motor-admin-cstham8 0.4.35

data/README.md

@@ -0,0 +1,230 @@
+<div align="center">
+
+[![Motor Admin Rails](https://user-images.githubusercontent.com/5418788/140520844-a947845d-b579-4b3f-9b49-c539ad3cf580.png)](https://www.getmotoradmin.com/ruby-on-rails)
+
+# Motor Admin Rails
+
+Low-code Admin panel and Business intelligence Rails engine **(no DSL - configurable from the UI)**.
+
+🤓 [Demo App](https://app.getmotoradmin.com/demo/) | 👀 [Features overview](https://www.youtube.com/watch?v=ngVoci8Hll4&list=PLu7llEMh0KcOkR3Uy_RJT0cXPZQKAYVsq&index=1) | ⭐ [Pro](https://www.getmotoradmin.com/ruby-on-rails)
+</div>
+
+[![Admin Panel](https://user-images.githubusercontent.com/5418788/119318538-1f30e300-bc82-11eb-94a4-107c31c93b13.png)](https://app.getmotoradmin.com/demo/)
+
+## Development
+
+1. Clone the repository
+```ruby
+git clone git@github.com:cstham8/motor-admin-rails.git
+```
+
+2. Update the following files.
+
+* **Gemfile:** Provides a user-friendly web interface for generating short URLs.
+* **database.yml:** Use postgresql
+* **spec/dummy/config/routes.rb** Use devise gem to enable authentication
+* **manifest.js:** Remove motor_manifest.js from links
+
+3. Use the following commands to initialize the project and ensure that the node version is 18.
+
+```ruby
+bundle
+nvm use 18
+rails app:webpacker:install
+yarn add --dev webpack webpack-cli webpack-dev-server
+yarn serve
+rake app:db:create && rake app:db:setup
+```
+
+4. Update the following file.
+
+* **dummy/app/views/layouts/application.html.erb:** Remove javascript_link_tag generated by app:webpacker:install command in previous step.
+
+3. Start rails server
+
+```ruby
+MOTOR_DEVELOPMENT=true rails s
+```
+Go to http://localhost:3000 to access the motor rails app.
+
+## Installation 
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'motor-admin'
+```
+
+And then execute:
+```bash
+$ bundle install
+```
+
+Create and run migration:
+```bash
+$ rails motor:install && rake db:migrate
+```
+
+## Features
+
+- [Motor Admin Rails](#motor-admin-rails)
+  - [Development](#development)
+  - [Installation](#installation)
+  - [Features](#features)
+  - [Pro](#pro)
+    - [Customizable CRUD](#customizable-crud)
+    - [Custom Actions](#custom-actions)
+    - [Virtual attributes](#virtual-attributes)
+    - [Forms Builder](#forms-builder)
+    - [SQL Queries](#sql-queries)
+    - [Data Visualization](#data-visualization)
+    - [Dashboards](#dashboards)
+    - [Email Alerts](#email-alerts)
+    - [Intelligence Search](#intelligence-search)
+    - [Authorization](#authorization)
+    - [Active Storage](#active-storage)
+    - [I18n](#i18n)
+    - [Optimized for Mobile](#optimized-for-mobile)
+    - [Configurations Sync](#configurations-sync)
+  - [Authentication](#authentication)
+
+## [Pro](https://www.getmotoradmin.com/ruby-on-rails)
+
+* Custom styling and logo (white label)
+* Multi-factor authentication
+* SSO/SAML
+* [learn more](https://www.getmotoradmin.com/ruby-on-rails)
+
+### Customizable CRUD
+
+![Resource settings](https://user-images.githubusercontent.com/5418788/119318569-2a840e80-bc82-11eb-9ba3-f3964eb6f997.png)
+
+![Settings UI](https://user-images.githubusercontent.com/5418788/119263883-90708780-bbe9-11eb-9f9f-f76fed0b7f27.png)
+
+Everything in the admin panel can be configured using the intuitive settings UI, which can be opened via the icon in the top right corner.
+
+Data displayed on the resource page can be completely customized via [SQL queries](#sql-queries) and [dashboards](#dashboards) attached to the resource as a tab. Usually, queries used to display resource data should contain `{{resource_name_id}}` [variable](#sql-queries).
+
+[Learn more about resource customizations](https://github.com/motor-admin/motor-admin-rails/blob/master/guides/customizing_resource_table.md)
+
+### Custom Actions
+
+![Custom actions](https://user-images.githubusercontent.com/5418788/119266132-3c1dd580-bbf2-11eb-9666-09e1640eaf7b.png)
+
+Custom resource actions can be added via Active Record method call, API endpoint, or [custom forms](#forms-builder). Also, it's possible to override default create/update/delete actions.
+
+### Virtual attributes
+
+Any ActiveRecord model method or attribute can be exposed to the admin panel by adding a new column with the name that matches the method name from the resource model:
+
+```ruby
+class Customer < ApplicationRecord
+  has_many :orders
+
+  def lifetime_value
+    orders.sum(&:total_price)
+  end
+end
+```
+
