RubyGems - pg_rails - Versions diffs - 7.6.20 → 7.6.21.pre.2 - Mend

pg_rails 7.6.20 → 7.6.21.pre.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

data/pg_engine/app/controllers/users/registrations_controller.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 module Users
   class RegistrationsController < Devise::RegistrationsController
     before_action do
+      @sidebar = false
       authorize resource, nil, policy_class: UserRegistrationPolicy
     end
@@ -11,6 +12,7 @@ module Users
         resource.save
         yield resource if block_given?
         if resource.persisted?
+          # FIXME: no va más
           create_account_for(resource) if ActsAsTenant.current_tenant.blank?
           expire_data_after_sign_in!
@@ -35,8 +37,7 @@ module Users
     private
     def create_account_for(user)
-      account = Account.create!(nombre: user.email)
-      user.user_accounts.create!(account:)
+      Account.create!(nombre: user.email, creado_por: user)
     end
   end
 end

data/pg_engine/app/decorators/account_decorator.rb CHANGED Viewed

@@ -13,4 +13,22 @@ class AccountDecorator < PgEngine::BaseRecordDecorator
   #       object.created_at.strftime("%a %m/%d/%y")
   #     end
   #   end
+  def extra_actions(*)
+    return if Current.namespace == :admin
+    ua = Current.user.user_account_for(object).decorate
+    [ua.ingresar_link,
+     ua.accept_invitation_link,
+     ua.reject_invitation_link].compact.join.html_safe
+  end
+  # def show_link(text: '', klass: 'btn-light')
+  #   return unless Pundit.policy!(Current.user, object).show?
+  #   helpers.content_tag :span, 'data-controller': :tooltip, title: 'Más opciones' do
+  #     helpers.link_to object_url, class: "btn btn-sm #{klass}" do
+  #       helpers.content_tag(:span, nil, class: clase_icono('list')) + text
+  #     end
+  #   end
+  # end
 end

data/pg_engine/app/decorators/pg_engine/base_record_decorator.rb CHANGED Viewed

@@ -65,8 +65,16 @@ module PgEngine
       return unless Pundit.policy!(Current.user, object).destroy?
       helpers.content_tag :span, rel: :tooltip, title: 'Eliminar definitivamente' do
+        # :nocov:
+        confirm_key = if Rails.env.development?
+                        'noconfirm'
+                      else
+                        'turbo-confirm'
+                      end
+        # :nocov:
         helpers.link_to object_url + (land_on.present? ? "?land_on=#{land_on}" : ''),
-                        data: { 'turbo-confirm': confirm_text, 'turbo-method': :delete },
+                        data: { "#{confirm_key}": confirm_text, 'turbo-method': :delete },
                         class: "btn btn-sm #{klass} text-danger" do
           helpers.content_tag :span, nil, class: clase_icono('trash-fill')
         end

