mno-enterprise-api 3.3.3 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. checksums.yaml +5 -5
  2. data/app/controllers/mno_enterprise/jpi/v1/admin/impac/dashboards_controller.rb +105 -0
  3. data/app/controllers/mno_enterprise/jpi/v1/admin/impac/widgets_controller.rb +20 -8
  4. data/app/controllers/mno_enterprise/jpi/v1/admin/invoices_controller.rb +1 -1
  5. data/app/controllers/mno_enterprise/jpi/v1/admin/organizations_controller.rb +1 -140
  6. data/app/controllers/mno_enterprise/jpi/v1/admin/sub_tenants_controller.rb +64 -0
  7. data/app/controllers/mno_enterprise/jpi/v1/admin/users_controller.rb +30 -20
  8. data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/_dashboard.json.jbuilder +12 -0
  9. data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/index.json.jbuilder +1 -0
  10. data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/show.json.jbuilder +1 -0
  11. data/app/views/mno_enterprise/jpi/v1/admin/impac/widgets/_widget.json.jbuilder +1 -0
  12. data/app/views/mno_enterprise/jpi/v1/admin/organizations/_organization.json.jbuilder +1 -1
  13. data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/_sub_tenant.json.jbuilder +1 -0
  14. data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/index.json.jbuilder +2 -0
  15. data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/show.json.jbuilder +12 -0
  16. data/app/views/mno_enterprise/jpi/v1/admin/users/_user.json.jbuilder +1 -1
  17. data/app/views/mno_enterprise/jpi/v1/admin/users/show.json.jbuilder +5 -5
  18. data/app/views/mno_enterprise/jpi/v1/current_users/show.json.jbuilder +4 -2
  19. data/app/views/mno_enterprise/jpi/v1/impac/widgets/_widget.json.jbuilder +1 -0
  20. data/app/views/mno_enterprise/jpi/v1/organizations/_organization.json.jbuilder +1 -1
  21. data/config/routes.rb +9 -1
  22. data/lib/mno_enterprise/concerns/controllers/jpi/v1/admin/organizations_controller.rb +159 -0
  23. data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/alerts_controller.rb +3 -6
  24. data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/dashboards_controller.rb +29 -38
  25. data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/kpis_controller.rb +7 -8
  26. data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/widgets_controller.rb +14 -2
  27. data/lib/mno_enterprise/concerns/controllers/jpi/v1/organizations_controller.rb +1 -1
  28. data/spec/controllers/mno_enterprise/jpi/v1/admin/impac/dashboard_controller_spec.rb +149 -0
  29. data/spec/controllers/mno_enterprise/jpi/v1/admin/impac/dashboard_templates_controller_spec.rb +151 -139
  30. data/spec/controllers/mno_enterprise/jpi/v1/admin/impac/kpis_controller_spec.rb +95 -69
  31. data/spec/controllers/mno_enterprise/jpi/v1/admin/impac/widgets_controller_spec.rb +169 -81
  32. data/spec/controllers/mno_enterprise/jpi/v1/admin/invoices_controller_spec.rb +1 -1
  33. data/spec/controllers/mno_enterprise/jpi/v1/admin/organizations_controller_spec.rb +2 -1
  34. data/spec/controllers/mno_enterprise/jpi/v1/admin/sub_tenants_controller_spec.rb +172 -0
  35. data/spec/controllers/mno_enterprise/jpi/v1/admin/users_controller_spec.rb +29 -12
  36. data/spec/controllers/mno_enterprise/jpi/v1/current_users_controller_spec.rb +4 -2
  37. data/spec/controllers/mno_enterprise/jpi/v1/impac/dashboards_controller_spec.rb +26 -15
  38. data/spec/controllers/mno_enterprise/jpi/v1/impac/kpis_controller_spec.rb +11 -7
  39. data/spec/routing/mno_enterprise/jpi/v1/admin/impac/dashboards_controller_routing_spec.rb +28 -0
  40. data/spec/routing/mno_enterprise/jpi/v1/impac/dashboards_controller_routing_spec.rb +4 -0
  41. metadata +85 -70
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: '099fadd5ea1001d81625619146fae278ac0e4dc5'
4
- data.tar.gz: 6ae4bbbc3816b0586207eaa69ef00553d15757e4
2
+ SHA256:
3
+ metadata.gz: 7290fdf449f59fbeb71e5640c79c6d225d2c51e83c799c054985de5bf9f348c3
4
+ data.tar.gz: 664d0e7bfdbadab11c4b02c99bcf2aab9f83e5d760afe12ddcda99b847f87aba
5
5
  SHA512:
6
- metadata.gz: c1e148479e13a8cf64bde6d1b616a7cb603f5a033f938f410bce5dcfa69d2e2ea58881437ee395568ccaede17d8cc1e56a8c03485e8808acad167e3bc63f766e
7
- data.tar.gz: 6f10048ccefcb4eff756ee4cc67925e0114c31c896c7729220e31238c32f6eecce8d9e1c61ddb61cdba80ce1e2441a4616af6d072336e4ed0aec5b5a7423efdb
6
+ metadata.gz: a47f6e4ce122b6604805fd94c4230ed90d304a0b7240ca57841b0740c7836e8e13a2aeb9de8ae4231a5b3d52259c9638170f2975a3c7a3711e628472b5a1581a
7
+ data.tar.gz: e854f824bd91dd97c017747d37fc7b8c6f0c2c16c996c401c945e724285d8ce4c817fe79efeb7b1b08f5f0e5ccbddb505c86df3bdf36eace070370309bb72c23
