rhino_project_core 0.20.0.alpha.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0f2e6d0cf9a761ebe9b75b3cacf2b6345a2b91df4d9d3f456a9108492aac0988
+  data.tar.gz: 45365e2f7d1efe25bbfc153a497804758a43bc160c2d13a22918af94390d0790
+SHA512:
+  metadata.gz: bdb873a1c1e4717d74dc52dda547b573a921e730023fa6ea307a2df0b776fd579832aba12da869d1c33e2edc2d2a39f7a5bc33a501e177ccb7cf0db71c7d6908
+  data.tar.gz: 7375ef91e536a7a77b1a39e85ee5c501b035b6bd4127ad824064424ef78ae64b6114600dd88c6eade02ce7350fa1a3ffe5787a80ac07db4e625cf823c90c5444

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020-present Codalio Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# Rhino
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rhino'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install rhino
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,35 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+task :package
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Rhino'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList["test/**/*_test.rb"].exclude("test/system/**/*", "test/dummy/**/*")
+  t.verbose = true
+  t.warning = false
+end
+
+task default: :test

data/app/controllers/concerns/rhino/authenticated.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Rhino
+  module Authenticated
+    extend ActiveSupport::Concern
+
+    included do
+      prepend_before_action :authenticate_user!
+    end
+
+    # Overrides the default devise_token_auth handler
+    def render_authenticate_error
+      cookies.delete(DeviseTokenAuth.cookie_name, domain: DeviseTokenAuth.cookie_attributes[:domain])
+
+      super
+    end
+  end
+end

data/app/controllers/concerns/rhino/error_handling.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "active_record/associations"
+
+module Rhino
+  module ErrorHandling
+    extend ActiveSupport::Concern
+
+    included do # rubocop:disable Metrics/BlockLength
+      rescue_from Exception, with: :handle_uncaught_error
+
+      # ActiveRecord::DeleteRestrictionError is for dependent: :restrict_with_exception
+      rescue_from ActionController::ParameterMissing, ActiveRecord::DeleteRestrictionError do |e|
+        render json: { errors: [e.message] }, status: :bad_request
+      end
+
+      rescue_from Pundit::NotAuthorizedError, with: :forbidden
+
+      # ActiveRecord::RecordNotDestroyed is for dependent: :restrict_with_error
+      rescue_from ActiveRecord::RecordInvalid, ActiveRecord::RecordNotDestroyed do |e|
+        unprocessable e.record.errors
+      end
+
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+
+      def handle_uncaught_error(exception)
+        # Send to rollbar if available
+        Rollbar.error(exception) if defined? Rollbar
+
+        logger.error("Internal server error#{exception.class} #{exception.message} #{exception.backtrace.join("\n")}")
+
+        render json: { errors: ['Internal server error.'] },
+               status: :internal_server_error
+      end
+
+      def not_found
+        render json: { errors: ['Not found.'] }, status: :not_found
+      end
+
+      def bad_request(errors = nil)
+        render json: { errors: (errors || ['Bad request.']) },
+               status: :bad_request
+      end
+
+      def forbidden
+        render json: { errors: ['Access denied.'] }, status: :forbidden
+      end
+
+      def unprocessable(errors = nil)
+        render json: {
+          errors: (errors&.to_hash(full_messages: true) || ['Unprocessable request.'])
+        }, status: :unprocessable_entity
+      end
+
+      def cors
+        render json: {}
+      end
+    end
+  end
+end

data/app/controllers/concerns/rhino/paper_trail_whodunnit.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rhino
+  module PaperTrailWhodunnit
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :set_paper_trail_whodunnit if defined? PaperTrail
+    end
+  end
+end