data/pg_engine/app/decorators/user_account_decorator.rb CHANGED Viewed

@@ -5,15 +5,80 @@
 class UserAccountDecorator < PgEngine::BaseRecordDecorator
   delegate_all
-  def profiles
-    object.profiles.join(', ')
-  end
-  # Define presentation-specific methods here. Helpers are accessed through
-  # `helpers` (aka `h`). You can override attributes, for example:
-  #
-  #   def created_at
-  #     helpers.content_tag :span, class: 'time' do
-  #       object.created_at.strftime("%a %m/%d/%y")
-  #     end
-  #   end
+  def ingresar_link
+    return unless Pundit.policy!(Current.user, object).ingresar?
+    h.link_to h.tenant_root_path(tid: object.to_param),
+              'data-turbo-frame': :_top,
+              class: 'btn btn-sm btn-primary' do
+      '<i class="bi bi-box-arrow-in-right"></i> Ingresar'.html_safe
+    end
+  end
+  def accept_invitation_link
+    return unless Pundit.policy!(Current.user, object).accept_invitation_link?
+    h.link_to [:update_invitation, :users, account, { accept: 1 }].flatten,
+              'data-turbo-method': :put,
+              class: 'btn btn-sm btn-success' do
+      'Aceptar invitación'
+    end
+  end
+  def reject_invitation_link
+    return unless Pundit.policy!(Current.user, object).accept_invitation_link?
+    h.link_to [:update_invitation, :users, account, { reject: 1 }].flatten,
+              'data-turbo-method': :put,
+              class: 'btn btn-sm btn-danger' do
+      'Rechazar'
+    end
+  end
+  def sign_off_link
+    return unless Pundit.policy!(Current.user, object).sign_off?
+    h.link_to [:update_invitation, :users, account, { sign_off: 1 }].flatten,
+              'data-turbo-method': :put,
+              class: 'btn btn-sm btn-outline-danger' do
+      'Dejar la cuenta'
+    end
+  end
+  def estado_f
+    membership_status_f + ' - ' + invitation_status_f
+  end
+  def membership_status_f
+    klass = {
+      'ms_active' => 'text-success',
+      'ms_disabled' => 'text-danger'
+    }[object.membership_status]
+    content_tag :span, object.membership_status_text, class: "#{klass} fw-bold"
+  end
+  def invitation_status_f
+    klass = {
+      'ist_accepted' => 'text-success',
+      'ist_invited' => 'text-warning-emphasis',
+      'ist_rejected' => 'text-danger',
+      'ist_signed_off' => 'text-danger'
+    }[object.invitation_status]
+    content_tag :span, object.invitation_status_text, class: "#{klass} fw-bold"
+  end
+  def profiles_f
+    return if object.profiles.account__owner?
+    # object.profiles.texts.join(', ')
+    PgEngine.config.profile_groups_options.map do |profile_group|
+      "<b>#{I18n.t(profile_group[:name], scope: 'profile_group')}: </b>" + h.show_profiles_for(object, profile_group)
+    end.join('. ').html_safe
+  end
+  def user_email_f
+    user.email
+  end
 end

data/pg_engine/app/helpers/pg_engine/accounts_helper.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module PgEngine
+  module AccountsHelper
+    def show_profiles_for(user_account, profile_group)
+      aux = profile_group[:options].select { |opt| user_account.profiles.include?(opt.first) }
+      aux = aux.map(&:last).map { |pr| t(pr, scope: 'profile_member') }.join(', ').html_safe
+      aux.presence || 'No'
+    end
+  end
+end

data/pg_engine/app/helpers/pg_engine/frame_helper.rb CHANGED Viewed

@@ -32,6 +32,18 @@ module PgEngine
     end
     def embed_index(object, key)
+      reflection = object.class.reflect_on_all_associations.find do |a|
+        a.name == key.to_sym
+      end
+      if reflection.blank?
+        # :nocov:
+        raise PgEngine::Error, "#{key} not an association for #{object.class}"
+        # :nocov:
+      end
+      return unless policy(reflection.klass).index?
       content_tag(:div, 'data-controller': 'embedded-frame') do
         turbo_frame_tag "embedded--#{key}",
                         refresh: :morph, src: url_for([pg_namespace, object, key]) do

data/pg_engine/app/lib/pg_engine/default_url_options.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module PgEngine
+  module DefaultUrlOptions
+    # Aunque parece intuitivo que se podría definir solamente url_options,
+    # es importante que default_url_options también esté definido
+    def url_options
+      if Current.active_user_account
+        super.merge(tid: Current.active_user_account.to_param)
+      else
+        super.merge(tid: nil)
+      end
+    end
+    def default_url_options
+      if Current.active_user_account
+        { tid: Current.active_user_account.to_param }
+      else
+        { tid: nil }
+      end
+    end
+  end
+end

data/pg_engine/app/lib/pg_engine/filtros_builder.rb CHANGED Viewed

@@ -19,11 +19,13 @@ module PgEngine
       incluye
       es_igual_a
       in
+      arr_cont
       cont_all
       cont_any
       not_cont
       cont
       eq
+      matches
     ].freeze
     def initialize(controller, clase_modelo, campos)

