RubyGems - mno-enterprise-api - Versions diffs - 3.1.4 → 3.2.0 - Mend

mno-enterprise-api 3.1.4 → 3.2.0

Files changed (139) hide show

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/kpis_controller.rb ADDED Viewed

@@ -0,0 +1,167 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
+  extend ActiveSupport::Concern
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    respond_to :json
+    before_filter :find_valid_kpi, only: [:update, :delete]
+  end
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/jpi/v1/impac/kpis
+  # This action is used as a sort of 'proxy' for retrieving KPI templates which are
+  # usually retrieved from Impac! API, and customising the attributes.
+  def index
+    # Retrieve kpis templates from impac api.
+    # TODO: improve request params to work for strong parameters
+    attrs = params.slice('metadata', 'opts')
+    auth = { username: MnoEnterprise.tenant_id, password: MnoEnterprise.tenant_key }
+    response = begin
+      MnoEnterprise::ImpacClient.send_get('/api/v2/kpis', attrs, basic_auth: auth)
+    rescue => e
+      return render json: { message: "Unable to retrieve kpis from Impac API | Error #{e}" }
+    end
+    # customise available kpis
+    kpis = (response['kpis'] || []).map do |kpi|
+      kpi = kpi.with_indifferent_access
+      kpi[:watchables].map do |watchable|
+        kpi.merge(
+          name: "#{kpi[:name]} #{watchable.capitalize unless kpi[:name].downcase.index(watchable)}".strip,
+          watchables: [watchable],
+          target_placeholders: {watchable => kpi[:target_placeholders][watchable]},
+        )
+      end
+    end
+    .flatten
+    render json: { kpis: kpis }
+  end
+  # POST /mnoe/jpi/v1/impac/dashboards/:dashboard_id/kpis
+  #   -> POST /api/mnoe/v1/dashboards/:id/kpis
+  #   -> POST /api/mnoe/v1/users/:id/alerts
+  def create
+    # TODO: ability for managing widget.
+    authorize! :manage_dashboard, dashboard
+    # TODO: attach widget onto KPI capability.
+    # authorize! :manage_widget, widget if widget
+    # TODO: nest alert in as a param, with the current user as a recipient.
+    if @kpi = kpi_parent.kpis.create(kpi_create_params)
+      # Creates a default alert for kpis created with targets defined.
+      if kpi.targets.present?
+        current_user.alerts.create({service: 'inapp', impac_kpi_id: kpi.id})
+        # TODO: reload is adding the recipients to the kpi alerts (making another request).
+        kpi.reload
+      end
+      render 'show'
+    else
+      msg = kpi.errors.full_messages.join(', ') || 'unable to create KPI.'
+      render_bad_request("create kpi (id=#{kpi.id})", msg)
+    end
+  end
+  # PUT /mnoe/jpi/v1/impac/kpis/:id
+  #   -> PUT /api/mnoe/v1/kpis/:id
+  def update
+    authorize! :manage_kpi, kpi
+    params = kpi_update_params
+    # TODO: refactor into models
+    # --
+    # Creates an in-app alert if target is set for the first time (in-app alerts should be activated by default)
+    if kpi.targets.blank? && params[:targets].present?
+      current_user.alerts.create({service: 'inapp', impac_kpi_id: kpi.id})
+    # If targets have changed, reset all the alerts 'sent' status to false.
+    elsif kpi.targets && params[:targets].present? && params[:targets] != kpi.targets
+      kpi.alerts.each { |alert| alert.update(sent: false) }
+    # Removes all the alerts if the targets are removed (kpi has no targets set,
+    # and params contains no targets to be set)
+    elsif params[:targets].blank? && kpi.targets.blank?
+      kpi.alerts.each(&:destroy)
+    end
+    if kpi.update(kpi_update_params)
+      render 'show'
+    else
+      msg = @kpi.errors.full_messages.join(', ') || 'unable to update KPI.'
