parent
479d88a480
commit
48373628a1
8 changed files with 177 additions and 38 deletions
|
@ -1,6 +1,6 @@
|
||||||
class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
|
class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
|
||||||
before_action :check_authorization
|
|
||||||
before_action :fetch_macro, only: [:show, :update, :destroy, :execute]
|
before_action :fetch_macro, only: [:show, :update, :destroy, :execute]
|
||||||
|
before_action :check_authorization, only: [:show, :update, :destroy, :execute]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@macros = Macro.with_visibility(current_user, params)
|
@macros = Macro.with_visibility(current_user, params)
|
||||||
|
@ -55,6 +55,8 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
|
||||||
head :ok
|
head :ok
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
def process_attachments
|
def process_attachments
|
||||||
actions = @macro.actions.filter_map { |k, _v| k if k['action_name'] == 'send_attachment' }
|
actions = @macro.actions.filter_map { |k, _v| k if k['action_name'] == 'send_attachment' }
|
||||||
return if actions.blank?
|
return if actions.blank?
|
||||||
|
@ -80,4 +82,8 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
|
||||||
def fetch_macro
|
def fetch_macro
|
||||||
@macro = Current.account.macros.find_by(id: params[:id])
|
@macro = Current.account.macros.find_by(id: params[:id])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def check_authorization
|
||||||
|
authorize(@macro) if @macro.present?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -9,23 +9,21 @@
|
||||||
# created_at :datetime not null
|
# created_at :datetime not null
|
||||||
# updated_at :datetime not null
|
# updated_at :datetime not null
|
||||||
# account_id :bigint not null
|
# account_id :bigint not null
|
||||||
# created_by_id :bigint not null
|
# created_by_id :bigint
|
||||||
# updated_by_id :bigint not null
|
# updated_by_id :bigint
|
||||||
#
|
#
|
||||||
# Indexes
|
# Indexes
|
||||||
#
|
#
|
||||||
# index_macros_on_account_id (account_id)
|
# index_macros_on_account_id (account_id)
|
||||||
# index_macros_on_created_by_id (created_by_id)
|
|
||||||
# index_macros_on_updated_by_id (updated_by_id)
|
|
||||||
#
|
#
|
||||||
class Macro < ApplicationRecord
|
class Macro < ApplicationRecord
|
||||||
include Rails.application.routes.url_helpers
|
include Rails.application.routes.url_helpers
|
||||||
|
|
||||||
belongs_to :account
|
belongs_to :account
|
||||||
belongs_to :created_by,
|
belongs_to :created_by,
|
||||||
class_name: :User
|
class_name: :User, optional: true
|
||||||
belongs_to :updated_by,
|
belongs_to :updated_by,
|
||||||
class_name: :User
|
class_name: :User, optional: true
|
||||||
has_many_attached :files
|
has_many_attached :files
|
||||||
|
|
||||||
enum visibility: { personal: 0, global: 1 }
|
enum visibility: { personal: 0, global: 1 }
|
||||||
|
@ -41,10 +39,9 @@ class Macro < ApplicationRecord
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.with_visibility(user, params)
|
def self.with_visibility(user, params)
|
||||||
records = user.administrator? ? Current.account.macros : Current.account.macros.global
|
records = Current.account.macros.global
|
||||||
records = records.or(personal.where(created_by_id: user.id)) if user.agent?
