feat(conditional-approval): users want conditional triggers of conditional approval (#612)

Co-authored-by: Nicolas Alexandre <[email protected]>

BREAKING CHANGE:  Introduction of a new permission module call Ability. The previous permission system PermissionChecker doesn't exist anymore.

Author: matthv

.gitignore

@@ -14,6 +14,7 @@
 /spec/dummy/tmp/
 /tmp/
 .byebug_history
+/out
 
 ## Specific to RubyMotion:
 .dat*

CHANGELOG.md

@@ -1,3 +1,74 @@
+# [8.0.0-beta.1](https://github.com/ForestAdmin/forest-rails/compare/v7.8.1...v8.0.0-beta.1) (2023-03-14)
+
+
+### Bug Fixes
+
+* raise error when an action is call on a smartcollection ([#605](https://github.com/ForestAdmin/forest-rails/issues/605)) ([675821e](https://github.com/ForestAdmin/forest-rails/commit/675821e086137cf7413a1e328b71a9c836d8c21a))
+* **apimap:** format apimap liana version ([#603](https://github.com/ForestAdmin/forest-rails/issues/603)) ([b8a83bb](https://github.com/ForestAdmin/forest-rails/commit/b8a83bb6a4edf229ca788227cac2a917dc4fd204))
+* **conditional-approval:** update condition to check if user can trigger the action ([#604](https://github.com/ForestAdmin/forest-rails/issues/604)) ([36f55b3](https://github.com/ForestAdmin/forest-rails/commit/36f55b3bfeb992831c10238264af2931448ccae8))
+
+
+### Features
+
+* **conditional-approval:** users want conditional triggers of conditional approval ([#600](https://github.com/ForestAdmin/forest-rails/issues/600)) ([062bcac](https://github.com/ForestAdmin/forest-rails/commit/062bcace329f302f238324fb0f1db2f00331978e))
+
+
+### BREAKING CHANGES
+
+* **conditional-approval:** Introduction of a new permission module call Ability. The previous permission system PermissionChecker doesn't exist anymore.
+
+## [7.8.2-beta.1](https://github.com/ForestAdmin/forest-rails/compare/v7.8.1...v7.8.2-beta.1) (2023-03-14)
+
+
+### Bug Fixes
+
+* raise error when an action is call on a smartcollection ([#605](https://github.com/ForestAdmin/forest-rails/issues/605)) ([675821e](https://github.com/ForestAdmin/forest-rails/commit/675821e086137cf7413a1e328b71a9c836d8c21a))
+* **apimap:** format apimap liana version ([#603](https://github.com/ForestAdmin/forest-rails/issues/603)) ([b8a83bb](https://github.com/ForestAdmin/forest-rails/commit/b8a83bb6a4edf229ca788227cac2a917dc4fd204))
+* **conditional-approval:** update condition to check if user can trigger the action ([#604](https://github.com/ForestAdmin/forest-rails/issues/604)) ([36f55b3](https://github.com/ForestAdmin/forest-rails/commit/36f55b3bfeb992831c10238264af2931448ccae8))
+
+
+### Features
+
+* **conditional-approval:** users want conditional triggers of conditional approval ([#600](https://github.com/ForestAdmin/forest-rails/issues/600)) ([062bcac](https://github.com/ForestAdmin/forest-rails/commit/062bcace329f302f238324fb0f1db2f00331978e))
+
+
+### BREAKING CHANGES
+
+* **conditional-approval:** Introduction of a new permission module call Ability. The previous permission system PermissionChecker doesn't exist anymore.
+
+# [8.0.0-beta.4](https://github.com/ForestAdmin/forest-rails/compare/v8.0.0-beta.3...v8.0.0-beta.4) (2023-02-23)
+
+
+### Bug Fixes
+
+* raise error when an action is call on a smartcollection ([#605](https://github.com/ForestAdmin/forest-rails/issues/605)) ([c98ac23](https://github.com/ForestAdmin/forest-rails/commit/c98ac238d55bef201945b1cd3cfcea806d4c2d26))
+
+# [8.0.0-beta.3](https://github.com/ForestAdmin/forest-rails/compare/v8.0.0-beta.2...v8.0.0-beta.3) (2023-02-22)
+
+
+### Bug Fixes
+
+* **conditional-approval:** update condition to check if user can trigger the action ([#604](https://github.com/ForestAdmin/forest-rails/issues/604)) ([d55db18](https://github.com/ForestAdmin/forest-rails/commit/d55db187ea6c12d6aa24e10a509983b0940bc21e))
+
+# [8.0.0-beta.2](https://github.com/ForestAdmin/forest-rails/compare/v8.0.0-beta.1...v8.0.0-beta.2) (2023-02-21)
+
+
+### Bug Fixes
+
+* **apimap:** format apimap liana version ([#603](https://github.com/ForestAdmin/forest-rails/issues/603)) ([37fc823](https://github.com/ForestAdmin/forest-rails/commit/37fc82346870ab367a130c750256d5e37f1de4fd))
+
+# [8.0.0-beta.1](https://github.com/ForestAdmin/forest-rails/compare/v7.8.0...v8.0.0-beta.1) (2023-02-17)
+
+
+### Features
+
+* **conditional-approval:** users want conditional triggers of conditional approval ([#600](https://github.com/ForestAdmin/forest-rails/issues/600)) ([ca99939](https://github.com/ForestAdmin/forest-rails/commit/ca99939647d20c0a223f9f4f1d1d75bede1128b1))
+
+
+### BREAKING CHANGES
+
+* **conditional-approval:** Introduction of a new permission module call Ability. The previous permission system PermissionChecker doesn't exist anymore.
+
 ## [7.8.1](https://github.com/ForestAdmin/forest-rails/compare/v7.8.0...v7.8.1) (2023-02-28)
 