@@ -0,0 +1,105 @@
1
+ module MnoEnterprise
2
+ # TODO: DRY with dashboard templates?
3
+ class Jpi::V1::Admin::Impac::DashboardsController < Jpi::V1::Admin::BaseResourceController
4
+ # GET /mnoe/jpi/v1/admin/impac/dashboards
5
+ def index
6
+ if params[:where]
7
+ data_source = params[:where].delete(:data_sources)
8
+ params[:where]['settings.like'] = "%#{data_source}%"
9
+ end
10
+
11
+ @dashboards = MnoEnterprise::Impac::Dashboard
12
+ @dashboards = @dashboards.limit(params[:limit]) if params[:limit]
13
+ @dashboards = @dashboards.skip(params[:offset]) if params[:offset]
14
+ @dashboards = @dashboards.order_by(params[:order_by]) if params[:order_by]
15
+ @dashboards = @dashboards.where(params[:where]) if params[:where]
16
+ @dashboards = @dashboards.where(owner_type: 'User', owner_id: current_user.id)
17
+ @dashboards = @dashboards.all.fetch
18
+
19
+ response.headers['X-Total-Count'] = @dashboards.metadata[:pagination][:count]
20
+ end
21
+
22
+ # POST /mnoe/jpi/v1/admin/impac/dashboard
23
+ def create
24
+ @dashboard = MnoEnterprise::Impac::Dashboard.new(dashboard_params)
25
+
26
+ # Abort on failure
27
+ unless @dashboard.save
28
+ return render json: { errors: dashboard.errors }, status: :bad_request
29
+ end
30
+
31
+ MnoEnterprise::EventLogger.info('dashboard_create', current_user.id, 'Dashboard Creation', @dashboard)
32
+ render :show
33
+ end
34
+
35
+ # PATCH/PUT /mnoe/jpi/v1/admin/impac/dashboards/1
36
+ def update
37
+ return render json: { errors: { message: 'Dashboard not found' } }, status: :not_found unless dashboard
38
+
39
+ # Abort on failure
40
+ unless dashboard.update(dashboard_params)
41
+ return render json: { errors: dashboard.errors }, status: :bad_request
42
+ end
43
+
44
+ MnoEnterprise::EventLogger.info('dashboard_update', current_user.id, 'Dashboard Update', dashboard)
45
+ render :show
46
+ end
47
+
48
+ # DELETE /mnoe/jpi/v1/admin/impac/dashboards/1
49
+ def destroy
50
+ return render json: { errors: { message: 'Dashboard not found' } }, status: :not_found unless dashboard
51
+
52
+ # Abort on failure
53
+ unless dashboard.destroy
54
+ return render json: { errors: 'Cannot destroy dashboard' }, status: :bad_request
55
+ end
56
+
57
+ MnoEnterprise::EventLogger.info('dashboard_delete', current_user.id, 'Dashboard Deletion', dashboard)
58
+ head status: :ok
59
+ end
60
+
61
+ # Allows to create a dashboard using another dashboard as a source
62
+ # At the moment, only dashboards of type "template" can be copied
63
+ # Ultimately we could allow the creation of dashboards from any other dashboard
64
+ # ---------------------------------
65
+ # POST mnoe/jpi/v1/admin/impac/dashboards/1/copy
66
+ def copy
67
+ render json: { errors: { message: 'Dashboard template not found' } }, status: :not_found unless template
68
+
69
+ # Owner is the current user by default, can be overriden to something else (eg: current organization)
70
+ @dashboard = template.copy(current_user, dashboard_params[:name], dashboard_params[:organization_ids])
71
+
72
+ unless @dashboard.present?
73
+ return render json: { errors: 'Cannot copy template' }, status: :bad_request
74
+ end
75
+
76
+ render :show
77
+ end
78
+
79
+ protected
80
+
81
+ def dashboard
82
+ # Staff dashboard is scoped to current staff
83
+ @dashboard ||= MnoEnterprise::Impac::Dashboard.find_by(id: params[:id], owner_type: 'User', owner_id: current_user.id)
84
+ end
85
+
86
+ def template
87
+ # Templates are available to all staff
88
+ @template ||= MnoEnterprise::Impac::Dashboard.templates.find(params[:id])
89
+ end
90
+
91
+ def whitelisted_params
92
+ [:name, :currency, { widgets_order: [] }, { organization_ids: [] }]
93
+ end
94
+
95
+ # Allows all metadata attrs to be permitted, and maps it to :settings
96
+ # for the Her "meta_data" issue.
97
+ def dashboard_params
98
+ params.require(:dashboard).permit(*whitelisted_params).tap do |whitelisted|
99
+ whitelisted[:settings] = params[:dashboard][:metadata] || {}
100
+ end
101
+ .except(:metadata)
102
+ .merge(owner_type: 'User', owner_id: current_user.id)
103
+ end
104
+ end
105
+ end
@@ -1,18 +1,20 @@
1
1
  module MnoEnterprise
2
2
  # From the Admin panel, an admin can:
3
+ # - add widgets to staff dashboards (passing the dashboard id)
3
4
  # - add widgets to template dashboards (passing the dashboard template id)
4
5
  # - update any widget (passing its id)
5
6
  # - delete any widget (passing its id)
6
7
  class Jpi::V1::Admin::Impac::WidgetsController < Jpi::V1::Admin::BaseResourceController
7
8
 
