RubyGems - mno-enterprise-api - Versions diffs - 3.2.1 → 3.3.0 - Mend

mno-enterprise-api 3.2.1 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

data/lib/mno_enterprise/concerns/controllers/jpi/v1/current_users_controller.rb CHANGED

@@ -8,6 +8,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
   # context where it is included rather than being executed in the module's context
   included do
     before_filter :authenticate_user!, only: [:update, :update_password]
+    before_filter :user_management_enabled?, only: [:update, :update_password]
     respond_to :json
   end
@@ -37,7 +38,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
   def register_developer
     @user = current_user
     if @user.update(developer: true)
-      MnoEnterprise::EventLogger.info('register_developer', current_user.id, "User developer register", @user)
+      MnoEnterprise::EventLogger.info('register_developer', current_user.id, "Developer registration", @user)
       render :show
     else
       render json: @user.errors, status: :bad_request
@@ -65,4 +66,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
     def password_params
       params.require(:user).permit(:current_password, :password, :password_confirmation)
     end
+    def user_management_enabled?
+      return head :forbidden unless Settings.user_management.enabled
+    end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/kpis_controller.rb CHANGED

@@ -50,13 +50,14 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
   #   -> POST /api/mnoe/v1/dashboards/:id/kpis
   #   -> POST /api/mnoe/v1/users/:id/alerts
   def create
-    # TODO: ability for managing widget.
-    authorize! :manage_dashboard, dashboard
-    # TODO: attach widget onto KPI capability.
-    # authorize! :manage_widget, widget if widget
+    if widget.present?
+      authorize! :manage_widget, widget
+    else
+      authorize! :manage_dashboard, dashboard
+    end
     # TODO: nest alert in as a param, with the current user as a recipient.
-    if @kpi = kpi_parent.kpis.create(kpi_create_params)
+    @kpi = kpi_parent.kpis.create(kpi_create_params)
+    unless kpi.errors?
       # Creates a default alert for kpis created with targets defined.
       if kpi.targets.present?
         current_user.alerts.create({service: 'inapp', impac_kpi_id: kpi.id})
@@ -137,13 +138,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
     end
     def kpi_parent
-      # TODO: attach kpi onto widget capability
-      # widget || dashboard
-      dashboard
+      widget || dashboard
     end
     def kpi_create_params
-      whitelist = [:dashboard_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
+      whitelist = [:dashboard_id, :widget_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
       extract_params(whitelist)
     end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/widgets_controller.rb CHANGED

@@ -25,7 +25,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
   def create
     if widgets
       if @widget = widgets.create(widget_create_params)
-        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', @widget)
+        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', widget)
         @nocontent = true # no data fetch from Connec!
         render 'show'
       else
@@ -40,6 +40,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
   #   -> PUT /api/mnoe/v1/widgets/:id
   def update
     if widget.update(widget_update_params)
+      MnoEnterprise::EventLogger.info('widget_update', current_user.id, 'Widget Update', widget, {widget_action: params[:widget]})
       @nocontent = !params['metadata']
       render 'show'
     else
@@ -73,14 +74,16 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
     end
     def widget_create_params
-      params.require(:widget).permit(:widget_category).tap do |whitelisted|
+      params.require(:widget).permit(:endpoint, :name, :width).tap do |whitelisted|
         whitelisted[:settings] = params[:widget][:metadata] || {}
+        # TODO: remove when mnohub migrated to new model
+        whitelisted[:widget_category] = params[:widget][:endpoint]
       end
       .except(:metadata)
     end
     def widget_update_params
-      params.require(:widget).permit(:name).tap do |whitelisted|
+      params.require(:widget).permit(:name, :width).tap do |whitelisted|
         whitelisted[:settings] = params[:widget][:metadata] || {}
       end
       .except(:metadata)

data/lib/mno_enterprise/concerns/controllers/jpi/v1/marketplace_controller.rb CHANGED

