pg_rails 7.6.20 → 7.6.21.pre.1

data/pg_engine/app/policies/pg_engine/base_policy.rb

@@ -14,7 +14,7 @@ module PgEngine
     end
 
     def archived?
-      base_access_to_collection?
+      puede_ver_archivados? && base_access_to_collection?
     end
 
     def show?
@@ -46,11 +46,12 @@ module PgEngine
     end
 
     def archive?
-      puede_borrar? && !record_discarded?
+      puede_ver_archivados? && puede_editar? && record.respond_to?(:discard) && record.kept?
     end
 
     def restore?
-      puede_borrar? && record.respond_to?(:discarded?) && record.discarded?
+      puede_ver_archivados? && puede_editar? && record.respond_to?(:undiscard) && record.discarded? &&
+        (!record.parent? || record.parent.kept?)
     end
 
     def scope
@@ -81,27 +82,35 @@ module PgEngine
     end
 
     def puede_editar?
-      base_access_to_record?
+      user_has_profile(:update)
     end
 
     def puede_crear?
-      base_access_to_collection?
+      user_has_profile(:create)
     end
 
     def puede_borrar?
-      base_access_to_record?
+      user_has_profile(:destroy)
     end
 
-    def export?
-      base_access_to_collection?
+    def puede_ver_archivados?
+      admits_discard = begin
+        model = record.is_a?(ActiveRecord::Base) ? record.class : record
+        model.respond_to?(:discarded)
+      end
+      user_has_profile(:archive) && admits_discard
     end
 
     def base_access_to_record?
-      user&.developer?
+      user_has_profile(:read)
     end
 
     def base_access_to_collection?
-      user&.developer?
+      user_has_profile(:read)
+    end
+
+    def export?
+      user_has_profile(:export)
     end
 
     def record_discarded?
@@ -111,5 +120,17 @@ module PgEngine
         false
       end
     end
+
+    def profile_prefix
+      record.model_name.plural
+    end
+
+    def user_has_profile(key)
+      return true if Current.namespace == :admin
+      return false if ActsAsTenant.current_tenant.blank?
+
+      full_key = "#{profile_prefix}__#{key}"
+      Current.user_account_owner? || Current.active_user_profiles.include?(full_key)
+    end
   end
 end

data/pg_engine/app/policies/user_account_policy.rb

@@ -4,29 +4,63 @@
 
 class UserAccountPolicy < ApplicationPolicy
   class Scope < ApplicationPolicy::Scope
-    # FIXME: quizá scopear las user_accounts según user y/o según account
-    # def resolve
-    #   if policy.acceso_total?
-    #     scope.all
-    #   else
-    #     scope.none
-    #   end
-    # end
-  end
-
-  # def puede_editar?
-  #   acceso_total? && !record.readonly?
-  # end
-
-  # def puede_crear?
-  #   acceso_total? || user.asesor?
-  # end
-
-  # def puede_borrar?
-  #   acceso_total? && !record.readonly?
-  # end
-
-  # def acceso_total?
-  #   user.developer?
-  # end
+    def resolve
+      if Current.namespace == :admin
+        scope.all
+      elsif Current.user_account_owner?
+        # Account owners only see Users that are not discarded
+        scope.kept
+      else
+        # Regulars users only see active users
+        scope.ua_active
+      end
+    end
+  end
+
+  def index?
+    super && (Current.namespace == :admin || Current.active_user_account.present?)
+  end
+
+  def sign_off?
+    user_is_user_account_user? &&
+      !record.ua_invite_pending? &&
+      !record.profiles.account__owner?
+  end
+
+  def puede_crear?
+    Current.namespace == :admin
+  end
+
+  def accept_invitation_link?
+    user_is_user_account_user? && record.ua_invite_pending?
+  end
+
+  def ingresar?
+    user_is_user_account_user? && record.ua_active?
+  end
+
+  def puede_editar?
+    Current.namespace == :admin ||
+      (user_is_account_owner? && !record.discarded_by_user? && !record.profiles.account__owner?)
+  end
+
+  def destroy?
+    Current.namespace == :admin || (user_is_account_owner? && !record.profiles.account__owner?)
+  end
+
+  def show?
+    Current.namespace == :admin || (user_is_account_owner? && !record.profiles.account__owner?)
+  end
+
+  def user_is_account_owner?
+    record.account.owner == user
+  end
+
+  def user_is_user_account_user?
+    user.id == record.user_id
+  end
+
+  def export?
+    false
+  end
 end

data/pg_engine/app/policies/user_policy.rb

@@ -4,6 +4,16 @@
 
 class UserPolicy < ApplicationPolicy
   class Scope < ApplicationPolicy::Scope
+    def resolve
+      if Current.namespace == :admin
+        scope.all
+      elsif Current.account.present?
+        ids = Current.account.user_accounts.ua_active.pluck(:user_id)
+        scope.where(id: ids)
+      else
+        scope.none
+      end
+    end
   end
 
   # def puede_editar?
@@ -17,13 +27,16 @@ class UserPolicy < ApplicationPolicy
   # def puede_borrar?
   #   acceso_total? && !record.readonly?
   # end
+  def puede_editar?
+    base_access_to_record?
+  end
 
   def new_from_associable?
     false
   end
 
   def base_access_to_record?
-    user.developer? || user == record
+    Current.namespace == :admin || user == record
   end
 
   def base_access_to_collection?

data/pg_engine/app/views/admin/user_accounts/_form.html.slim

@@ -4,6 +4,6 @@ div style="max-width: 22em"
   = pg_form_for(@user_account || object) do |f|
     = f.pg_associable :user, preload: 10
     = f.pg_associable :account, preload: 5
-    = f.input :profiles
+    = f.input :profiles, as: :check_boxes
     .mt-2
     = f.button :submit

data/pg_engine/app/views/admin/user_accounts/show.html.slim

@@ -1,3 +1,18 @@
+h5 Permisos
+table.table.table-bordered.w-auto
+  tr
+    - PgEngine.config.profile_groups_options.each do |profile_group|
+      td
+        h5.text-center = t(profile_group[:name], scope: 'profile_group')
+        hr.mt-2
+        - profile_group[:options].each do |values|
+          .form-check
+            - if @user_account.profiles.include?(values.first)
+              = check_box_tag nil, nil, true, disabled: true, class: 'form-check-input'
+            - else
+              = check_box_tag nil, nil, false, disabled: true, class: 'form-check-input'
+            label.form-check-label = values.first
+
 table.table.table-borderless.table-sm.w-auto.mb-0.m-3
   - atributos_para_mostrar.each do |att|
     tr

data/pg_engine/app/views/admin/users/show.html.slim

@@ -10,9 +10,6 @@ table.table.table-borderless.table-sm.w-auto.mb-0.m-3
     tr
       th = @clase_modelo.human_attribute_name(att)
       td = @user.send(att)
-  tr
-    th = t('attributes.confirmed_at')
-    td = @user.confirmed_at
   / tr
     th = t('attributes.creado_por')
     td = @user.creado_por

data/pg_engine/app/views/pg_engine/base/index.html.slim

@@ -14,7 +14,7 @@
       type="button" data-bs-toggle="dropdown" aria-expanded="false"]
       i.bi.bi-list
     ul.dropdown-menu
-      - unless action_name == 'archived'
+      - if policy(clase_modelo).archived? && action_name != 'archived'
         li = link_to [:archived, pg_namespace, nested_record, @clase_modelo].compact,
                      class: 'icon-link dropdown-item' do
           i.bi.bi-archive-fill.lh-1
@@ -53,12 +53,12 @@
             tr id="#{dom_id(object)}"
               td.text-nowrap.xtext-end.xps-5
                 .actions-wrapper
+                  = object.extra_actions(size: :sm) if object.respond_to? :extra_actions
                   = object.show_link(text: '')
                   = object.edit_link(text: '', klass: 'btn-light')
                   = object.archive_link
                   = object.restore_link
                   = object.destroy_link
-                  = object.extra_actions(size: :sm) if object.respond_to? :extra_actions
               - atributos_para_listar.each do |att, _sort_field|
                 = column_for object, att
               - if action_name == 'archived'

data/pg_engine/app/views/tenant/dashboard/dashboard.html.slim

@@ -0,0 +1,2 @@
+h1 Dashboard
+h2 = ActsAsTenant.current_tenant

data/pg_engine/app/views/tenant/user_accounts/_fields.html.slim

@@ -0,0 +1,13 @@
+/ # locals: (f:)
+
+h5 Permisos
+table.table.table-bordered.w-auto
+  tr
+    - PgEngine.config.profile_groups_options.each do |profile_group|
+      td
+        h5.text-center = t(profile_group[:name], scope: 'profile_group')
+        hr.mt-2
+        = f.collection_check_boxes :profiles, profile_group[:options], :first, :last do |blo|
+          .form-check
+            = blo.check_box class: 'form-check-input'
+            = blo.label class: 'form-check-label'

data/pg_engine/app/views/tenant/user_accounts/_form.html.slim

@@ -0,0 +1,9 @@
+/ # locals: (object: nil)
+
+div data-controller="pg_form"
+  = pg_form_for(@user_account || object) do |f|
+    = render partial: 'tenant/user_accounts/fields', locals: { f: }
+    = f.input :membership_status, as: :radio_buttons
+
+    .mt-2
+    = f.button :submit

data/pg_engine/app/views/tenant/user_accounts/show.html.slim

@@ -0,0 +1,20 @@
+h1 = @user_account
+
+p = @user_account.user_email_f
+
+= @user_account.estado_f
+
+h5.mt-4 Permisos
+table.table.table-bordered.w-auto
+  tr
+    - PgEngine.config.profile_groups_options.each do |profile_group|
+      td
+        h5.text-center = t(profile_group[:name], scope: 'profile_group')
+        hr.mt-2
+        - profile_group[:options].each do |values|
+          .form-check
+            - if @user_account.profiles.include?(values.first)
+              = check_box_tag nil, nil, true, disabled: true, class: 'form-check-input'
+            - else
+              = check_box_tag nil, nil, false, disabled: true, class: 'form-check-input'
+            label.form-check-label = values.last

data/pg_engine/app/views/users/accounts/_form.html.slim

@@ -0,0 +1,7 @@
+div style="max-width: 22em"
+  = pg_form_for(@account || object) do |f|
+    = f.input :nombre
+    = f.input :plan
+    = f.input :logo
+    .mt-2
+    = f.button :submit

data/pg_engine/app/views/users/accounts/show.html.slim

@@ -1,15 +1,23 @@
-h1
-  |> Usuarios de la cuenta:
-  = @account
-
-div style="max-width: 30em"
-  table.table.table-sm
-    tr
-      th Nombre
-      th Email
-      th Roles
-    - @account.user_accounts.kept.each do |user_account|
-      tr
-        td = user_account.user
-        td = user_account.user.email
-        td = user_account.profiles.texts.join(', ')
+- content_for :actions do
+  = @user_account.ingresar_link
+  = @user_account.sign_off_link
+
+.text-center
+  - if @account.logo.present?
+    = image_tag @account.logo
+  h1
+    = @account
+
+  / h6
+    |> Administrado por:
+    = @account.owner.nombre_completo
+    |< (
+    = @account.owner.email
+    | )
+
+- if @user_account.membership_status.ms_disabled?
+  p.text-danger Deshabilitado
+
+- if @account.owner == Current.user
+  = turbo_frame_tag 'embedded__user_accounts',
+      src: tenant_user_accounts_path(tid: Current.user.user_account_for(@account).to_param)

