lesli_shield 1.0.2 → 1.0.4

data/app/controllers/users/sessions_controller.rb

@@ -30,85 +30,92 @@ Building a better future, one line of code at a time.
 // · 
 =end
 
-#require "uri"
-
 class Users::SessionsController < Devise::SessionsController
 
-    # Creates a new session for the user and allows them access to the platform
+    # Creates a new session for the user and allows them access to the platform.
+    #
+    # Devise provides extension points such as Warden hooks and a custom FailureApp
+    # to modify the authentication flow. However, in this case we need full and
+    # explicit control over each step of the login process, including validation,
+    # logging, session creation, and redirection.
+    #
+    # For that reason, the default Devise session logic is intentionally overridden
+    # and reimplemented here. While this approach is less conventional and may
+    # introduce compatibility risks with future Devise releases, it provides a
+    # predictable and fully controlled authentication pipeline, which is important
+    # for the needs of this framework.
+    #
+    # This trade-off is accepted as part of the framework’s lifecycle: any
+    # incompatibilities introduced by Devise updates will be addressed and
+    # maintained as needed.
     def create
 
-        # search for a existing user 
-        user = ::Lesli::User.find_for_database_authentication(email: sign_in_params[:email])        
+        # Use guarden to check if the users credetials are valid 
+        self.resource = warden.authenticate(auth_options)
 
-        # respond with a no valid credentials generic error if not valid user found
-        unless user
-            danger(I18n.t("lesli.users/sessions.message_invalid_credentials"))
-            redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
+        # respond with a no valid credentials generic error if warden
+        # cannot validate the user
+        unless resource
+            danger(I18n.t("lesli_shield.devise/sessions.message_not_valid_credentials"))
+            redirect_to user_session_path(r: sign_in_params[:redirect]) and return
         end
 
-        # save a invalid credentials log for the requested user
-        activity = user.activities.new({ title: "session_create", description:"atempt" })
+        user = resource
 
-        # check password validation
-        unless user.valid_password?(sign_in_params[:password])
+        # check if user has a valid account
+        unless user.account
+            danger(I18n.t("lesli_shield.devise/sessions.message_not_confirmed_account"))
+            redirect_to user_session_path(r: sign_in_params[:redirect]) and return
+        end
 
-            # save a invalid credentials log for the requested user
-            activity.update(description: "invalid_credentials")
+        log = nil 
 
-            # respond with a no valid credentials generic error if not valid user found
-            danger(I18n.t("lesli.users/sessions.message_invalid_credentials"))
-            redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
-        end
+        # Save a log for the current login attempt 
+        log = user.log(
+            engine: LesliShield,
+            source: self.class.name,
+            action: action_name,
+            operation: 'session_new',
+            description: 'Session creation attempt'
+        ) if defined?(LesliAudit)
 
         # check if user meet requirements to create a new session
-        Lesli::UsersValidator.new(user).valid? do |valid, failures|
+        LesliShield::UserValidatorService.new(user).valid? do |valid, failures|
 
             # if user do not meet requirements to login
             unless valid
 
-                activity.update(description: failures.join(", "))
-
-                danger(failures.join(", "))
-                redirect_to user_session_path(:r => sign_in_params[:redirect]) and return 
+                failures_string = failures.join(", ")
+                danger(failures_string)
+                log.update(description: failures_string) if log
+                redirect_to user_session_path(r: sign_in_params[:redirect]) and return
             end
         end
 
-
-        # remember the user (not enabled by default)
-        # remember_me(user) if sign_in_params[:remember_me] == '1'
-
-
         # create a new session for the user
-        current_session = Lesli::User::SessionService.new(user)
-        .create(get_user_agent(false), request.remote_ip)
+        current_session = LesliShield::UserSessionService.new(user)
+        .create(request.remote_ip, (get_user_agent(false) if log))
         .result
 
         # make session id globally available
         session[:user_session_id] = current_session[:id]
 
-        # create a new multi factor authentication service instance for the current user 
-        #mfa_service = User::MfaService.new(user, log)
-
-        # generate a new mfa for the current session (if enabled)
-        #mfa_service.generate do |success|
-            # mfa was successfully generated, return the user to the mfa page
-            # return respond_with_successful({ default_path: "mfa" }) if success
-        #end 
-
         # do a user login
-        sign_in(:user, user)
+        sign_in(resource_name, user)
 
-        # create a log for login atempts
-        activity.update({ 
-            title: "session_create", 
-            description: "successful", 
-            session_id: current_session[:id] 
-        })
+        # update logs with a successful login
+        log.update(
+            description: "Session creation successful", 
+            session_id: current_session[:id]
+        ) if log
 
         # respond successful and send the path user should go
-        #respond_with_successful({ default_path: user.has_role_with_default_path?() })
-        #respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
-        redirect_to(safe_redirect_path(sign_in_params[:redirect]))
+        # respond_with_successful({ default_path: user.has_role_with_default_path?() })
+        # respond_with_successful({ default_path: Lesli.config.path_after_login || "/" })
+        redirect_to safe_redirect_path(sign_in_params[:redirect])
+
+        # Save the user_agent for every new session
+        log_devices if log
     end
 
     private 

data/app/helpers/lesli_shield/invites_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module InvitesHelper
+  end
+end

data/app/helpers/lesli_shield/user/roles_helper.rb

@@ -0,0 +1,4 @@
+module LesliShield
+  module User::RolesHelper
+  end
+end

data/app/interfaces/lesli_shield/authorization_interface.rb

@@ -27,12 +27,18 @@ module LesliShield
 
             # privilege for object not found
             if granted.blank?
-                current_user.activities.create({ title: "privilege_not_found", description: request.path })
+                log(
+                    :operation => :authorize_request,
+                    :description => "Privilege not found for: #{request.path}"
+                )
                 return respond_with_unauthorized({ controller: params[:controller], action: params[:action] })
             end
 
             unless granted
-                current_user.activities.create({ title: "privilege_not_granted", description: request.path })
+                log(
+                    :operation => :authorize_request,
+                    :description => "Privilege not granted for: #{request.path}"
+                )
                 return respond_with_unauthorized({ controller: params[:controller], action: params[:action] })
             end
         end

data/app/mailers/lesli_shield/devise_mailer.rb

@@ -0,0 +1,98 @@
+=begin
+
+Lesli
+
+Copyright (c) 2026, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by LesliTech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+module LesliShield
+    class DeviseMailer < Lesli::ApplicationLesliMailer
+
+        # Sends an email with instructions to allow the user reset the password
+        def reset_password_instructions(user, token, opts = {})
+
+            # defaults for new accounts/users
+            email_template = "devise/reset_password_instructions"
+            email_subject = I18n.t("core.users/confirmations.mailer_email_verification")
+
+            # email parameters
+            params = {
+                url: build_url("/password/edit", { reset_password_token: token}),
+                full_name: user.full_name
+            }
+
+            # send email
+            email(
+                params,
+                to: user.email, 
+                subject: email_subject,
+                template_name: email_template
+            )
+        end 
+
+        # Sends an email to allow the user confirm the email address
+        def confirmation_instructions(user, token, opts = {})
+
+            # defaults for new accounts/users
+            email_template = "devise/confirmation_instructions"
+            email_subject = I18n.t("core.users/confirmations.mailer_email_verification")
+
+            # # custom email and subject if user is changin his email address
+            # if !record.unconfirmed_email.blank?
+            #     email_template = "update_email_confirmation_instructions"
+            #     email_subject = I18n.t("core.users/confirmations.mailer_confirmation_instructions_subject")
+            # end
+
+            # Depending on wheter there is a new user or they are changing their email, 
+            # one or another field will be used
+            email_recipient = user.unconfirmed_email || user.email
+
+            # email parameters
+            params = {
+                url: build_url("/confirmation", { confirmation_token: token})
+            }
+
+            # send email
+            email(
+                params,
+                to: email_recipient, 
+                subject: email_subject,
+                template_name: email_template
+            )
+        end
+
+        def welcome(user)
+            email_recipient = user.unconfirmed_email || user.email
+            email(
+                { :user => user },
+                to: email_recipient, 
+                subject: "test",
+                template_name: "devise/welcome"
+            )
+        end
+    end
+end

data/app/mailers/lesli_shield/invitation.html.erb

@@ -0,0 +1,23 @@
+<!doctype html><html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head><title></title><!--[if !mso]><!--><meta http-equiv="X-UA-Compatible" content="IE=edge"><!--<![endif]--><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><style type="text/css">#outlook a { padding:0; }
+      body { margin:0;padding:0;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%; }
+      table, td { border-collapse:collapse;mso-table-lspace:0pt;mso-table-rspace:0pt; }
+      img { border:0;height:auto;line-height:100%; outline:none;text-decoration:none;-ms-interpolation-mode:bicubic; }
+      p { display:block;margin:13px 0; }</style><!--[if mso]>
+    <noscript>
+    <xml>
+    <o:OfficeDocumentSettings>
+      <o:AllowPNG/>
+      <o:PixelsPerInch>96</o:PixelsPerInch>
+    </o:OfficeDocumentSettings>
+    </xml>
+    </noscript>
+    <![endif]--><!--[if lte mso 11]>
+    <style type="text/css">
+      .mj-outlook-group-fix { width:100% !important; }
+    </style>
+    <![endif]--><!--[if !mso]><!--><link href="https://fonts.googleapis.com/css?family=Ubuntu:300,400,500,700" rel="stylesheet" type="text/css"><style type="text/css">@import url(https://fonts.googleapis.com/css?family=Ubuntu:300,400,500,700);</style><!--<![endif]--><style type="text/css">@media only screen and (min-width:480px) {
+        .mj-column-per-100 { width:100% !important; max-width: 100%; }
+      }</style><style media="screen and (min-width:480px)">.moz-text-html .mj-column-per-100 { width:100% !important; max-width: 100%; }</style><style type="text/css">@media only screen and (max-width:479px) {
+      table.mj-full-width-mobile { width: 100% !important; }
+      td.mj-full-width-mobile { width: auto !important; }
+    }</style><style type="text/css"></style></head><body style="word-spacing:normal;background-color:#ebecf0;"><div style="background-color:#ebecf0;"><!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" class="" role="presentation" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]--><div style="margin:0px auto;max-width:600px;"><table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;"><tbody><tr><td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;"><!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]--><div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%"><tbody><tr><td align="center" style="font-size:0px;padding:0px;padding-top:60px;padding-bottom:0px;padding-left:5px;word-break:break-word;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-collapse:collapse;border-spacing:0px;"><tbody><tr><td style="width:125px;"><img src="https://cdn.lesli.tech/leslicloud/brand/app-logo.png" style="border:0;display:block;outline:none;text-decoration:none;height:auto;width:100%;font-size:13px;" width="125" height="auto"></td></tr></tbody></table></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--><div style="height:5px;line-height:5px;">&#8202;</div><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#4a5056;"><h1>Welcome to The Lesli Family!</h1></div><!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" class="" role="presentation" style="width:600px;" width="600" bgcolor="#ffffff" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]--><div style="background:#ffffff;background-color:#ffffff;margin:0px auto;border-radius:15px;max-width:600px;"><table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="background:#ffffff;background-color:#ffffff;width:100%;border-radius:15px;"><tbody><tr><td style="direction:ltr;font-size:0px;padding:40px;text-align:center;"><!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:520px;" ><![endif]--><div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%"><tbody><tr><td align="center" style="font-size:0px;padding:0px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#4a5056;"><h2><raw><% name = @data.dig(:user, :full_name) %></raw><raw><%= !name.blank? ? "Hi #{name.strip}." : nil %></raw></h2></div></td></tr><tr><td style="background:#95a3ab;font-size:0px;word-break:break-word;"><div style="height:2px;line-height:2px;">&#8202;</div></td></tr><tr><td style="font-size:0px;word-break:break-word;"><div style="height:5px;line-height:5px;">&#8202;</div></td></tr><tr><td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:18px;line-height:1.4;text-align:center;color:#4a5056;"><p>You have been invitated to Lesli, please confirm your email address by clicking the button below:</p></div></td></tr><tr><td align="center" vertical-align="middle" style="font-size:0px;padding:10px 25px;word-break:break-word;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="border-collapse:separate;line-height:100%;"><tbody><tr><td align="center" bgcolor="#eef6fc" role="presentation" style="border:1px solid #209cee;border-radius:5px;cursor:auto;mso-padding-alt:10px;background:#eef6fc;" valign="middle"><a href="<%= url_for(@app[:host] + @data[:url]) %>" style="display:inline-block;background:#eef6fc;color:#209cee;font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:17px;font-weight:normal;line-height:120%;margin:0;text-decoration:none;text-transform:none;padding:10px;mso-padding-alt:0px;border-radius:5px;" target="_blank">Confirm my account</a></td></tr></tbody></table></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--><div style="height:30px;line-height:30px;">&#8202;</div><!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" class="" role="presentation" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]--><div style="margin:0px auto;max-width:600px;"><table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;"><tbody><tr><td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;"><!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]--><div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%"><tbody><tr><td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:18px;font-weight:600;line-height:1;text-align:center;color:#444444;">¡Siguenos!</div></td></tr><tr><td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;"><table cellpadding="0" cellspacing="0" width="300" border="0" style="color:#000000;font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:22px;table-layout:auto;width:300px;border:none;"><tr><td align="center"><img width="45px" alt="Facebook" src="https://cdn.lesli.tech/leslicloud/emails/social-facebook.png"></td><td align="center"><img width="45px" alt="Twitter" src="https://cdn.lesli.tech/leslicloud/emails/social-twitter.png"></td><td align="center"><img width="45px" alt="Instagram" src="https://cdn.lesli.tech/leslicloud/emails/social-instagram.png"></td><td align="center"><img width="45px" alt="Linkedin" src="https://cdn.lesli.tech/leslicloud/emails/social-linkedin.png"></td></tr></table></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><table align="center" border="0" cellpadding="0" cellspacing="0" class="" role="presentation" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]--><div style="margin:0px auto;max-width:600px;"><table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;"><tbody><tr><td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;"><!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]--><div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%"><tbody><tr><td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:18px;font-weight:600;line-height:1;text-align:center;color:#444444;">Download our app</div></td></tr><tr><td align="center" style="font-size:0px;padding:10px 25px;word-break:break-word;"><table cellpadding="0" cellspacing="0" width="100%" border="0" style="color:#000000;font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:22px;table-layout:auto;width:100%;border:none;"><tr><td style="text-align: right; padding: 5px;"><a target="blank" href="https://apps.apple.com/us/app/lesli/id1595893730"><img width="130px" alt="Appstore badge" src="https://cdn.lesli.tech/leslicloud/emails/appstore.png"></a></td><td style="text-align: left; padding: 5px;"><a target="blank" href="https://apps.apple.com/us/app/lesli/id1595893730"><img width="130px" alt="Playstore badge" src="https://cdn.lesli.tech/leslicloud/emails/playstore.png"></a></td></tr></table></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--><div style="height:10px;line-height:10px;">&#8202;</div><!--[if mso | IE]><table align="center" border="0" cellpadding="0" cellspacing="0" class="" role="presentation" style="width:600px;" width="600" ><tr><td style="line-height:0px;font-size:0px;mso-line-height-rule:exactly;"><![endif]--><div style="margin:0px auto;max-width:600px;"><table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width:100%;"><tbody><tr><td style="direction:ltr;font-size:0px;padding:20px 0;text-align:center;"><!--[if mso | IE]><table role="presentation" border="0" cellpadding="0" cellspacing="0"><tr><td class="" style="vertical-align:top;width:600px;" ><![endif]--><div class="mj-column-per-100 mj-outlook-group-fix" style="font-size:0px;text-align:left;direction:ltr;display:inline-block;vertical-align:top;width:100%;"><table border="0" cellpadding="0" cellspacing="0" role="presentation" style="vertical-align:top;" width="100%"><tbody><tr><td align="center" style="font-size:0px;padding:4px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#666666;">Copyright &copy; <%= Time.new.year %> LesliTech</div></td></tr><tr><td align="center" style="font-size:0px;padding:4px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#666666;">Ciudad de Guatemala, Guatemala.</div></td></tr><tr><td align="center" style="font-size:0px;padding:4px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#666666;">All rights reserved.</div></td></tr><tr><td align="center" style="font-size:0px;padding:4px;padding-top:20px;word-break:break-word;"><div style="font-family:Ubuntu, Helvetica, Arial, sans-serif;font-size:13px;line-height:1;text-align:center;color:#666666;">The Lesli Team</div></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></td></tr></tbody></table></div><!--[if mso | IE]></td></tr></table><![endif]--></div></body></html>

data/app/models/concerns/lesli_shield/user_security.rb

@@ -0,0 +1,222 @@
+=begin
+
+Lesli
+
+Copyright (c) 2025, Lesli Technologies, S. A.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see http://www.gnu.org/licenses/.
+
+Lesli · Ruby on Rails SaaS Development Framework.
+
+Made with ♥ by LesliTech
+Building a better future, one line of code at a time.
+
+@contact  hello@lesli.tech
+@website  https://www.lesli.tech
+@license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
+
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
+// · 
+=end
+
+
+# User extension methods
+# Custom methods that belongs to a instance user
+module LesliShield
+    module UserSecurity
+        extend ActiveSupport::Concern
+
+        # get the max level permission from roles assigned to the user
+        def max_level_permission
+            self.roles.maximum(:permission_level) || 0
+        end
+
+        # check if user has roles with specific names
+        def has_roles?(*roles)
+            !roles.intersection(self.roles.map{ |r| r[:name] }).empty?
+        end
+
+        # check the privilege cache to check if user is able 
+        # to perform a specific action in a specific controller
+        def has_privileges_for?(controller, action)
+            begin
+                return self.privileges.where(
+                    controller: controller,
+                    action: action,
+                    active: true
+                ).exists?
+            rescue => exception
+                L2.danger(exception.to_s)
+                return false
+            end
+        end
+
+        # Check if user has enough privilege to work with the given role
+        def can_work_with_role?(role_id)
+
+            # get the role if only id is given
+            role = self.account.roles.find_by(:id => role_id)
+
+            # false if role not found
+            return false if role.blank?
+
+            # not valid role without object levelpermission defined
+            return false if role.level_permission.blank?
+
+            # get the max level permission from the roles the user has assigned
+            user_role_max_level_permission = self.roles.map(&:level_permission).max()
+
+            # check if user can work with the level permission of the role is trying to modify
+            # Note: user only can assigned an level permission below the max of his own roles
+            # Current user cannot assign role if role to assign is the same of the greater role 
+            # assigned to the current user
+            user_role_max_level_permission >= role.level_permission
+        end
+
+        # Checks configuration of all the roles assigned to the user
+        # if user has a role with "default path" to use as home to redirect after login
+        # IMPORTANT: This home path is used only the send the user after login, the user
+        #            and the role are not limited by this configuration
+        def has_role_with_default_path?()
+
+            # get the roles that contains a path
+            role = self.roles.where.not(path_default: [nil, ""])
+
+            # here we must order the results descendant because we must
+            # keep the path of the hightest level permission role.
+            # Example: we should use the path of the admin role if user has
+            # admin & employee roles, also order by default_path, so we get first 
+            # the roles with path in case the user has roles with the same level permission
+            role = role.order(level_permission: :desc).order(:path_default)
+
+            # get the first role found, due previously we sort in a descendant order
+            # the first role is going to be the one with highest level permission
+            # this is going to return nil if no role was found
+            default_path = role.first&.path_default  || "/"
+
+            # if first loggin for account owner send him to the onboarding page
+            if self.account.onboarding? && self.has_roles?("owner")
+                default_path = "/onboarding"
+            end
+
+            default_path
+        end
+
+        # Checks configuration of all the roles assigned to the user
+        # if user has a role limited to a defined path
+        # if user has a high privilege role that overrides any other role configuration
+        def has_role_limited_to_path?()
+
+            # get the roles ordering in descendant mode because we must
+            # keep the path of the hightest level permission role.
+            # Example: we should use the path of the admin role if user has
+            # admin & employee roles, also order by default_path, so we get first 
+            # the roles with path in case the user has roles with the same level permission
+            role = self.roles.order(level_permission: :desc).order(:path_default)
+
+            # get the first role found, due previously we sort in a descendant order
+            # the first role is going to be the one with highest level permission
+            # this is going to return nil if no role was found
+            role = role.first
+
+            # return the path of the role if is limited to a that specific path
+            return role.path_default if role.path_limited == true 
+
+            # return nil if role has no limits
+            return nil
+        end
+
+        # Sets this user as inactive and removes complete access to the platform
+        def revoke_access
+            self.update(active: false)
+        end
+
+        # Change user password forcing user to reset the password
+        def set_password_as_expired
+            self.update(password_expiration_at: Time.current)
+        end
+
+        # @description Change user password forcing user to reset the password
+        def set_password_for_reset
+            generate_password_reset_token()
+        end
+
+        def has_expired_password?
+            return false if self.password_expiration_at.blank?
+            return Time.current > self.password_expiration_at
+        end
+
+        # Check if user has a confirmed telephone number
+        def has_telephone_confirmed?
+            !!self.telephone_confirmed_at
+        end 
+
+        # Change user password forcing user to reset the password
+        def generate_password_reset_token
+            raw, hashed = Devise.token_generator.generate(Lesli::User, :reset_password_token)
+
+            self.update!(
+                password: nil,
+                reset_password_token: hashed,
+                reset_password_sent_at: Time.current
+            )
+
+            raw
+        end
+
+        # Generate a token to validate telephone number
+        def generate_telephone_token(length=4)
+            raw, enc = Devise.token_generator.create(
+                self.class, 
+                :telephone_confirmation_token, 
+                type:'number', 
+                length:length
+            )
+
+            self.telephone_confirmation_token   = enc
+            self.telephone_confirmation_sent_at = Time.now.utc
+            self.telephone_confirmed_at = nil
+            save(validate: false)
+            raw
+        end
+
+        # Mark telephone number as valid and confirmed
+        def confirm_telephone_number
+            self.telephone_confirmation_token   = nil
+            self.telephone_confirmation_sent_at = nil
+            self.telephone_confirmed_at = Time.now.utc
+            save(validate: false)
+        end
+
+        # Return a hash that contains all the abilities grouped by 
+        # controller and define every action privilege. It also
+        # evaluate if the user has the ability no matter if is given 
+        # to the user by role or by itself.
+        def abilities_by_controller
+
+            # Abilities hash where we will save all the privileges the user has to
+            abilities = {}
+
+            # We check all the privileges the user has in the cache table according to his roles
+            # and create a key per controller (with the full controller name) that contains an array of all the 
+            # methods/actions with permission
+            # self.privileges.all.each do |privilege|
+            #     abilities[privilege.controller] = [] if abilities[privilege.controller].nil?
+            #     abilities[privilege.controller] << privilege.action
+            # end
+
+            abilities
+        end
+    end
+end

