two_percent 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74667df371bad7a8aae259ac6337d7bc1fa5625fd26811ec376f15bc2fa0434b
-  data.tar.gz: 0e75d901f0d746f04d1b154663e086c2e68659bd6076c73dc770f2e22d024c92
+  metadata.gz: add03c75e1bf340f38e607daf123b473aec2f2b87b5785dd5a0c0c4b5c29ff6f
+  data.tar.gz: f3dda93ee923b646d652be8882db284fa2df08187fe5516c9f57ff2e5a85ebbf
 SHA512:
-  metadata.gz: 7373a151278578cc9bb7f709cf546412f1896b8f27f21f133f5c8660e9e32fb4b218b2426ad8c885265a933f96e4b4f669305330ea261ec3d451accb5adc0c4e
-  data.tar.gz: d45edaefccd729706e618aedcbd9e1f95053541fafbe9f290d357a139eb270abbc44d5366eaa472ed7858c2c1b2c469759124a609da27de52b0e9c99d54715b6
+  metadata.gz: 4bccbd154aee0eb6cde90ab96efd4eb685f33b4f2a04f304b5e7aef64cc9750641820bf99c2e650fd83c462238dd022d4c9afbfc93bbeb57b9c1dd9a9c947122
+  data.tar.gz: 4fe6f68630610ea02f86e48b0265c9e3ddc6b6f0f7636ca0fedd961904760b72842d6410dd759ff17ed776d424f8de7120feeb4a009b94004da5f2a670d0a463

data/app/controllers/two_percent/scim_controller.rb

@@ -3,108 +3,137 @@
 module TwoPercent
   class ScimController < ApplicationController
     def create
-      log_scim_operation("create", "start")
+      record = with_scim_logging("create") do
+        # Persist to two_percent tables first (validates SCIM schema)
+        record = persist_scim_record(scim_params)
 
-      # Persist to two_percent tables first (validates SCIM schema)
-      record = persist_scim_record(scim_params)
+        # Reload with associations for domain event and response
+        record = reload_with_members(record)
 
-      # Reload with associations for domain event and response
-      record = reload_with_members(record)
-
-      # Publish domain event (not SCIM-specific)
-      publish_created_event(record)
+        # Publish domain event (not SCIM-specific)
+        publish_created_event(record)
 
-      log_scim_operation("create", "complete", record.scim_id)
+        record
+      end
 
       # RFC 7644: 201 Created with Location header and resource body
-      response.headers["Location"] = scim_resource_url(record)
-      render json: record.to_scim_representation, status: :created
+      render json: record.to_scim_representation, status: :created, location: scim_resource_url(record)
     end
 
     def update
-      log_scim_operation("update", "start")
-
-      # Find existing record
-      record = find_scim_record(params[:id])
+      record = with_scim_logging("update") do
+        # Find existing record
+        record = find_scim_record(params[:id])
 
-      # Apply SCIM PATCH operations (RFC 7644 compliance)
-      processor = TwoPercent::Scim::PatchProcessor.new(scim_params)
-      current_scim_data = record.scim_data || {}
-      patched_data = processor.apply_to_hash(current_scim_data)
+        # Apply SCIM PATCH operations (RFC 7644 compliance)
+        processor = TwoPercent::Scim::PatchProcessor.new(scim_params)
+        current_scim_data = record.scim_data || {}
+        patched_data = processor.apply_to_hash(current_scim_data)
 
-      # Persist patched data
-      patched_data["id"] = params[:id] # Ensure ID is present
-      updated_record = persist_scim_record(patched_data)
+        # Persist patched data
+        patched_data["id"] = params[:id] # Ensure ID is present
+        updated_record = persist_scim_record(patched_data)
 
-      # Reload with associations for domain event and response
-      updated_record = reload_with_members(updated_record)
+        # Reload with associations for domain event and response
+        updated_record = reload_with_members(updated_record)
 
-      # Publish domain event with final state
-      publish_updated_event(updated_record)
+        # Publish domain event with final state
+        publish_updated_event(updated_record)
 
-      log_scim_operation("update", "complete", record.scim_id)
+        updated_record
+      end
 
       # RFC 7644: 200 OK with updated resource body
-      render json: updated_record.to_scim_representation, status: :ok
+      render json: record.to_scim_representation, status: :ok
     end
 
     def replace
-      log_scim_operation("replace", "start")
-
       # Upsert record (create or replace)
-      was_new =
-        if user_resource?
-          !TwoPercent::ScimUser.exists_by_scim_id?(params[:id])
-        else
-          !TwoPercent::ScimGroup.exists_by_scim_id?(params[:id])
-        end
+      was_new = !model_class.exists_by_scim_id?(params[:id])
 
-      record = upsert_scim_record(params[:id], scim_params)
+      record = with_scim_logging("replace") do
+        record = upsert_scim_record(params[:id], scim_params)
 
