mno-enterprise-api 3.3.3 → 3.4.0

data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/_dashboard.json.jbuilder

@@ -0,0 +1,12 @@
+json.extract! dashboard, :id, :name, :full_name, :currency
+
+json.metadata dashboard.settings
+
+json.data_sources dashboard.organizations.map do |org|
+  json.id org.id
+  json.uid org.uid
+  json.label org.name
+end
+
+json.kpis dashboard.kpis, partial: 'mno_enterprise/jpi/v1/admin/impac/kpis/kpi', as: :kpi
+json.widgets dashboard.widgets, partial: 'mno_enterprise/jpi/v1/admin/impac/widgets/widget', as: :widget

data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/index.json.jbuilder

@@ -0,0 +1 @@
+json.array! @dashboards, partial: 'dashboard', as: :dashboard

data/app/views/mno_enterprise/jpi/v1/admin/impac/dashboards/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! 'dashboard', dashboard: @dashboard

data/app/views/mno_enterprise/jpi/v1/admin/impac/widgets/_widget.json.jbuilder

@@ -3,5 +3,6 @@ json.name widget.name
 json.endpoint (widget.endpoint || widget.widget_category)
 json.width widget.width
 json.metadata widget.settings
+json.layouts widget.layouts
 
 json.kpis widget.kpis, partial: 'mno_enterprise/jpi/v1/admin/impac/kpis/kpi', as: :kpi

data/app/views/mno_enterprise/jpi/v1/admin/organizations/_organization.json.jbuilder

@@ -1 +1 @@
-json.extract! organization, :id, :name, :uid, :soa_enabled, :created_at, :account_frozen
+json.extract! organization, :id, :name, :uid, :soa_enabled, :created_at, :account_frozen, :financial_year_end_month

data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/_sub_tenant.json.jbuilder

@@ -0,0 +1 @@
+json.extract! sub_tenant, :id, :name, :created_at, :updated_at, :client_ids, :account_manager_ids

data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/index.json.jbuilder

@@ -0,0 +1,2 @@
+json.sub_tenants @sub_tenants, partial: 'sub_tenant', as: :sub_tenant
+json.metadata @sub_tenants.metadata if @sub_tenants.respond_to?(:metadata)

data/app/views/mno_enterprise/jpi/v1/admin/sub_tenants/show.json.jbuilder

@@ -0,0 +1,12 @@
+json.sub_tenant do
+  json.partial! 'sub_tenant', sub_tenant: @sub_tenant
+
+  json.clients @sub_tenant_clients do |org|
+    json.extract! org, :id, :uid, :name, :created_at
+  end
+
+  json.account_managers @sub_tenant_account_managers do |user|
+    json.extract! user, :id, :uid, :name, :surname, :email, :created_at, :admin_role
+  end
+
+end

data/app/views/mno_enterprise/jpi/v1/admin/users/_user.json.jbuilder

@@ -1 +1 @@
-json.extract! user, :id, :uid, :email, :phone, :name, :surname, :admin_role, :created_at, :confirmed_at, :last_sign_in_at, :sign_in_count
+json.extract! user, :id, :uid, :email, :phone, :name, :surname, :admin_role, :created_at, :updated_at, :confirmed_at, :last_sign_in_at, :sign_in_count, :mnoe_sub_tenant_id, :client_ids

data/app/views/mno_enterprise/jpi/v1/admin/users/show.json.jbuilder

@@ -2,10 +2,10 @@ json.user do
   json.partial! 'user', user: @user
 
   json.organizations @user_organizations do |org|
-    json.id org.id
-    json.uid org.uid
-    json.name org.name
-    json.account_frozen org.account_frozen
-    json.created_at org.created_at
+    json.extract! org, :id, :uid, :name, :account_frozen, :created_at
+  end
+
+  json.clients @user_clients do |org|
+    json.extract! org, :id, :uid, :name, :account_frozen, :created_at
   end
 end