 # [7.8.0](https://github.com/ForestAdmin/forest-rails/compare/v7.7.3...v7.8.0) (2023-01-24)

Gemfile

@@ -35,3 +35,4 @@ gem 'ipaddress', '0.8.3'
 gem 'openid_connect', '1.4.2'
 gem 'json'
 gem 'json-jwt', '1.15.0'
+gem 'deepsort'

Gemfile.lock

@@ -1,9 +1,10 @@
 PATH
   remote: .
   specs:
-    forest_liana (7.8.1)
+    forest_liana (8.0.0-beta.1)
       arel-helpers
       bcrypt
+      deepsort
       forestadmin-jsonapi-serializers (>= 0.14.0)
       groupdate (>= 5.0.0)
       httparty
@@ -89,6 +90,7 @@ GEM
     concurrent-ruby (1.1.10)
     crass (1.0.6)
     date (3.3.3)
+    deepsort (0.4.5)
     diff-lcs (1.5.0)
     docile (1.4.0)
     erubi (1.12.0)
@@ -254,6 +256,7 @@ DEPENDENCIES
   arel-helpers (= 2.14.0)
   bcrypt
   byebug
+  deepsort
   forest_liana!
   forestadmin-jsonapi-serializers
   groupdate (= 5.2.2)

app/controllers/forest_liana/actions_controller.rb

@@ -2,12 +2,14 @@ module ForestLiana
   class ActionsController < ApplicationController
 
     def get_smart_action_hook_request
-      begin
+      if params[:data] && params[:data][:attributes] && params[:data][:attributes][:collection_name]
         params[:data][:attributes]
-      rescue => error
+      else
+        error = 'parameters data attributes missing'
         FOREST_REPORTER.report error
         FOREST_LOGGER.error "Smart Action hook request error: #{error}"
-        {}
+
+        raise ForestLiana::Errors::HTTP422Error.new("Error in smart action load hook: cannot retrieve action from collection")
       end
     end
 

app/controllers/forest_liana/application_controller.rb

@@ -3,6 +3,9 @@
 
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
+    rescue_from ForestLiana::Ability::Exceptions::AccessDenied, with: :render_error
+    rescue_from ForestLiana::Errors::HTTP422Error, with: :render_error
+
     def self.papertrail?
       Object.const_get('PaperTrail::Version').is_a?(Class) rescue false
     end
@@ -96,6 +99,18 @@ def deactivate_count_response
 
     private
 
+    def render_error(exception)
+      errors = {
+        status: exception.error_code,
+        detail: exception.message,
+      }
+
+      errors['name'] = exception.name if exception.try(:name)
+      errors['data'] = exception.data if exception.try(:data)
+
+      render json: { errors: [errors] }, status: exception.status
+    end
+
     def force_utf8_encoding(json)
       if json['data'].class == Array
         # NOTICE: Collection of records case

app/controllers/forest_liana/resources_controller.rb

@@ -1,5 +1,6 @@
 module ForestLiana
   class ResourcesController < ForestLiana::ApplicationController
+    include ForestLiana::Ability
     begin
       prepend ResourcesExtensions
     rescue NameError
@@ -14,24 +15,11 @@ class ResourcesController < ForestLiana::ApplicationController
     end
 