|
records = records.or(personal.where(created_by_id: user.id))
|
||||||
records.page(current_page(params))
|
records.order(:id).page(current_page(params))
|
||||||
records
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.current_page(params)
|
def self.current_page(params)
|
||||||
|
|
|
@ -92,17 +92,13 @@ class User < ApplicationRecord
|
||||||
has_many :team_members, dependent: :destroy_async
|
has_many :team_members, dependent: :destroy_async
|
||||||
has_many :teams, through: :team_members
|
has_many :teams, through: :team_members
|
||||||
has_many :articles, foreign_key: 'author_id', dependent: :nullify
|
has_many :articles, foreign_key: 'author_id', dependent: :nullify
|
||||||
has_many :portal_members,
|
has_many :portal_members, class_name: :PortalMember, dependent: :destroy_async
|
||||||
class_name: :PortalMember,
|
has_many :portals, through: :portal_members, source: :portal,
|
||||||
dependent: :destroy_async
|
|
||||||
has_many :portals,
|
|
||||||
through: :portal_members,
|
|
||||||
class_name: :Portal,
|
class_name: :Portal,
|
||||||
dependent: :nullify,
|
dependent: :nullify
|
||||||
source: :portal
|
has_many :macros, foreign_key: 'created_by_id'
|
||||||
has_many :macros, foreign_key: 'created_by_id', dependent: :destroy_async
|
|
||||||
|
|
||||||
before_validation :set_password_and_uid, on: :create
|
before_validation :set_password_and_uid, on: :create
|
||||||
|
after_destroy :remove_macros
|
||||||
|
|
||||||
scope :order_by_full_name, -> { order('lower(name) ASC') }
|
scope :order_by_full_name, -> { order('lower(name) ASC') }
|
||||||
|
|
||||||
|
@ -205,4 +201,10 @@ class User < ApplicationRecord
|
||||||
count: notifications.where(account_id: account_id).count
|
count: notifications.where(account_id: account_id).count
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def remove_macros
|
||||||
|
macros.personal.destroy_all
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,22 +8,34 @@ class MacroPolicy < ApplicationPolicy
|
||||||
end
|
end
|
||||||
|
|
||||||
def show?
|
def show?
|
||||||
true
|
@record.global? || author?
|
||||||
end
|
end
|
||||||
|
|
||||||
def update?
|
def update?
|
||||||
true
|
author? || (@account_user.administrator? && @record.global?)
|
||||||
end
|
end
|
||||||
|
|
||||||
def destroy?
|
def destroy?
|
||||||
true
|
author? || orphan_record?
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute?
|
def execute?
|
||||||
true
|
@record.global? || author?
|
||||||
end
|
end
|
||||||
|
|
||||||
def attach_file?
|
def attach_file?
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def author?
|
||||||
|
@record.created_by == @account_user.user
|
||||||
|
end
|
||||||
|
|
||||||
|
def orphan_record?
|
||||||
|
return @account_user.administrator? if @record.created_by.nil? && @record.global?
|
||||||
|
|
||||||
|
false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
class ChangeMacrosCreatedByToNull < ActiveRecord::Migration[6.1]
|
||||||
|
def change
|
||||||
|
change_column_null :macros, :created_by_id, true
|
||||||
|
change_column_null :macros, :updated_by_id, true
|
||||||
|
|
||||||
|
remove_index :macros, :created_by_id, if_exists: true
|
||||||
|
remove_index :macros, :updated_by_id, if_exists: true
|
||||||
|
end
|
||||||
|
end
|
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 2022_10_17_201914) do
|
ActiveRecord::Schema.define(version: 2022_11_02_082737) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "pg_stat_statements"
|
enable_extension "pg_stat_statements"
|
||||||
|
@ -577,14 +577,12 @@ ActiveRecord::Schema.define(version: 2022_10_17_201914) do
|
||||||
t.bigint "account_id", null: false
|
t.bigint "account_id", null: false
|
||||||
t.string "name", null: false
|
t.string "name", null: false
|
||||||
t.integer "visibility", default: 0
|
t.integer "visibility", default: 0
|
||||||
t.bigint "created_by_id", null: false
|
t.bigint "created_by_id"
|
||||||
t.bigint "updated_by_id", null: false
|
t.bigint "updated_by_id"
|
||||||
t.jsonb "actions", default: {}, null: false
|
t.jsonb "actions", default: {}, null: false
|
||||||
t.datetime "created_at", precision: 6, null: false
|
t.datetime "created_at", precision: 6, null: false
|
||||||
t.datetime "updated_at", precision: 6, null: false
|
t.datetime "updated_at", precision: 6, null: false
|
||||||
t.index ["account_id"], name: "index_macros_on_account_id"
|
t.index ["account_id"], name: "index_macros_on_account_id"
|
||||||
t.index ["created_by_id"], name: "index_macros_on_created_by_id"
|
|
||||||
t.index ["updated_by_id"], name: "index_macros_on_updated_by_id"
|
|
||||||
end
|
end
|
||||||
|
|
||||||
create_table "mentions", force: :cascade do |t|
|
create_table "mentions", force: :cascade do |t|
|
||||||
|
|
|