data/app/views/mno_enterprise/jpi/v1/current_users/show.json.jbuilder

@@ -1,4 +1,4 @@
-json.cache! ['v1', @user.cache_key, session[:impersonator_user_id]] do
+json.cache! ['v2', @user.cache_key, session[:impersonator_user_id]] do
   json.current_user do
     json.id @user.id
     json.name @user.name
@@ -17,6 +17,7 @@ json.cache! ['v1', @user.cache_key, session[:impersonator_user_id]] do
     json.admin_role @user.admin_role
     json.avatar_url avatar_url(@user)
     json.tos_accepted_at @user.meta_data[:tos_accepted_at] || false
+    json.mnoe_sub_tenant_id @user.mnoe_sub_tenant_id
     if current_impersonator
       json.current_impersonator true
       json.current_impersonator_role current_impersonator.admin_role
@@ -29,7 +30,7 @@ json.cache! ['v1', @user.cache_key, session[:impersonator_user_id]] do
     # Embed association if user is persisted
     if @user.id
       json.organizations do
-        json.array! (@user.organizations.active || []) do |o|
+        json.array! (@user.organizations.active.include_acl(session[:impersonator_user_id]) || []) do |o|
           json.id o.id
           json.uid o.uid
           json.name o.name
@@ -37,6 +38,7 @@ json.cache! ['v1', @user.cache_key, session[:impersonator_user_id]] do
           json.current_user_role o.role
           json.has_myob_essentials_only o.has_myob_essentials_only?
           json.financial_year_end_month o.financial_year_end_month
+          json.acl o.acl
         end
       end
 

data/app/views/mno_enterprise/jpi/v1/impac/widgets/_widget.json.jbuilder

@@ -4,5 +4,6 @@ json.endpoint (widget.endpoint || widget.widget_category)
 json.width widget.width
 json.metadata widget.settings
 json.owner widget.owner
+json.layouts widget.layouts
 
 json.kpis widget.kpis, partial: 'mno_enterprise/jpi/v1/impac/kpis/kpi', as: :kpi

data/app/views/mno_enterprise/jpi/v1/organizations/_organization.json.jbuilder

@@ -1,4 +1,4 @@
-json.extract! organization, :id, :name, :soa_enabled, :payment_restriction, :account_frozen #, :current_support_plan
+json.extract! organization, :id, :name, :soa_enabled, :payment_restriction, :account_frozen, :financial_year_end_month #, :current_support_plan
 # json.show_new_db_features !!organization.get_meta_data(:show_new_db_features)
 # if organization.support_plan
 #   json.custom_training_credits organization.support_plan.custom_training_credits

data/config/routes.rb

@@ -95,7 +95,7 @@ MnoEnterprise::Engine.routes.draw do
       end
     end
     # Maestrano-hub events
-    resources :events, only: [:create] 
+    resources :events, only: [:create]
   end
 
   #============================================================
@@ -198,6 +198,7 @@ MnoEnterprise::Engine.routes.draw do
             resource :invites, only: [:create]
           end
         end
+        resources :sub_tenants, only: [:index, :show, :destroy, :update, :create]
         resources :tenant_invoices, only: [:index, :show]
         resources :invoices, only: [:index, :show] do
           collection do
@@ -222,6 +223,13 @@ MnoEnterprise::Engine.routes.draw do
 
         # Dashboard templates designer
         namespace :impac do
+          post 'dashboards/:id/copy', to: 'dashboards#copy'
+
+          # TODO: DRY between both?
+          resources :dashboards, only: [:index, :create, :update, :destroy] do
+            resources :widgets, shallow: true, only: [:create, :update, :destroy]
+            resources :kpis, shallow: true, only: [:create, :update, :destroy]
+          end
           resources :dashboard_templates, only: [:index, :show, :destroy, :update, :create] do
             resources :widgets, shallow: true, only: [:create, :update, :destroy]
             resources :kpis, shallow: true, only: [:create, :update, :destroy]

data/lib/mno_enterprise/concerns/controllers/jpi/v1/admin/organizations_controller.rb

