Add multi-user licenses

Gemfile

@@ -20,7 +20,7 @@ gem 'redis', '~> 4.7.1'
 gem 'request_migrations', '~> 1.1'
 
 # API params
-gem 'typed_params', '~> 1.1'
+gem 'typed_params', '~> 1.2.3'
 
 # Serializers
 gem 'json', '~> 2.3.0'

Gemfile.lock

@@ -492,7 +492,7 @@ GEM
     timecop (0.9.5)
     timeout (0.4.0)
     tracer (0.1.1)
-    typed_params (1.1.0)
+    typed_params (1.2.3)
       rails (>= 6.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
@@ -580,7 +580,7 @@ DEPENDENCIES
   stripe-ruby-mock!
   timecop (~> 0.9.5)
   tracer
-  typed_params (~> 1.1)
+  typed_params (~> 1.2.3)
   uri (>= 0.12.2)
   webmock (~> 3.14.0)
 

README.md

@@ -152,6 +152,12 @@ To start a worker, run:
 bundle exec sidekiq
 ```
 
+To start a console, run:
+
+```bash
+bundle exec rails console
+```
+
 ### Testing
 
 To run the entire test suite, specs and features, run (takes about 20 mins on a 16-core CPU):

app/controllers/api/v1/groups/relationships/licenses_controller.rb

@@ -10,7 +10,7 @@ class LicensesController < Api::V1::BaseController
     authorize :group
 
     def index
-      licenses = apply_pagination(authorized_scope(apply_scopes(group.licenses), with: Groups::LicensePolicy).preload(:role, :user, :policy, :product))
+      licenses = apply_pagination(authorized_scope(apply_scopes(group.licenses), with: Groups::LicensePolicy).preload(:role, :policy, :product, owner: %i[role]))
       authorize! licenses,
         with: Groups::LicensePolicy
 

app/controllers/api/v1/groups/relationships/machines_controller.rb

@@ -10,7 +10,7 @@ class MachinesController < Api::V1::BaseController
     authorize :group
 
     def index
-      machines = apply_pagination(authorized_scope(apply_scopes(group.machines), with: Groups::MachinePolicy).preload(:product, :policy, :license, :user))
+      machines = apply_pagination(authorized_scope(apply_scopes(group.machines), with: Groups::MachinePolicy).preload(:product, :policy, :owner, license: %i[owner]))
       authorize! machines,
         with: Groups::MachinePolicy
 

app/controllers/api/v1/licenses/actions/checkouts_controller.rb

@@ -10,9 +10,15 @@ class CheckoutsController < Api::V1::BaseController
     authorize :license
 
     typed_query {
-      param :include, type: :array, coerce: true, allow_blank: true, optional: true
       param :encrypt, type: :boolean, coerce: true, optional: true
       param :ttl, type: :integer, coerce: true, allow_nil: true, optional: true
+      param :include, type: :array, coerce: true, allow_blank: true, optional: true, transform: -> key, includes {
+        # FIXME(ezekg) For backwards compatibility. Replace user include with
+        #              owner when present.
+        includes.push('owner') if includes.delete('user')
+
+        [key, includes]
+      }
     }
     def show
       kwargs = checkout_query.slice(
@@ -39,15 +45,23 @@ def show
       format :jsonapi
 
       param :meta, type: :hash, optional: true do
-        param :include, type: :array, allow_blank: true, optional: true
         param :encrypt, type: :boolean, optional: true
         param :ttl, type: :integer, coerce: true, allow_nil: true, optional: true
+        param :include, type: :array, allow_blank: true, optional: true, transform: -> key, includes {
+          includes.push('owner') if includes.delete('user')
+
+          [key, includes]
+        }
       end
     }
     typed_query {
-      param :include, type: :array, coerce: true, allow_blank: true, optional: true
       param :encrypt, type: :boolean, coerce: true, optional: true
       param :ttl, type: :integer, coerce: true, allow_nil: true, optional: true
+      param :include, type: :array, coerce: true, allow_blank: true, optional: true, transform: -> key, includes {
+        includes.push('owner') if includes.delete('user')
+
+        [key, includes]
+      }
     }
     def create
       kwargs = checkout_query.merge(checkout_meta)