     def index
+      action = request.format == 'csv' ? 'export' : 'browse'
+      forest_authorize!(action, forest_user, @resource)
       begin
-        if request.format == 'csv'
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user: forest_user)
-          return head :forbidden unless checker.is_authorized?
-        else
-          checker = ForestLiana::PermissionsChecker.new(
-            @resource,
-            'browseEnabled',
-            @rendering_id,
-            user: forest_user,
-            collection_list_parameters: get_collection_list_permission_info(forest_user, request)
-          )
-          return head :forbidden unless checker.is_authorized?
-        end
-
         getter = ForestLiana::ResourcesGetter.new(@resource, params, forest_user)
         getter.perform
-
         respond_to do |format|
           format.json { render_jsonapi(getter) }
           format.csv { render_csv(getter, @resource) }
@@ -55,16 +43,8 @@ def index
 
     def count
       find_resource
+      forest_authorize!('browse', forest_user, @resource)
       begin
-        checker = ForestLiana::PermissionsChecker.new(
-          @resource,
-          'browseEnabled',
-          @rendering_id,
-          user: forest_user,
-          collection_list_parameters: get_collection_list_permission_info(forest_user, request)
-        )
-        return head :forbidden unless checker.is_authorized?
-
         getter = ForestLiana::ResourcesGetter.new(@resource, params, forest_user)
         getter.count
 
@@ -88,10 +68,8 @@ def count
     end
 
     def show
+      forest_authorize!('read', forest_user, @resource)
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user: forest_user)
-        return head :forbidden unless checker.is_authorized?
-
         getter = ForestLiana::ResourceGetter.new(@resource, params, forest_user)
         getter.perform
 
@@ -106,10 +84,8 @@ def show
     end
 
     def create
+      forest_authorize!('add', forest_user, @resource)
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user: forest_user)
-        return head :forbidden unless checker.is_authorized?
-
         creator = ForestLiana::ResourceCreator.new(@resource, params)
         creator.perform
 
@@ -130,10 +106,8 @@ def create
     end
 
     def update
+      forest_authorize!('edit', forest_user, @resource)
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user: forest_user)
-        return head :forbidden unless checker.is_authorized?
-
         updater = ForestLiana::ResourceUpdater.new(@resource, params, forest_user)
         updater.perform
 
@@ -154,37 +128,37 @@ def update
     end
 
     def destroy
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
-      return head :forbidden unless checker.is_authorized?
+      forest_authorize!('delete', forest_user, @resource)
+        begin
+        collection_name = ForestLiana.name_for(@resource)
+        scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, forest_user, collection_name, params[:timezone])
 
-      collection_name = ForestLiana.name_for(@resource)
-      scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, forest_user, collection_name, params[:timezone])
-
-      unless scoped_records.exists?(params[:id])
-        return render serializer: nil, json: { status: 404 }, status: :not_found
-      end
+        unless scoped_records.exists?(params[:id])
+          return render serializer: nil, json: { status: 404 }, status: :not_found
+        end
 
-      scoped_records.destroy(params[:id])
+        scoped_records.destroy(params[:id])
 
-      head :no_content
-    rescue => error
-      FOREST_REPORTER.report error
-      FOREST_LOGGER.error "Record Destroy error: #{error}\n#{format_stacktrace(error)}"
-      internal_server_error
+        head :no_content
+      rescue => error
+        FOREST_REPORTER.report error
+        FOREST_LOGGER.error "Record Destroy error: #{error}\n#{format_stacktrace(error)}"
+        internal_server_error
+      end
     end
 
     def destroy_bulk
-      checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
-      return head :forbidden unless checker.is_authorized?
-
-      ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
-      @resource.destroy(ids) if ids&.any?
+      forest_authorize!('delete', forest_user, @resource)
+      begin
+        ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
+        @resource.destroy(ids) if ids&.any?
 
-      head :no_content
-    rescue => error
-      FOREST_REPORTER.report error
-      FOREST_LOGGER.error "Records Destroy error: #{error}\n#{format_stacktrace(error)}"
-      internal_server_error
+        head :no_content
+      rescue => error
+        FOREST_REPORTER.report error
+        FOREST_LOGGER.error "Records Destroy error: #{error}\n#{format_stacktrace(error)}"
+        internal_server_error
+      end
     end
 
     private