Merge branch 'release/1.3.0'

Gemfile

@@ -60,7 +60,7 @@ gem "image_processing", ">= 1.2"
 gem "shakapacker", "6.0.0"
 
 # React hook for rails
-gem "react-rails"
+gem "react-rails", "2.6.2"
 
 # Use SCSS for stylesheets
 gem "sass-rails"

Gemfile.lock

@@ -103,8 +103,8 @@ GEM
       rake (>= 10.4, < 14.0)
     ast (2.4.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.707.0)
-    aws-sdk-core (3.170.0)
+    aws-partitions (1.850.0)
+    aws-sdk-core (3.186.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
@@ -677,7 +677,7 @@ DEPENDENCIES
   rails (~> 7.0.8)
   rails-controller-testing (~> 1.0, >= 1.0.5)
   ransack
-  react-rails
+  react-rails (= 2.6.2)
   redis (~> 4.0)
   rolify (~> 6.0)
   rspec-buildkite

app/controllers/api/v1/sns_subscriptions_controller.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class Api::V1::SnsSubscriptionsController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_after_action :verify_authorized
+  skip_before_action :verify_authenticity_token
+
+  def create
+    sns_message = JSON.parse(request.body.read)
+
+    if sns_message["Type"] == "SubscriptionConfirmation"
+      response = HTTParty.get(sns_message["SubscribeURL"])
+      render json: { message: "Subscription confirmed successfully" }, status: :ok
+    else
+      message = JSON.parse(sns_message["Message"])
+
+      if message["eventType"] == "Bounce"
+        handle_bounced_email(message)
+      elsif message["eventType"] == "Complaint"
+        handle_compliant_email(message)
+      end
+
+      render json: { message: "success" }, status: :ok
+    end
+  end
+
+  private
+
+    def handle_bounced_email(message)
+      bounce_recipients = message.dig("bounce", "bouncedRecipients")
+      bounce_recipients.each do |recipient|
+        next if recipient["action"] != "failed"
+
+        SesInvalidEmail.find_or_create_by(email: recipient["emailAddress"], bounce: true)
+      end
+    end
+
+    def handle_compliant_email(message)
+      compliant_recipients = message.dig("complaint", "complainedRecipients")
+      compliant_recipients.each do |recipient|
+        SesInvalidEmail.find_or_create_by(email: recipient["emailAddress"], compliant: true)
+      end
+    end
+end

app/controllers/internal_api/v1/companies_controller.rb

@@ -8,7 +8,7 @@ def index
 
     render :index, locals: {
       current_company:,
-      client_list: current_company.client_list,
+      client_list: current_company.clients.kept,
       address: current_company.current_address
     }, status: :ok
   end

app/controllers/internal_api/v1/invoices/payments_controller.rb

@@ -5,6 +5,7 @@ class InternalApi::V1::Invoices::PaymentsController < InternalApi::V1::Applicati
   skip_before_action :authenticate_user_using_x_auth_token
   skip_before_action :authenticate_user!
   skip_after_action :verify_authorized
+  after_action :track_event, only: [:success]
 
   def success
     if InvoicePayment::StripePaymentIntent.new(@invoice).process
@@ -31,4 +32,9 @@ def success
     def load_invoice
       @invoice = Invoice.includes(client: :company).find(params[:id])
     end
+
+    def track_event
+      create_stripe = "create_stripe"
+      Invoices::EventTrackerService.new(create_stripe, @invoice, params).process
+    end
 end

app/controllers/internal_api/v1/invoices_controller.rb

@@ -22,7 +22,7 @@ def create
     render :create, locals: {
       invoice: @invoice,
       client: @client,
-      client_member_emails: @invoice.send_invoice_emails(@virtual_verified_invitations_allowed)
+      client_member_emails: @invoice.client.send_invoice_emails(@virtual_verified_invitations_allowed)
     }
   end
 
@@ -31,8 +31,8 @@ def edit
     render :edit, locals: {
       invoice:,
       client: invoice.client,
-      client_list: current_company.client_list,
-      client_member_emails: invoice.send_invoice_emails(@virtual_verified_invitations_allowed)
+      client_list: current_company.clients.kept,
+      client_member_emails: invoice.client.send_invoice_emails(@virtual_verified_invitations_allowed)
     }
   end
 