@ -23,14 +23,15 @@ RSpec.describe 'Api::V1::Accounts::MacrosController', type: :request do
|
||||||
get "/api/v1/accounts/#{account.id}/macros",
|
get "/api/v1/accounts/#{account.id}/macros",
|
||||||
headers: administrator.create_new_auth_token
|
headers: administrator.create_new_auth_token
|
||||||
|
|
||||||
visible_macros = account.macros
|
visible_macros = account.macros.global.or(account.macros.personal.where(created_by_id: administrator.id)).order(:id)
|
||||||
|
|
||||||
expect(response).to have_http_status(:success)
|
expect(response).to have_http_status(:success)
|
||||||
body = JSON.parse(response.body)
|
body = JSON.parse(response.body)
|
||||||
|
|
||||||
expect(body['payload'].length).to eq(visible_macros.count)
|
expect(body['payload'].length).to eq(visible_macros.count)
|
||||||
expect(body['payload'].first['id']).to eq(Macro.first.id)
|
|
||||||
expect(body['payload'].last['id']).to eq(Macro.last.id)
|
expect(body['payload'].first['id']).to eq(visible_macros.first.id)
|
||||||
|
expect(body['payload'].last['id']).to eq(visible_macros.last.id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -42,7 +43,7 @@ RSpec.describe 'Api::V1::Accounts::MacrosController', type: :request do
|
||||||
expect(response).to have_http_status(:success)
|
expect(response).to have_http_status(:success)
|
||||||
|
|
||||||
body = JSON.parse(response.body)
|
body = JSON.parse(response.body)
|
||||||
visible_macros = account.macros.global.or(account.macros.personal.where(created_by_id: agent.id))
|
visible_macros = account.macros.global.or(account.macros.personal.where(created_by_id: agent.id)).order(:id)
|
||||||
|
|
||||||
expect(body['payload'].length).to eq(visible_macros.count)
|
expect(body['payload'].length).to eq(visible_macros.count)
|
||||||
expect(body['payload'].first['id']).to eq(visible_macros.first.id)
|
expect(body['payload'].first['id']).to eq(visible_macros.first.id)
|
||||||
|
@ -181,6 +182,19 @@ RSpec.describe 'Api::V1::Accounts::MacrosController', type: :request do
|
||||||
json_response = JSON.parse(response.body)
|
json_response = JSON.parse(response.body)
|
||||||
expect(json_response['name']).to eql(params['name'])
|
expect(json_response['name']).to eql(params['name'])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'Unauthorize to update the macro' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent)
|
||||||
|
|
||||||
|
put "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
params: params,
|
||||||
|
headers: agent_1.create_new_auth_token
|
||||||
|
|
||||||
|
json_response = JSON.parse(response.body)
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:unauthorized)
|
||||||
|
expect(json_response['error']).to eq('You are not authorized to do this action')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -214,6 +228,27 @@ RSpec.describe 'Api::V1::Accounts::MacrosController', type: :request do
|
||||||
|
|
||||||
expect(response).to have_http_status(:not_found)
|
expect(response).to have_http_status(:not_found)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'Unauthorize to fetch other agents private macro' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :personal)
|
||||||
|
|
||||||
|
get "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: agent_1.create_new_auth_token
|
||||||
|
|
||||||
|
json_response = JSON.parse(response.body)
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:unauthorized)
|
||||||
|
expect(json_response['error']).to eq('You are not authorized to do this action')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'authorize to fetch other agents public macro' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :global)
|
||||||
|
|
||||||
|
get "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: agent_1.create_new_auth_token
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:success)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -314,4 +349,62 @@ RSpec.describe 'Api::V1::Accounts::MacrosController', type: :request do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'DELETE /api/v1/accounts/{account.id}/macros/{macro.id}' do
|
||||||
|
let!(:macro) { create(:macro, account: account, created_by: administrator, updated_by: administrator) }
|
||||||
|
|
||||||
|
context 'when it is an authenticated user' do
|
||||||
|
it 'Deletes the macro' do
|
||||||
|
delete "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: administrator.create_new_auth_token
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:success)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'deletes the orphan public record with admin credentials' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :global)
|
||||||
|
|
||||||
|
expect(macro.created_by).to eq(agent)
|
||||||
|
|
||||||
|
agent.destroy!
