Merge branch 'release/21.9.3'

Gemfile.lock

@@ -67,8 +67,8 @@ GEM
  rake (>= 10.4, < 14.0)
  ast (2.4.2)
  aws-eventstream (1.2.0)
- aws-partitions (1.503.0)
- aws-sdk-core (3.121.0)
+ aws-partitions (1.508.0)
+ aws-sdk-core (3.121.1)
  aws-eventstream (~> 1, >= 1.0.2)
  aws-partitions (~> 1, >= 1.239.0)
  aws-sigv4 (~> 1.1)
@@ -231,22 +231,22 @@ GEM
  nokogiri (>= 1.5.9)
  mail (2.7.1)
  mini_mime (>= 0.1.1)
- marcel (1.0.1)
+ marcel (1.0.2)
  memory_profiler (1.0.0)
- meta-tags (2.15.0)
- actionpack (>= 3.2.0, < 6.2)
+ meta-tags (2.16.0)
+ actionpack (>= 3.2.0, < 7.1)
  method_source (1.0.0)
  mini_mime (1.1.1)
  mini_portile2 (2.6.1)
  minitest (5.14.4)
- mobility (1.1.3)
+ mobility (1.2.1)
  i18n (>= 0.6.10, < 2)
  request_store (~> 1.0)
  msgpack (1.4.2)
  multi_json (1.15.0)
  multipart-post (2.1.1)
  nio4r (2.5.8)
- nokogiri (1.12.4)
+ nokogiri (1.12.5)
  mini_portile2 (~> 2.6.1)
  racc (~> 1.4)
  orm_adapter (0.5.0)
@@ -358,16 +358,16 @@ GEM
  rspec-mocks (~> 3.10)
  rspec-support (~> 3.10)
  rspec-support (3.10.2)
- rubocop (1.21.0)
+ rubocop (1.22.0)
  parallel (~> 1.10)
  parser (>= 3.0.0.0)
  rainbow (>= 2.2.2, < 4.0)
  regexp_parser (>= 1.8, < 3.0)
  rexml
- rubocop-ast (>= 1.9.1, < 2.0)
+ rubocop-ast (>= 1.12.0, < 2.0)
  ruby-progressbar (~> 1.7)
  unicode-display_width (>= 1.4.0, < 3.0)
- rubocop-ast (1.11.0)
+ rubocop-ast (1.12.0)
  parser (>= 3.0.1.1)
  rubocop-performance (1.11.5)
  rubocop (>= 1.7.0, < 2.0)
@@ -376,24 +376,23 @@ GEM
  activesupport (>= 4.2.0)
  rack (>= 1.1)
  rubocop (>= 1.7.0, < 2.0)
- rubocop-rspec (2.4.0)
- rubocop (~> 1.0)
- rubocop-ast (>= 1.1.0)
+ rubocop-rspec (2.5.0)
+ rubocop (~> 1.19)
  ruby-progressbar (1.11.0)
  ruby2_keywords (0.0.5)
  rubyzip (2.3.2)
  selenium-webdriver (3.142.7)
  childprocess (>= 0.5, < 4.0)
  rubyzip (>= 1.2.2)
  semantic_range (3.0.0)
- sentry-rails (4.7.2)
+ sentry-rails (4.7.3)
  railties (>= 5.0)
  sentry-ruby-core (~> 4.7.0)
- sentry-ruby (4.7.2)
+ sentry-ruby (4.7.3)
  concurrent-ruby (~> 1.0, >= 1.0.2)
  faraday (>= 1.0)
- sentry-ruby-core (= 4.7.2)
- sentry-ruby-core (4.7.2)
+ sentry-ruby-core (= 4.7.3)
+ sentry-ruby-core (4.7.3)
  concurrent-ruby
  faraday
  sixarm_ruby_unaccent (1.2.0)

VERSION

@@ -1 +1 @@
-V21.9.2
+V21.9.3

app/controllers/application_controller.rb

@@ -43,7 +43,7 @@ def responder_flash_messages(resource_name, scope: :update)
  end
 
  def current_organisation
- nil
+ @current_organisation ||= Organisation.find_by(slug: params[:org].presence)
  end
 
  def current_locale
@@ -84,4 +84,12 @@ def unauthorized
  def return_to_path(default)
  params[:return_to].presence || default || root_path
  end
+
+ def require_organisation!
+ return if current_organisation
+ return redirect_to url_for(org: current_user.organisation.slug) if current_user&.organisation
+ return redirect_to new_user_session_path if current_user.blank?
+
+ raise ActionController::RoutingError, 'Not found'
+ end
 end

app/controllers/manage/base_controller.rb

@@ -2,23 +2,13 @@
 
 module Manage
  class BaseController < ApplicationController
- before_action :authenticate_user!
+ before_action :authenticate_user!, :require_organisation!
  check_authorization
 