app/controllers/api/v1/licenses/relationships/entitlements_controller.rb

@@ -100,7 +100,7 @@ def detach
         invalid_idx             = entitlement_ids.find_index(invalid_entitlement_id)
 
         return render_unprocessable_entity(
-          detail: "entitlement '#{invalid_entitlement_id}' relationship not found",
+          detail: "cannot detach entitlement '#{invalid_entitlement_id}' (entitlement is not attached)",
           source: {
             pointer: "/data/#{invalid_idx}",
           },

app/controllers/api/v1/licenses/relationships/machines_controller.rb

@@ -14,7 +14,7 @@ class MachinesController < Api::V1::BaseController
     authorize :license
 
     def index
-      machines = apply_pagination(authorized_scope(apply_scopes(license.machines)).preload(:product, :policy))
+      machines = apply_pagination(authorized_scope(apply_scopes(license.machines)).preload(:product, :policy, :owner, license: %i[owner]))
       authorize! machines,
         with: Licenses::MachinePolicy
 

app/controllers/api/v1/licenses/relationships/owners_controller.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Api::V1::Licenses::Relationships
+  class OwnersController < Api::V1::BaseController
+    before_action :scope_to_current_account!
+    before_action :require_active_subscription!
+    before_action :authenticate_with_token!
+    before_action :set_license
+
+    authorize :license
+
+    def show
+      owner = license.owner
+      authorize! owner,
+        with: Licenses::OwnerPolicy
+
+      render jsonapi: owner
+    end
+
+    typed_params {
+      format :jsonapi
+
+      param :data, type: :hash, allow_nil: true do
+        param :type, type: :string, inclusion: { in: %w[user users] }
+        param :id, type: :uuid
+      end
+    }
+    def update
+      owner = license.owner
+      authorize! owner,
+        with: Licenses::OwnerPolicy
+
+      license.update!(user_id: owner_params[:id])
+
+      BroadcastEventService.call(
+        event: 'license.owner.updated',
+        account: current_account,
+        resource: license,
+      )
+
+      # FIXME(ezekg) This should be the user
+      render jsonapi: license
+    end
+
+    private
+
+    attr_reader :license
+
+    def set_license
+      scoped_licenses = authorized_scope(current_account.licenses)
+
+      @license = FindByAliasService.call(scoped_licenses, id: params[:license_id], aliases: :key)
+
+      Current.resource = license
+    end
+  end
+end

app/controllers/api/v1/licenses/relationships/users_controller.rb

@@ -9,43 +9,115 @@ class UsersController < Api::V1::BaseController
 
     authorize :license
 
+    def index
+      users = apply_pagination(authorized_scope(apply_scopes(license.users)).preload(:role))
+      authorize! users,
+        with: Licenses::UserPolicy
+
+      render jsonapi: users
+    end
+
     def show
-      user = license.user
+      user = FindByAliasService.call(license.users, id: params[:id], aliases: :email)
       authorize! user,
         with: Licenses::UserPolicy
 
       render jsonapi: user
     end
 
+
     typed_params {
       format :jsonapi
 
-      param :data, type: :hash, allow_nil: true do
-        param :type, type: :string, inclusion: { in: %w[user users] }
-        param :id, type: :uuid
+      param :data, type: :array, length: { minimum: 1 } do
+        items type: :hash do
+          param :type, type: :string, inclusion: { in: %w[user users] }
+          param :id, type: :uuid, as: :user_id
+        end
       end
     }
-    def update
-      user = license.user
-      authorize! user,
+    def attach
+      users = current_account.users.where(id: user_ids)
+      authorize! users,
         with: Licenses::UserPolicy
 
-      license.update!(user_id: user_params[:id])
+      attached = license.license_users.create!(
+        user_ids.map {{ user_id: _1 }},
+      )
 
       BroadcastEventService.call(
-        event: 'license.user.updated',
+        event: 'license.users.attached',