data/app/controllers/concerns/rhino/permit.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Rhino
+  module Permit
+    extend ActiveSupport::Concern
+
+    protected
+      # The params are wrapped with 'crud' if the crud_controller is called directly
+      # instead of via a customization class
+      #
+      # Protected to prevent polluting the action method
+      #
+      # FIXME: Couldn't find a way to call wrap_parameters appropriately
+      # FIXME: Will some sort of namespacing break this?
+      # _wrapper_options is semi-private but we can get at it
+      def pundit_params_for(_record)
+        params.require(_wrapper_options.name)
+      end
+
+    private
+      def permit_and_transform(model = @model)
+        klass.transform_params(permitted_attributes(model))
+      end
+
+      def permit_model(model = @model)
+        model_policy = Pundit.policy(current_user, model)
+
+        model_params = ActionController::Parameters.new(model.to_caching_json)
+        model_params[:can_current_user_edit] = model_policy.update?
+        model_params[:can_current_user_destroy] = model_policy.destroy?
+        model_params.permit(model_policy.permitted_attributes_for_show + %i[can_current_user_edit can_current_user_destroy])
+      end
+
+      def permit_and_render
+        render json: permit_model
+      end
+  end
+end

data/app/controllers/concerns/rhino/set_current_user.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Rhino
+  module SetCurrentUser
+    extend ActiveSupport::Concern
+
+    included do
+      before_action do
+        Current.user = current_user
+      end
+    end
+  end
+end

data/app/controllers/rhino/account_controller.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Rhino
+  class AccountController < BaseController
+    include Rhino::Authenticated
+    include Rhino::Permit
+
+    # Confirm we are calling authorize and scope correctly
+    after_action :verify_authorized
+    after_action :verify_policy_scoped
+
+    def show
+      @model = authorize_resource
+
+      permit_and_render
+    end
+
+    def update
+      @model = authorize_resource
+      @model.update!(permit_and_transform)
+
+      permit_and_render
+    end
+
+    private
+      def find_resource
+        policy_scope(klass).first
+      end
+
+      def authorize_resource
+        authorize find_resource
+      end
+  end
+end

data/app/controllers/rhino/active_model_extension_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Rhino
+  class ActiveModelExtensionController < BaseController
+    include Rhino::Authenticated
+    include Rhino::Permit
+
+    # Confirm we are calling authorize and scope correctly
+    after_action :verify_authorized
+    # after_action :verify_policy_scoped, only: %i[index show]
+
+    def create
+      @model = authorize klass.new(permit_and_transform(klass.new))
+      klass.backing_store_create(@model)
+
+      permit_and_render
+    end
+
+    def index
+      authorize klass
+      @models = klass.backing_store_index
+
+      # FIXME: - policy and sieve scopings
+      # @models = klass.sieves.resolve(policy_scope(klass), params)
+      render json: {
+        results: @models.map { |m| permit_model(m) },
+        total: @models.count
+      }
+    end
+
+    def show
+      @model = authorize(klass.backing_store_show(params[:id]))
+
+      permit_and_render
+    end
+
+    def update
+      @model = authorize klass.new(permit_and_transform(klass.new))
+      # FIXME: Return updated model
+      @model.backing_store_update
+
+      permit_and_render
+    end
+
+    def destroy
+      @model = authorize klass.backing_store_show(params[:id])
+      @model.backing_store_destroy
+
+      permit_and_render
+    end
+  end
+end

data/app/controllers/rhino/base_controller.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Rhino
+  class BaseController < ActionController::API
+    include ActionController::Cookies
+    include DeviseTokenAuth::Concerns::SetUserByToken
+    include Pundit
+
+    include Rhino::ErrorHandling
+    include Rhino::SetCurrentUser
+    include Rhino::PaperTrailWhodunnit
+
+    # https://api.rubyonrails.org/classes/AbstractController/Base.html#method-c-abstract-21
+    # Prevents the utility methods below from showing up as actions in CrudController
+    abstract!
+
+    respond_to :json
+
+    def klass
+      @klass ||= params.delete(:rhino_resource).constantize
+    end
+  end
+end