@@ -0,0 +1,159 @@
+module MnoEnterprise::Concerns::Controllers::Jpi::V1::Admin::OrganizationsController
+  extend ActiveSupport::Concern
+
+  #==================================================================
+  # Included methods
+  #==================================================================
+  # 'included do' causes the included code to be evaluated in the
+  # context where it is included rather than being executed in the module's context
+  included do
+  end
+
+  #==================================================================
+  # Instance methods
+  #==================================================================
+  # GET /mnoe/jpi/v1/admin/organizations
+  def index
+    if params[:terms]
+      # Search mode
+      @organizations = []
+      JSON.parse(params[:terms]).map { |t| @organizations = @organizations | MnoEnterprise::Organization.where(Hash[*t]).fetch }
+      response.headers['X-Total-Count'] = @organizations.count
+    else
+      # Index mode
+      query = MnoEnterprise::Organization
+      query = query.limit(params[:limit]) if params[:limit]
+      query = query.skip(params[:offset]) if params[:offset]
+      query = query.order_by(params[:order_by]) if params[:order_by]
+      query = query.where(params[:where]) if params[:where]
+      all = query.all
+
+      all.params[:sub_tenant_id] = params[:sub_tenant_id]
+      all.params[:account_manager_id] = params[:account_manager_id]
+
+      @organizations = all.fetch
+
+      response.headers['X-Total-Count'] = @organizations.metadata[:pagination][:count]
+    end
+  end
+
+  # GET /mnoe/jpi/v1/admin/organizations/1
+  def show
+    @organization = MnoEnterprise::Organization.find(params[:id])
+    @organization_active_apps = @organization.app_instances.active.to_a
+  end
+
+  # GET /mnoe/jpi/v1/admin/organizations/in_arrears
+  def in_arrears
+    @arrears = MnoEnterprise::ArrearsSituation.all.fetch
+  end
+
+  # GET /mnoe/jpi/v1/admin/organizations/count
+  def count
+    organizations_count = MnoEnterprise::Tenant.get('tenant').organizations_count
+    render json: {count: organizations_count }
+  end
+
+  # POST /mnoe/jpi/v1/admin/organizations
+  def create
+    # Create new organization
+    @organization = MnoEnterprise::Organization.create(organization_update_params)
+
+    # OPTIMIZE: move this into a delayed job?
+    update_app_list
+
+    @organization_active_apps = @organization.app_instances
+
+    render 'show'
+  end
+
+  # PATCH /mnoe/jpi/v1/admin/organizations/1
+  def update
+    # get organization
+    @organization = MnoEnterprise::Organization.find(params[:id])
+
+    update_app_list
+
+    @organization_active_apps = @organization.app_instances.active
+
+    render 'show'
+  end
+
+  # POST /mnoe/jpi/v1/admin/organizations/1/users
+  # Invite a user to the organization (and create it if needed)
+  # This does not send any emails (emails are manually triggered later)
+  def invite_member
+    @organization = MnoEnterprise::Organization.find(params[:id])
+
+    # Find or create a new user - We create it in the frontend as MnoHub will send confirmation instructions for newly
+    # created users
+    user = MnoEnterprise::User.find_by(email: user_params[:email]) || create_unconfirmed_user(user_params)
+
+    # Create the invitation
+    invite = @organization.org_invites.create(
+      user_email: user.email,
+      user_role: params[:user][:role],
+      referrer_id: current_user.id,
+      status: 'staged' # Will be updated to 'accepted' for unconfirmed users
+    )
+
+    @user = if user.confirmed?
+      invite.accept!(user)
+      invite.reload
+    else
+      user.reload
+    end
+  end
+
+  protected
+
+  def organization_permitted_update_params
+    [:name]
+  end
+
+  def organization_update_params
+    params.fetch(:organization, {}).permit(*organization_permitted_update_params)
+  end
+
+  def user_params
+    params.require(:user).permit(:email, :name, :surname, :phone)
+  end
+
+  # Create an unconfirmed user and skip the confirmation notification
+  # TODO: monkey patch User#confirmation_required? to simplify this? Use refinements?
+  def create_unconfirmed_user(user_params)
+    user = MnoEnterprise::User.new(user_params)
+    user.skip_confirmation_notification!
+    user.save
+
+    # Reset the confirmation field so we can track when the invite is send - #confirmation_sent_at is when the confirmation_token was generated (not sent)
+    # Not ideal as we do 2 saves, and the previous save trigger a call to the backend to validate the token uniqueness
+    user.assign_attributes(confirmation_sent_at: nil, confirmation_token: nil)
+    user.save
+    user
+  end
+
+  # Update App List to match the list passed in params
+  def update_app_list
+    # Differentiate between a null app_nids params and no app_nids params
+    return unless params[:organization].key?(:app_nids) && (desired_nids = Array(params[:organization][:app_nids]))
+
+    existing_apps = @organization.app_instances.active
+
+    existing_apps.each do |app_instance|
+      desired_nids.delete(app_instance.app.nid) || app_instance.terminate
+    end
+
+    desired_nids.each do |nid|
+      begin
+        @organization.app_instances.create(product: nid)
+      rescue => e
+        Rails.logger.error { "#{e.message} #{e.backtrace.join("\n")}" }
+      end
+
+    end
+
+    # Force reload
+    existing_apps.reload
+  end
+end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/alerts_controller.rb

