fahrzeit-ch · stestaub · Oct 31, 2022 · Oct 31, 2022 · Oct 31, 2022 · Oct 31, 2022
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -117,7 +117,7 @@ GEM
     caxlsx_rails (0.6.3)
       actionpack (>= 3.1)
       caxlsx (>= 3.0)
-    childprocess (3.0.0)
+    childprocess (4.1.0)
     cocoon (1.2.15)
     coffee-rails (5.0.0)
       coffee-script (>= 2.2.0)
@@ -256,7 +256,7 @@ GEM
       timeout
     newrelic_rpm (8.8.0)
     nio4r (2.5.8)
-    nokogiri (1.13.6)
+    nokogiri (1.13.9)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     orm_adapter (0.5.0)
@@ -395,9 +395,11 @@ GEM
       activerecord (>= 4.0.0)
       railties (>= 4.0.0)
     select2-rails (4.0.13)
-    selenium-webdriver (3.142.7)
-      childprocess (>= 0.5, < 4.0)
-      rubyzip (>= 1.2.2)
+    selenium-webdriver (4.5.0)
+      childprocess (>= 0.5, < 5.0)
+      rexml (~> 3.2, >= 3.2.5)
+      rubyzip (>= 1.2.2, < 3.0)
+      websocket (~> 1.0)
     shoulda-matchers (4.5.1)
       activesupport (>= 4.2.0)
     simple_calendar (2.4.3)
@@ -450,10 +452,11 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webdrivers (4.5.0)
+    webdrivers (5.2.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
-      selenium-webdriver (>= 3.0, < 4.0)
+      selenium-webdriver (~> 4.0)
+    websocket (1.2.9)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)

diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
@@ -13,6 +13,7 @@
 //= require jquery3
 //= require rails-ujs
 //= require turbolinks
+//= require turbolinks_csp
 //= require select2
 //= require popper
 //= require bootstrap-sprockets
@@ -29,7 +30,7 @@
 //= require bootstrap_features
 //= require print
 //= require cocoon
-//= require turbolinks_csp
+//= require copy_to_clipboard
 //= require cable
 //= require sortablejs
 //= require routes

diff --git a/app/assets/javascripts/copy_to_clipboard.js b/app/assets/javascripts/copy_to_clipboard.js
@@ -0,0 +1,37 @@
+$(document).on('turbolinks:load', function() {
+    // Copies a string to the clipboard. Must be called from within an
+    // event handler such as click. May return false if it failed, but
+    // this is not always possible. Browser support for Chrome 43+,
+    // Firefox 42+, Safari 10+, Edge and Internet Explorer 10+.
+    // Internet Explorer: The clipboard feature may be disabled by
+    // an administrator. By default a prompt is shown the first
+    // time the clipboard is used (per session).
+    function copyToClipboard(text) {
+        if (window.clipboardData && window.clipboardData.setData) {
+            // Internet Explorer-specific code path to prevent textarea being shown while dialog is visible.
+            return window.clipboardData.setData("Text", text);
+        }
+        else if (document.queryCommandSupported && document.queryCommandSupported("copy")) {
+            const textarea = document.createElement("textarea");
+            textarea.textContent = text;
+            textarea.style.position = "fixed";  // Prevent scrolling to bottom of page in Microsoft Edge.
+            document.body.appendChild(textarea);
+            textarea.select();
+            try {
+                return document.execCommand("copy");  // Security exception may be thrown by some browsers.
+            }
+            catch (ex) {
+                console.warn("Copy to clipboard failed.", ex);
+                return prompt("Copy to clipboard: Ctrl+C, Enter", text);
+            }
+            finally {
+                document.body.removeChild(textarea);
+            }
+        }
+    }
+
+    $('[data-copy]').on('click', function () {
+        copyToClipboard($(this).data('copy'));
+        toastr.success("Wert in Zwischenablage kopiert");
+    });
+});
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -16,6 +16,7 @@ class ApplicationController < ActionController::Base
   before_action :authenticate_user!
   before_action :check_account!
   before_action :check_consents
+  before_action :check_not_app_login!, unless: :devise_controller?
 
   layout :determine_layout
 
@@ -39,8 +40,6 @@ def current_company=(company)
     @current_company = company
   end
 