data/app/controllers/rhino/crud_controller.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Rhino
+  class CrudController < BaseController
+    include Rhino::Authenticated
+    include Rhino::Permit
+
+    # Confirm we are calling authorize and scope correctly
+    after_action :verify_authorized
+    after_action :verify_policy_scoped, only: %i[index show]
+
+    wrap_parameters :crud, format: [:json]
+
+    def create
+      @model = authorize klass.new(permit_and_transform(klass))
+      @model.save!
+
+      permit_and_render
+    end
+
+    def index
+      authorize klass
+
+      @models = klass.sieves.resolve(policy_scope(klass), params)
+      render json: {
+        results: @models.eager_load_refs.map { |m| permit_model(m) },
+        total: @models.unscope(:limit, :offset).reselect(:id).count
+      }
+    end
+
+    def show
+      @model = authorize find_resource(policy_scope(klass).eager_load_refs)
+
+      permit_and_render
+    end
+
+    def update
+      @model = authorize find_resource
+      @model.update!(permit_and_transform)
+
+      permit_and_render
+    end
+
+    def destroy
+      @model = authorize find_resource
+      @model.destroy!
+
+      permit_and_render
+    end
+
+    private
+      def find_resource(scope = klass.all)
+        scope = scope.friendly if scope.respond_to? :friendly
+        scope.find(params[:id])
+      end
+  end
+end

data/app/controllers/rhino/simple_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Rhino
+  class SimpleController < BaseController
+    def action_missing(action)
+      authorize klass, "#{action}?".to_sym
+
+      method = klass.method(action)
+
+      render json: method.parameters.any? ? klass.send(action, params) : klass.send(action)
+    end
+  end
+end

data/app/controllers/rhino/simple_stream_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Rhino
+  class SimpleStreamController < BaseController
+    def action_missing(action)
+      authorize klass, "#{action}?".to_sym
+
+      info = klass.send(action)
+      send_file(info[:file], info.except(:file)) if info.key?(:file)
+    end
+  end
+end

data/app/helpers/rhino/omniauth_helper.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Rhino
+  module OmniauthHelper
+    module_function
+
+    def strategies_metadata
+      params = { resource_class: "User" }
+
+      strategies.each_with_object([]) do |strategy, array|
+        array << {
+          name: strategy,
+          path: "#{::OmniAuth.config.path_prefix}/#{strategy}?#{params.to_param}"
+        }
+      end
+    end
+
+    def strategies
+      strategies = ENV.keys.filter_map do |env|
+        match = /AUTH_(.*)_CLIENT_ID/.match(env)
+        next unless match
+
+        match[1].downcase.to_sym
+      end.uniq
+
+      strategies += [:developer] if Rails.env.development? && !Rake.try(:application)
+
+      strategies
+    end
+
+    def app_info(strategy)
+      case strategy
+      when :developer
+        []
+      when :azure_oauth2
+        azure_info
+      when :auth0
+        auth0_info
+      else
+        env_keys(strategy)
+      end
+    end
+
+    def env_keys(strategy)
+      ups = strategy.to_s.upcase
+      [ENV["AUTH_#{ups}_CLIENT_ID"], ENV["AUTH_#{ups}_SECRET_KEY"]]
+    end
+
+    def azure_info
+      [
+        client_id: ENV["AUTH_AZURE_OAUTH2_CLIENT_ID"],
+        client_secret: ENV["AUTH_AZURE_OAUTH2_SECRET_KEY"],
+        tenant_id: ENV["AUTH_AZURE_OAUTH2_TENANT_ID"]
+      ]
+    end
+
+    def auth0_info
+      [client_id: ENV["AUTH_AUTH0_CLIENT_ID"],
+       client_secret: ENV["AUTH_AUTH0_SECRET_KEY"],
+       domain: ENV["AUTH_AUTH0_DOMAIN"],
+       callback_path: "/api/auth/omniauth/auth0/callback",
+       authorize_params: {
+         scope: "openid profile"
+       }]
+    end
+  end
+end