@@ -19,8 +19,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::AlertsController
   def create
     return render_bad_request('attach alert to kpi', 'no alert specified') unless params.require(:alert)
     return render_not_found('kpi') unless kpi_alert.kpi
-
-    authorize! :manage_alert, kpi_alert
+    authorize! :update_impac_kpis, kpi_alert.kpi
 
     if (@alert = current_user.alerts.create(kpi_alert.attributes))
       render 'show'
@@ -33,11 +32,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::AlertsController
   def update
     return render_bad_request('update alert attributes', 'no alert hash specified') unless params.require(:alert)
     return render_not_found('alert') unless alert
+    authorize! :update_impac_kpis, alert.kpi
 
     attributes = params.require(:alert).permit(:title, :webhook, :sent)
 
-    authorize! :manage_alert, alert
-
     if alert.update(attributes)
       render 'show'
     else
@@ -48,8 +46,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::AlertsController
   # DELETE /jpi/v1/impac/alerts/:id
   def destroy
     return render_not_found('alert') unless alert
-
-    authorize! :manage_alert, alert
+    authorize! :update_impac_kpis, alert.kpi
 
     service = alert.service
     if alert.destroy

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/dashboards_controller.rb

@@ -28,15 +28,10 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsControlle
   # POST /mnoe/jpi/v1/impac/dashboards
   #   -> POST /api/mnoe/v1/users/1/dashboards
   def create
-    # TODO: dashboards.build breaks as dashboard.organization_ids returns nil, instead of an
-    #       empty array. (see MnoEnterprise::Impac::Dashboard #organizations)
-    # @dashboard = dashboards.build(dashboard_create_params)
-    # TODO: enable authorization
-    # authorize! :manage_dashboard, @dashboard
-    # if @dashboard.save
+    authorize! :create_impac_dashboards, dashboards.build(dashboard_create_params)
+
     if @dashboard = dashboards.create(dashboard_create_params)
       MnoEnterprise::EventLogger.info('dashboard_create', current_user.id, 'Dashboard Creation', @dashboard)
-
       render 'show'
     else
       render_bad_request('create dashboard', @dashboard.errors)
@@ -47,9 +42,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsControlle
   #   -> PUT /api/mnoe/v1/dashboards/1
   def update
     return render_not_found('dashboard') unless dashboard
-
-    # TODO: enable authorization
-    # authorize! :manage_dashboard, dashboard
+    authorize! :update_impac_dashboards, dashboard
 
     if dashboard.update(dashboard_update_params)
       render 'show'
@@ -62,9 +55,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsControlle
   #   -> DELETE /api/mnoe/v1/dashboards/1
   def destroy
     return render_not_found('dashboard') unless dashboard
-
-    # TODO: enable authorization
-    # authorize! :manage_dashboard, dashboard
+    authorize! :destroy_impac_dashboards, dashboard
 
     if dashboard.destroy
       MnoEnterprise::EventLogger.info('dashboard_delete', current_user.id, 'Dashboard Deletion', dashboard)
@@ -81,6 +72,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsControlle
   # POST mnoe/jpi/v1/impac/dashboards/1/copy
   def copy
     return render_not_found('template') unless template
+    authorize! :create_impac_dashboards, template
 
