mno-enterprise-api 3.3.3 → 3.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: '099fadd5ea1001d81625619146fae278ac0e4dc5'
-  data.tar.gz: 6ae4bbbc3816b0586207eaa69ef00553d15757e4
+SHA256:
+  metadata.gz: 7290fdf449f59fbeb71e5640c79c6d225d2c51e83c799c054985de5bf9f348c3
+  data.tar.gz: 664d0e7bfdbadab11c4b02c99bcf2aab9f83e5d760afe12ddcda99b847f87aba
 SHA512:
-  metadata.gz: c1e148479e13a8cf64bde6d1b616a7cb603f5a033f938f410bce5dcfa69d2e2ea58881437ee395568ccaede17d8cc1e56a8c03485e8808acad167e3bc63f766e
-  data.tar.gz: 6f10048ccefcb4eff756ee4cc67925e0114c31c896c7729220e31238c32f6eecce8d9e1c61ddb61cdba80ce1e2441a4616af6d072336e4ed0aec5b5a7423efdb
+  metadata.gz: a47f6e4ce122b6604805fd94c4230ed90d304a0b7240ca57841b0740c7836e8e13a2aeb9de8ae4231a5b3d52259c9638170f2975a3c7a3711e628472b5a1581a
+  data.tar.gz: e854f824bd91dd97c017747d37fc7b8c6f0c2c16c996c401c945e724285d8ce4c817fe79efeb7b1b08f5f0e5ccbddb505c86df3bdf36eace070370309bb72c23

data/app/controllers/mno_enterprise/jpi/v1/admin/impac/dashboards_controller.rb

@@ -0,0 +1,105 @@
+module MnoEnterprise
+  # TODO: DRY with dashboard templates?
+  class Jpi::V1::Admin::Impac::DashboardsController < Jpi::V1::Admin::BaseResourceController
+    # GET /mnoe/jpi/v1/admin/impac/dashboards
+    def index
+      if params[:where]
+        data_source = params[:where].delete(:data_sources)
+        params[:where]['settings.like'] = "%#{data_source}%"
+      end
+
+      @dashboards = MnoEnterprise::Impac::Dashboard
+      @dashboards = @dashboards.limit(params[:limit]) if params[:limit]
+      @dashboards = @dashboards.skip(params[:offset]) if params[:offset]
+      @dashboards = @dashboards.order_by(params[:order_by]) if params[:order_by]
+      @dashboards = @dashboards.where(params[:where]) if params[:where]
+      @dashboards = @dashboards.where(owner_type: 'User', owner_id: current_user.id)
+      @dashboards = @dashboards.all.fetch
+
+      response.headers['X-Total-Count'] = @dashboards.metadata[:pagination][:count]
+    end
+
+    # POST /mnoe/jpi/v1/admin/impac/dashboard
+    def create
+      @dashboard = MnoEnterprise::Impac::Dashboard.new(dashboard_params)
+
+      # Abort on failure
+      unless @dashboard.save
+        return render json: { errors: dashboard.errors }, status: :bad_request
+      end
+
+      MnoEnterprise::EventLogger.info('dashboard_create', current_user.id, 'Dashboard Creation', @dashboard)
+      render :show
+    end
+
+    # PATCH/PUT /mnoe/jpi/v1/admin/impac/dashboards/1
+    def update
+      return render json: { errors: { message: 'Dashboard not found' } }, status: :not_found unless dashboard
+
+      # Abort on failure
+      unless dashboard.update(dashboard_params)
+        return render json: { errors: dashboard.errors }, status: :bad_request
+      end
+
+      MnoEnterprise::EventLogger.info('dashboard_update', current_user.id, 'Dashboard Update', dashboard)
+      render :show
+    end
+
+    # DELETE /mnoe/jpi/v1/admin/impac/dashboards/1
+    def destroy
+      return render json: { errors: { message: 'Dashboard not found' } }, status: :not_found unless dashboard
+
+      # Abort on failure
+      unless dashboard.destroy
+        return render json: { errors: 'Cannot destroy dashboard' }, status: :bad_request
+      end
+
+      MnoEnterprise::EventLogger.info('dashboard_delete', current_user.id, 'Dashboard Deletion', dashboard)
+      head status: :ok
+    end
+
+    # Allows to create a dashboard using another dashboard as a source
+    # At the moment, only dashboards of type "template" can be copied
+    # Ultimately we could allow the creation of dashboards from any other dashboard
+    # ---------------------------------
+    # POST mnoe/jpi/v1/admin/impac/dashboards/1/copy
+    def copy
+      render json: { errors: { message: 'Dashboard template not found' } }, status: :not_found unless template
+
+      # Owner is the current user by default, can be overriden to something else (eg: current organization)
+      @dashboard = template.copy(current_user, dashboard_params[:name], dashboard_params[:organization_ids])
+
+      unless @dashboard.present?
+        return render json: { errors: 'Cannot copy template' }, status: :bad_request
+      end
+
+      render :show
+    end
+
+    protected
+
+    def dashboard
+      # Staff dashboard is scoped to current staff
+      @dashboard ||= MnoEnterprise::Impac::Dashboard.find_by(id: params[:id], owner_type: 'User', owner_id: current_user.id)
+    end
+
+    def template
+      # Templates are available to all staff
+      @template ||= MnoEnterprise::Impac::Dashboard.templates.find(params[:id])
+    end
+
+    def whitelisted_params
+      [:name, :currency, { widgets_order: [] }, { organization_ids: [] }]
+    end
+
+    # Allows all metadata attrs to be permitted, and maps it to :settings
+    # for the Her "meta_data" issue.
+    def dashboard_params
+      params.require(:dashboard).permit(*whitelisted_params).tap do |whitelisted|
+        whitelisted[:settings] = params[:dashboard][:metadata] || {}
+      end
+      .except(:metadata)
+      .merge(owner_type: 'User', owner_id: current_user.id)
+    end
+  end
+end