         account: current_account,
-        resource: license,
+        resource: attached,
       )
 
-      # FIXME(ezekg) This should be the user
-      render jsonapi: license
+      render jsonapi: attached
+    end
+
+    typed_params {
+      format :jsonapi
+
+      param :data, type: :array, length: { minimum: 1 } do
+        items type: :hash do
+          param :type, type: :string, inclusion: { in: %w[user users] }
+          param :id, type: :uuid, as: :user_id
+        end
+      end
+    }
+    def detach
+      users = current_account.users.where(id: user_ids)
+      authorize! users,
+        with: Licenses::UserPolicy
+
+      # Block owner from being detached. This request wouldn't detach the owner, but
+      # since non-existing license user IDs are currently noops, responding with a
+      # 2xx status code is confusing for the end-user, so we're going to error
+      # out early for a better DX.
+      if license.owner_id? && user_ids.include?(license.owner_id)
+        forbidden_user_id = license.owner_id
+        forbidden_idx     = user_ids.find_index(forbidden_user_id)
+
+        return render_forbidden(
+          detail: "cannot detach user '#{forbidden_user_id}' (user is attached through owner)",
+          source: {
+            pointer: "/data/#{forbidden_idx}",
+          },
+        )
+      end
+
+      # Ensure all users exist. Again, non-existing license users would be
+      # a noop, but responding with a 2xx status code is a confusing DX.
+      license_users = license.license_users.where(user_id: user_ids)
+
+      unless license_users.size == user_ids.size
+        license_user_ids = license_users.pluck(:user_id)
+        invalid_user_ids = user_ids - license_user_ids
+        invalid_user_id  = invalid_user_ids.first
+        invalid_idx      = user_ids.find_index(invalid_user_id)
+
+        return render_unprocessable_entity(
+          detail: "cannot detach user '#{invalid_user_id}' (user is not attached)",
+          source: {
+            pointer: "/data/#{invalid_idx}",
+          },
+        )
+      end
+
+      detached = license.license_users.destroy(license_users)
+
+      BroadcastEventService.call(
+        event: 'license.users.detached',
+        account: current_account,
+        resource: detached,
+      )
     end
 
     private
 
     attr_reader :license
 
+    def user_ids = user_params.pluck(:user_id)
+
     def set_license
       scoped_licenses = authorized_scope(current_account.licenses)
 

app/controllers/api/v1/licenses/relationships/v1x5/users_controller.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Api::V1::Licenses::Relationships::V1x5
+  class UsersController < Api::V1::BaseController
+    before_action :scope_to_current_account!
+    before_action :require_active_subscription!
+    before_action :authenticate_with_token!
+    before_action :set_license
+
+    authorize :license
+
+    def show
+      user = license.owner
+      authorize! user,
+        with: Licenses::V1x5::UserPolicy
+
+      render jsonapi: user
+    end
+
+    typed_params {
+      format :jsonapi
+
+      param :data, type: :hash, allow_nil: true do
+        param :type, type: :string, inclusion: { in: %w[user users] }
+        param :id, type: :uuid
+      end
+    }
+    def update
+      user = license.owner
+      authorize! user,
+        with: Licenses::V1x5::UserPolicy
+
+      license.update!(user_id: user_params[:id])
+
+      BroadcastEventService.call(
+        event: 'license.user.updated',
+        account: current_account,
+        resource: license,
+      )
+
+      render jsonapi: license
+    end
+
+    private
+
+    attr_reader :license
+
+    def set_license
+      scoped_licenses = authorized_scope(current_account.licenses)
+
+      @license = FindByAliasService.call(scoped_licenses, id: params[:license_id], aliases: :key)
+
+      Current.resource = license
+    end
+  end
+end