8
9
  # POST /mnoe/jpi/v1/admin/impac/dashboard_templates/:id/widgets
10
+ # POST /mnoe/jpi/v1/admin/impac/dashboards/:id/widgets
9
11
  def create
10
- return render json: { errors: { message: 'Dashboard template not found' } }, status: :not_found unless template.present?
12
+ return render json: { errors: { message: "#{container} not found" } }, status: :not_found unless dashboard.present?
11
13
 
12
- @widget = template.widgets.create(widget_create_params)
14
+ @widget = dashboard.widgets.create(widget_create_params)
13
15
  return render json: { errors: (widget && widget.errors).to_a }, status: :bad_request unless widget.present? && widget.valid?
14
16
 
15
- MnoEnterprise::EventLogger.info('widget_create', current_user.id, 'Template Widget Creation', widget)
17
+ MnoEnterprise::EventLogger.info('widget_create', current_user.id, "#{container} Widget Creation", widget)
16
18
  @no_content = true
17
19
  render 'show'
18
20
  end
@@ -23,7 +25,7 @@ module MnoEnterprise
23
25
  return render json: { errors: 'Cannot update widget' }, status: :bad_request
24
26
  end
25
27
 
26
- MnoEnterprise::EventLogger.info('widget_update', current_user.id, 'Template Widget Update', widget)
28
+ MnoEnterprise::EventLogger.info('widget_update', current_user.id, "#{container} Widget Update", widget)
27
29
  @nocontent = !params['metadata']
28
30
  render 'show'
29
31
  end
@@ -34,14 +36,23 @@ module MnoEnterprise
34
36
  return render json: { errors: 'Cannot delete widget' }, status: :bad_request
35
37
  end
36
38
 
37
- MnoEnterprise::EventLogger.info('widget_delete', current_user.id, 'Template Widget Deletion', widget)
39
+ MnoEnterprise::EventLogger.info('widget_delete', current_user.id, "#{container} Widget Deletion", widget)
38
40
  head status: :ok
39
41
  end
40
42
 
41
43
  private
42
44
 
43
- def template
44
- MnoEnterprise::Impac::Dashboard.templates.find(params[:dashboard_template_id].to_i)
45
+ def dashboard
46
+ @dashboard ||= if params[:dashboard_template_id]
47
+ MnoEnterprise::Impac::Dashboard.templates.find(params[:dashboard_template_id])
48
+ elsif params[:dashboard_id]
49
+ MnoEnterprise::Impac::Dashboard.find_by(id: params[:dashboard_id], owner_type: 'User', owner_id: current_user.id)
50
+ end
51
+ end
52
+
53
+ # Used to customise the error message
54
+ def container
55
+ params[:dashboard_template_id] ? 'Dashboard template' : 'Dashboard'
45
56
  end
46
57
 