-      # Reload with associations for domain event and response
-      record = reload_with_members(record)
+        # Reload with associations for domain event and response
+        record = reload_with_members(record)
 
-      # Publish appropriate domain event
-      if was_new
-        publish_created_event(record)
-      else
-        publish_updated_event(record)
-      end
+        # Publish appropriate domain event
+        if was_new
+          publish_created_event(record)
+        else
+          publish_updated_event(record)
+        end
 
-      log_scim_operation("replace", "complete", record.scim_id)
+        record
+      end
 
       # RFC 7644: 201 Created (if new) or 200 OK (if replaced)
       if was_new
-        response.headers["Location"] = scim_resource_url(record)
-        render json: record.to_scim_representation, status: :created
+        render json: record.to_scim_representation, status: :created, location: scim_resource_url(record)
       else
         render json: record.to_scim_representation, status: :ok
       end
     end
 
     def destroy
-      log_scim_operation("delete", "start")
-
-      # Find and destroy record
-      record = find_scim_record(params[:id])
-      scim_id = record.scim_id
+      scim_id = with_scim_logging("delete") do
+        # Find and destroy record
+        record = find_scim_record(params[:id])
+        scim_id = record.scim_id
 
-      # Destroy record
-      if user_resource?
-        TwoPercent::ScimUser.destroy_by_scim_id(scim_id)
-      else
-        TwoPercent::ScimGroup.destroy_by_scim_id(scim_id)
-      end
+        # Destroy record
+        model_class.destroy_by_scim_id(scim_id)
 
-      # Publish domain delete event
-      publish_deleted_event(scim_id)
+        # Publish domain delete event
+        publish_deleted_event(scim_id)
 
-      log_scim_operation("delete", "complete", scim_id)
+        scim_id
+      end
 
       # RFC 7644: 204 No Content
       head :no_content
     end
 
+    def show
+      validate_resource_type!
+
+      record = with_scim_logging("get") do
+        # Find record (raises RecordNotFound if not exists)
+        record = find_scim_record(params[:id])
+
+        # Reload with associations for complete SCIM representation
+        reload_with_members(record)
+      end
+
+      # RFC 7644: 200 OK with resource body (no domain events for read operations)
+      render json: record.to_scim_representation, status: :ok
+    end
+
+    def index
+      validate_resource_type!
+      log_scim_operation("list", "start")
+
+      # Build base query scope
+      scope = build_query_scope
+
+      # Get total count before pagination
+      total_count = scope.count
+
+      # Apply pagination
+      paginated_scope = apply_pagination(scope)
+
+      # Load records with associations
+      records = load_records_with_associations(paginated_scope)
+
+      # Build RFC 7644 ListResponse
+      list_response = build_list_response(records, total_count)
+
+      log_scim_operation("list", "complete")
+
+      # RFC 7644: 200 OK with ListResponse (no domain events for read operations)
+      render json: list_response, status: :ok
+    end
+
   private
 
     def scim_params
@@ -116,7 +145,13 @@ module TwoPercent
     end
 
     def group_resource?
-      %w[Groups Departments Territories Roles Titles].include?(params[:resource_type])
+      TwoPercent.config.group_resource_types.include?(params[:resource_type])
+    end
+
+    def validate_resource_type!
+      return if user_resource? || group_resource?
+
+      raise ArgumentError, "Unknown resource type: #{params[:resource_type]}"
     end
 
     def persist_scim_record(scim_hash)
@@ -130,15 +165,7 @@ module TwoPercent
     end
 
     def find_scim_record(scim_id)
-      record =
-        if user_resource?
-          TwoPercent::ScimUser.find_by_scim_id(scim_id)
-        elsif group_resource?
-          TwoPercent::ScimGroup.find_by_scim_id(scim_id)
-        else
-          raise ArgumentError, "Unknown resource type: #{params[:resource_type]}"
-        end
-
+      record = model_class.find_by_scim_id(scim_id)
       raise ActiveRecord::RecordNotFound, "Resource \"#{scim_id}\" not found" unless record
 
       record
@@ -150,6 +177,14 @@ module TwoPercent
       persist_scim_record(scim_hash_with_id)
     end
 
+    def with_scim_logging(operation)
+      log_scim_operation(operation, "start", params[:id])
+      record = yield
+      scim_id = record.respond_to?(:scim_id) ? record.scim_id : record
+      log_scim_operation(operation, "complete", scim_id || params[:id])
+      record
+    end
+
     def log_scim_operation(operation, stage, scim_id = nil)
       log_data = {
         correlation_id: @correlation_id,
@@ -217,11 +252,65 @@ module TwoPercent
 