@@ -15,18 +15,30 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::MarketplaceController
   #==================================================================
   # GET /mnoe/mnoe/jpi/v1/marketplace
   def index
-    @apps = if MnoEnterprise.marketplace_listing
-              MnoEnterprise::App.where('nid.in' => MnoEnterprise.marketplace_listing).to_a
-            else
-              MnoEnterprise::App.all.to_a
-            end
-    @apps.sort_by! { |app| [app.rank ? 0 : 1 , app.rank] } # the nil ranks will appear at the end
-    @categories = MnoEnterprise::App.categories(@apps)
-    @categories.delete('Most Popular')
+    expires_in 0, public: true, must_revalidate: true
+    last_modified = app_relation.order_by('updated_at.desc').limit(1).first.updated_at
+    if stale?(last_modified: last_modified)
+      @apps = app_relation.to_a
+      @apps.sort_by! { |app| [app.rank ? 0 : 1 , app.rank] } # the nil ranks will appear at the end
+      @categories = MnoEnterprise::App.categories(@apps)
+      @categories.delete('Most Popular')
+      respond_to do |format|
+        format.json
+      end
+    end
   end
   # GET /mnoe/jpi/v1/marketplace/1
   def show
     @app = MnoEnterprise::App.find(params[:id])
   end
+  def app_relation
+    if MnoEnterprise.marketplace_listing
+      MnoEnterprise::App.where('nid.in' => MnoEnterprise.marketplace_listing)
+    else
+      MnoEnterprise::App.all
+    end
+  end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb CHANGED

@@ -8,6 +8,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
   # context where it is included rather than being executed in the module's context
   included do
     respond_to :json
+    before_filter :organization_management_enabled?, only: [:create, :update, :destroy, :update_billing,
+                                                           :invite_members, :update_member, :remove_member]
   end
   #==================================================================
@@ -118,6 +120,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
       )
       MnoEnterprise::SystemNotificationMailer.organization_invite(@org_invite).deliver_now
+      MnoEnterprise::EventLogger.info('user_invite', current_user.id, 'User invited', @org_invite)
     end
     # Reload users
@@ -149,9 +152,12 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     case member
     when MnoEnterprise::User
       organization.users.update(id: member.id, role: attributes[:role])
+      MnoEnterprise::EventLogger.info('user_role_update', current_user.id, 'User role update in org', organization, {email: attributes[:email], role: attributes[:role]})
     when MnoEnterprise::OrgInvite
       member.update(user_role: attributes[:role])
+      MnoEnterprise::EventLogger.info('user_role_update', current_user.id, 'User role update in invitation', organization, {email: attributes[:email], role: attributes[:role]})
     end
     render 'members'
   end
@@ -161,8 +167,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     if member.is_a?(MnoEnterprise::User)
       organization.remove_user(member)
+      MnoEnterprise::EventLogger.info('user_role_delete', current_user.id, 'User removed from org', organization, {email: member.email})
     elsif member.is_a?(MnoEnterprise::OrgInvite)
       member.cancel!
+      MnoEnterprise::EventLogger.info('user_role_delete', current_user.id, 'User removed from invitation', organization, {email: member.user_email})
     end
     render 'members'
@@ -216,4 +224,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
         false
       end
     end
+    def organization_management_enabled?
+      return head :forbidden unless Settings.organization_management.enabled
+    end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/teams_controller.rb CHANGED

@@ -30,6 +30,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     authorize! :manage_teams, parent_organization
     @team = parent_organization.teams.create(team_params)
+    MnoEnterprise::EventLogger.info('team_add', current_user.id, 'Team created', @team) if @team
     render 'show'
   end
@@ -45,6 +47,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     if params[:team] && params[:team][:app_instances]
       list = params[:team][:app_instances].select { |e| e != {} }
       @team.set_access_to(list)
+      MnoEnterprise::EventLogger.info('team_apps_update', current_user.id, 'Team apps updated', @team,
+                                      {apps: list.map{|l| l['name']}})
     end
     render 'show'
@@ -64,8 +70,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
   def destroy
     @team = MnoEnterprise::Team.find(params[:id])
     authorize! :manage_teams, @team.organization
     @team.destroy
+    MnoEnterprise::EventLogger.info('team_delete', current_user.id, 'Team deleted', @team) if @team
     head :no_content
   end
@@ -80,7 +89,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     if params[:team] && params[:team][:users]
       id_list = params[:team][:users].map { |h| h[:id] }.compact
       users = @team.organization.users.where('id.in' => id_list)
       users.each { |u| @team.send(action, u) }
+      MnoEnterprise::EventLogger.info('team_update', current_user.id, 'Team composition updated', @team,
+                                      {action: action.to_s, users:  users.map(&:email)})
     end
     render 'show'