+      render_bad_request("update kpi (id=#{kpi.id})", msg)
+    end
+  end
+  # DELETE /mnoe/jpi/v1/impac/kpis/:id
+  #   -> DELETE /api/mnoe/v1/kpis/:id
+  def destroy
+    authorize! :manage_kpi, kpi
+    if kpi.destroy
+      head status: :ok
+    else
+      render_bad_request('destroy kpi', "impossible to destroy kpi (id=#{kpi.id})")
+    end
+  end
+  #=================================================
+  # Private methods
+  #=================================================
+  private
+    def dashboard
+      @dashboard ||= MnoEnterprise::Impac::Dashboard.find(params.require(:dashboard_id))
+      return render_not_found('dashboard') unless @dashboard
+      @dashboard
+    end
+    def widget
+      return nil if (id = params.require(:kpi)[:widget_id]).blank?
+      @widget ||= MnoEnterprise::Impac::Widget.find(id)
+      return render_not_found('widget') unless @widget
+      @widget
+    end
+    def kpi
+      @kpi ||= MnoEnterprise::Impac::Kpi.find(params[:id])
+      return @kpi || render_not_found('kpi')
+    end
+    def kpi_parent
+      # TODO: attach kpi onto widget capability
+      # widget || dashboard
+      dashboard
+    end
+    def kpi_create_params
+      whitelist = [:dashboard_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
+      extract_params(whitelist)
+    end
+    def kpi_update_params
+      whitelist = [:name, :element_watched, {extra_watchables: []}]
+      extract_params(whitelist)
+    end
+    def extract_params(whitelist)
+      (p = params).require(:kpi).permit(*whitelist).tap do |whitelisted|
+        whitelisted[:settings] = p[:kpi][:metadata] || {}
+        # TODO: strong params for targets & extra_params attributes (keys will depend on the kpi).
+        whitelisted[:targets] = p[:kpi][:targets] unless p[:kpi][:targets].blank?
+        whitelisted[:extra_params] = p[:kpi][:extra_params] unless p[:kpi][:extra_params].blank?
+      end
+      .except(:metadata)
+    end
+    alias :find_valid_kpi  :kpi
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/widgets_controller.rb CHANGED Viewed

@@ -13,43 +13,52 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
   #==================================================================
   # Instance methods
   #==================================================================
+  # GET /mnoe/jpi/v1/impac/organizations/:organization_id/widgets
+  #  -> GET /api/mnoe/v1/organizations/:id/widgets
+  def index
+    render_not_found('organization') unless parent_organization
+    @widgets = parent_organization.widgets
+  end
   # POST /mnoe/jpi/v1/impac/dashboards/:id/widgets
   #  -> POST /api/mnoe/v1/dashboards/:id/widgets
   def create
     if widgets
-      if @widget = widgets.create(format_attrs(['widget_category','metadata']))
-        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', nil, @widget)
+      if @widget = widgets.create(widget_create_params)
+        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', @widget)
         @nocontent = true # no data fetch from Connec!