+![Virtual attribute](https://user-images.githubusercontent.com/5418788/123373683-76321c80-d58e-11eb-914d-675444b7eb2a.png)
+
+### Forms Builder
+
+![Custom form](https://user-images.githubusercontent.com/5418788/119264008-1391dd80-bbea-11eb-9f14-cb405e77fb60.png)
+
+Values from the form fields can be used in API path via `{field_name}` syntax: `/api/some-endpoint/{resource_id}/apply`.
+
+[Learn more about custom forms builder](https://github.com/motor-admin/motor-admin-rails/blob/master/guides/building_custom_forms.md)
+
+### SQL Queries
+
+![SQL query](https://user-images.githubusercontent.com/5418788/119264127-84d19080-bbea-11eb-9903-ef465d1d2c97.png)
+
+Queries can include embedded variables via `{{variable}}` syntax ([mustache](https://mustache.github.io)). `{{#variable}} ... {{/variable}}` syntax allows to decide if conditions inside the scope should be included in the query.
+
+### Data Visualization
+
+![motor-visualization](https://user-images.githubusercontent.com/5418788/119264625-a2075e80-bbec-11eb-986c-6106dd6e47ce.png)
+
+Data from the SQL query can be represented as: table, number, line chart, bar chart, pie chart, funnel, markdown.
+
+### Dashboards
+
+![Dashboard](https://user-images.githubusercontent.com/5418788/119264726-f579ac80-bbec-11eb-852e-8055f8aba200.png)
+
+SQL queries can be organized into dashboards to create a convenient representation of the data.
+
+### Email Alerts
+
+![Email alert](https://user-images.githubusercontent.com/5418788/119265049-feb74900-bbed-11eb-8070-bcc8d6113b9b.png)
+
+Query data can be sent via email periodically using the alerts feature. Interval of the alert email can be specified using natural language, e.g., `every day at midnight`, `every Monday at 8 PM`, `every weekday at 6AM and 6PM`, `every minute`.
+
+Sender address can be specified using `MOTOR_ALERTS_FROM_ADDRESS` environment variable.
+
+### Intelligence Search
+
+![Intelligence search](https://user-images.githubusercontent.com/5418788/119266559-eea26800-bbf3-11eb-8cb3-d0538aa386a9.png)
+
+Intelligence search can be opened via the top right corner button or using <kbd>Cmd</kbd> + <kbd>K</kbd> shortcut.
+
+### Authorization
+
+Motor Admin allows to set row-level and column-level permissions via [cancan](https://github.com/CanCanCommunity/cancancan) gem. Admin UI permissions should be defined in `app/models/motor/ability.rb` file in `Motor::Ability` class. See [Motor Admin guide](https://github.com/motor-admin/motor-admin-rails/blob/master/guides/defining_permissions.md) and [CanCan documentation](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Defining-Abilities.md) to learn how to define user permissions.
+
+### Active Storage
+
+Motor Admin is configured by default to perform uploads to the provider you configured in your `storage.yml` file for Active Storage. If you are using large uploads within Motor Admin you will need to enable direct uploads by setting the following ENV variable. 
+
+```sh
+MOTOR_ACTIVE_STORAGE_DIRECT_UPLOADS_ENABLED=true
+```
+
+_Note: At the moment, this will enable direct uploads globally_
+
+### I18n
+
+Motor Admin can use Rails ActiveRecord i18n keys to render resource translations:
+
+```yml
+es:
+  activerecord:
+    models:
+      customer:
+        one: Cliente
+        other: Clientes
+    attributes:
+      customer:
+        name: Nombre
+    scopes:
+      customer:
+        enabled: Activado
+```
+
+### Optimized for Mobile
+
+![motor-mobile](https://user-images.githubusercontent.com/5418788/119269566-03392d00-bc01-11eb-9e9d-1f6a58fe0749.png)
+
+
+### Configurations Sync
+
+All admin panel configurations are automatically stored in the `config/motor.yml` file. It's recommended to include this file in the application git repository to always have the admin panel configurations in sync across different local and remote environments.
+
+It's possible to sync local development admin panel configurations with remote production application via `rake motor:sync` task:
+
+```bash
+MOTOR_SYNC_REMOTE_URL=https://remote-app-url/ MOTOR_SYNC_API_KEY=secure-random-string rake motor:sync
+```
+
+
+## Authentication
+
+Admin panel can be secured with 'Basic authentication' by specifying `MOTOR_AUTH_USERNAME` and `MOTOR_AUTH_PASSWORD` environment variables.
+
+Alternatively, it can be secured with [devise](https://github.com/heartcombo/devise/wiki/How-To:-Define-resource-actions-that-require-authentication-using-routes.rb) or any other authentication library used by the application:
+
+```ruby
+authenticate :admin_user do
+  mount Motor::Admin => '/admin'
+end
+```

