Merge branch 'dev' for release 5.7.0

.dockerignore

@@ -32,7 +32,7 @@ imports
 accounting
 
 # Proof of identity files
-proof_of_identity_files
+supporting_document_files
 
 # Development files
 Vagrantfile

.gitignore

@@ -47,7 +47,7 @@
 /accounting/*
 
 # Proof of identity files
-/proof_of_identity_files/*
+/supporting_document_files/*
 
 .DS_Store
 

.rubocop.yml

@@ -36,5 +36,9 @@ Style/FormatString:
   EnforcedStyle: sprintf
 Rails/RedundantPresenceValidationOnBelongsTo:
   Enabled: false
+Style/DateTime:
+  Enabled: true
+Rails/TimeZone:
+  Enabled: true
 Rails/UnknownEnv:
  Environments: development, test, staging, production

CHANGELOG.md

@@ -1,10 +1,38 @@
 # Changelog Fab-manager
 
+## v5.7.0 2023 February 17
+
+- Report user's prepaid packs in the dashboard
+- Export external ID and private notes in the members excel export
+- Ability to buy a new prepaid pack from the user's dashboard
+- Improved calendars loading time
+- Admin notification when an order was placed
+- Management of notifications preferences for admins
+- Display custom banners in machines/trainings/events lists
+- Filter projects by status
+- Maximum validity period for trainings authorizations
+- Automatically cancel trainings with insufficient attendees
+- Check SCSS syntax before saving home page style
+- Use Time instead of DateTime objects
+- Fix a bug: missing statististics subtypes
+- Fix a bug: wrong times in admin/event monitoring
+- Fix a bug: daylight saving time is ignored and result in wrong dates and/or times when dealing around the DST day
+- Fix a bug: date shift in event creation/update
+- Fix a bug: unable to run `rails db:seed` when first setup Fab-manager
+- Fix a bug: cannot cancel a subscription after offering free days
+- Fix a bug: event image updates are not reflected unless the browser's cache is purged
+- Fix a bug: schedules jobs are not launched at the right time
+- Fix a bug: unable to update the title of a training
+- Fix a bug: members cannot update their cards for payment schedules
+- [TODO DEPLOY] `rails fablab:fix_availabilities` THEN `rails fablab:setup:build_places_cache`
+- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/rename-supporting-document.sh | bash`
+- [TODO DEPLOY] `rails db:seed`
+
 ## v5.6.11 2023 February 07
 
 - OpenAPI endpoint to fetch subscription data
 - Fix a bug: invalid date display in negative timezones
-- Fix a bug: unable to get latest payment_gateway_object for plan/machine/training/space
+- Fix a bug: unable to get the latest payment_gateway_object for plan/machine/training/space
 
 ## v5.6.10 2023 February 02
 
@@ -44,8 +72,7 @@
 - Fix a bug: unable to run task fix_invoice_item when some invoice items are associated with errors
 - Fix a bug: invalid event date reported when the timezone in before UTC
 - Fix a bug: unable to run accounting export if a line label was not defined
-- Fix a security issue: updated rack to 2.2.6.2 to fix [CVE-2022-44571](https
-- cgi-bin/cvename.cgi?name=CVE-2022-44571)
+- Fix a security issue: updated rack to 2.2.6.2 to fix [CVE-2022-44571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44571)
 - Fix a security issue: updated globalid to 1.0.1 to fix [CVE-2023-22799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22799)
 - [TODO DEPLOY] `rails fablab:fix:invoice_items_in_error` THEN `rails fablab:fix_invoice_items` THEN `rails db:migrate`
 
@@ -132,6 +159,7 @@
 - Updated tiptap editor and its dependencies to 2.0.0-beta.204
 - [TODO DEPLOY] `rails db:seed`
 - [TODO DEPLOY] `rails fablab:setup:build_accounting_lines`
+- [TODO DEPLOY] `rails fablab:fix:cart_operator`
 
 ## v5.5.8 2022 December 16
 

Dockerfile

@@ -87,7 +87,7 @@ VOLUME /usr/src/app/invoices \
        /usr/src/app/public/uploads \
        /usr/src/app/public/packs \
        /usr/src/app/accounting \
-       /usr/src/app/proof_of_identity_files \
+       /usr/src/app/supporting_document_files \
        /var/log/supervisor
 
 # Expose port 3000 to the Docker host, so we can access it from the outside

Gemfile

@@ -103,8 +103,6 @@ gem 'elasticsearch-persistence', '~> 5'
 gem 'elasticsearch-rails', '~> 5'
 gem 'faraday', '~> 0.17'
 
-gem 'notify_with'
-
 gem 'pundit'
 
 gem 'oj'

