RubyGems - mno-enterprise-api - Versions diffs - 3.2.1 → 3.3.0 - Mend

mno-enterprise-api 3.2.1 → 3.3.0

Files changed (57) hide show

data/lib/mno_enterprise/concerns/controllers/jpi/v1/current_users_controller.rb CHANGED

@@ -8,6 +8,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
   # context where it is included rather than being executed in the module's context
   included do
     before_filter :authenticate_user!, only: [:update, :update_password]
+    before_filter :user_management_enabled?, only: [:update, :update_password]
     respond_to :json
   end
@@ -37,7 +38,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
   def register_developer
     @user = current_user
     if @user.update(developer: true)
-      MnoEnterprise::EventLogger.info('register_developer', current_user.id, "User developer register", @user)
+      MnoEnterprise::EventLogger.info('register_developer', current_user.id, "Developer registration", @user)
       render :show
     else
       render json: @user.errors, status: :bad_request
@@ -65,4 +66,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::CurrentUsersController
     def password_params
       params.require(:user).permit(:current_password, :password, :password_confirmation)
     end
+    def user_management_enabled?
+      return head :forbidden unless Settings.user_management.enabled
+    end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/kpis_controller.rb CHANGED

@@ -50,13 +50,14 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
   #   -> POST /api/mnoe/v1/dashboards/:id/kpis
   #   -> POST /api/mnoe/v1/users/:id/alerts
   def create
-    # TODO: ability for managing widget.
-    authorize! :manage_dashboard, dashboard
-    # TODO: attach widget onto KPI capability.
-    # authorize! :manage_widget, widget if widget
+    if widget.present?
+      authorize! :manage_widget, widget
+    else
+      authorize! :manage_dashboard, dashboard
+    end
     # TODO: nest alert in as a param, with the current user as a recipient.
-    if @kpi = kpi_parent.kpis.create(kpi_create_params)
+    @kpi = kpi_parent.kpis.create(kpi_create_params)
+    unless kpi.errors?
       # Creates a default alert for kpis created with targets defined.
       if kpi.targets.present?
         current_user.alerts.create({service: 'inapp', impac_kpi_id: kpi.id})
@@ -137,13 +138,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
     end
     def kpi_parent
-      # TODO: attach kpi onto widget capability
-      # widget || dashboard
-      dashboard
+      widget || dashboard
     end
     def kpi_create_params
-      whitelist = [:dashboard_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
+      whitelist = [:dashboard_id, :widget_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
       extract_params(whitelist)
     end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/widgets_controller.rb CHANGED

@@ -25,7 +25,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
   def create
     if widgets
       if @widget = widgets.create(widget_create_params)
-        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', @widget)
+        MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Widget Creation', widget)
         @nocontent = true # no data fetch from Connec!
         render 'show'
       else
@@ -40,6 +40,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
   #   -> PUT /api/mnoe/v1/widgets/:id
   def update
     if widget.update(widget_update_params)
+      MnoEnterprise::EventLogger.info('widget_update', current_user.id, 'Widget Update', widget, {widget_action: params[:widget]})
       @nocontent = !params['metadata']
       render 'show'
     else
@@ -73,14 +74,16 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::WidgetsController
     end
     def widget_create_params
-      params.require(:widget).permit(:widget_category).tap do |whitelisted|
+      params.require(:widget).permit(:endpoint, :name, :width).tap do |whitelisted|
         whitelisted[:settings] = params[:widget][:metadata] || {}
+        # TODO: remove when mnohub migrated to new model
+        whitelisted[:widget_category] = params[:widget][:endpoint]
       end
       .except(:metadata)
     end
     def widget_update_params
-      params.require(:widget).permit(:name).tap do |whitelisted|
+      params.require(:widget).permit(:name, :width).tap do |whitelisted|
         whitelisted[:settings] = params[:widget][:metadata] || {}
       end
       .except(:metadata)

data/lib/mno_enterprise/concerns/controllers/jpi/v1/marketplace_controller.rb CHANGED