data/pg_engine/config/initializers/acts_as_tenant.rb

@@ -9,8 +9,13 @@ end
 
 SET_TENANT_PROC = lambda do
   if defined?(Rails::Console)
-    puts "> ActsAsTenant.current_tenant = Account.first"
-    ActsAsTenant.current_tenant = Account.first
+    if ENV['SET_DEFAULT_TENANT_ON_DEV'].present?
+      puts "> ActsAsTenant.current_tenant = Account.first"
+      ActsAsTenant.current_tenant = Account.first
+    else
+      puts "> ActsAsTenant.unscoped = true"
+      ActsAsTenant.unscoped = true
+    end
   end
 end
 

data/pg_engine/config/initializers/devise.rb

@@ -310,4 +310,14 @@ Devise.setup do |config|
   # When set to false, does not sign a user in automatically after their password is
   # changed. Defaults to true, so a user is signed in automatically after changing a password.
   # config.sign_in_after_change_password = true
+
+  # ==> Configuration for :invitable
+  # The period the generated invitation token is valid.
+  # After this period, the invited resource won't be able to accept the invitation.
+  # When invite_for is 0 (the default), the invitation won't expire.
+  config.invite_for = 2.weeks
+
+  # Dont require nombre y apellido on invite
+  # config.validate_on_invite = true
+  config.require_password_on_accepting = true
 end

data/pg_engine/config/initializers/ransack.rb

@@ -53,4 +53,6 @@ Ransack.configure do |config|
     arel_predicate: 'does_not_match_unaccent',
     formatter: proc { |v| "%#{Ransack::Constants.escape_wildcards(v.downcase)}%" },
     case_insensitive: true
+
+  config.add_predicate 'arr_cont', arel_predicate: 'contains', formatter: proc { |v| [v] }
 end

data/pg_engine/config/locales/es.yml

@@ -1,8 +1,20 @@
 es:
+  profile_group:
+    account: Cuenta
+    user_accounts: Usuarios
+  profile_member:
+    owner: Administrador
+    read: Ver
+    update: Modificar
+    create: Crear
+    archive: Archivar
+    destroy: Eliminar
+    export: Exportar
   ransack:
     predicates:
       cont: ''
       cont_all: ''
+      arr_cont: ''
       cont_any: ''
       not_cont: 'no contiene'
       in: ''
@@ -28,6 +40,15 @@ es:
     creado_por: Creado por
     accept_terms: Acepto los <a href="/terminos_y_condiciones" target="_blank">Términos y condiciones</a> y la <a href="/privacidad" target="_blank">Política de privacidad</a>
   enumerize:
+    user_account:
+      membership_status:
+        ms_active: Habilitado
+        ms_disabled: Deshabilitado
+      invitation_status:
+        ist_invited: Invitación aún no aceptada
+        ist_accepted: Invitación aceptada
+        ist_rejected: Invitación rechazada
+        ist_signed_off: Salió de la cuenta
     email:
       status:
         pending: Enviando
@@ -77,6 +98,19 @@ es:
     sign_in: ¿Ya tenés una cuenta? Iniciar sesión
     sign_out: Cerrar sesión
     sign_up: Crear una cuenta
+    invitations:
+      send_instructions: "Se envió una invitación a %{email}"
+      invitation_token_invalid: "¡La invitación no es válida!"
+      updated: ""
+      updated_not_active: ""
+      no_invitations_remaining: "No quedan invitaciones"
+      invitation_removed: "Se ha retirado su invitación"
+      new:
+        header: "Agregar usuario"
+        submit_button: "Agregar"
+      edit:
+        header: "Aceptar invitación"
+        submit_button: "Aceptar"
     confirmations:
       confirmed: ¡Tu cuenta está confirmada! Ya podés iniciar sesión
     sessions:
@@ -87,6 +121,7 @@ es:
       already_authenticated: ''
       timeout: ''
       unauthenticated: ''
+      invited: "Tenés una invitación pendiente en tu correo electrónico"
     registrations:
       signed_up_but_unconfirmed: Te enviamos un correo electrónico con instrucciones para confirmar tu cuenta.
       new:
@@ -103,6 +138,13 @@ es:
         forgot_your_password: ¿Olvidaste tu contraseña?
         didn_t_receive_confirmation_instructions: ¿No recibiste las instrucciones para confirmar tu cuenta?
     mailer:
+      invitation_instructions:
+        subject: "Recibiste una invitación de %{inviter}"
+        hello: "Hola %{email}"
+        someone_invited_you: "Has sido invitado a %{url}, puedes aceptarlo siguiendo el siguiente enlace"
+        accept: "Aceptar la invitación"
+        accept_until: "Esta invitación expirará en %{due_date}."
+        ignore: "Si no le interesa esta invitación, simplemente ignore este correo. No se creará tu cuenta hasta que accedas al enlace anterior y crees una contraseña."
       confirmation_instructions:
         action: Confirmá tu cuenta
         greeting: "Hola %{recipient}"
@@ -125,9 +167,27 @@ es:
         instruction_3: Tu contraseña no será cambiada hasta que accedas al link y crees una nueva.
         subject: Recuperación de contraseña
   activerecord:
+    models:
+      user_account:
+        one: Cuenta de usuario
+        other: Cuentas de usuario
+      account:
+        one: Espacio
+        other: Espacios
+      user:
+        one: Usuario
+        other: Usuarios
     attributes:
+      account:
+        owner: Administrado por
+      user_account:
+        membership_status: Estado
+        user: Nombre
+        user_email: Email
+        profiles: Permisos
       user:
         remember_me: Recordarme en este navegador
+        avatar: Foto de perfil
       email:
         from_name: Remitente
         to: Destinatario