Gemfile.lock

@@ -236,10 +236,6 @@ GEM
     nokogiri (1.13.10)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    notify_with (0.0.2)
-      jbuilder (~> 2.0)
-      rails (>= 4.2.0)
-      responders (~> 2.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -531,7 +527,6 @@ DEPENDENCIES
   message_format
   mini_magick
   minitest-reporters
-  notify_with
   oj
   omniauth (~> 1.9.2)
   omniauth-oauth2

app/controllers/api/accounting_periods_controller.rb

@@ -13,7 +13,7 @@ def show; end
 
   def create
     authorize AccountingPeriod
-    @accounting_period = AccountingPeriod.new(period_params.merge(closed_at: DateTime.current, closed_by: current_user.id))
+    @accounting_period = AccountingPeriod.new(period_params.merge(closed_at: Time.current, closed_by: current_user.id))
     if @accounting_period.save
       render :show, status: :created, location: @accounting_period
     else

app/controllers/api/availabilities_controller.rb

@@ -29,6 +29,7 @@ def public
       { machines: machine_ids, spaces: params[:s], trainings: params[:t] },
       events: (params[:evt] && params[:evt] == 'true')
     )
+    @user = current_user
 
     @title_filter = { machine_ids: machine_ids.map(&:to_i) }
     @availabilities = filter_availabilites(@availabilities)
@@ -50,6 +51,7 @@ def create
     end
   end
 
+  # This endpoint is used to remove a machine or a plan from the given availability
   def update
     authorize Availability
     if @availability.update(availability_params)

app/controllers/api/cart_controller.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# API Controller for manage user's cart
+# API Controller to manage user's cart
 class API::CartController < API::ApiController
   include API::OrderConcern
 
@@ -13,6 +13,17 @@ def create
     render 'api/orders/show'
   end
 
+  def create_item
+    authorize @current_order, policy_class: CartPolicy
+    service = Cart::CreateCartItemService.new(@current_order)
+    @item = service.create(params)
+    if @item.save({ context: @current_order.order_items })
+      render 'api/orders/item', status: :created
+    else
+      render json: @item.errors.full_messages, status: :unprocessable_entity
+    end
+  end
+
   def add_item
     authorize @current_order, policy_class: CartPolicy
     @order = Cart::AddItemService.new.call(@current_order, orderable, cart_params[:quantity])
@@ -49,9 +60,16 @@ def validate
     render json: @order_errors
   end
 
+  def set_customer
+    authorize @current_order, policy_class: CartPolicy
+    customer = User.find(params[:user_id])
+    @order = Cart::SetCustomerService.new(current_user).call(@current_order, customer)
+    render 'api/orders/show'
+  end
+
   private
 
   def orderable
-    Product.find(cart_params[:orderable_id])
+    params[:orderable_type].classify.constantize.find(cart_params[:orderable_id])
   end
 end

app/controllers/api/checkout_controller.rb

@@ -24,6 +24,8 @@ def payment
   rescue PayzenError => e
     render json: PayZen::Helper.human_error(e), status: :unprocessable_entity
   rescue StandardError => e
+    Rails.logger.error e
+    Rails.logger.debug e.backtrace
     render json: e, status: :unprocessable_entity
   end
 

app/controllers/api/events_controller.rb

@@ -17,11 +17,11 @@ def index
     if current_user&.admin? || current_user&.manager?
       @events = case params[:scope]
                 when 'future'
-                  @events.where('availabilities.start_at >= ?', DateTime.current).order('availabilities.start_at DESC')
+                  @events.where('availabilities.start_at >= ?', Time.current).order('availabilities.start_at DESC')
                 when 'future_asc'
-                  @events.where('availabilities.start_at >= ?', DateTime.current).order('availabilities.start_at ASC')
+                  @events.where('availabilities.start_at >= ?', Time.current).order('availabilities.start_at ASC')
                 when 'passed'
-                  @events.where('availabilities.start_at < ?', DateTime.current).order('availabilities.start_at DESC')
+                  @events.where('availabilities.start_at < ?', Time.current).order('availabilities.start_at DESC')
                 else
                   @events.order('availabilities.start_at DESC')
                 end
@@ -42,11 +42,11 @@ def upcoming
 
     @events = case Setting.get('upcoming_events_shown')
               when 'until_start'
-                @events.where('availabilities.start_at >= ?', DateTime.current)
+                @events.where('availabilities.start_at >= ?', Time.current)
               when '2h_before_end'
-                @events.where('availabilities.end_at >= ?', DateTime.current + 2.hours)
+                @events.where('availabilities.end_at >= ?', 2.hours.from_now)
               else
-                @events.where('availabilities.end_at >= ?', DateTime.current)
+                @events.where('availabilities.end_at >= ?', Time.current)
               end
   end
 

app/controllers/api/members_controller.rb

@@ -4,7 +4,7 @@
 class API::MembersController < API::ApiController
   before_action :authenticate_user!, except: [:last_subscribed]
   before_action :set_member, only: %i[update destroy merge complete_tour update_role validate]
-  before_action :set_operator, only: %i[show update create]
+  before_action :set_operator, only: %i[show update create merge validate]
   respond_to :json
 
