Various

.dockerignore

@@ -0,0 +1,2 @@
+tmp
+log

.env.sample

@@ -1,14 +1,12 @@
-POSTGRES_HOST=db
-POSTGRES_USER=invoices_db_user
-POSTGRES_PASSWORD= // random string
-S3_ACCESS_KEY_ID= // your s3 access key id
-S3_SECRET_ACCESS_KEY= // your s3 secret access key
 SECRET_KEY_BASE= // random string
-RAILS_LOG_TO_STDOUT=true
 SMTP_HOST= // e.g. smtp.mailgun.org
 SMTP_PORT= // e.g. 587
 SMTP_DOMAIN= // e.g. mg.yoursite.io
 SMTP_USER= // e.g. postmaster@mg.yoursite.io
 SMTP_PASSWORD= // your smtp password
 SMTP_AUTHENTICATION=login
-SMTP_ENABLE_STARTTLS_AUTO=1
+SMTP_ENABLE_STARTTLS_AUTO=1
+SSO_HOST= // your sso host e.g. https://thepavilion.io
+SSO_URL= // your sso url, e.g. https://thepavilion.io/session/sso_provider
+SSO_SECRET=// your sso secret
+HOSTNAME= // your host, e.g. invoices.thepavilion.io

.gitignore

@@ -1,4 +1,4 @@
-.env
+*.env
 ./Gemfile.lock
 tmp
 log

docker/web/Dockerfile → Dockerfile.web

@@ -18,7 +18,7 @@ RUN mkdir log
 COPY public public/
 
 # Copy Nginx config template
-COPY docker/web/nginx.conf /tmp/docker.nginx
+COPY nginx.conf /tmp/docker.nginx
 
 # substitute variable references in the Nginx config template for real values from the environment
 # put the final config in its place

README.md

@@ -38,7 +38,7 @@ The ``db:setup`` may fail with ``role "invoices_db_user" does not exist``. If it
 
 ```
 psql -d postgres
-create role invoices_db_user login createdb;
+create role postgres login createdb superuser;
 \q
 ```
 
@@ -60,7 +60,7 @@ Docker does not yet have easy way to share "machines" between computers to allow
 
 2. Import the ``invoices`` machine using the machine config file (ask angus).
 
-3. Run ``docker-machine use invoices``.
+3. Run ``eval $(docker-machine env invoices)``.
 
 ### Deploy
 
@@ -73,7 +73,15 @@ docker-compose up --no-deps -d app
 
 For an explanation of these commands and their arguments [see here](https://docs.docker.com/compose/production/).
 
-Note that when changing code, you only need to redeploy the web container.
+### Backups
+
+Backups are currently done adhoc via pg_dumpall, e.g. 
+
+```
+docker-compose exec -t db pg_dumpall -c -U postgres | gzip > ~/google/pavilion/admin/invoices/backups/dump_`date +%d-%m-%Y"_"%H_%M_%S`.gz
+```
+
+An automated, chron-based solution in its own container is the next step here.
 
 ## API
 

app/controllers/api/v1/items_controller.rb

@@ -73,7 +73,6 @@ def add_human_taxes item, params
 
       params[:data][:attributes][:taxes].each do |tax_name|
         tax = Tax.find_by_name tax_name
-        puts tax
         if tax and !item.taxes.exists? tax.id
           item.taxes << tax
         end

app/controllers/application_controller.rb

@@ -73,5 +73,11 @@ def ensure_member
       raise Exception.new(I18n.t('sso.not_authorized'))
     end
   end
-
+
+  def ensure_access
+    unless current_user.is_member? || current_user.customer.present?
+      raise Exception.new(I18n.t('sso.not_authorized'))
+    end
+  end
+
 end

app/controllers/commons_controller.rb

@@ -4,10 +4,11 @@ class CommonsController < ApplicationController
   include MetaAttributesControllerMixin
 
   before_action :set_type
+  before_action :ensure_member, only: [:create, :edit, :update, :destroy]
+  before_action :ensure_access, only: [:index, :chart_data]
   before_action :configure_search, only: [:index, :chart_data]
   before_action :set_model_instance, only: [:show, :edit, :update, :destroy]
   before_action :set_extra_stuff, only: [:new, :create, :edit, :update]
-  before_action :ensure_member, only: [:create, :edit, :update, :destroy]
 
