plutonium 0.41.1 → 0.42.0

data/lib/generators/pu/saas/api_client_generator.rb

@@ -0,0 +1,254 @@
+# frozen_string_literal: true
+
+return unless defined?(Rodauth::Rails)
+
+require "rails/generators/named_base"
+require_relative "../lib/plutonium_generators"
+
+module Pu
+  module Saas
+    class ApiClientGenerator < ::Rails::Generators::NamedBase
+      include PlutoniumGenerators::Generator
+
+      source_root File.expand_path("api_client/templates", __dir__)
+
+      desc "Generate an API client account with optional entity scoping"
+
+      class_option :entity, type: :string,
+        desc: "Entity model to scope API clients to (e.g., Organization)"
+
+      class_option :roles, type: :array, default: %w[read_only write admin],
+        desc: "Available roles for API client memberships"
+
+      class_option :extra_attributes, type: :array, default: [],
+        desc: "Additional attributes for the API client model"
+
+      def start
+        generate_api_client_account
+        configure_api_client_account
+        generate_membership if entity?
+        create_interactions
+        create_rake_task
+      rescue => e
+        exception "#{self.class} failed:", e
+      end
+
+      private
+
+      def generate_api_client_account
+        invoke "pu:rodauth:account", [name],
+          defaults: false,
+          mails: false,
+          login_column: "login",
+          **api_features,
+          extra_attributes: options[:extra_attributes],
+          force: options[:force],
+          skip: options[:skip]
+      end
+
+      def configure_api_client_account
+        plugin_file = "app/rodauth/#{normalized_name}_rodauth_plugin.rb"
+
+        # Block web signup - internal_request only
+        insert_into_file plugin_file, indent(<<~RUBY, 4), after: /# ==> Hooks\n/
+
+          # API clients can only be created programmatically
+          before_create_account_route do
+            request.halt unless internal_request?
+          end
+
+        RUBY
+
+        # Use login instead of email
+        insert_into_file plugin_file, indent(<<~RUBY, 4), after: /# ==> General\n/
+          # Use login field for application name (not email)
+          login_column :login
+          login_label "Application Name"
+          require_login_confirmation? false
+          login_confirm_label nil
+
+          # Don't require email format for login
+          require_email_address_logins? false
+
+        RUBY
+      end
+
+      def generate_membership
+        invoke "pu:res:model", [membership_model_name, *membership_attributes],
+          dest: selected_destination_feature,
+          force: options[:force],
+          skip: options[:skip]
+
+        add_unique_index_to_migration
+        add_default_to_role_column
+        add_role_enum_to_model
+        add_unique_validation_to_model
+        add_associations_to_models
+      end
+
+      def create_interactions
+        template "app/interactions/create_interaction.rb.tt",
+          "app/interactions/#{normalized_name}/create_interaction.rb"
+
+        template "app/interactions/disable_interaction.rb.tt",
+          "app/interactions/#{normalized_name}/disable_interaction.rb"
+
+        inject_definition_actions
+        inject_policy_methods
+      end
+
+      def create_rake_task
+        template "lib/tasks/api_client.rake.tt",
+          "lib/tasks/#{normalized_name}.rake"
+      end
+
+      def inject_definition_actions
+        definition_file = "app/definitions/#{normalized_name}_definition.rb"
+
+        inject_into_file definition_file, indent(<<~RUBY, 2), after: /class #{name.classify}Definition < .+\n/
+          action :register, interaction: #{name.classify}::CreateInteraction, collection: true, category: :primary
+          action :disable, interaction: #{name.classify}::DisableInteraction, category: :danger
+
+        RUBY
+      end
+
+      def inject_policy_methods
+        policy_file = "app/policies/#{normalized_name}_policy.rb"
+
+        # Uncomment and modify create? to return false (update? inherits from create?)
+        gsub_file policy_file,
+          /  # def create\?\n  #   true\n  # end/,
+          <<~RUBY.chomp
+            def create?
+              false
+            end
+
+            def register?
+              true
+            end
+          RUBY
+