@@ -50,7 +50,7 @@ def show
     render :show, locals: {
       invoice:,
       client: invoice.client,
-      client_member_emails: invoice.send_invoice_emails(@virtual_verified_invitations_allowed)
+      client_member_emails: invoice.client.send_invoice_emails(@virtual_verified_invitations_allowed)
     }
   end
 

app/controllers/internal_api/v1/leave_types_controller.rb

@@ -19,7 +19,7 @@ def update
   private
 
     def leave_type_params
-      params.require(:leave_type).permit(permitted_attributes)
+      params.require(:leave_type).permit(policy(LeaveType).permitted_attributes)
     end
 
     def leave

app/controllers/internal_api/v1/payments_controller.rb

@@ -2,6 +2,7 @@
 
 class InternalApi::V1::PaymentsController < ApplicationController
   before_action :set_invoice, only: [:create]
+  after_action :track_event, only: [:create]
 
   def new
     authorize :new, policy_class: PaymentPolicy
@@ -53,4 +54,9 @@ def payment_params
     def set_invoice
       @invoice = current_company.invoices.find(payment_params[:invoice_id])
     end
+
+    def track_event
+      create_payment = "create_payment"
+      Invoices::EventTrackerService.new(create_payment, @invoice || invoice, params).process
+    end
 end

app/controllers/internal_api/v1/team_controller.rb

@@ -5,19 +5,13 @@ class InternalApi::V1::TeamController < InternalApi::V1::ApplicationController
 
   def index
     authorize :index, policy_class: TeamPolicy
-    # TODO: need to update either the search form or search logic in later PRs
-    query = current_company.employments.kept.includes(user: [:roles, :avatar_attachment]).ransack(params[:q])
-    invitations_query = current_company.invitations.valid_invitations
-      .ransack(first_name_or_last_name_or_recipient_email_cont: params.dig(:q, :first_name_or_last_name_or_email_cont))
-    teams = query.result(distinct: true)
-    invitations = invitations_query.result(distinct: true)
-
-    presenter_data = TeamPresenter.new(teams, invitations, current_user, current_company).index_data
-    team_data = presenter_data[:teams]
-    invitation_data = presenter_data[:invitations]
-
-    combined_data = team_data + invitation_data
-    pagy_combined, combined_details = pagy_array(combined_data, items: params[:items] || 10)
+    team_index_details = Team::IndexService.new(
+      current_company:,
+      current_user:,
+      query: params.dig(:q, :first_name_or_last_name_or_email_cont)
+    ).process
+
+    pagy_combined, combined_details = pagy_array(team_index_details[:combined_data], items: params[:items] || 10)
 
     render :index, locals: {
       combined_details:,

app/controllers/internal_api/v1/timeoff_entries_controller.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+class InternalApi::V1::TimeoffEntriesController < InternalApi::V1::ApplicationController
+  before_action :load_user!, only: [:create, :update]
+  before_action :load_leave_type!, only: [:create, :update]
+  before_action :load_timeoff_entry!, only: [:update, :destroy]
+
+  def create
+    authorize TimeoffEntry
+
+    timeoff_entry = @user.timeoff_entries.create!(timeoff_params)
+    render json: { notice: "Added time off successfully", timeoff_entry: }, status: :ok
+  end
+
+  def update
+    authorize @timeoff_entry
+
+    @timeoff_entry.update!(timeoff_params)
+    render json: { notice: "Updated time off successfully", timeoff_entry: @timeoff_entry }, status: :ok
+  end
+
+  def destroy
+    authorize @timeoff_entry
+
+    @timeoff_entry.discard!
+    render json: { notice: "Deleted time off successfully", timeoff_entry: @timeoff_entry }, status: :ok
+  end
+
+  private
+
+    def timeoff_params
+      params.require(:timeoff_entry).permit(policy(TimeoffEntry).permitted_attributes)
+    end
+
+    def load_user!
+      @user ||= current_company.users.find(params[:timeoff_entry][:user_id])
+    end
+
+    def load_leave_type!
+      @leave_type ||= current_company.leave_types.find(params[:timeoff_entry][:leave_type_id])
+    end
+
+    def load_timeoff_entry!
+      @timeoff_entry ||= current_company.timeoff_entries.find(params[:id])
+    end
+end