data/app/controllers/mno_enterprise/jpi/v1/admin/impac/widgets_controller.rb

@@ -1,18 +1,20 @@
 module MnoEnterprise
   # From the Admin panel, an admin can:
+  # - add widgets to staff dashboards (passing the dashboard id)
   # - add widgets to template dashboards (passing the dashboard template id)
   # - update any widget (passing its id)
   # - delete any widget (passing its id)
   class Jpi::V1::Admin::Impac::WidgetsController < Jpi::V1::Admin::BaseResourceController
 
     # POST /mnoe/jpi/v1/admin/impac/dashboard_templates/:id/widgets
+    # POST /mnoe/jpi/v1/admin/impac/dashboards/:id/widgets
     def create
-      return render json: { errors: { message: 'Dashboard template not found' } }, status: :not_found unless template.present?
+      return render json: { errors: { message: "#{container} not found" } }, status: :not_found unless dashboard.present?
 
-      @widget = template.widgets.create(widget_create_params)
+      @widget = dashboard.widgets.create(widget_create_params)
       return render json: { errors: (widget && widget.errors).to_a }, status: :bad_request unless widget.present? && widget.valid?
 
-      MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Template Widget Creation', widget)
+      MnoEnterprise::EventLogger.info('widget_create', current_user.id, "#{container} Widget Creation", widget)
       @no_content = true
       render 'show'
     end
@@ -23,7 +25,7 @@ module MnoEnterprise
         return render json: { errors: 'Cannot update widget' }, status: :bad_request
       end
 
-      MnoEnterprise::EventLogger.info('widget_update', current_user.id, 'Template Widget Update', widget)
+      MnoEnterprise::EventLogger.info('widget_update', current_user.id, "#{container} Widget Update", widget)
       @nocontent = !params['metadata']
       render 'show'
     end
@@ -34,14 +36,23 @@ module MnoEnterprise
         return render json: { errors: 'Cannot delete widget' }, status: :bad_request
       end
 