data/app/helpers/rhino/policy_helper.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Rhino
+  module PolicyHelper
+    module_function
+
+    # Looks for the policy associated with a role and resource
+    #
+    # If a policy for a role and resource is not found, looks for the policy
+    # associated with the role.
+    #
+    # === Examples
+    #
+    #   find_policy(:author, Blog)
+    #
+    def find_policy(role, resource, additional_class = nil)
+      role = role.to_s if role.is_a? Symbol
+      role = role.classify
+
+      resource = resource.class if resource.class != Class
+      resource = resource.to_s.classify
+
+      policy_class = 'Policy'
+      policy_class = "#{policy_class}::#{additional_class}" if additional_class
+
+      # Look for role and resource specific policy
+      policy_constant = "#{role}#{resource}#{policy_class}".safe_constantize
+      return policy_constant if policy_constant.present?
+
+      # Fall back to just the role specific policy
+      policy_constant = "#{role}#{policy_class}".safe_constantize
+      return policy_constant if policy_constant.present?
+
+      # Fall back just to the rhino version
+      "Rhino::#{role}#{policy_class}".safe_constantize
+    end
+
+    def find_policy_scope(role, resource)
+      find_policy(role, resource, 'Scope')
+    end
+  end
+end

data/app/helpers/rhino/segment_helper.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Rhino
+  module SegmentHelper
+    module_function
+
+    def track(type, user)
+      segment_track(type, user)
+    rescue StandardError => e
+      Rollbar.error(e)
+    end
+
+    def track_account(type, organization, users_role = nil)
+      segment_track_account(type, organization, users_role)
+    rescue StandardError => e
+      Rollbar.error(e)
+    end
+
+    def track_invite(users_role_invite)
+      segment_track_invite(users_role_invite)
+    rescue StandardError => e
+      Rollbar.error(e)
+    end
+
+    def segment_track(type, user)
+      Analytics.track(
+        user_id: user.id,
+        event: type,
+        properties: {
+          name: user.name,
+          email: user.email,
+          current_sign_in_ip: user.current_sign_in_ip,
+          last_sign_in_ip: user.last_sign_in_ip,
+          approved: user.approved
+        }
+      )
+    end
+
+    def segment_track_account(type, organization, users_role)
+      properties = {}
+      properties[:account_name] = organization.name
+      properties[:user_email] = users_role.user&.email unless users_role.nil?
+      properties[:role] = users_role.role&.name unless users_role.nil?
+      Analytics.track(
+        user_id: users_role.nil? ? organization.id : users_role.user&.id,
+        event: type,
+        properties:
+      )
+    end
+
+    def segment_track_invite(users_role_invite)
+      Analytics.track(
+        event: "Invite Sent",
+        user_id: Rhino::Current.user&.id,
+        properties: {
+          invitee_email: users_role_invite.email,
+          invitee_role: users_role_invite.role&.name
+        }
+      )
+    end
+  end
+end

data/app/models/rhino/account.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Rhino
+  class Account < User
+    self.table_name = "users"
+
+    rhino_owner_global
+
+    rhino_routing only: %i[show update], singular: true
+    rhino_controller :account
+    rhino_policy :account
+  end
+end

data/app/models/rhino/current.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Rhino
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :user
+  end
+end

data/app/models/rhino/user.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Rhino
+  class User < ApplicationRecord
+    self.abstract_class = true
+
+    include DeviseTokenAuth::Concerns::User
+
+    rhino_properties_read only: %i[id name nickname email image]
+    rhino_properties_create only: %i[name nickname email]
+    rhino_properties_update only: %i[name nickname]
+
+    rhino_policy :user
+
+    def self.devise_modules_to_load
+      modules = %i[database_authenticatable registerable recoverable rememberable trackable validatable confirmable omniauthable]
+      modules.push :invitable if Rhino.resources.include?("Organization")
+    end
+    devise(*devise_modules_to_load)
+
+    validates :email, uniqueness: { case_sensitive: false }
+    after_create_commit :track_sign_up
+
+    def display_name
+      name || email
+    end
+
+    def self.roles_for_auth(auth_owner, record = nil)
+      return {} unless auth_owner
+
+      # If user is logged in, but no record, they are still an admin for their data
+      # Otherwise owner must match to be an admin
+      # A list of roles as hash keys with an array of base_owners for each
+      return { admin: [auth_owner] } if !record.respond_to?(:base_owner_ids) || record.base_owner_ids.include?(auth_owner&.id)
+
+      {}
+    end
+
+    private
+      def track_sign_up
+        Rhino::SegmentHelper.track("Signed Up", self)
+      end
+  end
+end