Merge branch 'dev' for release 6.1.0

CHANGELOG.md

@@ -1,6 +1,19 @@
 # Changelog Fab-manager
 
-## next deploy
+## v6.1.0 2023 September 25
+
+- improves api/notification controller to avoid failing when there is a notification with wrong notification_type in db
+- Add extra_authorize_params to OpenIdConnect config
+- Improvement : add a notification to remind users to upload their supporting documents
+- Cancel payment schedule subscription after update the payment mean
+- admin can see reservations of a member
+- Fix a bug: unable to update card for payment schedule
+- Fix a bug: user is_allow_contact is actived by default
+- Fix a bug: unbale to export projects
+- Fix a bug: unbale to update card bank of payment schedule
+- Feature: family compte for event
+- Feature: pre-registration event
+- [TODO DEPLOY] `rails db:seed`
 
 ## v6.0.14 2023 September 6
 

Gemfile

@@ -151,3 +151,5 @@ gem 'sentry-rails'
 gem 'sentry-ruby'
 
 gem "reverse_markdown"
+
+gem "ancestry"

Gemfile.lock

@@ -76,6 +76,8 @@ GEM
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     afm (0.2.2)
+    ancestry (4.3.3)
+      activerecord (>= 5.2.6)
     ansi (1.5.0)
     api-pagination (4.8.2)
     apipie-rails (0.5.17)
@@ -536,6 +538,7 @@ DEPENDENCIES
   aasm
   active_record_query_trace
   acts_as_list
+  ancestry
   api-pagination
   apipie-rails
   awesome_print

app/controllers/api/auth_providers_controller.rb

@@ -99,7 +99,7 @@ def provider_params
                     providable_attributes: [:id, :issuer, :discovery, :client_auth_method, :prompt, :send_scope_to_token_endpoint,
                                             :client__identifier, :client__secret, :client__authorization_endpoint, :client__token_endpoint,
                                             :client__userinfo_endpoint, :client__jwks_uri, :client__end_session_endpoint, :profile_url,
-                                            { scope: [] }],
+                                            :extra_authorize_params, { scope: [] }],
                     auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
                                                         :_destroy, { transformation: [:type, :format, :true_value, :false_value,
                                                                                       { mapping: %i[from to] }] }])

app/controllers/api/children_controller.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+# API Controller for resources of type Child
+# Children are used to provide a way to manage multiple users in the family account
+class API::ChildrenController < API::APIController
+  before_action :authenticate_user!
+  before_action :set_child, only: %i[show update destroy validate]
+
+  def index
+    authorize Child
+    user_id = current_user.id
+    user_id = params[:user_id] if current_user.privileged? && params[:user_id]
+    @children = Child.where(user_id: user_id).where('birthday >= ?', 18.years.ago).includes(:supporting_document_files).order(:created_at)
+  end
+
+  def show
+    authorize @child
+  end
+
+  def create
+    @child = Child.new(child_params)
+    authorize @child
+    if ChildService.create(@child)
+      render status: :created
+    else
+      render json: @child.errors.full_messages, status: :unprocessable_entity
+    end
+  end
+
+  def update
+    authorize @child
+
+    if ChildService.update(@child, child_params)
+      render status: :ok
+    else
+      render json: @child.errors.full_messages, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    authorize @child
+    @child.destroy
+    head :no_content
+  end
+
+  def validate
+    authorize @child
+
+    cparams = params.require(:child).permit(:validated_at)
+    if ChildService.validate(@child, cparams[:validated_at].present?)
+      render :show, status: :ok, location: child_path(@child)
+    else
+      render json: @child.errors, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def set_child
+    @child = Child.find(params[:id])
+  end
+
+  def child_params
+    params.require(:child).permit(:first_name, :last_name, :email, :phone, :birthday, :user_id,
+                                  supporting_document_files_attributes: %i[id supportable_id supportable_type
+                                                                           supporting_document_type_id
+                                                                           attachment _destroy])
+  end
+end

app/controllers/api/events_controller.rb

@@ -96,7 +96,8 @@ def event_params
     # handle general properties
     event_preparams = params.required(:event).permit(:title, :description, :start_date, :start_time, :end_date, :end_time,
                                                      :amount, :nb_total_places, :availability_id, :all_day, :recurrence,
-                                                     :recurrence_end_at, :category_id, :event_theme_ids, :age_range_id,
+                                                     :recurrence_end_at, :category_id, :event_theme_ids, :age_range_id, :event_type,
+                                                     :pre_registration, :pre_registration_end_date,
                                                      event_theme_ids: [],
                                                      event_image_attributes: %i[id attachment],
                                                      event_files_attributes: %i[id attachment _destroy],

app/controllers/api/notifications_controller.rb

@@ -15,6 +15,7 @@ class API::NotificationsController < API::APIController
   def index
     loop do
       @notifications = current_user.notifications
+                                   .with_valid_notification_type
                                    .delivered_in_system(current_user)
                                    .includes(:attached_object)
                                    .page(params[:page])
@@ -24,15 +25,16 @@ def index
       break unless delete_obsoletes(@notifications)
     end
     @totals = {
-      total: current_user.notifications.delivered_in_system(current_user).count,
-      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
+      total: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).count,
+      unread: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end
 
   def last_unread
     loop do
       @notifications = current_user.notifications
+                                   .with_valid_notification_type
                                    .delivered_in_system(current_user)
                                    .includes(:attached_object)
                                    .where(is_read: false)
@@ -42,19 +44,20 @@ def last_unread
       break unless delete_obsoletes(@notifications)
     end
     @totals = {
-      total: current_user.notifications.delivered_in_system(current_user).count,
-      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
+      total: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).count,
+      unread: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end
 