data/pg_engine/app/models/account.rb CHANGED Viewed

@@ -24,7 +24,7 @@ class Account < ApplicationRecord
   include Discard::Model
   include Hashid::Rails
-  has_many :user_accounts
+  has_many :user_accounts, dependent: :destroy
   has_many :users, through: :user_accounts
   belongs_to :creado_por, optional: true, class_name: 'User'
@@ -36,15 +36,42 @@ class Account < ApplicationRecord
   has_many :audits, dependent: :nullify, class_name: 'Audited::Audit'
+  has_one_attached :logo do |attachable|
+    attachable.variant :thumb, resize_and_pad: [80, 80]
+  end
   ransacker :search do |parent|
     parent.table[:nombre]
   end
+  after_create do
+    if creado_por.present?
+      ActsAsTenant.without_tenant do
+        user_accounts.create!(account: self, user: creado_por, profiles: [:account__owner])
+      end
+    end
+  end
   before_validation do
     self.plan = 0 if plan.blank?
   end
+  def self.gender
+    'm'
+  end
   def to_s
     nombre
   end
+  # There can be only one
+  def owner
+    @owner ||= ActsAsTenant.without_tenant do
+      user_accounts.ua_active.owners.first&.user
+    end
+    raise PgEngine::Error, 'orphan account' if @owner.nil?
+    @owner
+  end
 end

data/pg_engine/app/models/concerns/pg_engine/child_record.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module PgEngine
+  module ChildRecord
+    extend ActiveSupport::Concern
+    included do
+      scope :kept, -> { undiscarded.joins(klass.parent_accessor).merge(klass.parent_klass.kept) }
+      scope :unkept, -> { discarded.joins(klass.parent_accessor).or(klass.parent_klass.discarded) }
+    end
+    class_methods do
+      attr_accessor :parent_accessor
+      def parent_klass
+        if parent_accessor.blank?
+          # :nocov:
+          raise PgEngine::Error, 'parent_accessor must be present'
+          # :nocov:
+        end
+        reflection = reflect_on_all_associations.select { |r| r.name == parent_accessor.to_sym }.first
+        if reflection.blank?
+          # :nocov:
+          raise PgEngine::Error, "#{parent_accessor} not an association on #{self}"
+          # :nocov:
+        end
+        reflection.klass
+      end
+    end
+    def parent?
+      if self.class.parent_accessor.blank?
+        # :nocov:
+        raise PgEngine::Error, 'parent_accessor must be present'
+        # :nocov:
+      end
+      true
+    end
+    def parent
+      if self.class.parent_accessor.blank?
+        # :nocov:
+        raise PgEngine::Error, 'parent_accessor must be present'
+        # :nocov:
+      end
+      send(self.class.parent_accessor)
+    end
+    def kept?
+      undiscarded? && (parent.blank? || parent.kept?)
+    end
+  end
+end

data/pg_engine/app/models/current.rb CHANGED Viewed

@@ -1,14 +1,40 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :account, :user, :namespace, :controller
+  attribute :user, :namespace, :controller, :active_user_account
   # attribute :request_id, :user_agent, :ip_address
   # resets { Time.zone = nil }
+  def active_user_account
+    # Para los jobs
+    if attributes[:active_user_account].nil? && user.present? && account.present?
+      attributes[:active_user_account] = user.active_user_account_for(account)
+    end
+    super
+  end
+  def tid
+    active_user_account.to_param
+  end
+  def active_user_profiles
+    if active_user_account.present?
+      active_user_account.profiles
+    else
+      []
+    end
+  end
+  def user_account_owner?
+    active_user_profiles.include?('account__owner')
+  end
+  def account
+    ActsAsTenant.current_tenant
+  end
   # def user=(user)
   #   super
   #
   #   Time.zone    = user.time_zone
   # end
-  deprecate :account, deprecator: PgEngine.deprecator
 end

data/pg_engine/app/models/pg_engine/base_record.rb CHANGED Viewed

@@ -28,6 +28,11 @@ module PgEngine
       end
     end
+    # overriden by PgEngine::ChildRecord
+    def parent?
+      false
+    end
     def to_s
       %i[nombre name].each do |campo|
         # Using `_in_database` for consistent breadcrumbs when editing the name