data/lib/mno_enterprise/concerns/controllers/pages_controller.rb CHANGED

@@ -1,5 +1,6 @@
 module MnoEnterprise::Concerns::Controllers::PagesController
   extend ActiveSupport::Concern
+  include MnoEnterprise::ImageHelper
   #==================================================================
   # Included methods
@@ -9,6 +10,7 @@ module MnoEnterprise::Concerns::Controllers::PagesController
   included do
     before_filter :authenticate_user!, only: [:launch]
     before_filter :redirect_to_lounge_if_unconfirmed, only: [:launch]
+    helper_method :main_logo_white_bg_path # To use in the provision view
   end
   #==================================================================

data/lib/mno_enterprise/concerns/controllers/webhook/events_controller.rb ADDED

@@ -0,0 +1,22 @@
+module MnoEnterprise::Concerns::Controllers::Webhook::EventsController
+  extend ActiveSupport::Concern
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    skip_before_filter :verify_authenticity_token
+  end
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # POST /mnoe/webhook/events
+  def create
+    Rails.logger.debug("Received event #{params[:event]}")
+    head :ok
+  end
+end

data/lib/mno_enterprise/concerns/controllers/webhook/o_auth_controller.rb CHANGED

@@ -1,5 +1,6 @@
 module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
   extend ActiveSupport::Concern
+  include MnoEnterprise::ImageHelper
   #==================================================================
   # Included methods
@@ -12,7 +13,7 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
     before_filter :check_permissions, only: [:authorize, :disconnect, :sync]
     PROVIDERS_WITH_OPTIONS = ['xero','myob']
+    helper_method :main_logo_white_bg # To use in the provision view
     private
       def app_instance
         @app_instance ||= MnoEnterprise::AppInstance.where(uid: params[:id]).first
@@ -41,7 +42,7 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
       def error_message(error_key)
         case error_key.to_sym
           when :bad_relinking
-            %{A different account "#{app_instance.oauth_company}" was previously linked to this application, please re-link the same account.}
+            %{A different account '#{app_instance.oauth_company}' was previously linked to this application, please re-link the same account.}
           when :unauthorized
             'We could not validate your credentials, please try again'
           else
@@ -73,10 +74,18 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
     path = session.delete(:redirect_path).presence || mnoe_home_path
     if error_key = params.fetch(:oauth, {})[:error]
       path = add_param_to_fragment(path.to_s, 'flash', [{msg: error_message(error_key),  type: :error}.to_json])
     end
+    unless params.fetch(:oauth, {})[:error]
+      case params.fetch(:oauth, {})[:action]
+        when 'sync'
+          MnoEnterprise::EventLogger.info('app_connected', current_user.id, 'App connected', app_instance)
+        when 'disconnect'
+          MnoEnterprise::EventLogger.info('app_disconnected', current_user.id, 'App disconnected', app_instance)
+      end
+    end
     redirect_to path
   end

data/lib/mno_enterprise/event_logger.rb CHANGED

@@ -40,8 +40,8 @@ module MnoEnterprise
     # Get the metadata from the object if not provided
     def self.format_metadata(metadata, object)
-      if metadata.blank? && object.respond_to?(:to_audit_event)
-        object.to_audit_event
+      if object.respond_to?(:to_audit_event)
+        metadata.merge(object.to_audit_event)
       else
         metadata
       end