   def polling
     @notifications = current_user.notifications
-                                 .where('is_read = false AND created_at >= :date', date: params[:last_poll])
-                                 .order('created_at DESC')
+                                 .with_valid_notification_type
+                                 .where('notifications.is_read = false AND notifications.created_at >= :date', date: params[:last_poll])
+                                 .order('notifications.created_at DESC')
     @totals = {
-      total: current_user.notifications.delivered_in_system(current_user).count,
-      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
+      total: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).count,
+      unread: current_user.notifications.with_valid_notification_type.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end

app/controllers/api/reservations_controller.rb

@@ -4,7 +4,7 @@
 # Reservations are used for Training, Machine, Space and Event
 class API::ReservationsController < API::APIController
   before_action :authenticate_user!
-  before_action :set_reservation, only: %i[show update]
+  before_action :set_reservation, only: %i[show update confirm_payment]
   respond_to :json
 
   def index
@@ -34,6 +34,16 @@ def update
     end
   end
 
+  def confirm_payment
+    authorize @reservation
+    invoice = ReservationConfirmPaymentService.new(@reservation, current_user, params[:coupon_code], params[:offered]).call
+    if invoice
+      render :show, status: :ok, location: @reservation
+    else
+      render json: @reservation.errors, status: :unprocessable_entity
+    end
+  end
+
   private
 
   def set_reservation

app/controllers/api/slots_reservations_controller.rb

@@ -5,7 +5,7 @@
 # availability by Availability.slot_duration, or otherwise globally by Setting.get('slot_duration')
 class API::SlotsReservationsController < API::APIController
   before_action :authenticate_user!
-  before_action :set_slots_reservation, only: %i[update cancel]
+  before_action :set_slots_reservation, only: %i[update cancel validate invalidate]
   respond_to :json
 
   def update
@@ -23,6 +23,16 @@ def cancel
     SlotsReservationsService.cancel(@slot_reservation)
   end
 
+  def validate
+    authorize @slot_reservation
+    SlotsReservationsService.validate(@slot_reservation)
+  end
+
+  def invalidate
+    authorize @slot_reservation
+    SlotsReservationsService.invalidate(@slot_reservation)
+  end
+
   private
 
   def set_slots_reservation

app/controllers/api/spaces_controller.rb

@@ -7,7 +7,9 @@ class API::SpacesController < API::APIController
   respond_to :json
 
   def index
-    @spaces = Space.includes(:space_image).where(deleted_at: nil)
+    @spaces = Space.includes(:space_image, :machines).where(deleted_at: nil)
+    @spaces_indexed_with_parent = @spaces.index_with { |space| @spaces.find { |s| s.id == space.parent_id } }
+    @spaces_grouped_by_parent_id = @spaces.group_by(&:parent_id)
   end
 
   def show
@@ -20,6 +22,7 @@ def create
     authorize Space
     @space = Space.new(space_params)
     if @space.save
+      update_space_children(@space, params[:space][:child_ids])
       render :show, status: :created, location: @space
     else
       render json: @space.errors, status: :unprocessable_entity
@@ -29,6 +32,7 @@ def create
   def update
     authorize @space
     if @space.update(space_params)
+      update_space_children(@space, params[:space][:child_ids])
       render :show, status: :ok, location: @space
     else
       render json: @space.errors, status: :unprocessable_entity
@@ -50,8 +54,18 @@ def set_space
 
   def space_params
     params.require(:space).permit(:name, :description, :characteristics, :default_places, :disabled,
+                                  machine_ids: [],
                                   space_image_attributes: %i[id attachment],
                                   space_files_attributes: %i[id attachment _destroy],
                                   advanced_accounting_attributes: %i[code analytical_section])
   end
+
+  def update_space_children(parent_space, child_ids)
+    Space.transaction do
+      parent_space.children.each { |child| child.update!(parent: nil) }
+      child_ids.to_a.select(&:present?).each do |child_id|
+        Space.find(child_id).update!(parent: parent_space)
+      end
+    end
+  end
 end

app/controllers/api/supporting_document_files_controller.rb

@@ -48,6 +48,6 @@ def set_supporting_document_file
 
   # Never trust parameters from the scary internet, only allow the white list through.
   def supporting_document_file_params
-    params.required(:supporting_document_file).permit(:supporting_document_type_id, :attachment, :user_id)
+    params.required(:supporting_document_file).permit(:supporting_document_type_id, :attachment, :supportable_id, :supportable_type)
   end
 end

app/controllers/api/supporting_document_refusals_controller.rb

@@ -27,6 +27,7 @@ def create
 
   # Never trust parameters from the scary internet, only allow the white list through.
   def supporting_document_refusal_params
-    params.required(:supporting_document_refusal).permit(:message, :operator_id, :user_id, supporting_document_type_ids: [])
+    params.required(:supporting_document_refusal).permit(:message, :operator_id, :supportable_id, :supportable_type,
+                                                         supporting_document_type_ids: [])
   end
 end

app/controllers/api/supporting_document_types_controller.rb

@@ -45,6 +45,6 @@ def set_supporting_document_type
   end
 
   def supporting_document_type_params
-    params.require(:supporting_document_type).permit(:name, group_ids: [])
+    params.require(:supporting_document_type).permit(:name, :document_type, group_ids: [])
   end
 end