data/pg_engine/config/routes.rb

@@ -18,27 +18,37 @@ Rails.application.routes.draw do
 
   devise_for :users, controllers: {
     confirmations: 'users/confirmations',
-    registrations: 'users/registrations'
+    registrations: 'users/registrations',
+    invitations: 'users/invitations'
   }, failure_app: PgEngine::DeviseFailureApp
+
   namespace :users, path: 'u' do
+    post 'notifications/mark_as_seen', to: 'notifications#mark_as_seen'
+    post 'notifications/mark_as_unseen', to: 'notifications#mark_as_unseen'
+    get 'date_jumper/jump'
+    pg_resource(:accounts, path: 'espacios', only: [:index, :show, :new, :create, :edit, :update]) do
+      member do
+        put :update_invitation
+      end
+    end
+
+    root to: 'accounts#index'
+  end
+
+  namespace :tenant, path: 'u/t(/:tid)' do
+    pg_resource(:user_accounts, only: [:index, :show, :edit, :update, :destroy])
     scope controller: 'inline_edit', path: 'inline', as: :inline do
       get 'edit'
       get 'show'
     end
     get 'dashboard', to: 'dashboard#dashboard'
-    post 'notifications/mark_as_seen', to: 'notifications#mark_as_seen'
-    post 'notifications/mark_as_unseen', to: 'notifications#mark_as_unseen'
-    get 'date_jumper/jump'
-    scope controller: 'account_switcher', path: 'switcher' do
-      get '', action: 'list', as: 'account_switcher'
-      post ':user_account_id', action: 'switch', as: 'account_switch'
-    end
 
-    pg_resource(:accounts, path: 'cuentas', only: [:show])
-    # get 'account', to: 'accounts#show'
+    # get '/u', to: 'users/dashboard#dashboard', as: :users_root
+    root to: 'dashboard#dashboard'
   end
 