+        # Add disable? method
+        inject_into_file policy_file, <<~RUBY, before: /^\s*# Core attributes/
+          def disable?
+            # Can only disable verified (active) accounts
+            record.status == "verified"
+          end
+
+        RUBY
+      end
+
+      # Membership helpers (similar to pu:saas:membership but simpler)
+
+      def add_unique_index_to_migration
+        migration_file = find_migration_file
+        return unless migration_file
+
+        insert_into_file migration_file,
+          indent("add_index :#{membership_table_name}, [:#{normalized_entity_name}_id, :#{normalized_name}_id], unique: true\n", 4),
+          before: /^  end\s*$/
+      end
+
+      def add_default_to_role_column
+        migration_file = find_migration_file
+        return unless migration_file
+
+        gsub_file migration_file,
+          /t\.integer :role, null: false/,
+          "t.integer :role, null: false, default: 0"
+      end
+
+      def add_role_enum_to_model
+        model_file = File.join("app", "models", "#{membership_model_name}.rb")
+        return unless File.exist?(Rails.root.join(model_file))
+
+        inject_into_file model_file,
+          indent("enum :role, {#{roles_enum}}\n", 2),
+          before: /^\s*# add enums above\./
+      end
+
+      def add_unique_validation_to_model
+        model_file = File.join("app", "models", "#{membership_model_name}.rb")
+        return unless File.exist?(Rails.root.join(model_file))
+
+        validation = "validates :#{normalized_name}, uniqueness: {scope: :#{normalized_entity_name}_id, message: \"is already registered for this #{normalized_entity_name.humanize.downcase}\"}\n"
+        inject_into_file model_file, indent(validation, 2), before: /^\s*# add validations above\./
+      end
+
+      def add_associations_to_models
+        # Add to entity model
+        entity_model_path = File.join("app", "models", "#{normalized_entity_name}.rb")
+        if File.exist?(Rails.root.join(entity_model_path))
+          associations = <<~RUBY
+            has_many :#{membership_table_name}, dependent: :destroy
+            has_many :#{normalized_name.pluralize}, through: :#{membership_table_name}
+          RUBY
+          inject_into_file entity_model_path, indent(associations, 2), before: /^\s*# add has_many associations above\.\n/
+        end
+
+        # Add to API client model
+        api_client_model_path = File.join("app", "models", "#{normalized_name}.rb")
+        if File.exist?(Rails.root.join(api_client_model_path))
+          associations = <<~RUBY
+            has_many :#{membership_table_name}, dependent: :destroy
+            has_many :#{normalized_entity_name.pluralize}, through: :#{membership_table_name}
+          RUBY
+          inject_into_file api_client_model_path, indent(associations, 2), before: /^\s*# add has_many associations above\.\n/
+        end
+      end
+
+      def find_migration_file
+        Dir[Rails.root.join("db", "migrate", "*_create_#{membership_table_name}.rb")].first
+      end
+
+      # Feature configuration
+
+      def api_features
+        {
+          base: true,
+          create_account: true,
+          internal_request: true,
+          http_basic_auth: true,
+          close_account: true,
+          case_insensitive_login: true
+        }
+      end
+
+      # Naming helpers
+
+      def normalized_name = name.underscore
+
+      def display_name = name.underscore.humanize.downcase
+
+      def entity? = options[:entity].present?
+
+      def normalized_entity_name = options[:entity]&.underscore
+
+      def membership_model_name = "#{normalized_entity_name}_#{normalized_name}"
+
+      def membership_table_name = membership_model_name.pluralize
+
+      def membership_attributes
+        [
+          "#{normalized_entity_name}:references",
+          "#{normalized_name}:references",
+          "role:integer"
+        ]
+      end
+
+      def roles
+        Array(options[:roles]).flat_map { |r| r.split(",") }.map(&:strip)
+      end
+
+      def roles_enum
+        roles.each_with_index.map { |r, i| "#{r}: #{i}" }.join(", ")
+      end
+
+      def default_role = roles.first
+
+      def selected_destination_feature
+        feature_option :dest, prompt: "Select destination feature"
+      end
+    end
+  end
+end