data/lib/mno_enterprise/intercom_events_listener.rb CHANGED

@@ -17,15 +17,9 @@ module MnoEnterprise
     def info(key, current_user_id, description, subject_type, subject_id, metadata)
       u = User.find(current_user_id)
-      begin
-        intercom.users.find(user_id: current_user_id)
-      rescue Intercom::ResourceNotFound
-        self.update_intercom_user(u)
-      end
       data = {created_at: Time.now.to_i, email: u.email, user_id: u.id, event_name: key.tr('_', '-')}
       case key
         when 'user_update', 'organization_update'
-          self.update_intercom_user(u)
           # convert values to string
           data[:metadata] = Hash[ metadata.collect {|k,v| [k, v.to_s] } ]
         when 'user_confirm'
@@ -48,6 +42,10 @@ module MnoEnterprise
           data[:event_name] = 'added-app-' + metadata[:app_nid]
           data[:metadata] = {type: 'single', app_list: metadata[:app_nid]}
       end
+      # Update user data in intercom
+      # OPTIMIZE: we could fetch the user for intercom and only update fields that have changed
+      self.update_intercom_user(u)
+      # Push the event to intercom
       self.intercom.events.create(data)
     rescue Intercom::IntercomError => e
@@ -55,31 +53,9 @@ module MnoEnterprise
     end
     def update_intercom_user(user, update_last_request_at = true)
-      data = {
-        user_id: user.id,
-        name: [user.name, user.surname].join(' '),
-        email: user.email,
-        created_at: user.created_at.to_i,
-        last_seen_ip: user.last_sign_in_ip,
-        custom_attributes: {},
-        update_last_request_at: update_last_request_at
-      }
-      data[:custom_attributes][:phone]= user.phone if user.phone
-      data[:custom_attributes][:external_id]= user.external_id if user.external_id
+      data = user.intercom_data(update_last_request_at)
       data[:companies] = user.organizations.map do |organization|
-        {
-          company_id: organization.id,
-          name: organization.name,
-          created_at: organization.created_at.to_i,
-          custom_attributes: {
-            industry: organization.industry,
-            size: organization.size,
-            credit_card_details: organization.credit_card?,
-            app_count: organization.app_instances.count,
-            app_list: organization.app_instances.map { |app| app.name }.to_sentence
-          }
-        }
+        format_company(organization)
       end
       intercom.users.create(data)
       tag_user(user)
@@ -91,6 +67,25 @@ module MnoEnterprise
         intercom.tags.tag(name: user.meta_data[:source], users: [{user_id: user.id}])
       end
     end
+    # Formatting
+    # TODO: extract to a CRM service
+    def format_company(organization)
+      {
+        company_id: organization.id,
+        name: organization.name,
+        created_at: organization.created_at.to_i,
+        custom_attributes: {
+          industry: organization.industry,
+          size: organization.size,
+          credit_card_details: organization.has_credit_card_details?,
+          credit_card_expiry: organization.credit_card.expiry_date,
+          app_count: organization.app_instances.count,
+          app_list: organization.app_instances.map(&:name).sort.to_sentence,
+          user_count: organization.users.count
+        }
+      }
+    end
   end
 end

data/spec/controllers/mno_enterprise/admin/invoices_controller_spec.rb ADDED

@@ -0,0 +1,38 @@
+require 'rails_helper'
+module MnoEnterprise
+  describe Admin::InvoicesController, type: :controller do
+    include MnoEnterprise::TestingSupport::SharedExamples::JpiV1Admin
+    render_views
+    routes { MnoEnterprise::Engine.routes }
+    #===============================================
+    # Assignments
+    #===============================================
+    # Stub user and user call
+    let(:user) { FactoryGirl.build(:user, :admin) }
+    before { api_stub_for(get: "/users/#{user.id}", response: from_api(user)) }
+    before { sign_in user }
+    # Stub model calls
+    let(:organization) { build(:organization) }
+    let(:invoice) { build(:invoice, organization_id: organization.id) }
+    # before { api_stub_for(get: "/users/#{user.id}", response: from_api(user)) }
+    before { api_stub_for(get: "/organizations/#{organization.id}", response: from_api(organization)) }
+    # before { api_stub_for(get: "/users/#{user.id}/organizations/#{organization.id}", response: from_api(organization)) }
+    before { api_stub_for(get: "/invoices", params: { filter: { slug: '**' } }, response: from_api([invoice])) }
+    describe "GET #show" do
+      subject { get :show, id: invoice.slug }
+      it_behaves_like "a jpi v1 admin action"
+      context 'success' do
+        it { subject; expect(response).to be_success }
+      end
+    end
+  end
+end