         render 'show'
       else
-        render json: @widget.errors, status: :bad_request
+        render_bad_request('create widget', @widget.errors)
       end
     else
-      render json: { errors: "Dashboard id #{params[:id]} doesn't exist" }, status: :not_found
+      render_not_found('widget')
     end
   end
   # PUT /mnoe/jpi/v1/impac/widgets/:id
+  #   -> PUT /api/mnoe/v1/widgets/:id
   def update
-    if widget.update(format_attrs(['name','metadata']))
+    if widget.update(widget_update_params)
       @nocontent = !params['metadata']
       render 'show'
     else
-      render json: @widget.errors, status: :bad_request
+      render_bad_request('update widget', @widget.errors)
     end
   end
-  # DELETE /mnoe/jpi/v1/impac/dashboards/1
+  # DELETE /mnoe/jpi/v1/impac/widgets/:id
+  #   -> DELETE /api/mnoe/v1/widgets/:id
   def destroy
     if widget.destroy
-      MnoEnterprise::EventLogger.info('widget_delete', current_user.id, 'Widget Deletion', nil, widget)
+      MnoEnterprise::EventLogger.info('widget_delete', current_user.id, 'Widget Deletion', widget)
       head status: :ok
     else
-      render json: 'Unable to destroy widget', status: :bad_request
+      render_bad_request('destroy widget', 'Unable to destroy widget')
     end
   end
   #=================================================
   # Private methods
   #=================================================
@@ -63,10 +72,17 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
       @widgets ||= MnoEnterprise::Impac::Dashboard.find(params[:dashboard_id]).widgets
     end
-    def format_attrs(whitelist)
-      attrs = (params[:widget] || {}).select { |k,v| whitelist.include?(k.to_s) }
-      attrs['settings'] = widget ? widget.settings || {} : {}
-      attrs['settings'].merge!(attrs['metadata']) if attrs['metadata']
-      attrs.except!('metadata')
+    def widget_create_params
+      params.require(:widget).permit(:widget_category).tap do |whitelisted|
+        whitelisted[:settings] = params[:widget][:metadata] || {}
+      end
+      .except(:metadata)
+    end
+    def widget_update_params
+      params.require(:widget).permit(:name).tap do |whitelisted|
+        whitelisted[:settings] = params[:widget][:metadata] || {}
+      end
+      .except(:metadata)
     end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/marketplace_controller.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::MarketplaceController
+  extend ActiveSupport::Concern
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    respond_to :json
+  end
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/mnoe/jpi/v1/marketplace
+  def index
+    @apps = if MnoEnterprise.marketplace_listing
+              MnoEnterprise::App.where('nid.in' => MnoEnterprise.marketplace_listing).to_a
+            else
+              MnoEnterprise::App.all.to_a
+            end
+    @apps.sort_by! { |app| [app.rank ? 0 : 1 , app.rank] } # the nil ranks will appear at the end
+    @categories = MnoEnterprise::App.categories(@apps)
+    @categories.delete('Most Popular')
+  end
+  # GET /mnoe/jpi/v1/marketplace/1
+  def show
+    @app = MnoEnterprise::App.find(params[:id])
+  end
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb CHANGED Viewed

@@ -28,9 +28,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     # Update and Authorize
     organization.assign_attributes(organization_update_params)
     authorize! :update, organization
+    changes = organization.changes
     # Save
     if organization.save
+      MnoEnterprise::EventLogger.info('organization_update', current_user.id, 'Organization update', organization, changes)
       render 'show_reduced'
     else
       render json: organization.errors, status: :bad_request
@@ -41,6 +42,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
   def destroy
     if organization
       authorize! :destroy, organization
+      MnoEnterprise::EventLogger.info('organization_destroy', current_user.id, 'Organization deleted', organization)
       organization.destroy
     end
@@ -57,7 +59,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     # Bust cache
     current_user.refresh_user_cache
+    MnoEnterprise::EventLogger.info('organization_create', current_user.id, 'Organization created', organization)
     render 'show'
   end
@@ -81,13 +83,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
   # PUT /mnoe/jpi/v1/organizations/:id/update_billing
   def update_billing
-    whitelist = ['title','first_name','last_name','number','month','year','country','verification_value','billing_address','billing_city','billing_postcode', 'billing_country']
-    attributes = params[:credit_card].select { |k,v| whitelist.include?(k.to_s) }
     authorize! :manage_billing, organization
     # Upsert
-    if @credit_card = organization.credit_card
-      @credit_card.assign_attributes(attributes.merge(organization_id: @credit_card.organization_id))