   # Renders a common's template in html and pdf formats
   def print_template

app/controllers/commons_controller_mixin.rb

@@ -8,7 +8,11 @@ module CommonsControllerMixin
   #
   # Returns the same value received
   def configure_search
-    @search = model.ransack(params[:q])
+    unless current_user.is_member?
+      data = model.where(customer_id: current_user.customer.id)
+    end
+
+    @search = data.ransack(params[:q])
 
     @results = @search.result(distinct: true)\
       .order(issue_date: :desc).order(id: :desc)

app/controllers/sessions_controller.rb

@@ -49,7 +49,7 @@ def sso_login
 
     begin
       if user = sso.lookup_or_create_user
-        unless user.is_member? || user.is_customer? 
+        unless user.is_member? || user.customer 
           render_sso_error(text: I18n.t("sso.not_authorized"), status: 403)
           return
         end

app/models/customer.rb

@@ -6,6 +6,7 @@ class Customer < ActiveRecord::Base
   has_many :invoices
   has_many :estimates
   has_many :recurring_invoices
+  has_many :users
 
   # Validation
   validate :valid_customer_identification

app/models/user.rb

@@ -1,6 +1,7 @@
 class User < ActiveRecord::Base
   attr_accessor :remember_token
 
+  belongs_to :customer, optional: true
   has_one :single_sign_on_record, dependent: :destroy
 
   has_secure_password
@@ -45,10 +46,6 @@ def self.find_by_email(email)
   def is_member?
     groups && groups.split(',').include?('members')
   end
-
-  def is_customer?
-    Customer.where(group: groups.split(',')).exists?
-  end
 end
 
 # == Schema Information
@@ -64,8 +61,14 @@ def is_customer?
 #  remember_digest :string(255)
 #  created_at      :datetime         not null
 #  updated_at      :datetime         not null
+#  customer_id     :bigint
 #
 # Indexes
 #
-#  index_users_on_email  (email) UNIQUE
+#  index_users_on_customer_id  (customer_id)
+#  index_users_on_email        (email) UNIQUE
+#
+# Foreign Keys
+#
+#  fk_rails_...  (customer_id => customers.id)
 #

app/views/invoices/_searchform__filters.html.haml

@@ -1,8 +1,10 @@
 .row
-  .col-xs-12.col-lg-6
-    .form-group
-      = f.label :customer_id_eq, "Customer:"
-      = f.collection_select :customer_id_eq, Customer.all, :id, :to_s, {include_blank: 'Choose…'}, {class: 'form-control c-select', 'data-role': 'select-autocomplete', style: 'width: 100%;'}
+  - if current_user.is_member?
+    .col-xs-12.col-lg-6
+      .form-group
+        = f.label :customer_id_eq, "Customer:"
+        = f.collection_select :customer_id_eq, Customer.all, :id, :to_s, {include_blank: 'Choose…'}, {class: 'form-control c-select', style: 'width: 100%;'}
+
   .col-xs-12.col-sm-6.col-lg-3
     .form-group
       = f.label :issue_date_gteq, "from: "
@@ -23,4 +25,4 @@
   .col-xs-12.col-sm-6.col-lg-6
     .form-group
       = f.label :with_status, "Status:"
-      = f.select :with_status, Invoice::status_collection, {include_blank: 'Choose…'}, {class: 'form-control c-select'}
+      = f.select :with_status, Invoice.status_collection, {include_blank: 'Choose…'}, {class: 'form-control c-select'}