47
58
  def widget
@@ -49,7 +60,8 @@ module MnoEnterprise
49
60
  end
50
61
 
51
62
  def widget_create_params
52
- params.require(:widget).permit(:endpoint, :name, :width).tap do |whitelisted|
63
+ permitted_attrs = [:endpoint, :name, :width, { layouts: [] }]
64
+ params.require(:widget).permit(*permitted_attrs).tap do |whitelisted|
53
65
  whitelisted[:settings] = params[:widget][:metadata] || {}
54
66
  # TODO: remove when all deployed versions of Impac! Angular will be above v1.5.0
55
67
  # When this is done:
@@ -52,7 +52,7 @@ module MnoEnterprise
52
52
 
53
53
  def format_money(money)
54
54
  if money
55
- {amount: money.amount, currency: money.currency_as_string}
55
+ {amount: money.amount, currency: money.currency.to_s}
56
56
  else
57
57
  {amount: 'N/A', currency: ''}
58
58
  end
@@ -1,144 +1,5 @@
1
1
  module MnoEnterprise
2
2
  class Jpi::V1::Admin::OrganizationsController < Jpi::V1::Admin::BaseResourceController
3
-
4
- # GET /mnoe/jpi/v1/admin/organizations
5
- def index
6
- if params[:terms]
7
- # Search mode
8
- @organizations = []
9
- JSON.parse(params[:terms]).map { |t| @organizations = @organizations | MnoEnterprise::Organization.where(Hash[*t]).fetch }
10
- response.headers['X-Total-Count'] = @organizations.count
11
- else
12
- # Index mode
13
- @organizations = MnoEnterprise::Organization
14
- @organizations = @organizations.limit(params[:limit]) if params[:limit]
15
- @organizations = @organizations.skip(params[:offset]) if params[:offset]
16
- @organizations = @organizations.order_by(params[:order_by]) if params[:order_by]
17
- @organizations = @organizations.where(params[:where]) if params[:where]
18
- @organizations = @organizations.all.fetch
19
- response.headers['X-Total-Count'] = @organizations.metadata[:pagination][:count]
20
- end
21
- end
22
-
23
- # GET /mnoe/jpi/v1/admin/organizations/1
24
- def show
25
- @organization = MnoEnterprise::Organization.find(params[:id])
26
- @organization_active_apps = @organization.app_instances.active.to_a
27
- end
28
-
29
- # GET /mnoe/jpi/v1/admin/organizations/in_arrears
30
- def in_arrears
31
- @arrears = MnoEnterprise::ArrearsSituation.all.fetch
32
- end
33
-
34
- # GET /mnoe/jpi/v1/admin/organizations/count
35
- def count
36
- organizations_count = MnoEnterprise::Tenant.get('tenant').organizations_count
37
- render json: {count: organizations_count }
38
- end
39
-
40
- # POST /mnoe/jpi/v1/admin/organizations
41
- def create
42
- # Create new organization
43
- @organization = MnoEnterprise::Organization.create(organization_update_params)
44
-
45
- # OPTIMIZE: move this into a delayed job?
46
- update_app_list
47
-
48
- @organization_active_apps = @organization.app_instances
49
-
50
- render 'show'
51
- end
52
-
53
- # PATCH /mnoe/jpi/v1/admin/organizations/1
54
- def update
55
- # get organization
56
- @organization = MnoEnterprise::Organization.find(params[:id])
57
-
58
- update_app_list
59
-
60
- @organization_active_apps = @organization.app_instances.active
61
-
62
- render 'show'
63
- end
64
-
65
- # POST /mnoe/jpi/v1/admin/organizations/1/users
66
- # Invite a user to the organization (and create it if needed)
67
- # This does not send any emails (emails are manually triggered later)
68
- def invite_member
69
- @organization = MnoEnterprise::Organization.find(params[:id])
70
-
71
- # Find or create a new user - We create it in the frontend as MnoHub will send confirmation instructions for newly
72
- # created users
73
- user = MnoEnterprise::User.find_by(email: user_params[:email]) || create_unconfirmed_user(user_params)
74
-
75
- # Create the invitation
76
- invite = @organization.org_invites.create(
77
- user_email: user.email,
78
- user_role: params[:user][:role],
79
- referrer_id: current_user.id,
80
- status: 'staged' # Will be updated to 'accepted' for unconfirmed users
81
- )
82
-
83
- @user = if user.confirmed?
84
- invite.accept!(user)
85
- invite.reload
86
- else
87
- user.reload
88
- end
89
- end
90
-
91
- protected
92
-
93
- def organization_permitted_update_params
94
- [:name]
95
- end
96
-
97
- def organization_update_params
98
- params.fetch(:organization, {}).permit(*organization_permitted_update_params)
99
- end
100
-
101
- def user_params
102
- params.require(:user).permit(:email, :name, :surname, :phone)
103
- end
104
-
105
- # Create an unconfirmed user and skip the confirmation notification
106
- # TODO: monkey patch User#confirmation_required? to simplify this? Use refinements?
107
- def create_unconfirmed_user(user_params)
108
- user = MnoEnterprise::User.new(user_params)
109
- user.skip_confirmation_notification!
110
- user.save
111
-
112