|
||||||
|
|
||||||
|
expect(macro.reload.created_by).to be_nil
|
||||||
|
|
||||||
|
delete "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: administrator.create_new_auth_token
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:success)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'can not delete orphan public record with agent credentials' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :global)
|
||||||
|
|
||||||
|
expect(macro.created_by).to eq(agent)
|
||||||
|
|
||||||
|
agent.destroy!
|
||||||
|
|
||||||
|
expect(macro.reload.created_by).to be_nil
|
||||||
|
|
||||||
|
delete "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: agent_1.create_new_auth_token
|
||||||
|
|
||||||
|
json_response = JSON.parse(response.body)
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:unauthorized)
|
||||||
|
expect(json_response['error']).to eq('You are not authorized to do this action')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'Unauthorize to delete the macro' do
|
||||||
|
macro = create(:macro, account: account, created_by: agent, updated_by: agent)
|
||||||
|
|
||||||
|
delete "/api/v1/accounts/#{account.id}/macros/#{macro.id}",
|
||||||
|
headers: agent_1.create_new_auth_token
|
||||||
|
|
||||||
|
json_response = JSON.parse(response.body)
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:unauthorized)
|
||||||
|
expect(json_response['error']).to eq('You are not authorized to do this action')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,8 +6,6 @@ RSpec.describe Macro, type: :model do
|
||||||
|
|
||||||
describe 'associations' do
|
describe 'associations' do
|
||||||
it { is_expected.to belong_to(:account) }
|
it { is_expected.to belong_to(:account) }
|
||||||
it { is_expected.to belong_to(:created_by) }
|
|
||||||
it { is_expected.to belong_to(:updated_by) }
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'validations' do
|
describe 'validations' do
|
||||||
|
@ -71,7 +69,9 @@ RSpec.describe Macro, type: :model do
|
||||||
Current.user = admin
|
Current.user = admin
|
||||||
Current.account = account
|
Current.account = account
|
||||||
|
|
||||||
expect(described_class.with_visibility(admin, {}).count).to eq(account.macros.count)
|
macros = account.macros.global.or(account.macros.personal.where(created_by_id: admin.id))
|
||||||
|
|
||||||
|
expect(described_class.with_visibility(admin, {}).count).to eq(macros.count)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -90,4 +90,26 @@ RSpec.describe Macro, type: :model do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#associations' do
|
||||||
|
let(:agent) { create(:user, account: account, role: :agent) }
|
||||||
|
let!(:global_macro) { FactoryBot.create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :global, actions: []) }
|
||||||
|
let!(:personal_macro) { FactoryBot.create(:macro, account: account, created_by: agent, updated_by: agent, visibility: :personal, actions: []) }
|
||||||
|
|
||||||
|
context 'when you delete the author' do
|
||||||
|
it 'nullify the created_by column' do
|
||||||
|
expect(global_macro.created_by).to eq(agent)
|
||||||
|
expect(global_macro.updated_by).to eq(agent)
|
||||||
|
expect(personal_macro.created_by).to eq(agent)
|
||||||
|
expect(personal_macro.updated_by).to eq(agent)
|
||||||
|
|
||||||
|
personal_macro_id = personal_macro.id
|
||||||
|
agent.destroy!
|
||||||
|
|
||||||
|
expect(global_macro.reload.created_by).to be_nil
|
||||||
|
expect(global_macro.reload.updated_by).to be_nil
|
||||||
|
expect(described_class.find_by(id: personal_macro_id)).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue