mno-enterprise-api 2.0.0

data/lib/mno_enterprise/concerns/controllers/jpi/v1/deletion_requests_controller.rb

@@ -0,0 +1,69 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::DeletionRequestsController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    respond_to :json
+  end
+
+  #==================================================================
+  # Class methods
+  #==================================================================
+  module ClassMethods
+    # def some_class_method
+    #   'some text'
+    # end
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # POST /deletion_request.json
+  def create
+    @deletion_request = MnoEnterprise::DeletionRequest.new(user_id: current_user.id)
+
+    if @deletion_request.save
+      # TODO: deliver_later => need to use user#id and deletion_request#id
+      MnoEnterprise::SystemNotificationMailer.deletion_request_instructions(current_user, @deletion_request).deliver_now
+      render json: @deletion_request, status: :created
+    else
+      render json: @deletion_request.errors, status: :unprocessable_entity
+    end
+  end
+
+  # PUT /deletion_request/1/resend.json
+  def resend
+    @deletion_request = current_user.deletion_request
+
+    # Check that the user has a deletion_request in progress
+    # and that the token provided (params[:id]) matches the
+    # deletion_request token
+    if @deletion_request.present? && @deletion_request.token == params[:id]
+      MnoEnterprise::SystemNotificationMailer.deletion_request_instructions(current_user, @deletion_request).deliver_now
+      render json: @deletion_request
+    else
+      head :bad_request
+    end
+  end
+
+  # DELETE /deletion_request/1.json
+  def destroy
+    @deletion_request = current_user.deletion_request
+
+    # Check that the user has a deletion_request in progress
+    # and that the token provided (params[:id]) matches the
+    # deletion_request token
+    if @deletion_request.present? && @deletion_request.token == params[:id]
+      # Work around
+      MnoEnterprise::DeletionRequest.find(@deletion_request.id).destroy
+
+      head :no_content
+    else
+      head :bad_request
+    end
+  end
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/dashboards_controller.rb

@@ -0,0 +1,76 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    respond_to :json
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/jpi/v1/impac/dashboards
+  def index
+    dashboards
+  end
+
+  # GET /mnoe/jpi/v1/impac/dashboards/1
+  def show
+    dashboard
+    render json: { errors: "Dashboard id #{params[:id]} doesn't exist" }, status: :not_found unless @dashboard
+  end
+
+  # POST /mnoe/jpi/v1/impac/dashboards
+  #  -> POST /api/mnoe/v1/users/282/dashboards
+  def create
+    if @dashboard = dashboards.create(dashboard_create_params)
+      # authorize! :create, @dashboard
+      MnoEnterprise::EventLogger.info('dashboard_create', current_user.id, 'Dashboard Creation', nil, @dashboard)
+      render 'show'
+    else
+      render json: @dashboard.errors, status: :bad_request
+    end
+  end
+
+  # PUT /mnoe/jpi/v1/impac/dashboards/1
+  def update
+    if dashboard.update(dashboard_update_params)
+      # dashboard.assign_attributes(attrs)
+      # authorize! :update, dashboard
+      render 'show'
+    else
+      render json: @dashboard.errors, status: :bad_request
+    end
+  end
+
+  # DELETE /mnoe/jpi/v1/impac/dashboards/1
+  def destroy
+    # authorize! :destroy, @dashboard
+    if dashboard.destroy
+      MnoEnterprise::EventLogger.info('dashboard_delete', current_user.id, 'Dashboard Deletion', nil, dashboard)
+      head status: :ok
+    else
+      render json: 'Unable to destroy dashboard', status: :bad_request
+    end
+  end
+
+  protected
+
+  def dashboard
+    @dashboard ||= current_user.dashboards.to_a.find { |d| d.id.to_s == params[:id].to_s }
+  end
+
+  def dashboards
+    @dashboards ||= current_user.dashboards
+  end
+
+  def dashboard_params
+    params.require(:dashboard).permit(:name, :currency, {widgets_order: []}, {organization_ids: []})
+  end
+  alias :dashboard_update_params  :dashboard_params
+  alias :dashboard_create_params  :dashboard_params
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb

@@ -0,0 +1,180 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    respond_to :json
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/jpi/v1/organizations
+  def index
+    @organizations ||= current_user.organizations
+  end
+
+  # GET /mnoe/jpi/v1/organizations/1
+  def show
+    organization # load organization
+  end
+
+  # PUT /mnoe/jpi/v1/organizations/:id
+  def update
+    # Update and Authorize
+    organization.assign_attributes(organization_update_params)
+    authorize! :update, organization
+
+    # Save
+    if organization.save
+      render 'show_reduced'
+    else
+      render json: organization.errors, status: :bad_request
+    end
+  end
+
+  # DELETE /mnoe/jpi/v1/organizations/1
+  def destroy
+    if organization
+      authorize! :destroy, organization
+      organization.destroy
+    end
+
+    head :no_content
+  end
+
+  # POST /mnoe/jpi/v1/organizations
+  def create
+    # Create new organization
+    @organization = MnoEnterprise::Organization.create(organization_update_params)
+
+    # Add the current user as Super Admin
+    @organization.add_user(current_user,'Super Admin')
+
+    # Bust cache
+    current_user.refresh_user_cache
+
+    render 'show'
+  end
+
+  # PUT /mnoe/jpi/v1/organizations/:id/charge
+  # def charge
+  #   authorize! :manage_billing, organization
+  #   payment = organization.charge
+  #   s = ''
+  #   if payment
+  #     if payment.success?
+  #       s = 'success'
+  #     else
+  #       s = 'fail'
+  #     end
+  #   else
+  #     s = 'error'
+  #   end
+  #
+  #   render json: { status: s, data: payment }
+  # end
+
+  # PUT /mnoe/jpi/v1/organizations/:id/update_billing
+  def update_billing
+    whitelist = ['title','first_name','last_name','number','month','year','country','verification_value','billing_address','billing_city','billing_postcode', 'billing_country']
+    attributes = params[:credit_card].select { |k,v| whitelist.include?(k.to_s) }
+    authorize! :manage_billing, organization
+
+    # Upsert
+    if @credit_card = organization.credit_card
+      @credit_card.assign_attributes(attributes.merge(organization_id: @credit_card.organization_id))
+      @credit_card.save
+    end
+
+    if @credit_card.errors.empty?
+      render 'credit_card'
+    else
+      render json: @credit_card.errors, status: :bad_request
+    end
+  end
+
+  # TODO: specs
+  # PUT /mnoe/jpi/v1/organizations/:id/invite_members
+  def invite_members
+    # Filter
+    whitelist = ['email','role','team_id']
+    attributes = []
+    params[:invites].each do |invite|
+      attributes << invite.select { |k,v| whitelist.include?(k.to_s) }
+    end
+
+    # Authorize and create
+    authorize! :invite_member, organization
+    attributes.each do |invite|
+      @org_invite = organization.org_invites.create(
+        user_email: invite['email'],
+        user_role: invite['role'],
+        team_id: invite['team_id'],
+        referrer_id: current_user.id
+      )
+
+      MnoEnterprise::SystemNotificationMailer.organization_invite(@org_invite).deliver_now
+    end
+
+    # Reload users
+    organization.users.reload
+
+    render 'members'
+  end
+
+  # TODO: specs
+  # PUT /mnoe/jpi/v1/organizations/:id/update_member
+  def update_member
+    attributes = params[:member]
+    @member = organization.users.where(email: attributes[:email]).first
+    @member ||= organization.org_invites.active.where(user_email: attributes[:email]).first
+
+    # Authorize and update
+    authorize! :invite_member, organization
+    if @member.is_a?(MnoEnterprise::User)
+      organization.users.update(id: @member.id, role: attributes[:role])
+    elsif @member.is_a?(MnoEnterprise::OrgInvite)
+      @member.user_role = attributes[:role]
+      @member.save
+    end
+
+    render 'members'
+  end
+
+  # TODO: specs
+  # PUT /mnoe/jpi/v1/organizations/:id/remove_member
+  def remove_member
+    attributes = params[:member]
+    @member = organization.users.where(email: attributes[:email]).first
+    @member ||= organization.org_invites.active.where(user_email: attributes[:email]).first
+
+    # Authorize and update
+    authorize! :invite_member, organization
+    if @member.is_a?(MnoEnterprise::User)
+      organization.remove_user(@member)
+    elsif @member.is_a?(MnoEnterprise::OrgInvite)
+      @member.cancel!
+    end
+
+    render 'members'
+  end
+
+  protected
+    def organization
+      @organization ||= current_user.organizations.to_a.find{ |o| o.id.to_s == params[:id].to_s }
+    end
+
+    def organization_permitted_update_params
+      [:name, :soa_enabled, :industry, :size]
+    end
+
+    def organization_update_params
+      params.fetch(:organization, {}).permit(*organization_permitted_update_params)
+    end
+
+end