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'

data/app/channels/motor/application_cable/channel.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Motor
+  class DummyChannel
+    def self.broadcast_to(*_args)
+      nil
+    end
+  end
+
+  module ApplicationCable
+    class Channel < defined?(ActionCable) ? ActionCable::Channel::Base : Motor::DummyChannel
+    end
+  end
+end

data/app/channels/motor/application_cable/connection.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Motor
+  module ApplicationCable
+    class Connection < defined?(ActionCable) ? ActionCable::Connection::Base : Object
+      identified_by :current_user if defined?(ActionCable)
+
+      def connect
+        self.current_user = find_verified_user
+      end
+
+      private
+
+      def find_verified_user
+        return unless env['warden']
+
+        if env['warden'].respond_to?(:admin_user)
+          env['warden'].admin_user
+        elsif env['warden'].respond_to?(:admin)
+          env['warden'].admin
+        else
+          env['warden'].user
+        end
+      end
+    end
+  end
+end

data/app/channels/motor/notes_channel.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Motor
+  class NotesChannel < ::Motor::ApplicationCable::Channel
+    def subscribed
+      stream_from "motor:notes:#{params[:room]}"
+    end
+  end
+end

data/app/channels/motor/notifications_channel.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Motor
+  class NotificationsChannel < ::Motor::ApplicationCable::Channel
+    def subscribed
+      stream_for current_user if respond_to?(:current_user)
+    end
+  end
+end

data/app/controllers/concerns/motor/current_ability.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Motor
+  module CurrentAbility
+    def current_ability
+      @current_ability ||=
+        if defined?(Motor::Ability)
+          klass = Motor::Ability.dup.tap do |k|
+            k.prepend(Motor::CancanUtils::AbilityPatch)
+          end
+
+          params = [current_user]
+          params << request if Motor::Ability.instance_method(:initialize).arity == 2
+
+          klass.new(*params)
+        else
+          Motor::CancanUtils::CanManageAll.new
+        end
+    end
+  end
+end

data/app/controllers/concerns/motor/current_user_method.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Motor
+  module CurrentUserMethod
+    def current_user
+      @current_user ||=
+        if defined?(current_admin)
+          current_admin
+        elsif defined?(current_admin_user)
+          return Motor::AdminUser.public if current_admin_user.nil? && Motor.with_public_access?
+
+          current_admin_user
+        elsif defined?(super)
+          super
+        end
+    end
+  end
+end