-      MnoEnterprise::EventLogger.info('widget_delete', current_user.id, 'Template Widget Deletion', widget)
+      MnoEnterprise::EventLogger.info('widget_delete', current_user.id, "#{container} Widget Deletion", widget)
       head status: :ok
     end
 
     private
 
-    def template
-      MnoEnterprise::Impac::Dashboard.templates.find(params[:dashboard_template_id].to_i)
+    def dashboard
+      @dashboard ||= if params[:dashboard_template_id]
+                       MnoEnterprise::Impac::Dashboard.templates.find(params[:dashboard_template_id])
+                     elsif params[:dashboard_id]
+                       MnoEnterprise::Impac::Dashboard.find_by(id: params[:dashboard_id], owner_type: 'User', owner_id: current_user.id)
+                     end
+    end
+
+    # Used to customise the error message
+    def container
+      params[:dashboard_template_id] ? 'Dashboard template' : 'Dashboard'
     end
 
     def widget
@@ -49,7 +60,8 @@ module MnoEnterprise
     end
 
     def widget_create_params
-      params.require(:widget).permit(:endpoint, :name, :width).tap do |whitelisted|
+      permitted_attrs = [:endpoint, :name, :width, { layouts: [] }]
+      params.require(:widget).permit(*permitted_attrs).tap do |whitelisted|
         whitelisted[:settings] = params[:widget][:metadata] || {}
         # TODO: remove when all deployed versions of Impac! Angular will be above v1.5.0
         # When this is done:

data/app/controllers/mno_enterprise/jpi/v1/admin/invoices_controller.rb

@@ -52,7 +52,7 @@ module MnoEnterprise
 
     def format_money(money)
       if money
-        {amount: money.amount, currency: money.currency_as_string}
+        {amount: money.amount, currency: money.currency.to_s}
       else
         {amount: 'N/A', currency: ''}
       end

data/app/controllers/mno_enterprise/jpi/v1/admin/organizations_controller.rb

@@ -1,144 +1,5 @@
 module MnoEnterprise
   class Jpi::V1::Admin::OrganizationsController < Jpi::V1::Admin::BaseResourceController
-
-    # GET /mnoe/jpi/v1/admin/organizations
-    def index
-      if params[:terms]
-        # Search mode
-        @organizations = []
-        JSON.parse(params[:terms]).map { |t| @organizations = @organizations | MnoEnterprise::Organization.where(Hash[*t]).fetch }
-        response.headers['X-Total-Count'] = @organizations.count
-      else
-        # Index mode
-        @organizations = MnoEnterprise::Organization
-        @organizations = @organizations.limit(params[:limit]) if params[:limit]
-        @organizations = @organizations.skip(params[:offset]) if params[:offset]
-        @organizations = @organizations.order_by(params[:order_by]) if params[:order_by]
-        @organizations = @organizations.where(params[:where]) if params[:where]
-        @organizations = @organizations.all.fetch
-        response.headers['X-Total-Count'] = @organizations.metadata[:pagination][:count]
-      end
-    end
-
-    # GET /mnoe/jpi/v1/admin/organizations/1
-    def show
-      @organization = MnoEnterprise::Organization.find(params[:id])
-      @organization_active_apps = @organization.app_instances.active.to_a
-    end
-
-    # GET /mnoe/jpi/v1/admin/organizations/in_arrears
-    def in_arrears
-      @arrears = MnoEnterprise::ArrearsSituation.all.fetch
-    end
-
-    # GET /mnoe/jpi/v1/admin/organizations/count
-    def count
-      organizations_count = MnoEnterprise::Tenant.get('tenant').organizations_count
-      render json: {count: organizations_count }
-    end
-
-    # POST /mnoe/jpi/v1/admin/organizations
-    def create
-      # Create new organization
-      @organization = MnoEnterprise::Organization.create(organization_update_params)
-
-      # OPTIMIZE: move this into a delayed job?
-      update_app_list
-
-      @organization_active_apps = @organization.app_instances
-
-      render 'show'
-    end
-
-    # PATCH /mnoe/jpi/v1/admin/organizations/1
-    def update
-      # get organization
-      @organization = MnoEnterprise::Organization.find(params[:id])
-
-      update_app_list
-
-      @organization_active_apps = @organization.app_instances.active
-
-      render 'show'
-    end
-
-    # POST /mnoe/jpi/v1/admin/organizations/1/users
-    # Invite a user to the organization (and create it if needed)
-    # This does not send any emails (emails are manually triggered later)
-    def invite_member
-      @organization = MnoEnterprise::Organization.find(params[:id])
-
-      # Find or create a new user - We create it in the frontend as MnoHub will send confirmation instructions for newly
-      # created users
-      user = MnoEnterprise::User.find_by(email: user_params[:email]) || create_unconfirmed_user(user_params)
-
-      # Create the invitation
-      invite = @organization.org_invites.create(
-        user_email: user.email,
-        user_role: params[:user][:role],
-        referrer_id: current_user.id,
-        status: 'staged' # Will be updated to 'accepted' for unconfirmed users
-      )
-
-      @user = if user.confirmed?
-        invite.accept!(user)
-        invite.reload
-      else
-        user.reload
-      end
-    end
-
-    protected
-
-    def organization_permitted_update_params
-      [:name]
-    end
-
-    def organization_update_params
-      params.fetch(:organization, {}).permit(*organization_permitted_update_params)
-    end
-
-    def user_params
-      params.require(:user).permit(:email, :name, :surname, :phone)
-    end
-
-    # Create an unconfirmed user and skip the confirmation notification
-    # TODO: monkey patch User#confirmation_required? to simplify this? Use refinements?
-    def create_unconfirmed_user(user_params)
-      user = MnoEnterprise::User.new(user_params)
-      user.skip_confirmation_notification!
-      user.save
-
-      # Reset the confirmation field so we can track when the invite is send - #confirmation_sent_at is when the confirmation_token was generated (not sent)
-      # Not ideal as we do 2 saves, and the previous save trigger a call to the backend to validate the token uniqueness
-      user.assign_attributes(confirmation_sent_at: nil, confirmation_token: nil)
-      user.save
-      user
-    end
-
-    # Update App List to match the list passed in params
-    def update_app_list
-      # Differentiate between a null app_nids params and no app_nids params
-      if params[:organization].key?(:app_nids) && (desired_nids = Array(params[:organization][:app_nids]))
-
-        existing_apps = @organization.app_instances.active
-
-        existing_apps.each do |app_instance|
-          desired_nids.delete(app_instance.app.nid) || app_instance.terminate
-        end
-
-        desired_nids.each do |nid|
-          begin
-            @organization.app_instances.create(product: nid)
-          rescue => e
-            Rails.logger.error { "#{e.message} #{e.backtrace.join("\n")}" }
-          end
-
-        end
-
-        # Force reload
-        existing_apps.reload
-      end
-    end
+    include MnoEnterprise::Concerns::Controllers::Jpi::V1::Admin::OrganizationsController
   end
 end