data/lib/mno_enterprise/concerns/controllers/org_invites_controller.rb

@@ -0,0 +1,44 @@
+module MnoEnterprise::Concerns::Controllers::OrgInvitesController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    before_filter :authenticate_user!
+  end
+
+  #==================================================================
+  # Class methods
+  #==================================================================
+  module ClassMethods
+    # def some_class_method
+    #   'some text'
+    # end
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /org_invites/1?token=HJuiofjpa45A73255a74F534FDfds
+  # TODO: improve integration with new frontends
+  def show
+    @current_user = current_user
+    @org_invite = MnoEnterprise::OrgInvite.active.where(id: params[:id], token: params[:token]).first
+    redirect_path = mnoe_home_path
+
+    if @org_invite && !@org_invite.expired? && @org_invite.accept!(current_user)
+      redirect_path += "#/?dhbRefId=#{ @org_invite.organization.id}"
+      message = { notice: "You are now part of #{@org_invite.organization.name}" }
+      yield(:success, @org_invite) if block_given?
+    elsif @org_invite && @org_invite.expired?
+      message = { alert: "It looks like this invite has expired. Please ask your company administrator to resend the invite." }
+    else
+      message = { alert: "Unfortunately, this invite does not seem to be valid." }
+    end
+
+    redirect_to redirect_path, message
+  end
+end

data/lib/mno_enterprise/concerns/controllers/pages_controller.rb

@@ -0,0 +1,78 @@
+module MnoEnterprise::Concerns::Controllers::PagesController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    before_filter :authenticate_user!, only: [:launch]
+    before_filter :redirect_to_lounge_if_unconfirmed, only: [:launch]
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /launch/:id
+  # Redirect to Mno Enterprise app launcher
+  # Launching an app (from dashboard) should redirect to this action
+  # The true goal of this action is to hide maestrano in the link behind
+  # any dashboard app picture
+  #
+  # TODO: Access + existence checks could be added in the future. This is not
+  # mandatory as Mno Enterprise will do it anyway
+  def launch
+    app = MnoEnterprise::AppInstance.find_by(uid: params[:id])
+    MnoEnterprise::EventLogger.info('app_launch', current_user.id, "App launched", app.name, app)
+    redirect_to MnoEnterprise.router.launch_url(params[:id], wtk: MnoEnterprise.jwt(user_id: current_user.uid))
+  end
+
+  # GET /loading/:id
+  # Loading lounge - wait for an app to be online
+  def loading
+    @app_instance = MnoEnterprise::AppInstance.where(uid: params[:id]).reload.first
+
+    respond_to do |format|
+      format.html { @app_instance_hash = app_instance_hash(@app_instance) }
+      format.json { render json: app_instance_hash(@app_instance) }
+    end
+  end
+
+  # GET /app_access_unauthorized
+  def app_access_unauthorized
+    @meta[:title] = "Unauthorized"
+    @meta[:description] = "Application access not granted"
+  end
+
+  def billing_details_required
+    @meta[:title] = "Billing Details Required"
+    @meta[:description] = "Billing details have not been provided"
+  end
+
+  # GET /app_logout
+  def app_logout
+    @meta[:title] = "Logged out"
+    @meta[:description] = "Logged out from application"
+  end
+
+  private
+    def app_instance_hash(app_instance)
+      return {} unless app_instance
+      {
+        id: app_instance.id,
+        uid: app_instance.uid,
+        name: app_instance.name,
+        status: app_instance.status,
+        durations: app_instance.durations,
+        started_at: app_instance.started_at,
+        stopped_at: app_instance.stopped_at,
+        created_at: app_instance.created_at,
+        server_time: Time.now.utc,
+        is_online: app_instance.online?,
+        errors: app_instance.errors ? app_instance.errors.full_messages : [],
+        logo: app_instance.app.logo
+      }
+    end
+
+end