@@ -15,18 +15,30 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::MarketplaceController
   #==================================================================
   # GET /mnoe/mnoe/jpi/v1/marketplace
   def index
-    @apps = if MnoEnterprise.marketplace_listing
-              MnoEnterprise::App.where('nid.in' => MnoEnterprise.marketplace_listing).to_a
-            else
-              MnoEnterprise::App.all.to_a
-            end
-    @apps.sort_by! { |app| [app.rank ? 0 : 1 , app.rank] } # the nil ranks will appear at the end
-    @categories = MnoEnterprise::App.categories(@apps)
-    @categories.delete('Most Popular')
+    expires_in 0, public: true, must_revalidate: true
+    last_modified = app_relation.order_by('updated_at.desc').limit(1).first.updated_at
+    if stale?(last_modified: last_modified)
+      @apps = app_relation.to_a
+      @apps.sort_by! { |app| [app.rank ? 0 : 1 , app.rank] } # the nil ranks will appear at the end
+      @categories = MnoEnterprise::App.categories(@apps)
+      @categories.delete('Most Popular')
+      respond_to do |format|
+        format.json
+      end
+    end
   end
   # GET /mnoe/jpi/v1/marketplace/1
   def show
     @app = MnoEnterprise::App.find(params[:id])
   end
+  def app_relation
+    if MnoEnterprise.marketplace_listing
+      MnoEnterprise::App.where('nid.in' => MnoEnterprise.marketplace_listing)
+    else
+      MnoEnterprise::App.all
+    end
+  end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb CHANGED

@@ -8,6 +8,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
   # context where it is included rather than being executed in the module's context
   included do
     respond_to :json
+    before_filter :organization_management_enabled?, only: [:create, :update, :destroy, :update_billing,
+                                                           :invite_members, :update_member, :remove_member]
   end
   #==================================================================
@@ -118,6 +120,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
       )
       MnoEnterprise::SystemNotificationMailer.organization_invite(@org_invite).deliver_now
+      MnoEnterprise::EventLogger.info('user_invite', current_user.id, 'User invited', @org_invite)
     end
     # Reload users
@@ -149,9 +152,12 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     case member
     when MnoEnterprise::User
       organization.users.update(id: member.id, role: attributes[:role])
+      MnoEnterprise::EventLogger.info('user_role_update', current_user.id, 'User role update in org', organization, {email: attributes[:email], role: attributes[:role]})
     when MnoEnterprise::OrgInvite
       member.update(user_role: attributes[:role])
+      MnoEnterprise::EventLogger.info('user_role_update', current_user.id, 'User role update in invitation', organization, {email: attributes[:email], role: attributes[:role]})
     end
     render 'members'
   end
@@ -161,8 +167,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
     if member.is_a?(MnoEnterprise::User)
       organization.remove_user(member)
+      MnoEnterprise::EventLogger.info('user_role_delete', current_user.id, 'User removed from org', organization, {email: member.email})
     elsif member.is_a?(MnoEnterprise::OrgInvite)
       member.cancel!
+      MnoEnterprise::EventLogger.info('user_role_delete', current_user.id, 'User removed from invitation', organization, {email: member.user_email})
     end
     render 'members'
@@ -216,4 +224,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::OrganizationsController
         false
       end
     end
+    def organization_management_enabled?
+      return head :forbidden unless Settings.organization_management.enabled
+    end
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/teams_controller.rb CHANGED

@@ -30,6 +30,8 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     authorize! :manage_teams, parent_organization
     @team = parent_organization.teams.create(team_params)
+    MnoEnterprise::EventLogger.info('team_add', current_user.id, 'Team created', @team) if @team
     render 'show'
   end
@@ -45,6 +47,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     if params[:team] && params[:team][:app_instances]
       list = params[:team][:app_instances].select { |e| e != {} }
       @team.set_access_to(list)
+      MnoEnterprise::EventLogger.info('team_apps_update', current_user.id, 'Team apps updated', @team,
+                                      {apps: list.map{|l| l['name']}})
     end
     render 'show'
@@ -64,8 +70,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
   def destroy
     @team = MnoEnterprise::Team.find(params[:id])
     authorize! :manage_teams, @team.organization
     @team.destroy
+    MnoEnterprise::EventLogger.info('team_delete', current_user.id, 'Team deleted', @team) if @team
     head :no_content
   end
@@ -80,7 +89,11 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::TeamsController
     if params[:team] && params[:team][:users]
       id_list = params[:team][:users].map { |h| h[:id] }.compact
       users = @team.organization.users.where('id.in' => id_list)
       users.each { |u| @team.send(action, u) }
+      MnoEnterprise::EventLogger.info('team_update', current_user.id, 'Team composition updated', @team,
+                                      {action: action.to_s, users:  users.map(&:email)})
     end
     render 'show'

data/lib/mno_enterprise/concerns/controllers/pages_controller.rb CHANGED

@@ -1,5 +1,6 @@
 module MnoEnterprise::Concerns::Controllers::PagesController
   extend ActiveSupport::Concern
+  include MnoEnterprise::ImageHelper
   #==================================================================
   # Included methods
@@ -9,6 +10,7 @@ module MnoEnterprise::Concerns::Controllers::PagesController
   included do
     before_filter :authenticate_user!, only: [:launch]
     before_filter :redirect_to_lounge_if_unconfirmed, only: [:launch]
+    helper_method :main_logo_white_bg_path # To use in the provision view
   end
   #==================================================================

data/lib/mno_enterprise/concerns/controllers/webhook/events_controller.rb ADDED

@@ -0,0 +1,22 @@
+module MnoEnterprise::Concerns::Controllers::Webhook::EventsController
+  extend ActiveSupport::Concern
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+    skip_before_filter :verify_authenticity_token
+  end
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # POST /mnoe/webhook/events
+  def create
+    Rails.logger.debug("Received event #{params[:event]}")
+    head :ok
+  end
+end

data/lib/mno_enterprise/concerns/controllers/webhook/o_auth_controller.rb CHANGED

@@ -1,5 +1,6 @@
 module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
   extend ActiveSupport::Concern
+  include MnoEnterprise::ImageHelper
   #==================================================================
   # Included methods
@@ -12,7 +13,7 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
     before_filter :check_permissions, only: [:authorize, :disconnect, :sync]
     PROVIDERS_WITH_OPTIONS = ['xero','myob']
+    helper_method :main_logo_white_bg # To use in the provision view
     private
       def app_instance
         @app_instance ||= MnoEnterprise::AppInstance.where(uid: params[:id]).first
@@ -41,7 +42,7 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
       def error_message(error_key)
         case error_key.to_sym
           when :bad_relinking
-            %{A different account "#{app_instance.oauth_company}" was previously linked to this application, please re-link the same account.}
+            %{A different account '#{app_instance.oauth_company}' was previously linked to this application, please re-link the same account.}
           when :unauthorized
             'We could not validate your credentials, please try again'
           else
@@ -73,10 +74,18 @@ module MnoEnterprise::Concerns::Controllers::Webhook::OAuthController
     path = session.delete(:redirect_path).presence || mnoe_home_path
     if error_key = params.fetch(:oauth, {})[:error]
       path = add_param_to_fragment(path.to_s, 'flash', [{msg: error_message(error_key),  type: :error}.to_json])
     end
+    unless params.fetch(:oauth, {})[:error]
+      case params.fetch(:oauth, {})[:action]
+        when 'sync'
+          MnoEnterprise::EventLogger.info('app_connected', current_user.id, 'App connected', app_instance)
+        when 'disconnect'
+          MnoEnterprise::EventLogger.info('app_disconnected', current_user.id, 'App disconnected', app_instance)
+      end
+    end
     redirect_to path
   end

data/lib/mno_enterprise/event_logger.rb CHANGED

@@ -40,8 +40,8 @@ module MnoEnterprise
     # Get the metadata from the object if not provided
     def self.format_metadata(metadata, object)
-      if metadata.blank? && object.respond_to?(:to_audit_event)
-        object.to_audit_event
+      if object.respond_to?(:to_audit_event)
+        metadata.merge(object.to_audit_event)
       else
         metadata
       end