data/lib/generators/pu/saas/entity_generator.rb

@@ -32,11 +32,13 @@ module Pu
 
       def add_unique_index_to_migration
         migration_dir = File.join("db", "migrate")
-        migration_file = Dir[File.join(migration_dir, "*_create_#{normalized_name.pluralize}.rb")].first
+        migration_file = Dir[Rails.root.join(migration_dir, "*_create_#{normalized_name.pluralize}.rb")].first
 
-        return unless migration_file && File.exist?(migration_file)
+        return unless migration_file
 
-        insert_into_file migration_file,
+        # Convert to relative path for insert_into_file
+        relative_path = migration_file.sub("#{Rails.root}/", "")
+        insert_into_file relative_path,
           indent("add_index :#{normalized_name.pluralize}, :name, unique: true\n", 4),
           before: /^  end\s*$/
       end

data/lib/generators/pu/saas/membership_generator.rb

@@ -30,6 +30,7 @@ module Pu
         add_role_enum_to_model
         add_unique_validation_to_model
         add_associations_to_models
+        add_associated_with_scope_to_entity
       rescue => e
         exception "#{self.class} failed:", e
       end
@@ -40,11 +41,11 @@ module Pu
         user_model_path = File.join("app", "models", "#{normalized_user_name}.rb")
         entity_model_path = File.join("app", "models", "#{normalized_entity_name}.rb")
 
-        unless File.exist?(user_model_path)
+        unless File.exist?(Rails.root.join(user_model_path))
           raise "User model '#{normalized_user_name}' does not exist at #{user_model_path}. Please create it first with: rails g pu:saas:user #{options[:user]}"
         end
 
-        unless File.exist?(entity_model_path)
+        unless File.exist?(Rails.root.join(entity_model_path))
           raise "Entity model '#{normalized_entity_name}' does not exist at #{entity_model_path}. Please create it first with: rails g pu:saas:entity #{options[:entity]}"
         end
       end
@@ -79,7 +80,7 @@ module Pu
       def add_role_enum_to_model
         model_file = File.join("app", "models", "#{membership_model_name}.rb")
 
-        return unless File.exist?(model_file)
+        return unless File.exist?(Rails.root.join(model_file))
 
         enum_definition = "enum :role, #{roles_enum}\n"
         insert_into_file model_file, indent(enum_definition, 2), before: /^\s*# add enums above\./
@@ -88,7 +89,7 @@ module Pu
       def add_unique_validation_to_model
         model_file = File.join("app", "models", "#{membership_model_name}.rb")
 
-        return unless File.exist?(model_file)
+        return unless File.exist?(Rails.root.join(model_file))
 
         validation = "validates :#{normalized_user_name}, uniqueness: {scope: :#{normalized_entity_name}_id, message: \"is already a member of this #{normalized_entity_name.humanize.downcase}\"}\n"
         insert_into_file model_file, indent(validation, 2), before: /^\s*# add validations above\./
@@ -102,30 +103,41 @@ module Pu
       def add_association_to_entity_model
         entity_model_path = File.join("app", "models", "#{normalized_entity_name}.rb")
 
-        return unless File.exist?(entity_model_path)
+        return unless File.exist?(Rails.root.join(entity_model_path))
 
         associations = <<~RUBY
           has_many :#{membership_table_name}, dependent: :destroy
           has_many :#{normalized_user_name.pluralize}, through: :#{membership_table_name}
         RUBY
-        inject_into_file entity_model_path, associations, before: /^\s*# add has_many associations above\.\n/
+        inject_into_file entity_model_path, indent(associations, 2), before: /^\s*# add has_many associations above\.\n/
       end
 
       def add_association_to_user_model
         user_model_path = File.join("app", "models", "#{normalized_user_name}.rb")
 
-        return unless File.exist?(user_model_path)
+        return unless File.exist?(Rails.root.join(user_model_path))
 
         associations = <<~RUBY
           has_many :#{membership_table_name}, dependent: :destroy
           has_many :#{normalized_entity_name.pluralize}, through: :#{membership_table_name}
         RUBY
-        inject_into_file user_model_path, associations, before: /^\s*# add has_many associations above\.\n/
+        inject_into_file user_model_path, indent(associations, 2), before: /^\s*# add has_many associations above\.\n/
+      end
+
+      def add_associated_with_scope_to_entity
+        entity_model_path = File.join("app", "models", "#{normalized_entity_name}.rb")
+
+        return unless File.exist?(Rails.root.join(entity_model_path))
+
+        scope_code = <<~RUBY
+          scope :associated_with_#{normalized_user_name}, ->(#{normalized_user_name}) { joins(:#{membership_table_name}).where(#{membership_table_name}: {#{normalized_user_name}_id: #{normalized_user_name}.id}) }
+        RUBY
+        inject_into_file entity_model_path, indent(scope_code, 2), before: /^\s*# add scopes above\./
       end
 
       def find_migration_file
         migration_dir = File.join("db", "migrate")
-        Dir[File.join(migration_dir, "*_create_#{membership_table_name}.rb")].first
+        Dir[Rails.root.join(migration_dir, "*_create_#{membership_table_name}.rb")].first
       end
 
       def membership_model_name

data/lib/generators/pu/saas/setup_generator.rb

@@ -39,10 +39,17 @@ module Pu
       class_option :membership_attributes, type: :array, default: [],
         desc: "Additional attributes for the membership model"
 