data/app/controllers/mno_enterprise/jpi/v1/admin/sub_tenants_controller.rb

@@ -0,0 +1,64 @@
+module MnoEnterprise
+  class Jpi::V1::Admin::SubTenantsController < Jpi::V1::Admin::BaseResourceController
+
+    before_filter :check_sub_tenant_authorization, only: [:create, :update, :delete]
+
+    # GET /mnoe/jpi/v1/admin/sub_tenants
+    def index
+      # Index mode
+      @sub_tenants = MnoEnterprise::SubTenant
+      @sub_tenants = @sub_tenants.limit(params[:limit]) if params[:limit]
+      @sub_tenants = @sub_tenants.skip(params[:offset]) if params[:offset]
+      @sub_tenants = @sub_tenants.order_by(params[:order_by]) if params[:order_by]
+      @sub_tenants = @sub_tenants.where(params[:where]) if params[:where]
+      @sub_tenants = @sub_tenants.all
+      response.headers['X-Total-Count'] = @sub_tenants.metadata[:pagination][:count]
+    end
+
+    # GET /mnoe/jpi/v1/admin/sub_tenants/1
+    def show
+      @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
+      @sub_tenant_clients = @sub_tenant.clients
+      @sub_tenant_account_managers = @sub_tenant.account_managers
+    end
+
+    # POST /mnoe/jpi/v1/admin/sub_tenants
+    def create
+      @sub_tenant = MnoEnterprise::SubTenant.build(sub_tenant_params)
+      if @sub_tenant.save
+        render :show
+      else
+        render json: @sub_tenant.errors, status: :bad_request
+      end
+    end
+
+    # PATCH /mnoe/jpi/v1/admin/sub_tenant/:id
+    def update
+      @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
+
+      if @sub_tenant.update(sub_tenant_params)
+        @sub_tenant_clients = @sub_tenant.clients
+        @sub_tenant_account_managers = @sub_tenant.account_managers
+        render :show
+      else
+        render json: @sub_tenant.errors, status: :bad_request
+      end
+    end
+
+    # DELETE /mnoe/jpi/v1/admin/sub_tenant/1
+    def destroy
+      @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
+      @sub_tenant.destroy
+      head :no_content
+    end
+
+    def check_sub_tenant_authorization
+      authorize! :manage_sub_tenant, MnoEnterprise::SubTenant
+    end
+
+    private
+    def sub_tenant_params
+      params.require(:sub_tenant).permit(:name, client_ids: [], account_manager_ids: [])
+    end
+  end
+end