- # Reset the confirmation field so we can track when the invite is send - #confirmation_sent_at is when the confirmation_token was generated (not sent)
113
- # Not ideal as we do 2 saves, and the previous save trigger a call to the backend to validate the token uniqueness
114
- user.assign_attributes(confirmation_sent_at: nil, confirmation_token: nil)
115
- user.save
116
- user
117
- end
118
-
119
- # Update App List to match the list passed in params
120
- def update_app_list
121
- # Differentiate between a null app_nids params and no app_nids params
122
- if params[:organization].key?(:app_nids) && (desired_nids = Array(params[:organization][:app_nids]))
123
-
124
- existing_apps = @organization.app_instances.active
125
-
126
- existing_apps.each do |app_instance|
127
- desired_nids.delete(app_instance.app.nid) || app_instance.terminate
128
- end
129
-
130
- desired_nids.each do |nid|
131
- begin
132
- @organization.app_instances.create(product: nid)
133
- rescue => e
134
- Rails.logger.error { "#{e.message} #{e.backtrace.join("\n")}" }
135
- end
136
-
137
- end
138
-
139
- # Force reload
140
- existing_apps.reload
141
- end
142
- end
3
+ include MnoEnterprise::Concerns::Controllers::Jpi::V1::Admin::OrganizationsController
143
4
  end
144
5
  end
@@ -0,0 +1,64 @@
1
+ module MnoEnterprise
2
+ class Jpi::V1::Admin::SubTenantsController < Jpi::V1::Admin::BaseResourceController
3
+
4
+ before_filter :check_sub_tenant_authorization, only: [:create, :update, :delete]
5
+
6
+ # GET /mnoe/jpi/v1/admin/sub_tenants
7
+ def index
8
+ # Index mode
9
+ @sub_tenants = MnoEnterprise::SubTenant
10
+ @sub_tenants = @sub_tenants.limit(params[:limit]) if params[:limit]
11
+ @sub_tenants = @sub_tenants.skip(params[:offset]) if params[:offset]
12
+ @sub_tenants = @sub_tenants.order_by(params[:order_by]) if params[:order_by]
13
+ @sub_tenants = @sub_tenants.where(params[:where]) if params[:where]
14
+ @sub_tenants = @sub_tenants.all
15
+ response.headers['X-Total-Count'] = @sub_tenants.metadata[:pagination][:count]
16
+ end
17
+
18
+ # GET /mnoe/jpi/v1/admin/sub_tenants/1
19
+ def show
20
+ @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
21
+ @sub_tenant_clients = @sub_tenant.clients
22
+ @sub_tenant_account_managers = @sub_tenant.account_managers
23
+ end
24
+
25
+ # POST /mnoe/jpi/v1/admin/sub_tenants
26
+ def create
27
+ @sub_tenant = MnoEnterprise::SubTenant.build(sub_tenant_params)
28
+ if @sub_tenant.save
29
+ render :show
30
+ else
31
+ render json: @sub_tenant.errors, status: :bad_request
32
+ end
33
+ end
34
+
35
+ # PATCH /mnoe/jpi/v1/admin/sub_tenant/:id
36
+ def update
37
+ @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
38
+
39
+ if @sub_tenant.update(sub_tenant_params)
40
+ @sub_tenant_clients = @sub_tenant.clients
41
+ @sub_tenant_account_managers = @sub_tenant.account_managers
42
+ render :show
43
+ else
44
+ render json: @sub_tenant.errors, status: :bad_request
45
+ end
46
+ end
47
+
48
+ # DELETE /mnoe/jpi/v1/admin/sub_tenant/1
49
+ def destroy
50
+ @sub_tenant = MnoEnterprise::SubTenant.find(params[:id])
51
+ @sub_tenant.destroy
52
+ head :no_content
53
+ end
54
+
55
+ def check_sub_tenant_authorization
56
+ authorize! :manage_sub_tenant, MnoEnterprise::SubTenant
57
+ end
58
+
59
+ private
60
+ def sub_tenant_params
61
+ params.require(:sub_tenant).permit(:name, client_ids: [], account_manager_ids: [])
62
+ end
63
+ end
64
+ end
@@ -10,12 +10,17 @@ module MnoEnterprise
10
10
  response.headers['X-Total-Count'] = @users.count
11
11
  else
12
12
  # Index mode
13
- @users = MnoEnterprise::User
14
- @users = @users.limit(params[:limit]) if params[:limit]
15
- @users = @users.skip(params[:offset]) if params[:offset]
16
- @users = @users.order_by(params[:order_by]) if params[:order_by]
17
- @users = @users.where(params[:where]) if params[:where]
18
- @users = @users.all.fetch
13
+ query = MnoEnterprise::User
14
+ query = query.limit(params[:limit]) if params[:limit]
15
+ query = query.skip(params[:offset]) if params[:offset]
16
+ query = query.order_by(params[:order_by]) if params[:order_by]
17
+ query = query.where(params[:where]) if params[:where]
18
+ all = query.all
19
+ all.params[:sub_tenant_id] = params[:sub_tenant_id]
20
+ all.params[:account_manager_id] = params[:account_manager_id]
21
+
22
+ @users = all.fetch
23
+
19
24
  response.headers['X-Total-Count'] = @users.metadata[:pagination][:count]
20
25
  end
21
26
  end
@@ -24,12 +29,12 @@ module MnoEnterprise
24
29
  def show
25
30
  @user = MnoEnterprise::User.find(params[:id])
26
31
  @user_organizations = @user.organizations
32
+ @user_clients = @user.clients
27
33
  end
28
34
 