   def index

app/controllers/api/notification_preferences_controller.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+# API Controller for resources of type Notification Preferences
+class API::NotificationPreferencesController < API::ApiController
+  before_action :authenticate_user!
+
+  def index
+    @notification_preferences = current_user.notification_preferences
+  end
+
+  # Currently only available for Admin in NotificationPreferencePolicy
+  def update
+    authorize NotificationPreference
+    notification_type = NotificationType.find_by(name: params[:notification_preference][:notification_type])
+    @notification_preference = NotificationPreference.find_or_create_by(notification_type: notification_type, user: current_user)
+    @notification_preference.update(notification_preference_params)
+
+    if @notification_preference.save
+      render :show, status: :ok
+    else
+      render json: @notification_preference.errors, status: :unprocessable_entity
+    end
+  end
+
+  # Currently only available for Admin in NotificationPreferencePolicy
+  def bulk_update
+    authorize NotificationPreference
+    errors = []
+    params[:notification_preferences].each do |notification_preference|
+      notification_type = NotificationType.find_by(name: notification_preference[:notification_type])
+      db_notification_preference = NotificationPreference.find_or_create_by(notification_type_id: notification_type.id, user: current_user)
+
+      next if db_notification_preference.update(email: notification_preference[:email], in_system: notification_preference[:in_system])
+
+      errors.push(db_notification_preference.errors)
+    end
+
+    if errors.any?
+      render json: errors, status: :unprocessable_entity
+    else
+      head :no_content, status: :ok
+    end
+  end
+
+  private
+
+  def notification_preference_params
+    params.require(:notification_preference).permit(:notification_type_id, :in_system, :email)
+  end
+end

app/controllers/api/notification_types_controller.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# API Controller for resources of type Notification Types
+class API::NotificationTypesController < API::ApiController
+  before_action :authenticate_user!
+
+  def index
+    @notification_types = if params[:is_configurable] == 'true'
+                            NotificationType.where(is_configurable: true)
+                          else
+                            NotificationType.all
+                          end
+  end
+end

app/controllers/api/notifications_controller.rb

@@ -3,8 +3,8 @@
 # API Controller for resources of type Notification
 # Notifications are scoped by user
 class API::NotificationsController < API::ApiController
-  include NotifyWith::NotificationsApi
   before_action :authenticate_user!
+  before_action :set_notification, only: :update
 
   # notifications can have anything attached, so we won't eager load the whole database
   around_action :skip_bullet, if: -> { defined?(Bullet) }
@@ -14,26 +14,36 @@ class API::NotificationsController < API::ApiController
 
   def index
     loop do
-      @notifications = current_user.notifications.includes(:attached_object).page(params[:page]).per(NOTIFICATIONS_PER_PAGE).order('created_at DESC')
+      @notifications = current_user.notifications
+                                   .delivered_in_system(current_user)
+                                   .includes(:attached_object)
+                                   .page(params[:page])
+                                   .per(NOTIFICATIONS_PER_PAGE)
+                                   .order('created_at DESC')
       # we delete obsolete notifications on first access
       break unless delete_obsoletes(@notifications)
     end
     @totals = {
-      total: current_user.notifications.count,
-      unread: current_user.notifications.where(is_read: false).count
+      total: current_user.notifications.delivered_in_system(current_user).count,
+      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end
 
   def last_unread
     loop do
-      @notifications = current_user.notifications.includes(:attached_object).where(is_read: false).limit(3).order('created_at DESC')
+      @notifications = current_user.notifications
+                                   .delivered_in_system(current_user)
+                                   .includes(:attached_object)
+                                   .where(is_read: false)
+                                   .limit(3)
+                                   .order('created_at DESC')
       # we delete obsolete notifications on first access
       break unless delete_obsoletes(@notifications)
     end
     @totals = {
-      total: current_user.notifications.count,
-      unread: current_user.notifications.where(is_read: false).count
+      total: current_user.notifications.delivered_in_system(current_user).count,
+      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end
@@ -43,14 +53,28 @@ def polling
                                  .where('is_read = false AND created_at >= :date', date: params[:last_poll])
                                  .order('created_at DESC')
     @totals = {
-      total: current_user.notifications.count,
-      unread: current_user.notifications.where(is_read: false).count
+      total: current_user.notifications.delivered_in_system(current_user).count,
+      unread: current_user.notifications.delivered_in_system(current_user).where(is_read: false).count
     }
     render :index
   end
 
+  def update
+    @notification.mark_as_read
+    render :show
+  end
+
+  def update_all
+    current_user.notifications.where(is_read: false).find_each(&:mark_as_read)
+    head :no_content
+  end
+
   private
 
+  def set_notification
+    @notification = current_user.notifications.find(params[:id])
+  end
+
   def delete_obsoletes(notifications)
     cleaned = false
     notifications.each do |n|

app/controllers/api/payments_controller.rb

@@ -41,6 +41,7 @@ def on_payment_success(gateway_item_id, gateway_item_type, cart)
       { json: res[:errors].drop_while(&:empty?), status: :unprocessable_entity }
     end
   rescue StandardError => e
+    Rails.logger.debug e.backtrace
     { json: e, status: :unprocessable_entity }
   end
 end