data/app/controllers/mno_enterprise/jpi/v1/admin/users_controller.rb

@@ -10,12 +10,17 @@ module MnoEnterprise
         response.headers['X-Total-Count'] = @users.count
       else
         # Index mode
-        @users = MnoEnterprise::User
-        @users = @users.limit(params[:limit]) if params[:limit]
-        @users = @users.skip(params[:offset]) if params[:offset]
-        @users = @users.order_by(params[:order_by]) if params[:order_by]
-        @users = @users.where(params[:where]) if params[:where]
-        @users = @users.all.fetch
+        query = MnoEnterprise::User
+        query = query.limit(params[:limit]) if params[:limit]
+        query = query.skip(params[:offset]) if params[:offset]
+        query = query.order_by(params[:order_by]) if params[:order_by]
+        query = query.where(params[:where]) if params[:where]
+        all = query.all
+        all.params[:sub_tenant_id] = params[:sub_tenant_id]
+        all.params[:account_manager_id] = params[:account_manager_id]
+
+        @users = all.fetch
+
         response.headers['X-Total-Count'] = @users.metadata[:pagination][:count]
       end
     end
@@ -24,12 +29,12 @@ module MnoEnterprise
     def show
       @user = MnoEnterprise::User.find(params[:id])
       @user_organizations = @user.organizations
+      @user_clients = @user.clients
     end
 
     # POST /mnoe/jpi/v1/admin/users
     def create
       @user = MnoEnterprise::User.build(user_create_params)
-
       if @user.save
         render :show
       else
@@ -40,10 +45,11 @@ module MnoEnterprise
     # PATCH /mnoe/jpi/v1/admin/users/:id
     def update
       # TODO: replace with authorize/ability
-      if current_user.admin_role == "admin"
+      if current_user.admin_role.in? %w(admin sub_tenant_admin)
         @user = MnoEnterprise::User.find(params[:id])
-        @user.update(user_params)
 
+        @user.update(user_update_params)
+        @user_clients = @user.clients
         render :show
       else
         render :index, status: :unauthorized
@@ -74,21 +80,25 @@ module MnoEnterprise
 
     private
 
-    def user_params
-      params.require(:user).permit(:admin_role)
-    end
-
-    def user_create_params
-      attrs = [:name, :surname, :email, :phone]
-
+    def user_update_params
+      attrs = [:name, :surname, :email, :phone, client_ids: []]
       # TODO: replace with authorize/ability
-      if current_user.admin_role == "admin"
+      if current_user.admin_role == 'admin'
         attrs << :admin_role
+        attrs << :mnoe_sub_tenant_id
+      end
+      user_param = params.require(:user)
+      updated_params = user_param.permit(attrs)
+      updated_params[:client_ids] ||= [] if user_param.has_key?(:client_ids)
+      # if the user is updated to admin or division admin, his clients are cleared
+      if updated_params[:admin_role] && updated_params[:admin_role] != 'staff'
+        updated_params[:client_ids] = []
       end
+      updated_params
+    end
 
-      params.require(:user).permit(attrs).merge(
-        password: Devise.friendly_token.first(12)
-      )
+    def user_create_params
+      user_update_params.merge(password: Devise.friendly_token.first(12))
     end
   end
 end