app/views/invoices/index.html.erb

@@ -39,9 +39,11 @@
 </div>
 
 <div class="action-buttons" data-role="action-buttons">
-  <%= link_to t("delete"), '#', class: 'btn btn-danger float-xs-left', data: {confirm: 'are you sure?', role: 'submit-form', action: 'delete', target: '#js-list-form'} %>
+  <% if current_user.is_member? %>
+    <%= link_to t("delete"), '#', class: 'btn btn-danger float-xs-left', data: {confirm: 'are you sure?', role: 'submit-form', action: 'delete', target: '#js-list-form'} %>
+    <%= link_to t("set paid"), '#', class: 'btn btn-primary', data: {role: 'submit-form', action: 'set_paid', target: '#js-list-form'} %>
+  <% end %>
   <%= link_to t("send email"), '#', class: 'btn btn-primary', data: {role: 'submit-form', action: 'send_email', target: '#js-list-form'} %>
-  <%= link_to t("set paid"), '#', class: 'btn btn-primary', data: {role: 'submit-form', action: 'set_paid', target: '#js-list-form'} %>
   <%= link_to t("download pdf"), '#', class: 'btn btn-primary', data: {role: 'submit-form', action: 'pdf', target: '#js-list-form'} %>
 </div>
 

app/views/invoices/show.html.erb

@@ -6,20 +6,14 @@
   </div>
 <% end %>
 
-<div class="action-buttons" data-role="action-buttons">
-  <% unless @invoice.paid %>
-    <% if @invoice.payment_pending? %>
-      <%= link_to t("change payment"), edit_invoice_payment_path(@invoice), class: 'btn btn-danger' %>
-    <% else %>
-      <%= link_to t("pay now"), new_invoice_payment_path(@invoice), class: 'btn btn-primary' %>
-    <% end %>
-  <% end %>
-
+<div class="action-buttons" data-role="action-buttons">  
   <%= link_to t("send by email"), send_email_invoice_path, class: 'btn btn-primary' %>
   <%= link_to t("download pdf"), print_invoice_path(@invoice,:format=>:pdf), class: 'btn btn-secondary' %>
 
   <div class="buttons-right">
-    <%= link_to t("edit"), edit_invoice_path(@invoice), class: 'btn btn-secondary' %>
+    <% if current_user.is_member? %>
+      <%= link_to t("edit"), edit_invoice_path(@invoice), class: 'btn btn-secondary' %>
+    <% end %>
   </div>
 </div>
 

config/database.yml

@@ -7,9 +7,9 @@
 default: &default
   adapter: postgresql
   encoding: unicode
-  host: <%= ENV["POSTGRES_HOST"] %>
-  username: <%= ENV['POSTGRES_USER'] %>
-  password: <%= ENV['POSTGRES_PASSWORD'] %>
+  host: db
+  username: postgres
+  password: 
   pool: 5
 
 development:

config/environments/production.rb

@@ -103,6 +103,6 @@
   config.active_record.dump_schema_after_migration = false
 
   config.after_initialize do
-    Rails.application.routes.default_url_options[:host] = ENV["host"]
+    Rails.application.routes.default_url_options[:host] = ENV["HOSTNAME"]
   end
 end

config/routes.rb

@@ -4,6 +4,7 @@
   get    'login'   => 'sessions#new',      as: :login
   post   'login'   => 'sessions#create'
   delete 'logout'  => 'sessions#destroy',  as: :logout
+  get 'logout'  => 'sessions#destroy'
 
   get "session/sso" => "sessions#sso"
   get "session/sso_login" => "sessions#sso_login"

db/migrate/20200120061303_add_customer_to_users.rb

@@ -0,0 +1,5 @@
+class AddCustomerToUsers < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :users, :customer, foreign_key: true
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_01_16_071738) do
+ActiveRecord::Schema.define(version: 2020_01_20_061303) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -239,6 +239,8 @@
     t.string "remember_digest", limit: 255
     t.string "groups"
     t.string "avatar_url"
+    t.bigint "customer_id"
+    t.index ["customer_id"], name: "index_users_on_customer_id"
     t.index ["email"], name: "index_users_on_email", unique: true
   end
 