-
-
   def redirect_to_referral(fallback_location: nil)
     redirect_to session.delete(:return_to) || fallback_location
   end

diff --git a/app/controllers/company/app_logins_controller.rb b/app/controllers/company/app_logins_controller.rb
@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+class Company::AppLoginsController < ApplicationController
+  before_action :set_company_from_param
+
+  def show
+    @app_login = current_company.company_members.where(role: CompanyMember::APP_LOGIN).first
+    if @app_login
+      authorize @app_login
+    else
+      authorize nil, :new?, policy_class: AppLoginPolicy
+    end
+  end
+
+  def create
+    authorize nil, policy_class: AppLoginPolicy
+    if current_company.company_members.where(role: CompanyMember::APP_LOGIN).any?
+      flash[:error] = I18n.t "flash.app_login.already_activated"
+      redirect_to company_app_login_path(current_company)
+    else
+      begin
+        @current_password = create_password
+        @app_login_user = User.create!(
+          email: "#{current_company.slug}@app-login.fahrzeit.com",
+          password: @current_password,
+          password_confirmation: @current_password,
+          name: "App Login",
+          skip_create_driver: true,
+          skip_term_validation: true)
+
+        @app_login = current_company.add_member(@app_login_user, CompanyMember::APP_LOGIN)
+        render :show_password
+      rescue StandardError => e
+        flash[:error] = I18n.t "flash.app_login.failed_to_create"
+        logger.error e
+      end
+    end
+  end
+
+  def reset_password
+    @app_login = current_company.company_members.where(role: CompanyMember::APP_LOGIN).first
+    authorize @app_login, policy_class: AppLoginPolicy
+    @current_password = create_password
+    @app_login.user.password = @current_password
+    @app_login.user.password_confirmation = @current_password
+    if @app_login.user.save
+      flash[:success] = I18n.t "flash.app_login.new_password_set"
+      render 'show_password'
+    else
+      flash[:error] = I18n.t "flash.app_login.password_reset_failed"
+      redirect_to company_app_login_path(current_company)
+    end
+  end
+
+  def destroy
+    @app_login = current_company.company_members.where(role: CompanyMember::APP_LOGIN).first
+    authorize @app_login, policy_class: AppLoginPolicy
+    begin
+      @app_login.user.destroy!
+      flash[:success] = I18n.t "flash.app_login.destroyed"
+    rescue StandardError
+      flash[:error] = I18n.t "flash.app_login.not_destroyed"
+    end
+    redirect_to company_app_login_path(current_company)
+  end
+
+  private
+
+    def create_password
+      Devise.friendly_token.first(Devise.password_length.first)
+    end
+end
diff --git a/app/controllers/company/company_members_controller.rb b/app/controllers/company/company_members_controller.rb
@@ -5,7 +5,7 @@ class Company::CompanyMembersController < ApplicationController
 
   def index
     authorize current_company, :index_members?
-    @company_members = CompanyMember.where(company: current_company)
+    @company_members = CompanyMember.where(company: current_company).where.not(role: CompanyMember::APP_LOGIN)
   end
 
   def create

diff --git a/app/controllers/concerns/constraint_router.rb b/app/controllers/concerns/constraint_router.rb
@@ -18,6 +18,13 @@ def check_account!
     end
   end
 
+  def check_not_app_login!
+    return unless user_signed_in?
+    if current_user.app_login?
+      redirect_to is_app_login_error_path
+    end
+  end
+
   # Redirect to company path if user has no driver.
   # This filter should be called *after* check account, otherwise
   # it may raise an error if user has no company.

diff --git a/app/controllers/static_pages_controller.rb b/app/controllers/static_pages_controller.rb
@@ -3,14 +3,18 @@
 class StaticPagesController < ApplicationController
   skip_before_action :authenticate_user!, only: [:home, :demo_login]
   skip_before_action :check_account!
+  skip_before_action :check_not_app_login!
 
   def account_error
-    NewRelic::Agent.notice_error(Error.new("Account error for: User<#{current_user.id}> Drivers<#{current_user.drivers.pluck(:id).join(",")}>"))
+    NewRelic::Agent.notice_error(StandardError.new("Account error for: User<#{current_user.id}> Drivers<#{current_user.drivers.pluck(:id).join(",")}>"))
   end
 
   def setup
   end
 
+  def is_app_login_error
+  end
+
   def demo_login
   end
 

diff --git a/app/controllers/term_acceptances_controller.rb b/app/controllers/term_acceptances_controller.rb
@@ -3,6 +3,7 @@
 class TermAcceptancesController < ApplicationController
   skip_before_action :check_consents
   skip_before_action :check_account!
+  skip_before_action :check_not_app_login!
   before_action :set_user
   layout "setup"
 

diff --git a/app/helpers/company_members_helper.rb b/app/helpers/company_members_helper.rb
@@ -6,7 +6,7 @@ def company_member
   end
 
   def company_member_role_select_options
-    CompanyMember::ROLES.reject { |r| r == CompanyMember::DEMO_ACCOUNT }.map do |r|
+    CompanyMember::ROLES.reject { |r| r == CompanyMember::DEMO_ACCOUNT || r == CompanyMember::APP_LOGIN}.map do |r|
       [t("activerecord.attributes.company_member.roles.#{r}"), r]
     end
   end

diff --git a/app/models/company_member.rb b/app/models/company_member.rb
@@ -6,7 +6,9 @@ class CompanyMember < ApplicationRecord
   EMPLOYEE = "employee"
   DRIVER = "driver"
   DEMO_ACCOUNT = "demo_account"
-  ROLES = [OWNER, ADMINISTRATOR, DRIVER, DEMO_ACCOUNT].freeze
+  APP_LOGIN = "app_login"
+
+  ROLES = [OWNER, ADMINISTRATOR, DRIVER, DEMO_ACCOUNT, APP_LOGIN].freeze
 
   belongs_to :user, optional: true # set to true in order for to conditionally validate
   validates_presence_of :user, unless: :new_user?