     # Reload record with associations (users load groups, groups load members)
     def reload_with_members(record)
-      if user_resource?
-        TwoPercent::ScimUser.includes(:scim_groups).find(record.id)
-      else
-        TwoPercent::ScimGroup.includes(:scim_users).find(record.id)
-      end
+      model_class.includes(association_name).find(record.id)
+    end
+
+    # Build base query scope with optional filtering
+    def build_query_scope
+      base_scope = user_resource? ? model_class.all : model_class.where(resource_type: params[:resource_type])
+
+      # Apply query filtering if present
+      scope = if params[:query].present?
+                # Sanitize LIKE wildcards (%, _, \) before interpolating into pattern
+                sanitized_query = ActiveRecord::Base.sanitize_sql_like(params[:query])
+                base_scope.where("LOWER(display_name) LIKE LOWER(?) ESCAPE '\\'", "%#{sanitized_query}%")
+              else
+                base_scope
+              end
+
+      # Order by id for deterministic pagination results
+      # Without ORDER BY, paginated results are non-deterministic and can return duplicates/skip records
+      scope.order(:id)
+    end
+
+    # Apply SCIM pagination (RFC 7644 uses 1-based indexing)
+    def apply_pagination(scope)
+      start_index = (params[:startIndex] || 1).to_i
+      count = (params[:count] || 100).to_i
+
+      # Enforce maximum count limit
+      count = [count, 1000].min
+
+      # Convert SCIM 1-based startIndex to 0-based offset
+      offset = [start_index - 1, 0].max
+
+      scope.offset(offset).limit(count)
+    end
+
+    # Load records with associations
+    def load_records_with_associations(scope)
+      scope.includes(association_name).to_a
+    end
+
+    # Build RFC 7644 ListResponse format
+    def build_list_response(records, total_count)
+      start_index = (params[:startIndex] || 1).to_i
+
+      {
+        schemas: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        totalResults: total_count,
+        startIndex: start_index,
+        itemsPerPage: records.size,
+        Resources: records.map(&:to_scim_representation),
+      }
+    end
+
+    def model_class
+      user_resource? ? TwoPercent::ScimUser : TwoPercent::ScimGroup
+    end
+
+    def association_name
+      user_resource? ? :scim_groups : :scim_users
     end
   end
 end

data/app/models/two_percent/scim_group.rb

@@ -30,7 +30,7 @@ module TwoPercent
     # @return [TwoPercent::ScimGroup] The persisted group record
     # @raise [TwoPercent::Scim::ValidationError] If SCIM data fails schema validation
     def self.upsert_from_scim(resource_type, scim_hash, correlation_id: nil)
-      # Generate ID if not present (for POST/create operations)
+      # Generate SCIM id (stored as scim_id) if not provided (typical for POST operations)
       scim_hash = scim_hash.dup
       scim_hash["id"] ||= SecureRandom.uuid
 

data/app/models/two_percent/scim_user.rb

@@ -26,7 +26,7 @@ module TwoPercent
     # @return [TwoPercent::ScimUser] The persisted user record
     # @raise [TwoPercent::Scim::ValidationError] If SCIM data fails schema validation
     def self.upsert_from_scim(scim_hash, correlation_id: nil)
-      # Generate ID if not present (for POST/create operations)
+      # Generate SCIM id (stored as scim_id) if not provided (typical for POST operations)
       scim_hash = scim_hash.dup
       scim_hash["id"] ||= SecureRandom.uuid
 

data/config/routes.rb

@@ -2,6 +2,11 @@
 
 TwoPercent::Engine.routes.draw do
   post "/Bulk" => "bulk#_dispatch"
+
+  # GET routes must come before POST to ensure proper precedence
+  get "/:resource_type/:id" => "scim#show"
+  get "/:resource_type" => "scim#index"
+
   post "/:resource_type" => "scim#create"
   patch "/:resource_type/:id" => "scim#update"
   put "/:resource_type/:id" => "scim#replace"

data/lib/two_percent/configuration.rb

@@ -53,6 +53,26 @@ module TwoPercent
   #
   config_accessor :logger
 
+  #
+  # Group resource types that TwoPercent will accept and process.
+  # Defaults to ["Groups"] which is the standard SCIM 2.0 group resource type.
+  #
+  # To support additional company-specific group types (like Departments, Territories),
+  # add them to this array in your initializer:
+  #
+  #   TwoPercent.configure do |config|
+  #     config.group_resource_types = %w[Groups Departments Territories]
+  #   end
+  #
+  # All configured types will:
+  # - Accept POST/PUT/PATCH/DELETE/GET operations at /scim/:resource_type
+  # - Store data in the same scim_groups table with resource_type column
+  # - Publish domain events with the resource_type included
+  #
+  config_accessor :group_resource_types do
+    %w[Groups]
+  end
+
   #
   # HTTP header name for correlation ID tracking
   # Defaults to "X-Correlation-Id" (common microservices pattern)

data/lib/two_percent/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TwoPercent
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: two_percent
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Carlos Palhares