data/app/models/lesli_shield/account.rb

@@ -34,11 +34,11 @@ module LesliShield
     class Account < ApplicationRecord
         belongs_to :account, class_name: "Lesli::Account"
         has_many :dashboards
+        has_many :invites
 
         after_create :initialize_account
 
         def initialize_account
-            Dashboard.initialize_account(self)
         end
     end
 end

data/app/models/lesli_shield/dashboard.rb

@@ -32,9 +32,6 @@ Building a better future, one line of code at a time.
 
 module LesliShield
     class Dashboard < Lesli::Shared::Dashboard
-        self.table_name = "lesli_shield_dashboards"
-        belongs_to :account
-
-        COMPONENTS = %i[]
+        COMPONENTS = %i[calendar chart_bar weather]
     end
 end

data/app/models/lesli_shield/invite.rb

@@ -0,0 +1,24 @@
+module LesliShield
+    class Invite < ApplicationRecord
+        belongs_to :account
+        belongs_to :user, class_name: "Lesli::User"
+
+        validates :email, presence: true, on: :create
+
+        before_create :before_create_invite
+
+        enum :status, { 
+            created: 0, 
+            accepted: 1, 
+            cancelled: 2,
+            sent: 5, 
+            requested: 6
+        }
+
+        private 
+
+        def before_create_invite
+            self.status = :created
+        end
+    end
+end

data/{lib/vue/confirmations.js → app/models/lesli_shield/role/action.rb}

@@ -1,7 +1,8 @@
-/*
+=begin
+
 Lesli
 
-Copyright (c) 2023, Lesli Technologies, S. A.
+Copyright (c) 2026, Lesli Technologies, S. A.
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -16,18 +17,24 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program. If not, see http://www.gnu.org/licenses/.
 
-Lesli · Your Smart Business Assistant. 
+Lesli · Ruby on Rails SaaS Development Framework.
 
-Made with ♥ by https://www.lesli.tech
+Made with ♥ by LesliTech
 Building a better future, one line of code at a time.
 
 @contact  hello@lesli.tech
-@website  https://lesli.tech
+@website  https://www.lesli.tech
 @license  GPLv3 http://www.gnu.org/licenses/gpl-3.0.en.html
 
-// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
-// · 
-*/
-
-
+// · ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~     ~·~
 // · 
+=end
+
+module LesliShield
+    class Role::Action < Lesli::ApplicationLesliRecord
+        self.table_name = 'lesli_shield_role_actions'
+        
+        belongs_to :role, class_name: 'Lesli::Role'
+        belongs_to :action, class_name: "Lesli::Resource"
+    end
+end