data/app/controllers/concerns/motor/load_and_authorize_dynamic_resource.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Motor
+  module LoadAndAuthorizeDynamicResource
+    extend ActiveSupport::Concern
+
+    MUTEX = Mutex.new
+
+    INSTANCE_VARIABLE_NAME = 'resource'
+    ASSOCIATION_INSTANCE_VARIABLE_NAME = 'associated_resource'
+
+    included do
+      before_action :load_and_authorize_resource
+      before_action :load_and_authorize_association
+    end
+
+    def resource_class
+      @resource_class ||= MUTEX.synchronize do
+        Motor::Resources::FetchConfiguredModel.call(
+          Motor::BuildSchema::Utils.classify_slug(resource_name_prefix + params[:resource]),
+          cache_key: Motor::Resource.maximum(:updated_at)
+        )
+      end
+    end
+
+    def resource_name_prefix
+      ''
+    end
+
+    def load_and_authorize_resource
+      options = {
+        class: resource_class,
+        parent: params[:association].present?,
+        instance_name: INSTANCE_VARIABLE_NAME
+      }
+
+      if params[:resource_id].present?
+        options = options.merge(
+          parent: true,
+          id_param: :resource_id
+        )
+      end
+
+      CanCan::ControllerResource.new(
+        self,
+        options
+      ).load_and_authorize_resource
+    rescue ActiveRecord::RecordNotFound
+      head :not_found
+    end
+
+    def load_and_authorize_association
+      return if params[:association].blank?
+
+      association = resource_class.reflections[params[:association]]
+
+      if association
+        CanCan::ControllerResource.new(
+          self,
+          class: association.klass,
+          parent: false,
+          through: :resource,
+          through_association: params[:association].to_sym,
+          instance_name: params[:action] == 'create' ? ASSOCIATION_INSTANCE_VARIABLE_NAME : INSTANCE_VARIABLE_NAME
+        ).load_and_authorize_resource
+      else
+        render json: { message: 'Unknown association' }, status: :not_found
+      end
+    rescue ActiveRecord::RecordNotFound
+      head :not_found
+    end
+  end
+end

data/app/controllers/concerns/motor/wrap_io_params.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Motor
+  module WrapIoParams
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :wrap_io_params, only: %i[update create]
+    end
+
+    private
+
+    def wrap_io_params(hash = params)
+      hash.each do |key, value|
+        if key == 'io'
+          hash[key] = StringIO.new(value.encode('ISO-8859-1'))
+        elsif value.is_a?(ActionController::Parameters)
+          wrap_io_params(value)
+        end
+      end
+
+      hash
+    end
+  end
+end

data/app/controllers/motor/active_storage_attachments_controller.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Motor
+  class ActiveStorageAttachmentsController < ApiBaseController
+    include Motor::WrapIoParams
+
+    wrap_parameters :data, except: %i[include fields]
+
+    load_and_authorize_resource :attachment, class: 'ActiveStorage::Attachment', parent: false
+
+    def create
+      blob = if file_params[:key]
+               ActiveStorage::Blob.create!(file_params)
+             else
+               ActiveStorage::Blob.create_and_upload!(file_params)
+             end
+
+      @attachment.assign_attributes(blob: blob, record: record)
+      @attachment.assign_attributes(record_type: '', record_id: 0) unless record
+
+      if @attachment.save(validate: false)
+        render json: { data: Motor::ApiQuery::BuildJson.call(@attachment, params, current_ability) }
+      else
+        render json: { errors: @attachment.errors }, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def record
+      @record ||=
+        if @attachment.record
+          record_pk = @attachment.record.class.primary_key
+
+          Motor::Resources::FetchConfiguredModel.call(
+            @attachment.record.class,
+            cache_key: Motor::Resource.maximum(:updated_at)
+          ).find_by(record_pk => @attachment.record[record_pk])
+        else
+          current_user
+        end
+    end
+
+    def file_params
+      attrs = params.require(:data).require(:file).permit(:io, :filename, :key,
+                                                          :checksum, :byte_size,
+                                                          :content_type).to_h.symbolize_keys
+
+      return attrs if params.dig(:data, :file, :base64).blank?
+
+      attrs[:io] = StringIO.new(Base64.urlsafe_decode64(params[:data][:file][:base64]))
+
+      attrs
+    end
+
+    def attachment_params
+      if params[:data].present?
+        params.require(:data).except(:file).permit(:name, :record_type, :record_id)
+      else
+        {}
+      end
+    end
+  end
+end