  protected
 
  def current_ability
  @current_ability ||= Ability::Manage.new(current_user, current_organisation)
  end
-
- def current_organisation
- return if current_user.blank?
-
- @current_organisation ||= if current_user.role_admin?
- Organisation.find_by!(slug: params[:org].presence)
- else
- current_user.organisation
- end
- end
  end
 end

app/controllers/manage/data_digests_controller.rb

@@ -5,7 +5,7 @@ class DataDigestsController < BaseController
  load_and_authorize_resource :data_digest
 
  def index
- @data_digests = @data_digests.where(organisation: current_organisation)
+ @data_digests = @data_digests.where(organisation: current_organisation).order(type: :ASC)
  respond_with :manage, @data_digests.order(created_at: :ASC)
  end
 

app/controllers/public/agent_bookings_controller.rb

@@ -2,7 +2,8 @@
 
 module Public
  class AgentBookingsController < BaseController
- load_and_authorize_resource :agent_booking
+ load_and_authorize_resource :agent_booking, except: %i[show edit update]
+ before_action :set_agent_booking, only: %i[show edit update]
 
  def new
  @agent_booking = AgentBooking.new(organisation: current_organisation)
@@ -13,12 +14,16 @@ def new
 
  def create
  @agent_booking.assign_attributes(agent_booking_params.merge(organisation: current_organisation))
- @agent_booking.save_and_update_booking
- respond_with :public, @agent_booking
+
+ if @agent_booking.save_and_update_booking
+ redirect_to edit_public_agent_booking_path(@agent_booking.token)
+ else
+ render 'new'
+ end
  end
 
  def show
- redirect_to edit_public_agent_booking_path(@agent_booking)
+ redirect_to edit_public_agent_booking_path(@agent_booking.token || @agent_booking.to_param)
  end
 
  def edit
@@ -31,11 +36,15 @@ def update
  @agent_booking.save_and_update_booking
  BookingActions::Public.all[booking_action]&.call(booking: @agent_booking.booking) if booking_action
  end
- respond_with :public, @agent_booking, location: edit_public_agent_booking_path
+ respond_with :public, @agent_booking, location: edit_public_agent_booking_path(@agent_booking.token)
  end
 
  private
 
+ def set_agent_booking
+ @agent_booking = AgentBooking.find_by(token: params[:id]) || AgentBooking.find(params[:id])
+ end
+
  def booking_action
  params[:booking_action]
  end

app/controllers/public/base_controller.rb

@@ -2,11 +2,9 @@
 
 module Public
  class BaseController < ApplicationController
- protected
+ before_action :require_organisation!
 
- def current_organisation
- @current_organisation ||= Organisation.find_by!(slug: params[:org].presence)
- end
+ protected
 
  def current_ability
  @current_ability ||= Ability::Public.new(current_user, current_organisation)

app/controllers/public/bookings_controller.rb

@@ -2,6 +2,8 @@
 
 module Public
  class BookingsController < BaseController
+ before_action :set_booking, only: %i[show edit update]
+
  def new
  @booking = Booking.new(create_params)
  @booking.organisation = current_organisation
@@ -12,12 +14,10 @@ def new
  end
 
  def show
- @booking = Booking.find(params[:id])
  redirect_to edit_public_booking_path(@booking)
  end
 
  def edit
- @booking = Booking.find(params[:id])
  @booking.committed_request ||= @booking.agent_booking&.committed_request if @booking.agent_booking?
  respond_with :public, @booking
  end
@@ -30,17 +30,20 @@ def create
  end
 
  def update
- @booking = Booking.find(params[:id])
  if @booking.editable?
  @booking.assign_attributes(update_params)
  @booking.save(context: :public_update)
  end
  call_booking_action
- respond_with :public, @booking, location: edit_public_booking_path
+ respond_with :public, @booking, location: edit_public_booking_path(@booking.token)
  end
 
  private
 
+ def set_booking
+ @booking = Booking.find_by(token: params[:id]) || Booking.find(params[:id])
+ end
+
  def call_booking_action
  booking_action&.call(booking: @booking)
  rescue BookingActions::Base::NotAllowed

app/controllers/public/pages_controller.rb

@@ -15,11 +15,5 @@ def ext
  format.js render(file: helpers.asset_pack_path('ext'))
  end
  end
-
- protected
-
- def current_organisation
- @current_organisation ||= Organisation.find_by(slug: params[:org].presence)
- end
  end
 end

app/models/agent_booking.rb

@@ -11,6 +11,7 @@
 # committed_request :boolean
 # remarks :text
 # tenant_email :string
+# token :string
 # created_at :datetime not null
 # updated_at :datetime not null
 # booking_agent_id :bigint not null
@@ -24,6 +25,7 @@
 # index_agent_bookings_on_booking_id (booking_id)
 # index_agent_bookings_on_home_id (home_id)
 # index_agent_bookings_on_organisation_id (organisation_id)
+# index_agent_bookings_on_token (token) UNIQUE
 #
 # Foreign Keys
 #
@@ -40,6 +42,8 @@ class AgentBooking < ApplicationRecord
  belongs_to :home
  has_one :occupancy, through: :booking
 
