+        def new
+            @setting = Setting.new
+        end
+
+        # GET /settings/1/edit
+        def edit
+        end
+
+        # POST /settings
+        def create
+            @setting = Setting.new(setting_params)
+
+            if @setting.save
+                redirect_to @setting, notice: "Setting was successfully created."
+            else
+                render :new, status: :unprocessable_entity
+            end
+        end
+
+        # PATCH/PUT /settings/1
+        def update
+            if @setting.update(setting_params)
+                redirect_to @setting, notice: "Setting was successfully updated.", status: :see_other
+            else
+                render :edit, status: :unprocessable_entity
+            end
+        end
+
+        # DELETE /settings/1
+        def destroy
+            @setting.destroy!
+            redirect_to settings_path, notice: "Setting was successfully destroyed.", status: :see_other
+        end
+
+        private
+
+        # Use callbacks to share common setup or constraints between actions.
+        def set_setting
+            @setting = Setting.find(params.expect(:id))
+        end
+
+        # Only allow a list of trusted parameters through.
+        def setting_params
+            params.fetch(:setting, {})
+        end
+    end
+end

data/app/controllers/lesli_shield/users_controller.rb

@@ -0,0 +1,90 @@
+module LesliShield
+    class UsersController < ApplicationController
+        before_action :set_user, only: %i[ show edit update destroy ]
+
+        # GET /users
+        def index
+            @users = respond_as_pagination(Lesli::UserService.new(current_user, query).index(params))
+        end
+
+        # GET /users/1
+        def show
+            @activities = @user.result.activities.order(id: :desc).map { |a| {
+                id: a[:id],
+                title: a[:title].titleize,
+                description: a[:description],
+                date: Date2.new(a[:created_at]).date_words
+            }}
+            @sessions = @user.result.sessions
+            @user = @user.show
+        end
+
+        # GET /users/new
+        def new
+            @user = User.new
+        end
+
+        # GET /users/1/edit
+        def edit
+        end
+
+        # POST /users
+        def create
+            @user = User.new(user_params)
+
+            if @user.save
+                redirect_to @user, notice: "User was successfully created."
+            else
+                render :new, status: :unprocessable_entity
+            end
+        end
+
+        # PATCH/PUT /users/1
+        def update
+
+            # check if the user trully exists
+            return respond_with_not_found unless @user.found?
+
+            # update the user information
+            @user.update(user_params)
+
+            # check saved
+            if @user.successful?
+                success("User updated successfully!")
+                respond_to do |format|
+                    format.turbo_stream
+                    format.html { redirect_to @user }
+                end
+            else 
+                respond_with_error(@user.errors)
+            end
+        end
+
+        # DELETE /users/1
+        def destroy
+            @user.destroy!
+            redirect_to users_path, notice: "User was successfully destroyed.", status: :see_other
+        end
+
+        private
+
+        # Use callbacks to share common setup or constraints between actions.
+        def set_user
+            @user = Lesli::UserService.new(current_user).find(params[:id])
+        end
+
+        # Only allow a list of trusted parameters through.
+        def user_params
+            params.require(:user).permit(
+                :active,
+                :email,
+                :alias,
+                :title,
+                :roles_id,
+                :first_name,
+                :last_name,
+                :telephone
+            )
+        end
+    end
+end

data/app/controllers/users/confirmations_controller.rb

@@ -23,7 +23,8 @@ class Users::ConfirmationsController < Devise::ConfirmationsController
         end
 
         # register a log with a validation atempt for the user
-        log = user.logs.create({ description: "confirmation_atempt_successful" })
+        activity = user.activities.create({ title: "user_confirmation", description: "Confirmation process started" })
+        
 
         registration_operator = Lesli::UserRegistrationOperator.new(user)
 

data/app/controllers/users/passwords_controller.rb

@@ -4,48 +4,52 @@ class Users::PasswordsController < Devise::PasswordsController
 
     # Sends an email with a token, so the user can reset their password
     def create
+        begin
 
-        if params[:user].blank?
-            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
-            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
-        end
+            if params[:user].blank?
+                #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+                raise(I18n.t("core.shared.messages_warning_user_not_found"))
+            end
 
-        if params[:user][:email].blank?
-            #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
-            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
-        end
+            if params[:user][:email].blank?
+                #Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email")
+                raise(I18n.t("core.shared.messages_warning_user_not_found"))
+            end
 
-        user = Lesli::User.find_by(:email => params[:user][:email])
+            user = Lesli::User.find_by(:email => params[:user][:email])
 
-        if user.blank?
-            # Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email", {
-            #     email: (params[:user][:email] || "")
-            # })
-            return respond_with_error(I18n.t("core.shared.messages_warning_user_not_found"))
-        end
+            if user.blank?
+                # Account::Activity.log("core", "/password/create", "password_creation_failed", "no_valid_email", {
+                #     email: (params[:user][:email] || "")
+                # })
+                raise(I18n.t("core.shared.messages_warning_user_not_found"))
+            end
 
-        unless user.active
-            # user.logs.create({title: "password_creation_failed", description: "user_not_active"})
-            # Account::Activity.log("core", "/password/create", "password_creation_failed", "user_not_active")
-            return respond_with_error(I18n.t("core.users/passwords.messages_danger_inactive_user"))
-        end
+            unless user.active
+                user.activities.create({title: "password_creation_failed", description: "user_not_active"})
+                # Account::Activity.log("core", "/password/create", "password_creation_failed", "user_not_active")
+                raise(I18n.t("core.users/passwords.messages_danger_inactive_user"))
+            end
 
-        token = user.generate_password_reset_token
+            token = user.generate_password_reset_token
 
-        #user.logs.create({ title: "password_creation_successful" })
+            user.activities.create({ title: "password_create", description: "Password reset instructions sent" })
 
-        begin
             Lesli::DeviseMailer.reset_password_instructions(user, token).deliver_now
-            respond_with_successful
+            success(I18n.t("core.users/passwords.messages_success"))
+            redirect_to(new_user_password_path)
         rescue => exception
             #Honeybadger.notify(exception)
-            respond_with_error(exception.message)
+            danger(exception.message)
+            redirect_to(new_user_password_path)
         end
     end
 
     def update
         super do |resource|
 
+            logs = resource.activities.new({ title: "password_reset", description:"atempt" })
+
             # check if password update was ok
             if resource.errors.empty?
 
@@ -54,18 +58,10 @@ class Users::PasswordsController < Devise::PasswordsController
                     resource.update(password_expiration_at: nil)
                 end
 
-                resource.logs.create(title: "password_reset_successful")
-
-                return respond_with_successful
-
+                logs.update({ description: "successful" })
             else
-
-                resource.logs.create(title: "password_reset_error") if resource.id
-
-                return respond_with_error(resource.errors.full_messages.to_sentence)
-
+                logs.update({ description: resource.errors.full_messages.to_sentence })
             end
-
         end
     end
 end

data/app/controllers/users/registrations_controller.rb

@@ -42,35 +42,34 @@ class Users::RegistrationsController < Devise::RegistrationsController
     # end
 
     def create
-
-        # # Check if instance allow multi-account
-        # if !Rails.application.config.lesli.dig(:security, :allow_registration)
-        #     respond_with_error(I18n.t("core.users/registrations.messages_error_registration_not_allowed"))
-        #     return
-        # end
-
-        # # Validate user is unique
-        # if ::User.with_deleted.find_by(email: sign_up_params["email"])
-        #     return respond_with_error(I18n.t("core.users/registrations.messages_info_user_already_exists"))
-        # end
-
-        # build new user
-        user = build_resource(sign_up_params)
-
-        # run password complexity validations
-        #user_validator = UsersValidator.new(user).password_complexity(sign_up_params[:password])
-
-        # return if there are errors with the complexity validations
-        # unless user_validator.valid?
-        #     return respond_with_error("password_complexity_error", password_complexity.failures)
-        # end
-
-        # persist new user
-        if user.save
-            respond_with_successful()
-        else
-            respond_with_error(user.errors.full_messages.to_sentence)
+        begin
+            # Check if instance allow multi-account
+            if !Lesli.config.security.dig(:allow_registration)
+                raise(I18n.t("core.users/registrations.messages_error_registration_not_allowed"))
+            end
+
+            # build new user
+            user = build_resource(sign_up_params)
+
+            # run password complexity validations
+            #user_validator = UsersValidator.new(user).password_complexity(sign_up_params[:password])
+
+            # return if there are errors with the complexity validations
+            # unless user_validator.valid?
+            #     return respond_with_error("password_complexity_error", password_complexity.failures)
+            # end
+
+            # persist new user
+            if user.save
+                success("Account created, check your email")
+            else
+                raise(user.errors.full_messages.to_sentence)
+            end
+        rescue => exception
+            #Honeybadger.notify(exception)
+            danger(exception.message)
         end
+        redirect_to(new_user_registration_path)
     end
 
     # GET /resource/edit
@@ -132,10 +131,6 @@ class Users::RegistrationsController < Devise::RegistrationsController
     # end
 
     def sign_up_params
-        params.permit(:sign_up, 
-            :email, 
-            :password, 
-            :password_confirmation
-        )
+        params.fetch(:user, {}).permit(:email, :password, :password_confirmation)
     end
 end