29
35
  # POST /mnoe/jpi/v1/admin/users
30
36
  def create
31
37
  @user = MnoEnterprise::User.build(user_create_params)
32
-
33
38
  if @user.save
34
39
  render :show
35
40
  else
@@ -40,10 +45,11 @@ module MnoEnterprise
40
45
  # PATCH /mnoe/jpi/v1/admin/users/:id
41
46
  def update
42
47
  # TODO: replace with authorize/ability
43
- if current_user.admin_role == "admin"
48
+ if current_user.admin_role.in? %w(admin sub_tenant_admin)
44
49
  @user = MnoEnterprise::User.find(params[:id])
45
- @user.update(user_params)
46
50
 
51
+ @user.update(user_update_params)
52
+ @user_clients = @user.clients
47
53
  render :show
48
54
  else
49
55
  render :index, status: :unauthorized
@@ -74,21 +80,25 @@ module MnoEnterprise
74
80
 
75
81
  private
76
82
 
77
- def user_params
78
- params.require(:user).permit(:admin_role)
79
- end
80
-
81
- def user_create_params
82
- attrs = [:name, :surname, :email, :phone]
83
-
83
+ def user_update_params
84
+ attrs = [:name, :surname, :email, :phone, client_ids: []]
84
85
  # TODO: replace with authorize/ability
85
- if current_user.admin_role == "admin"
86
+ if current_user.admin_role == 'admin'
86
87
  attrs << :admin_role
88
+ attrs << :mnoe_sub_tenant_id
89
+ end
90
+ user_param = params.require(:user)
91
+ updated_params = user_param.permit(attrs)
92
+ updated_params[:client_ids] ||= [] if user_param.has_key?(:client_ids)
93
+ # if the user is updated to admin or division admin, his clients are cleared
94
+ if updated_params[:admin_role] && updated_params[:admin_role] != 'staff'
95
+ updated_params[:client_ids] = []
87
96
  end
97
+ updated_params
98
+ end
88
99
 
89
- params.require(:user).permit(attrs).merge(
90
- password: Devise.friendly_token.first(12)
91
- )
100
+ def user_create_params
101
+ user_update_params.merge(password: Devise.friendly_token.first(12))
92
102
  end
93
103
  end
94
104
  end