+ has_secure_token :token, length: 48
+
  before_validation :assign_booking_agent
 
  validates :tenant_email, format: Devise.email_regexp, presence: true, if: :committed_request
@@ -52,8 +56,7 @@ class AgentBooking < ApplicationRecord
  accepts_nested_attributes_for :occupancy, reject_if: :all_blank, update_only: true
 
  def save_and_update_booking
- return errors.add(:booking, :invalid) unless valid? && update_booking
-
+ errors.add(:booking, :invalid) unless valid? && update_booking
  save
  end
 

app/models/booking.rb

@@ -23,6 +23,7 @@
 # remarks :text
 # state_data :json
 # tenant_organisation :string
+# token :string
 # usages_entered :boolean default(FALSE)
 # usages_presumed :boolean default(FALSE)
 # created_at :datetime not null
@@ -41,6 +42,7 @@
 # index_bookings_on_locale (locale)
 # index_bookings_on_organisation_id (organisation_id)
 # index_bookings_on_ref (ref)
+# index_bookings_on_token (token) UNIQUE
 #
 # Foreign Keys
 #
@@ -81,6 +83,8 @@ class Booking < ApplicationRecord
  has_one :agent_booking, dependent: :destroy, inverse_of: :booking
  has_one :booking_agent, through: :agent_booking
 
+ has_secure_token :token, length: 48
+
  attribute :accept_conditions, default: false
  enum locale: I18n.available_locales.index_by(&:to_sym).transform_values(&:to_s),
  _prefix: true, _default: I18n.locale || I18n.default_locale
@@ -103,7 +107,7 @@ class Booking < ApplicationRecord
  scope :with_default_includes, -> { includes(DEFAULT_INCLUDES) }
  scope :inconcluded, -> { where(concluded: false) }
 
- before_validation :set_organisation, :set_occupancy_attributes, :set_tenant_attributes
+ before_validation :set_organisation, :set_occupancy, :set_tenant
  before_create :set_ref
  after_create :reload
 
@@ -161,13 +165,14 @@ def reject_tenant_attributes?(tenant_attributes)
  tenant_attributes.slice(:email, :first_name, :last_name, :street_address, :zipcode, :city).values.all?(&:blank?)
  end
 
- def set_tenant_attributes
- self.tenant ||= organisation.tenants.find_or_initialize_by(email: email)
- self.tenant.email = self[:email] if self[:email].present?
- self.tenant.organisation = organisation
+ def set_tenant
+ self.tenant ||= organisation.tenants.find_or_initialize_by(email: email) if email.present?
+ # self.email ||= tenant.email if tenant.email.present?
+ tenant.email = email if email.present?
+ tenant&.organisation = organisation
  end
 
- def set_occupancy_attributes
+ def set_occupancy
  self.occupancy ||= build_occupancy
  occupancy.home = home
  occupancy.booking = self

app/serializers/manage/booking_serializer.rb

@@ -14,7 +14,7 @@ class BookingSerializer < Public::BookingSerializer
  next { edit: nil, manage: nil } if booking.new_record?
 
  {
- edit: url.edit_public_booking_url(booking.to_param, org: booking.organisation.slug),
+ edit: url.edit_public_booking_url(booking.token, org: booking.organisation.slug),
  manage: url.manage_booking_url(booking.to_param, org: booking.organisation.slug)
  }
  end

app/serializers/public/agent_booking_serializer.rb

@@ -11,7 +11,8 @@ class AgentBookingSerializer < ApplicationSerializer
 
  field :links do |agent_booking|
  {
- edit: url.edit_public_agent_booking_url(agent_booking.to_param, org: agent_booking.organisation.slug)
+ edit: url.edit_public_agent_booking_url(agent_booking.token || agent_booking.to_param,
+ org: agent_booking.organisation.slug)
  }
  end
  end

app/serializers/public/booking_serializer.rb

@@ -16,7 +16,7 @@ class BookingSerializer < ApplicationSerializer
  field :links do |booking|
  next { edit: nil } if booking.new_record?
 
- { edit: url.edit_public_booking_url(booking.to_param, org: booking.organisation.slug) }
+ { edit: url.edit_public_booking_url(booking.token || booking.to_param, org: booking.organisation.slug) }
  end
  end
 end

app/serializers/public/occupancy_serializer.rb

@@ -2,7 +2,7 @@
 
 module Public
  class OccupancySerializer < ApplicationSerializer
- fields :begins_at, :ends_at, :occupancy_type, :home_id, :remarks
+ fields :begins_at, :ends_at, :occupancy_type, :home_id, :remarks, :id
 
  field :ref do |occupancy|
  occupancy.booking&.ref