data/pg_engine/app/models/user.rb CHANGED Viewed

@@ -29,24 +29,49 @@
 #
 class User < ApplicationRecord
+  default_scope lambda {
+    if Current.namespace == :tenant
+      if ActsAsTenant.unscoped?
+        all
+      else
+        ids = Current.account.user_accounts.ua_active.pluck(:user_id)
+        # ids = ids.push(Current.user.id) ?
+        where(id: ids)
+      end
+    else
+      all
+    end
+  }
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable,
-         :lockable, :timeoutable, :trackable, :confirmable
+         :lockable, :timeoutable, :trackable, :confirmable, :invitable
   audited
   include Discard::Model
   has_many :user_accounts, dependent: :destroy
+  accepts_nested_attributes_for :user_accounts
   # Hace falta?
   has_many :accounts, through: :user_accounts
-  acts_as_tenant :account, through: :user_accounts
+  # Crea automáticamente una user_account on create
+  # a menos que ya exista en los nested attributes una user
+  # account para la current tenant
+  #
+  # Es problemático porque interfiere en UserAccount.joins(:user)
+  # y hace un doble join
+  # acts_as_tenant :account, through: :user_accounts
   has_many :notifications, as: :recipient, class_name: 'Noticed::Notification'
   validates :nombre, :apellido, presence: true
+  has_one_attached :avatar do |attachable|
+    attachable.variant :thumb, resize_to_fill: [80, 80]
+  end
   validates_presence_of   :email
   validates_uniqueness_of :email, message: 'ya pertenece a un usuario'
   validates_format_of     :email, with: /\A[^@\s]+@[^@\s]+\z/
@@ -59,6 +84,11 @@ class User < ApplicationRecord
     message: 'Para crear una cuenta es necesario que aceptes los términos y condiciones'
   }
+  # When the user is invited via Devise Invitable
+  before_invitation_created do
+    user_accounts.first.invitation_status = :ist_invited
+  end
   attr_accessor :orphan
   def active_for_authentication?
@@ -93,7 +123,7 @@ class User < ApplicationRecord
   end
   def to_s
-    nombre_completo
+    nombre_completo.strip.presence || email
   end
   def nombre_completo
@@ -102,22 +132,34 @@ class User < ApplicationRecord
   class Error < PgEngine::Error; end
-  def user_accounts_without_tenant
-    ActsAsTenant.without_tenant do
-      user_accounts.to_a
-    end
-  end
-  def default_account
-    raise Error, 'El usuario debe tener cuenta' if accounts.empty?
+  # def default_account
+  #   raise Error, 'El usuario debe tener cuenta' if accounts.empty?
-    user_accounts.first.account
-    # throw :warden, scope: :user, message: :user_not_belongs_to_account
-  end
+  #   user_accounts.first.account
+  #   # throw :warden, scope: :user, message: :user_not_belongs_to_account
+  # end
   deprecate :current_account, deprecator: PgEngine.deprecator
   def current_account
     ActsAsTenant.current_tenant
   end
+  def active_user_account_for(account)
+    user_account_for(account, active: true)
+  end
+  def user_account_for(account, active: false)
+    if account.nil?
+      # :nocov:
+      raise PgEngine::Error, 'account must be present'
+      # :nocov:
+    end
+    scope_name = active ? :ua_active : :kept
+    ActsAsTenant.without_tenant do
+      user_accounts.send(scope_name).where(account:).first
+    end
+  end
 end