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -51,6 +51,16 @@ def company_admin_or_owner?(company)
     @_company_admin_or_owner = companies_for_role([CompanyMember::ADMINISTRATOR, CompanyMember::OWNER]).exists? company.id
   end
 
+  def app_login?(company = nil)
+
+    if company.nil?
+      @_company_app_login = companies_for_role([CompanyMember::APP_LOGIN]).any?
+    else
+      @_company_app_login = companies_for_role([CompanyMember::APP_LOGIN]).exists? company.id
+    end
+
+  end
+
   def company_member?(company)
     return false if company.nil?
     return @_company_member if @_company_member

diff --git a/app/policies/app_login_policy.rb b/app/policies/app_login_policy.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class AppLoginPolicy < ApplicationPolicy
+  def new?
+    auth_context.company_admin_or_owner?
+  end
+
+  def create?
+    auth_context.company_admin_or_owner?
+  end
+
+  def show?
+    company_admin_or_owner?(record.company)
+  end
+
+  def reset_password?
+    company_admin_or_owner?(record.company)
+  end
+
+  def destroy?
+    company_admin_or_owner?(record.company)
+  end
+
+  def permitted_attributes
+    [:name, :has_value, :value_label]
+  end
+
+end
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
@@ -69,4 +69,8 @@ def company_member?(company = nil)
     def is_demo(company = nil)
       auth_context.is_demo(company)
     end
+
+    def is_app_login(company = nil)
+      auth_context.app_login?(company)
+    end
 end
diff --git a/app/policies/auth_context.rb b/app/policies/auth_context.rb
@@ -16,6 +16,11 @@ def company_admin_or_owner?(company = nil)
   end
   memoize :company_admin_or_owner?
 
+  def app_login?(company = nil)
+    user.app_login?(company || self.company)
+  end
+  memoize :app_login?
+
   def company_member?(company = nil)
     user.company_member?(company || self.company)
   end

diff --git a/app/policies/drive_policy.rb b/app/policies/drive_policy.rb
@@ -10,19 +10,19 @@ def new?
   end
 
   def create?
-    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company)
+    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company) || is_app_login(record_company)
   end
 
   def show?
-    own_record? || company_member?(record_company) || is_demo(record_company)
+    own_record? || company_member?(record_company) || is_demo(record_company) || is_app_login(record_company)
   end
 
   def update?
-    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company)
+    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company) || is_app_login(record_company)
   end
 
   def destroy?
-    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company)
+    own_record? || company_admin_or_owner?(record_company) || is_demo(record_company) || is_app_login(record_company)
   end
 
   def finish?

diff --git a/app/policies/tour_policy.rb b/app/policies/tour_policy.rb
@@ -10,19 +10,19 @@ def new?
   end
 
   def create?
-    own_record? || company_admin_or_owner?(company) || is_demo(company)
+    own_record? || company_admin_or_owner?(company) || is_demo(company) || is_app_login(company)
   end
 
   def show?
-    own_record? || company_member?(company)
+    own_record? || company_member?(company) || is_app_login(company)
   end
 
   def update?
-    own_record? || company_admin_or_owner?(company) || is_demo(company)
+    own_record? || company_admin_or_owner?(company) || is_demo(company) || is_app_login(company)
   end
 
   def destroy?
-    own_record? || company_admin_or_owner?(company) || is_demo(company)
+    own_record? || company_admin_or_owner?(company) || is_demo(company) || is_app_login(company)
   end
 
   # Scopes:

diff --git a/app/services/drivers_service.rb b/app/services/drivers_service.rb
@@ -3,7 +3,7 @@
 class DriversService
 
   def self.driver_scope(user)
-    full_permitted_companies = user.companies_for_role([CompanyMember::ADMINISTRATOR, CompanyMember::OWNER, CompanyMember::DEMO_ACCOUNT]).select(:id)
+    full_permitted_companies = user.companies_for_role([CompanyMember::ADMINISTRATOR, CompanyMember::OWNER, CompanyMember::DEMO_ACCOUNT, CompanyMember::APP_LOGIN]).select(:id)
     own_drivers = user.drivers.select(:id)
 
     Driver.where(id: own_drivers).or(Driver.where(company_id: full_permitted_companies))
@@ -23,6 +23,8 @@ def drivers_for(user, company)
         Driver.where(company_id: company.id)
       when CompanyMember::DEMO_ACCOUNT
         Driver.where(company_id: company.id)
+      when CompanyMember::APP_LOGIN
+        Driver.where(company_id: company.id)
       when CompanyMember::DRIVER
         Driver.where(company_id: company.id).joins(:driver_login).where(driver_logins: { user_id: user.id })
       else