app/controllers/internal_api/v1/users/sessions_controller.rb

@@ -1,19 +1,19 @@
 # frozen_string_literal: true
 
 class InternalApi::V1::Users::SessionsController < Devise::SessionsController
+  skip_before_action :verify_authenticity_token, only: :create
+
   respond_to :json
 
   def create
     user = User.find_for_database_authentication(email: user_params[:email])
 
     if invalid_password?(user)
-      render json: { error: I18n.t("sessions.failure.invalid") }, status: :unprocessable_entity
+      render_invalid_password_error
     elsif !user.confirmed?
-      render json: { error: I18n.t("devise.failure.unconfirmed"), unconfirmed: !user.confirmed? },
-        status: :unprocessable_entity
+      render_unconfirmed_user_error(user)
     else
-      sign_in(user)
-      render json: { notice: I18n.t("devise.sessions.signed_in"), user: }, status: :ok
+      handle_successful_sign_in(user)
     end
   end
 
@@ -32,4 +32,44 @@ def user_params
     def invalid_password?(user)
       user.blank? || !user.valid_password?(user_params[:password])
     end
+
+    def render_invalid_password_error
+      render json: { error: I18n.t("sessions.failure.invalid") }, status: :unprocessable_entity
+    end
+
+    def render_unconfirmed_user_error(user)
+      render json: {
+        error: I18n.t("devise.failure.unconfirmed"),
+        unconfirmed: !user.confirmed?
+      }, status: :unprocessable_entity
+    end
+
+    def handle_successful_sign_in(user)
+      sign_in(user)
+
+      app = params[:app] || ""
+
+      if app == "miru-desktop"
+        render_sign_in_response_for_desktop(user)
+      else
+        render_sign_in_response(user)
+      end
+    end
+
+    def render_sign_in_response(user)
+      render json: { notice: I18n.t("devise.sessions.signed_in"), user: }, status: :ok
+    end
+
+    def render_sign_in_response_for_desktop(user)
+      initial_props = {
+        user:,
+        avatar_url: current_user && current_user.avatar_url,
+        company_role: current_user && current_user.roles.find_by(resource: current_company)&.name,
+        confirmed_user: current_user && current_user.confirmed?,
+        company: current_company,
+        google_oauth_success: @google_oauth_success.present?
+      }
+
+      render json: { notice: I18n.t("devise.sessions.signed_in"), **initial_props }, status: :ok
+    end
 end

app/javascript/src/StyledComponents/Button.tsx

@@ -17,9 +17,12 @@ const SECONDARY_DISABLED =
   "bg-transparent text-miru-dark-purple-200 border border-miru-dark-purple-200";
 
 const TERNARY =
-  "bg-transparent text-miru-han-purple-1000 hover:text-miru-han-purple-600 border-0";
+  "rounded bg-transparent text-miru-han-purple-1000 hover:bg-miru-dark-purple-100 hover:text-miru-han-purple-600 border-0";
 const TERNARY_DISABLED = "bg-transparent text-miru-dark-purple-200 border-0";
 
+const DASHED =
+  "bg-white rounded border border-dashed border-miru-dark-purple-200 text-center text-base font-bold tracking-widest text-miru-dark-purple-200";
+
 const SMALL = "px-5/100 py-1vh text-xs font-bold leading-4";
 const MEDIUM = "px-10/100 py-1vh text-base font-bold leading-5";
 const LARGE = "px-15/100 py-1vh text-xl font-bold leading-7";
@@ -39,6 +42,7 @@ const BUTTON_STYLES = {
   primary: "primary",
   secondary: "secondary",
   ternary: "ternary",
+  dashed: "dashed",
 };
 const SIZES = { small: "small", medium: "medium", large: "large" };
 
@@ -67,6 +71,8 @@ const Button = ({
       style == BUTTON_STYLES.ternary && !disabled && TERNARY,
       style == BUTTON_STYLES.ternary && disabled && TERNARY_DISABLED,
 
+      style == BUTTON_STYLES.dashed && !disabled && DASHED,
+
       size == SIZES.small && SMALL,
       size == SIZES.medium && MEDIUM,
       size == SIZES.large && LARGE,