-  get '/u', to: 'users/dashboard#dashboard', as: :users_root
+  # root to: 'users/accounts#index'
+  root to: redirect('/u')
 
   namespace :admin, path: 'a' do
     pg_resource(:emails)

data/pg_engine/config/simple_form/simple_form_bootstrap.rb

@@ -92,7 +92,7 @@ SimpleForm.setup do |config|
                                         tag: 'fieldset', class: 'mb-3' do |b|
     b.use :html5
     b.optional :readonly
-    b.wrapper :legend_tag, tag: 'legend', class: 'col-form-label pt-0' do |ba|
+    b.wrapper :legend_tag, tag: 'div', class: 'col-form-label pt-0' do |ba|
       ba.use :label_text
     end
     b.use :input, class: 'form-check-input', error_class: 'is-invalid'
@@ -105,7 +105,7 @@ SimpleForm.setup do |config|
                                                item_label_class: 'form-check-label', tag: 'fieldset', class: 'mb-3' do |b|
     b.use :html5
     b.optional :readonly
-    b.wrapper :legend_tag, tag: 'legend', class: 'col-form-label pt-0' do |ba|
+    b.wrapper :legend_tag, tag: 'div', class: 'col-form-label pt-0' do |ba|
       ba.use :label_text
     end
     b.use :input, class: 'form-check-input', error_class: 'is-invalid'

data/pg_engine/db/migrate/20241023203849_devise_invitable.rb

@@ -0,0 +1,14 @@
+class DeviseInvitable < ActiveRecord::Migration[7.2]
+  def change
+      add_column :users, :invitation_token, :string
+      add_column :users, :invitation_created_at, :datetime
+      add_column :users, :invitation_sent_at, :datetime
+      add_column :users, :invitation_accepted_at, :datetime
+      add_column :users, :invitation_limit, :integer
+      add_column :users, :invited_by_id, :integer
+      add_column :users, :invited_by_type, :string
+      add_index :users, :invitation_token, unique: true
+      change_column_null :users, :nombre, true
+      change_column_null :users, :apellido, true
+  end
+end

data/pg_engine/db/migrate/20241027225618_add_membership_status_to_user_accounts.rb

@@ -0,0 +1,6 @@
+class AddMembershipStatusToUserAccounts < ActiveRecord::Migration[7.2]
+  def change
+    add_column :user_accounts, :membership_status, :integer, null: false, default: 1
+    add_column :user_accounts, :invitation_status, :integer, null: false, default: 1
+  end
+end

data/pg_engine/db/seeds.rb

@@ -2,15 +2,15 @@ DatabaseCleaner.clean_with(:truncation, except: %w(ar_internal_metadata))
 
 bien = FactoryBot.create(:account, nombre: 'Bien', subdomain: 'bien')
 rosso = FactoryBot.create(:user, email: 'mrosso10@gmail.com', nombre: 'Martín', apellido: 'Rosso', password: 'admin123',
-                                 confirmed_at: Time.now, developer: true, orphan: true)
+                                 confirmed_at: Time.now, developer: true)
 
-bien.user_accounts.create(user: rosso, profiles: [:administracion])
+bien.user_accounts.create!(user: rosso, profiles: [:account__owner])
 
 racionalismo = FactoryBot.create(:account, nombre: 'Racionalismo', subdomain: 'racionalismo')
 baruch = FactoryBot.create(:user, email: 'baruch@bien.com', nombre: 'Baruch', apellido: 'Spinoza', password: 'admin123',
-                                  confirmed_at: Time.now, orphan: true)
+                                  confirmed_at: Time.now)
 rené = FactoryBot.create(:user, email: 'rene@bien.com', nombre: 'René', apellido: 'Descartes', password: 'admin123',
-                                confirmed_at: Time.now, orphan: true)
+                                confirmed_at: Time.now)
 
-racionalismo.user_accounts.create(user: baruch, profiles: [:administracion])
-racionalismo.user_accounts.create(user: rené, profiles: [:operacion])
+racionalismo.user_accounts.create!(user: baruch, profiles: [:account__owner])
+racionalismo.user_accounts.create!(user: rené, profiles: [:cosas__read])