data/lib/mno_enterprise/intercom_events_listener.rb CHANGED

@@ -17,15 +17,9 @@ module MnoEnterprise
     def info(key, current_user_id, description, subject_type, subject_id, metadata)
       u = User.find(current_user_id)
-      begin
-        intercom.users.find(user_id: current_user_id)
-      rescue Intercom::ResourceNotFound
-        self.update_intercom_user(u)
-      end
       data = {created_at: Time.now.to_i, email: u.email, user_id: u.id, event_name: key.tr('_', '-')}
       case key
         when 'user_update', 'organization_update'
-          self.update_intercom_user(u)
           # convert values to string
           data[:metadata] = Hash[ metadata.collect {|k,v| [k, v.to_s] } ]
         when 'user_confirm'
@@ -48,6 +42,10 @@ module MnoEnterprise
           data[:event_name] = 'added-app-' + metadata[:app_nid]
           data[:metadata] = {type: 'single', app_list: metadata[:app_nid]}
       end
+      # Update user data in intercom
+      # OPTIMIZE: we could fetch the user for intercom and only update fields that have changed
+      self.update_intercom_user(u)
+      # Push the event to intercom
       self.intercom.events.create(data)
     rescue Intercom::IntercomError => e
@@ -55,31 +53,9 @@ module MnoEnterprise
     end
     def update_intercom_user(user, update_last_request_at = true)
-      data = {
-        user_id: user.id,
-        name: [user.name, user.surname].join(' '),
-        email: user.email,
-        created_at: user.created_at.to_i,
-        last_seen_ip: user.last_sign_in_ip,
-        custom_attributes: {},
-        update_last_request_at: update_last_request_at
-      }
-      data[:custom_attributes][:phone]= user.phone if user.phone
-      data[:custom_attributes][:external_id]= user.external_id if user.external_id
+      data = user.intercom_data(update_last_request_at)
       data[:companies] = user.organizations.map do |organization|
-        {
-          company_id: organization.id,
-          name: organization.name,
-          created_at: organization.created_at.to_i,
-          custom_attributes: {
-            industry: organization.industry,
-            size: organization.size,
-            credit_card_details: organization.credit_card?,
-            app_count: organization.app_instances.count,
-            app_list: organization.app_instances.map { |app| app.name }.to_sentence
-          }
-        }
+        format_company(organization)
       end
       intercom.users.create(data)
       tag_user(user)
@@ -91,6 +67,25 @@ module MnoEnterprise
         intercom.tags.tag(name: user.meta_data[:source], users: [{user_id: user.id}])
       end
     end
+    # Formatting
+    # TODO: extract to a CRM service
+    def format_company(organization)
+      {
+        company_id: organization.id,
+        name: organization.name,
+        created_at: organization.created_at.to_i,
+        custom_attributes: {
+          industry: organization.industry,
+          size: organization.size,
+          credit_card_details: organization.has_credit_card_details?,
+          credit_card_expiry: organization.credit_card.expiry_date,
+          app_count: organization.app_instances.count,
+          app_list: organization.app_instances.map(&:name).sort.to_sentence,
+          user_count: organization.users.count
+        }
+      }
+    end
   end
 end

data/spec/controllers/mno_enterprise/admin/invoices_controller_spec.rb ADDED

@@ -0,0 +1,38 @@
+require 'rails_helper'
+module MnoEnterprise
+  describe Admin::InvoicesController, type: :controller do
+    include MnoEnterprise::TestingSupport::SharedExamples::JpiV1Admin
+    render_views
+    routes { MnoEnterprise::Engine.routes }
+    #===============================================
+    # Assignments
+    #===============================================
+    # Stub user and user call
+    let(:user) { FactoryGirl.build(:user, :admin) }
+    before { api_stub_for(get: "/users/#{user.id}", response: from_api(user)) }
+    before { sign_in user }
+    # Stub model calls
+    let(:organization) { build(:organization) }
+    let(:invoice) { build(:invoice, organization_id: organization.id) }
+    # before { api_stub_for(get: "/users/#{user.id}", response: from_api(user)) }
+    before { api_stub_for(get: "/organizations/#{organization.id}", response: from_api(organization)) }
+    # before { api_stub_for(get: "/users/#{user.id}/organizations/#{organization.id}", response: from_api(organization)) }
+    before { api_stub_for(get: "/invoices", params: { filter: { slug: '**' } }, response: from_api([invoice])) }
+    describe "GET #show" do
+      subject { get :show, id: invoice.slug }
+      it_behaves_like "a jpi v1 admin action"
+      context 'success' do
+        it { subject; expect(response).to be_success }
+      end
+    end
+  end
+end