data/pg_engine/app/models/user_account.rb CHANGED Viewed

@@ -21,24 +21,89 @@
 #  fk_rails_...  (user_id => users.id)
 #
-# FIXME: add column active?
 class UserAccount < ApplicationRecord
   audited
   include Hashid::Rails
+  # self.inline_editable_fields = %i[profiles]
+  self.default_modal = true
   belongs_to :user, inverse_of: :user_accounts
   acts_as_tenant :account
+  def self.gender
+    'f'
+  end
   belongs_to :creado_por, optional: true, class_name: 'User'
   belongs_to :actualizado_por, optional: true, class_name: 'User'
-  # scope :kept, -> { undiscarded.joins(:account).merge(Account.kept) }
-  # FIXME: merge with User.kept
-  scope :kept, -> { joins(:account).merge(Account.kept) }
+  validates :user_id, uniqueness: { scope: :account_id }
+  after_destroy :cleanup_invitation
+  def cleanup_invitation
+    usr = User.unscoped.find(user_id)
+    return unless usr.invited_to_sign_up? && !usr.confirmed?
+    return if usr.destroy
+    # :nocov:
+    pg_err 'User couldnt be deleted on invitation cleanup'
+    # :nocov:
+  end
+  # El problema está en el joins(:user), ya que la default scope de user está scopeada dentro
+  # del current_tenant entonces vuelve sobre la tabla user_accounts y bardea
+  #
+  # Tengo que escribir el user joins a mano porque de lo contrario sumaría la default_scope de
+  # User, que a su vez joinea con user_accounts
+  USER_JOINS = 'INNER JOIN users ON users.id = user_accounts.user_id'
+  scope :kept, -> { joins(USER_JOINS, :account).merge(Account.kept).merge(User.unscoped.kept) }
+  scope :ua_active, lambda {
+    kept.where(membership_status: :ms_active, invitation_status: :ist_accepted)
+  }
+  OWNERS_PREDICATE = lambda do
+    UserAccount.arel_table[:profiles].contains([UserAccount.profiles.account__owner.value])
+  end
+  scope :owners, lambda {
+    where(OWNERS_PREDICATE.call)
+  }
+  scope :regulars, lambda {
+    where.not(OWNERS_PREDICATE.call)
+  }
+  # Se usa en schema.rb, default: 1
+  enumerize :membership_status, in: {
+    ms_active: 1,
+    ms_disabled: 2
+  }
+  # Se usa en schema.rb, default: 1
+  enumerize :invitation_status, in: {
+    ist_accepted: 1,
+    ist_invited: 2,
+    ist_rejected: 3,
+    ist_signed_off: 4
+  }
+  scope :not_discarded_by_user, -> { where.not(invitation_status: %i[ist_rejected ist_signed_off]) }
+  def discarded_by_user?
+    invitation_status.ist_rejected? || invitation_status.ist_signed_off?
+  end
+  def ua_active?
+    invitation_status.ist_accepted? && membership_status.ms_active?
+  end
+  def ua_invite_pending?
+    invitation_status.ist_invited? && membership_status.ms_active?
+  end
+  enumerize :profiles, in: PgEngine.configuracion.user_profiles, multiple: true
-  enumerize :profiles, in: {
-    administracion: 1,
-    operacion: 2,
-    lectura: 3
-  }, multiple: true
+  delegate :to_s, to: :user
 end

data/pg_engine/app/policies/account_policy.rb CHANGED Viewed

@@ -4,37 +4,56 @@
 class AccountPolicy < ApplicationPolicy
   class Scope < ApplicationPolicy::Scope
-    # def resolve
-    #   if policy.acceso_total?
-    #     scope.all
-    #   else
-    #     scope.none
-    #   end
-    # end
+    def resolve
+      if Current.namespace == :admin
+        scope.all
+      else
+        ary = ActsAsTenant.without_tenant do
+          Current.user.user_accounts.kept.not_discarded_by_user.pluck(:account_id)
+        end
+        scope.where(id: ary)
+      end
+    end
+  end
+  def update_invitation?
+    user_belongs_to_account?
   end
   def puede_editar?
-    user.developer?
+    Current.namespace == :admin || record.owner == Current.user
   end
   def puede_crear?
-    user.developer?
+    user.present?
   end
   def puede_borrar?
-    user.developer?
+    Current.namespace == :admin
   end
-  # def acceso_total?
-  #   user.developer?
-  # end
   def new_from_associable?
     false
   end
+  def show?
+    base_access_to_record?
+  end
+  def index?
+    base_access_to_collection?
+  end
+  def base_access_to_collection?
+    user.present?
+  end
   def base_access_to_record?
-    ActsAsTenant.unscoped? ||
-      record.user_accounts.pluck(:user_id).include?(user.id)
+    ua = user.user_account_for(record)
+    Current.namespace == :admin || (ua.present? && !ua.ua_invite_pending?)
+  end
+  def user_belongs_to_account?
+    user.user_account_for(record).present?
   end
 end

data/pg_engine/app/policies/email_log_policy.rb CHANGED Viewed

@@ -24,8 +24,4 @@ class EmailLogPolicy < ApplicationPolicy
   # def puede_borrar?
   #   acceso_total? && !record.readonly?
   # end
-  # def acceso_total?
-  #   user.developer?
-  # end
 end