Merge branch 'dev' for release 4.7.10

.ruby-version

@@ -1 +1 @@
-ruby-2.6.6
+ruby-2.6.7

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog Fab-manager
 
+## v4.7.10 2021 May 25
+
+- CAD lists of types and extensions are now ordered alphabetically
+- Fix a bug: reservation of slots restricted to subscribers leads to invoices without invoiced_id
+- Fix a bug: new installation with mapping to an external network does not connect fab-manager to elasticsearch
+- Fix a bug: typo in allow/prevent booking overlapping slots
+- Fix a bug: unable to use run.fab.mn
+- Fix a bug: parse error while compiling the assets
+- Fix a security issue: updated @rails/webpacker to 5.4.0 to fix [CVE-2021-28092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092) and [CVE-2021-23368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368)
+- Fix a security issue: updated ruby to 2.6.7 to fix [CVE-2020-25613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25613) and [CVE-2021-28965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965)
+- Fix a security issue: updated puma to 4.3.8 to fix [CVE-2019-16770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16770)
+- Fix a security issue: updated nokogiri to 1.11.4 to fix [GHSA-7rrm-v45f-jp64](https://github.com/advisories/GHSA-7rrm-v45f-jp64)
+- [TODO DEPLOY] `rails fablab:fix_invoices`
+- [TODO DEPLOY] `rails fablab:maintenance:regenerate_invoices[year,month]` Depending on the status of the above command, you'll need to run that one for the months with erroneous invoices
+
 ## v4.7.9 2021 May 17
 
 - Updated dependency to OpenLab

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.6.6-alpine
+FROM ruby:2.6.7-alpine
 MAINTAINER contact@fab-manager.com
 
 # Install upgrade system packages

Gemfile

@@ -7,7 +7,7 @@ gem 'rails', '~> 5.2.4'
 # Used by rails 5.2 to reduce the app boot time by over 50%
 gem 'bootsnap'
 # Use Puma as web server
-gem 'puma', '3.12.6'
+gem 'puma', '4.3.8'
 gem 'webpacker', '~> 5.x'
 
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder

Gemfile.lock

@@ -217,7 +217,7 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.7)
-    nokogiri (1.11.3)
+    nokogiri (1.11.4)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     notify_with (0.0.2)
@@ -264,7 +264,8 @@ GEM
     prawn-table (0.2.2)
       prawn (>= 1.3.0, < 3.0.0)
     public_suffix (4.0.6)
-    puma (3.12.6)
+    puma (4.3.8)
+      nio4r (~> 2.0)
     pundit (2.1.0)
       activesupport (>= 3.0.0)
     raabro (1.1.6)
@@ -469,7 +470,7 @@ DEPENDENCIES
   pg_search
   prawn
   prawn-table
-  puma (= 3.12.6)
+  puma (= 4.3.8)
   pundit
   railroady
   rails (~> 5.2.4)

app/frontend/src/javascript/controllers/admin/invoices.js

@@ -177,6 +177,14 @@ Application.Controllers.controller('InvoicesController', ['$scope', '$state', 'I
       spaceLabel: {
         name: 'accounting_Space_label',
         value: settings.accounting_Space_label
+      },
+      errorCode: {
+        name: 'accounting_Error_code',
+        value: settings.accounting_Error_code
+      },
+      errorLabel: {
+        name: 'accounting_Error_label',
+        value: settings.accounting_Error_label
       }
     };
 

app/frontend/src/javascript/directives/settings/select-multiple-setting.js

@@ -21,7 +21,7 @@ Application.Directives.directive('selectMultipleSetting', ['Setting', 'growl', '
         };
 
         // the options
-        $scope.options = $scope.settings[$scope.name].split(' ');
+        $scope.options = $scope.settings[$scope.name].split(' ').sort();
 