+      class_option :api_client, type: :string, default: nil,
+        desc: "Generate an API client model (e.g., ApiClient)"
+
+      class_option :api_client_roles, type: :array, default: %w[read_only write admin],
+        desc: "Available roles for API client memberships"
+
       def start
         generate_user
         generate_entity unless options[:skip_entity]
         generate_membership unless options[:skip_membership]
+        generate_api_client if options[:api_client].present?
       rescue => e
         exception "#{self.class} failed:", e
       end
@@ -93,6 +100,22 @@ module Pu
           }
         ).invoke_all
       end
+
+      def generate_api_client
+        # Use class-based invocation to avoid Thor's invoke caching
+        klass = Rails::Generators.find_by_namespace("pu:saas:api_client")
+        api_client_options = {
+          roles: options[:api_client_roles],
+          dest: options[:dest],
+          force: options[:force],
+          skip: options[:skip]
+        }
+
+        # Scope to entity if entity is being generated
+        api_client_options[:entity] = options[:entity] unless options[:skip_entity]
+
+        klass.new([options[:api_client]], api_client_options).invoke_all
+      end
     end
   end
 end

data/lib/plutonium/api_client/concerns/create_api_client.rb

@@ -0,0 +1,256 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module ApiClient
+    module Concerns
+      # CreateApiClient provides the core logic for creating API client accounts.
+      #
+      # Include this in your CreateInteraction and implement the required methods.
+      #
+      # @example Basic usage
+      #   class ApiClient::CreateInteraction < Plutonium::Resource::Interaction
+      #     include Plutonium::ApiClient::Concerns::CreateApiClient
+      #
+      #     input :role, as: :select, choices: OrganizationApiClient.roles.keys
+      #
+      #     def membership_class
+      #       OrganizationApiClient
+      #     end
+      #
+      #     def role
+      #       attributes[:role] || "read_only"
+      #     end
+      #   end
+      #
+      module CreateApiClient
+        extend ActiveSupport::Concern
+        include Plutonium::Interaction::Concerns::Scoping
+
+        included do
+          presents label: "Create API Client", icon: Phlex::TablerIcons::Key
+
+          attribute :login, :string
+
+          validates :login, presence: true
+        end
+
+        def execute
+          password = generate_secure_password
+
+          rodauth_instance.create_account(
+            login: login,
+            password: password
+          )
+
+          # Rodauth internal_request returns nil, so we need to find the account
+          api_client = api_client_class.find_by!(login: login)
+
+          create_membership!(api_client) if entity_scoped_api_client?
+
+          succeed(api_client).with_render_response(
+            credentials_page_class.new(
+              login: api_client.login,
+              password: password,
+              parent: scoped_parent
+            )
+          )
+        rescue ActiveRecord::RecordNotFound => e
+          failed(login: "Failed to create account: #{e.message}")
+        rescue => e
+          failed(login: e.message)
+        end
+
+        private
+
+        # Override to specify the Rodauth configuration name
+        # @return [Symbol]
+        def rodauth_name
+          raise NotImplementedError, "#{self.class}#rodauth_name must return the Rodauth configuration name (e.g., :api_client)"
+        end
+
+        # Override to specify the API client model class
+        # @return [Class]
+        def api_client_class
+          raise NotImplementedError, "#{self.class}#api_client_class must return the API client model class"
+        end
+
+        # Override to specify the entity model class for scoping
+        # @return [Class, nil]
+        def entity_class
+          nil
+        end
+
+        # Override to specify the membership model class
+        # @return [Class, nil]
+        def membership_class
+          nil
+        end
+
+        # Override to specify the role to assign
+        # @return [String, Symbol, nil]
+        def role
+          nil
+        end
+
+        # Override to add additional attributes when creating the membership
+        # @return [Hash]
+        def additional_membership_attributes
+          {}
+        end
+
+        # Override to customize the credentials page class
+        # @return [Class]
+        def credentials_page_class
+          CredentialsPage
+        end
+
+        # Override to customize password generation
+        # @return [String]
+        def generate_secure_password
+          SecureRandom.base64(32)
+        end
+
+        def rodauth_instance
+          RodauthApp.rodauth(rodauth_name)
+        end
+
+        def entity_scoped_api_client?