data/app/controllers/motor/alerts_controller.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module Motor
+  class AlertsController < ApiBaseController
+    wrap_parameters :data, except: %i[include fields]
+
+    load_and_authorize_resource :alert, only: %i[index show update destroy]
+
+    before_action :build_alert, only: :create
+    authorize_resource :alert, only: :create
+
+    def index
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alerts.active, params, current_ability) }
+    end
+
+    def show
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
+    end
+
+    def create
+      if Motor::Alerts::Persistance.name_already_exists?(@alert)
+        name_already_exists_response
+      else
+        ApplicationRecord.transaction { @alert.save! }
+        Motor::Alerts::ScheduledAlertsCache.clear
+        Motor::Configs::WriteToFile.call
+
+        render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
+      end
+    rescue Motor::Alerts::Persistance::InvalidInterval
+      invalid_interval_response
+    end
+
+    def update
+      Motor::Alerts::Persistance.update_from_params!(@alert, alert_params)
+      Motor::Alerts::ScheduledAlertsCache.clear
+      Motor::Configs::WriteToFile.call
+
+      render json: { data: Motor::ApiQuery::BuildJson.call(@alert, params, current_ability) }
+    rescue Motor::Alerts::Persistance::NameAlreadyExists
+      name_already_exists_response
+    rescue Motor::Alerts::Persistance::InvalidInterval
+      invalid_interval_response
+    end
+
+    def destroy
+      @alert.update!(deleted_at: Time.current)
+
+      Motor::Configs::WriteToFile.call
+
+      head :ok
+    end
+
+    private
+
+    def name_already_exists_response
+      render json: { errors: [{ source: 'name', detail: 'Name already exists' }] },
+             status: :unprocessable_entity
+    end
+
+    def invalid_interval_response
+      render json: { errors: [{ source: 'preferences.interval', detail: 'Invalid interval' }] },
+             status: :unprocessable_entity
+    end
+
+    def build_alert
+      @alert = Motor::Alerts::Persistance.build_from_params(alert_params)
+    end
+
+    def alert_params
+      params.require(:data).permit(
+        :query_id,
+        :name,
+        :description,
+        :to_emails,
+        :is_enabled,
+        preferences: {},
+        tags: []
+      )
+    end
+  end
+end

data/app/controllers/motor/api_base_controller.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Motor
+  class ApiBaseController < ActionController::API
+    include Motor::CurrentUserMethod
+    include Motor::CurrentAbility
+
+    if defined?(ActionText::Content)
+      before_action do
+        ActionText::Content.renderer = Motor::ApplicationController.renderer.new(request.env)
+      end
+    end
+
+    unless Rails.env.test?
+      rescue_from StandardError do |e|
+        Rails.logger.error(e)
+        Rails.logger.error(e.backtrace.join("\n"))
+
+        render json: { errors: [e.message] }, status: :internal_server_error
+      end
+
+      rescue_from CanCan::AccessDenied do |e|
+        Rails.logger.error(e)
+
+        if params[:action].in?(%w[create update destroy])
+          render json: { errors: [I18n.t('motor.not_authorized_to_perform_action')] }, status: :forbidden
+        else
+          render json: { errors: [e.message] }, status: :forbidden
+        end
+      end
+    end
+  end
+end

data/app/controllers/motor/api_configs_controller.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Motor
+  class ApiConfigsController < ApiBaseController
+    wrap_parameters :data, except: %i[include fields]
+
+    before_action :find_or_initialize_api_config, only: :create
+    load_and_authorize_resource
+
+    def index
+      render json: { data: Motor::ApiQuery::BuildJson.call(@api_configs.active.order(:id), params, current_ability) }
+    end
+
+    def create
+      @api_config.save!
+
+      Motor::Configs::WriteToFile.call
+
+      render json: { data: Motor::ApiQuery::BuildJson.call(@api_config, params, current_ability) }
+    rescue ActiveRecord::RecordNotUnique
+      find_or_initialize_api_config
+
+      retry
+    end
+
+    def destroy
+      @api_config&.update!(deleted_at: Time.current)
+
+      Motor::Configs::WriteToFile.call
+
+      head :ok
+    end
+
+    private
+
+    def find_or_initialize_api_config
+      name, url, description, preferences, credentials =
+        api_config_params.values_at(:name, :url, :description, :preferences, :credentials)
+
+      @api_config =
+        Motor::ApiConfig.find_or_initialize_by(name: name).tap do |config|
+          config.url = url.delete_suffix('/')
+          config.description = description
+          config.preferences.merge!(preferences)
+          config.credentials.merge!(credentials)
+          config.deleted_at = nil
+        end
+    end
+
+    def api_config_params
+      params.require(:data).permit(:name, :url, :description, preferences: {}, credentials: {})
+    end
+  end
+end

data/app/controllers/motor/application_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Motor
+  class ApplicationController < ActionController::Base
+    include Motor::CurrentUserMethod
+    include Motor::CurrentAbility
+  end
+end