+    if (@credit_card = organization.credit_card) && check_valid_payment_method
+      @credit_card.assign_attributes(organization_billing_params.merge(organization_id: @credit_card.organization_id))
       @credit_card.save
     end
@@ -98,14 +98,13 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     end
   end
-  # TODO: specs
   # PUT /mnoe/jpi/v1/organizations/:id/invite_members
   def invite_members
     # Filter
     whitelist = ['email','role','team_id']
     attributes = []
     params[:invites].each do |invite|
-      attributes << invite.select { |k,v| whitelist.include?(k.to_s) }
+      attributes << invite.slice(*whitelist)
     end
     # Authorize and create
@@ -127,46 +126,68 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     render 'members'
   end
-  # TODO: specs
   # PUT /mnoe/jpi/v1/organizations/:id/update_member
   def update_member
     attributes = params[:member]
-    @member = organization.users.where(email: attributes[:email]).first
-    @member ||= organization.org_invites.active.where(user_email: attributes[:email]).first
-    # Authorize and update
+    # Authorize and update => Admin or Super Admin
     authorize! :invite_member, organization
-    if @member.is_a?(MnoEnterprise::User)
-      organization.users.update(id: @member.id, role: attributes[:role])
-    elsif @member.is_a?(MnoEnterprise::OrgInvite)
-      @member.user_role = attributes[:role]
-      @member.save
+    if organization.role == 'Admin'
+      # Admin cannot assign Super Admin role
+      raise CanCan::AccessDenied if attributes[:role] == 'Super Admin'
+      # Admin cannot edit Super Admin
+      raise CanCan::AccessDenied if (member.is_a?(MnoEnterprise::User) && member.role == 'Super Admin') ||
+        (member.is_a?(MnoEnterprise::OrgInvite) && member.user_role == 'Super Admin')
+    elsif member.id == current_user.id && attributes[:role] != 'Super Admin' && organization.users.count {|u| u.role == 'Super Admin'} <= 1
+      # A super admin cannot modify his role if he's the last super admin
+      raise CanCan::AccessDenied
     end
+    # Happy Path
+    case member
+    when MnoEnterprise::User
+      organization.users.update(id: member.id, role: attributes[:role])
+    when MnoEnterprise::OrgInvite
+      member.update(user_role: attributes[:role])
+    end
     render 'members'
   end
-  # TODO: specs
   # PUT /mnoe/jpi/v1/organizations/:id/remove_member
   def remove_member
-    attributes = params[:member]
-    @member = organization.users.where(email: attributes[:email]).first
-    @member ||= organization.org_invites.active.where(user_email: attributes[:email]).first
-    # Authorize and update
     authorize! :invite_member, organization
-    if @member.is_a?(MnoEnterprise::User)
-      organization.remove_user(@member)
-    elsif @member.is_a?(MnoEnterprise::OrgInvite)
-      @member.cancel!
+    if member.is_a?(MnoEnterprise::User)
+      organization.remove_user(member)
+    elsif member.is_a?(MnoEnterprise::OrgInvite)
+      member.cancel!
     end
     render 'members'
   end
   protected
+    def member
+      @member ||= begin
+        email = params.require(:member).require(:email)
+        # Organizations are already loaded with all users
+        organization.users.to_a.find { |u| u.email == email } ||
+          organization.org_invites.active.where(user_email: email).first
+      end
+    end
     def organization
-      @organization ||= current_user.organizations.to_a.find{ |o| o.id.to_s == params[:id].to_s }
+      @organization ||= begin
+        # Find in arrays if organizations have been fetched
+        # already. Perform remote query otherwise
+        if current_user.organizations.loaded?
+          current_user.organizations.to_a.find { |o| o.id.to_s == params[:id].to_s }
+        else
+          current_user.organizations.where(id: params[:id]).first
+        end
+      end
     end
     def organization_permitted_update_params
@@ -176,4 +197,23 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     def organization_update_params
       params.fetch(:organization, {}).permit(*organization_permitted_update_params)
     end
+    def organization_billing_params
+      params.require(:credit_card).permit(
+        'title', 'first_name', 'last_name', 'number', 'month', 'year', 'country', 'verification_value',
+        'billing_address', 'billing_city', 'billing_postcode', 'billing_country'
+      )
+    end
+    def check_valid_payment_method
+      return true unless organization.payment_restriction.present?
+      if CreditCardValidations::Detector.new(organization_billing_params[:number]).valid?(*organization.payment_restriction)
+        true
+      else
+        cards = organization.payment_restriction.map(&:capitalize).to_sentence
+        @credit_card.errors.add(:number, "Payment is limited to #{cards} Card Holders")
+        false
+      end
+    end
 end