+          entity_class.present? && membership_class.present? && scoped_entity_id.present?
+        end
+
+        def scoped_entity
+          return unless entity_class
+
+          scoped_record_of_type(entity_class)
+        end
+
+        def scoped_entity_id
+          scoped_entity&.id
+        end
+
+        def create_membership!(api_client)
+          attrs = {
+            entity_foreign_key => scoped_entity_id,
+            api_client_foreign_key => api_client.id,
+            **additional_membership_attributes
+          }
+          attrs[:role] = role if role.present?
+
+          membership_class.create!(attrs)
+        end
+
+        def entity_foreign_key
+          :"#{entity_class.model_name.singular}_id"
+        end
+
+        def api_client_foreign_key
+          :"#{api_client_class.model_name.singular}_id"
+        end
+
+        # Default credentials page - can be overridden
+        class CredentialsPage < Plutonium::UI::Page::Base
+          def initialize(login:, password:, parent: nil)
+            @login = login
+            @password = password
+            @parent = parent
+          end
+
+          def view_template
+            div(class: "max-w-2xl mx-auto py-8") do
+              render_success_banner
+              render_credentials_card
+              render_action_buttons
+            end
+          end
+
+          private
+
+          def render_success_banner
+            div(class: "bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded-lg p-6 mb-6") do
+              div(class: "flex items-center gap-3 mb-4") do
+                render_check_icon
+                h2(class: "text-xl font-semibold text-green-800 dark:text-green-200") { success_title }
+              end
+
+              p(class: "text-green-700 dark:text-green-300") do
+                strong { "Important: " }
+                plain "Save these credentials now. The password cannot be retrieved later."
+              end
+            end
+          end
+
+          def render_credentials_card
+            div(class: "bg-white dark:bg-gray-800 border border-gray-200 dark:border-gray-700 rounded-lg p-6 space-y-4") do
+              render_credential_field("Login", @login)
+              render_credential_field("Password", @password)
+            end
+          end
+
+          def render_credential_field(label, value)
+            div(class: "space-y-1", data: {controller: "clipboard"}) do
+              label(class: "block text-sm font-medium text-gray-700 dark:text-gray-300") { label }
+              div(class: "flex items-center gap-2") do
+                input(
+                  type: "text",
+                  value: value,
+                  readonly: true,
+                  data: {clipboard_target: "source"},
+                  class: "flex-1 px-3 py-2 bg-gray-50 dark:bg-gray-900 border border-gray-300 dark:border-gray-600 rounded-md font-mono text-sm select-all focus:ring-2 focus:ring-primary-500"
+                )
+                button(
+                  type: "button",
+                  data: {action: "clipboard#copy"},
+                  class: "px-3 py-2 text-sm bg-gray-100 dark:bg-gray-700 hover:bg-gray-200 dark:hover:bg-gray-600 rounded-md transition-colors"
+                ) { "Copy" }
+              end
+            end
+          end
+
+          def render_action_buttons
+            credentials_text = "Login: #{@login}\nPassword: #{@password}"
+
+            div(class: "mt-6 flex gap-4", data: {controller: "clipboard"}) do
+              input(type: "hidden", value: credentials_text, data: {clipboard_target: "source"})
+              button(
+                type: "button",
+                data: {action: "clipboard#copy"},
+                class: "px-4 py-2 bg-gray-600 hover:bg-gray-700 text-white rounded-md transition-colors"
+              ) { "Copy All" }
+
+              a(
+                href: done_url,
+                class: "px-4 py-2 bg-primary-600 hover:bg-primary-700 text-white rounded-md transition-colors"
+              ) { "Done" }
+            end
+          end
+
+          def render_check_icon
+            svg(
+              class: "w-8 h-8 text-green-600 dark:text-green-400",
+              fill: "none",
+              stroke: "currentColor",
+              viewBox: "0 0 24 24"
+            ) do |s|
+              s.path(
+                stroke_linecap: "round",
+                stroke_linejoin: "round",
+                stroke_width: "2",
+                d: "M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"
+              )
+            end
+          end
+
+          # Override in subclass to customize
+          def success_title
+            "API Client Created Successfully"
+          end
+
+          # Override in subclass to customize the done URL
+          def done_url
+            helpers.url_for(action: :index)
+          end
+        end
+      end
+    end
+  end
+end