@@ -256,4 +258,5 @@
   add_foreign_key "payment_receivers", "payment_providers"
   add_foreign_key "payments", "payment_receivers"
   add_foreign_key "single_sign_on_records", "users"
+  add_foreign_key "users", "customers"
 end

docker-compose.yml

@@ -7,36 +7,36 @@ volumes:
 services:
   db:
     image: postgres
-    env_file: .env
+    restart: always
+    ports:
+      - '5432:5432'
     volumes:
       - db-data:/var/lib/postgresql/db-data
-
-  backup:
-    image: schickling/postgres-backup-s3
-    links:
-      - db
-    environment:
-      SCHEDULE: '@daily'
-      S3_REGION: eu-west-2
-      S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID}
-      S3_SECRET_ACCESS_KEY: ${S3_SECRET_ACCESS_KEY}
-      S3_BUCKET: invoices.thepavilion.io
-      S3_PREFIX: backup
-      POSTGRES_DATABASE: ${POSTGRES_HOST}
-      POSTGRES_USER: ${POSTGRES_USER}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_EXTRA_OPTS: '--schema=public --blobs'
 
   app:
     build: 
       context: .
-      dockerfile: ./docker/app/Dockerfile
+      dockerfile: Dockerfile.app
       args:
         - SECRET_KEY_BASE=${SECRET_KEY_BASE}
     command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'"
     env_file: .env
     environment:
       RAILS_ENV: production
+      SMTP_HOST: ${SMTP_HOST}
+      SMTP_PORT: ${SMTP_PORT}
+      SMTP_DOMAIN: ${SMTP_DOMAIN}
+      SMTP_USER: ${SMTP_USER}
+      SMTP_PASSWORD: ${SMTP_PASSWORD}
+      SMTP_AUTHENTICATION: ${SMTP_AUTHENTICATION}
+      SMTP_ENABLE_STARTTLS_AUTO: ${SMTP_ENABLE_STARTTLS_AUTO}
+      SSO_HOST: ${SSO_HOST}
+      SSO_URL: ${SSO_URL}
+      SSO_SECRET: ${SSO_SECRET}
+      HOSTNAME: ${HOSTNAME}
+      RAILS_LOG_TO_STDOUT: 'true'
+    volumes:
+      - .:/invoices
     ports:
       - 3000:3000
     depends_on:
@@ -45,7 +45,7 @@ services:
   web:
     build:
       context: .
-      dockerfile: ./docker/web/Dockerfile
+      dockerfile: Dockerfile.web
     volumes:
       - /var/www/app/data/certbot/conf:/etc/letsencrypt
       - /var/www/app/data/certbot/www:/var/www/certbot

lib/single_sign_on.rb

@@ -164,10 +164,15 @@ def lookup_or_create_user
       user = match_email_or_create_user
       sso_record = user.single_sign_on_record
     end
-
+    
     user.email = email
     user.name = name
-    user.groups = groups
+
+    if groups && (customer = Customer.find_by(group: groups.split(',')))
+      user.groups = groups
+      user.customer = customer
+    end
+
     user.avatar_url = avatar_url
 
     user.save!

spec/factories/user_factory.rb

@@ -20,8 +20,14 @@
 #  remember_digest :string(255)
 #  created_at      :datetime         not null
 #  updated_at      :datetime         not null
+#  customer_id     :bigint
 #
 # Indexes
 #
-#  index_users_on_email  (email) UNIQUE
+#  index_users_on_customer_id  (customer_id)
+#  index_users_on_email        (email) UNIQUE
+#
+# Foreign Keys
+#
+#  fk_rails_...  (customer_id => customers.id)
 #