     # Owner is the current user by default, can be overriden to something else (eg: current organization)
     @dashboard = template.copy(current_user, dashboard_params[:name], dashboard_params[:organization_ids])
@@ -91,35 +83,34 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::DashboardsControlle
 
   private
 
-    def dashboards
-      @dashboards ||= current_user.dashboards
-    end
+  def dashboards
+    @dashboards ||= current_user.dashboards
+  end
 
-    def dashboard
-      @dashboard ||= current_user.dashboards.find(params[:id].to_i)
-    end
+  def dashboard
+    @dashboard ||= current_user.dashboards.find(params[:id].to_i)
+  end
 
-    def templates
-      @templates ||= MnoEnterprise::Impac::Dashboard.templates
-    end
+  def templates
+    @templates ||= MnoEnterprise::Impac::Dashboard.templates
+  end
 
-    def template
-      @template ||= templates.find(params[:id].to_i)
-    end
+  def template
+    @template ||= templates.find(params[:id].to_i)
+  end
 
-    def whitelisted_params
-      [:name, :currency, {widgets_order: []}, {organization_ids: []}]
-    end
+  def whitelisted_params
+    [:name, :currency, { widgets_order: [] }, { organization_ids: [] }]
+  end
 
-    # Allows all metadata attrs to be permitted, and maps it to :settings
-    # for the Her "meta_data" issue.
-    def dashboard_params
-      params.require(:dashboard).permit(*whitelisted_params).tap do |whitelisted|
-        whitelisted[:settings] = params[:dashboard][:metadata] || {}
-      end
-      .except(:metadata)
+  # Allows all metadata attrs to be permitted, and maps it to :settings
+  # for the Her "meta_data" issue.
+  def dashboard_params
+    params.require(:dashboard).permit(*whitelisted_params).tap do |whitelisted|
+      whitelisted[:settings] = params[:dashboard][:metadata] || {}
     end
-    alias :dashboard_update_params  :dashboard_params
-    alias :dashboard_create_params  :dashboard_params
-
+    .except(:metadata)
+  end
+  alias :dashboard_update_params  :dashboard_params
+  alias :dashboard_create_params  :dashboard_params
 end

data/lib/mno_enterprise/concerns/controllers/jpi/v1/impac/kpis_controller.rb

@@ -49,16 +49,15 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
   # POST /mnoe/jpi/v1/impac/dashboards/:dashboard_id/kpis
   #   -> POST /api/mnoe/v1/dashboards/:id/kpis
   #   -> POST /api/mnoe/v1/users/:id/alerts
+  # TODO: nest alert in as a param, with the current user as a recipient.
   def create
     if params[:kpi][:widget_id].present?
       return render_not_found('widget') if widget.blank?
-      authorize! :manage_widget, widget
     else
       return render_not_found('dashboard') if dashboard.blank?
-      authorize! :manage_dashboard, dashboard
     end  
+    authorize! :create_impac_kpis, kpi_parent.kpis.build(kpi_create_params)
 
-    # TODO: nest alert in as a param, with the current user as a recipient.
     @kpi = kpi_parent.kpis.create(kpi_create_params)
     unless kpi.errors?
       # Creates a default alert for kpis created with targets defined.
@@ -80,8 +79,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
   #   -> PUT /api/mnoe/v1/kpis/:id
   def update
     render_not_found('kpi') unless kpi.present?
-
-    authorize! :manage_kpi, kpi
+    authorize! :update_impac_kpis, kpi
 
     params = kpi_update_params
 
@@ -113,8 +111,7 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
   #   -> DELETE /api/mnoe/v1/kpis/:id
   def destroy
     render_not_found('kpi') unless kpi.present?
-
-    authorize! :manage_kpi, kpi
+    authorize! :destroy_impac_kpis, kpi
 
     if kpi.destroy
       head status: :ok
@@ -147,7 +144,9 @@ module MnoEnterprise::Concerns::Controllers::Jpi::V1::Impac::KpisController
 
     def kpi_create_params
       whitelist = [:dashboard_id, :widget_id, :endpoint, :source, :element_watched, {extra_watchables: []}]
-      extract_params(whitelist)
+      create_params = extract_params(whitelist)
+      create_params[:settings][:organization_ids] ||= HashWithIndifferentAccess.new(kpi_parent.settings)[:organization_ids]
+      create_params
     end
 
     def kpi_update_params