         // the selected options
         $scope.selection = [];

app/frontend/src/javascript/router.js

@@ -861,6 +861,7 @@ angular.module('application.router', ['ui.router'])
                      "'accounting_VAT_code', 'accounting_VAT_label', 'accounting_subscription_code', 'accounting_subscription_label', " +
                      "'accounting_Machine_code', 'accounting_Machine_label', 'accounting_Training_code', 'accounting_Training_label', " +
                      "'accounting_Event_code', 'accounting_Event_label', 'accounting_Space_code', 'accounting_Space_label', " +
+                     "'accounting_Error_code', 'accounting_Error_label', " +
                      "'feature_tour_display', 'online_payment_module', 'stripe_public_key', 'stripe_currency', 'invoice_prefix']"
             }).$promise;
           }],

app/frontend/src/stylesheets/modules/payment-schedules-table.scss

@@ -156,7 +156,7 @@
 
       .payment-pending {
         @extend .submit-card-btn;
-        @extend .submit-card-btn[disabled];
+        background-color: lighten(#1d98ec, 20%);
         text-align: center;
         padding: 4px;
       }

app/frontend/src/stylesheets/modules/stripe-modal.scss

@@ -72,7 +72,7 @@
 
   .payment-pending {
     @extend .validate-btn;
-    @extend .validate-btn[disabled];
+    background-color: lighten(#1d98ec, 20%);
     text-align: center;
     padding: 4px;
   }

app/frontend/templates/admin/invoices/codes.html

@@ -106,6 +106,16 @@
         <input type="text" id="spaceLabel" ng-model="settings.spaceLabel.value" class="form-control" placeholder="{{ 'app.admin.invoices.general_space_label' | translate }}"/>
       </div>
     </div>
+    <div class="row">
+      <div class="col-md-6">
+        <label for="spaceCode" translate>{{ 'app.admin.invoices.accounting_Error_code' }}</label>
+        <input type="text" id="errorCode" ng-model="settings.errorCode.value" class="form-control" placeholder="{{ 'app.admin.invoices.general_error_code' | translate }}" />
+      </div>
+      <div class="col-md-6">
+        <label for="spaceLabel" translate>{{ 'app.admin.invoices.accounting_Error_label' }}</label>
+        <input type="text" id="errorLabel" ng-model="settings.errorLabel.value" class="form-control" placeholder="{{ 'app.admin.invoices.general_error_label' | translate }}"/>
+      </div>
+    </div>
     <button name="button" class="btn btn-warning m-t-lg" ng-click="save()" translate>{{ 'app.shared.buttons.save' }}</button>
   </div>
-</div>
+</div>

app/frontend/templates/admin/settings/reservations.html

@@ -87,7 +87,7 @@ <h3 class="m-l m-t-lg" translate>{{ 'app.admin.settings.ability_for_the_users_to
                 <h3 class="m-l m-t-lg" translate>{{ 'app.admin.settings.book_overlapping_slots_info' }}</h3>
                 <boolean-setting name="book_overlapping_slots"
                                  settings="allSettings"
-                                 label="app.admin.settings.allow_booking"
+                                 label="app.admin.settings.prevent_booking"
                                  classes="m-l">
                 </boolean-setting>
             </div>

app/frontend/templates/plans/index.html

@@ -32,7 +32,7 @@ <h2 class="text-u-c group-title">{{plansGroup.name}}</h2>
                            subscribed-plan-id="ctrl.member.subscribed_plan.id"
                            operator="currentUser"
                            on-select-plan="selectPlan"
-                           is-selected="isSelected(plan)"
+                           is-selected="isSelected(plan)">
                 </plan-card>
           </div>
 

app/models/reservation.rb

@@ -23,7 +23,7 @@ class Reservation < ApplicationRecord
   validates_presence_of :reservable_id, :reservable_type
   validate :machine_not_already_reserved, if: -> { reservable.is_a?(Machine) }
   validate :training_not_fully_reserved, if: -> { reservable.is_a?(Training) }
-  validates_with ReservationSlotSubscriptionValidator
+  # validates_with ReservationSlotSubscriptionValidator
 
   attr_accessor :plan_id, :subscription
 

app/models/setting.rb

@@ -109,7 +109,9 @@ class Setting < ApplicationRecord
                              upcoming_events_shown
                              payment_schedule_prefix
                              trainings_module
-                             address_required] }
+                             address_required
+                             accounting_Error_code
+                             accounting_Error_label] }
   # WARNING: when adding a new key, you may also want to add it in app/policies/setting_policy.rb#public_whitelist
 
   def value

app/pdfs/pdf/invoice.rb

@@ -108,6 +108,8 @@ def initialize(invoice, subscription_expiration_date)
           object = subscription_verbose(invoice.invoiced, name)
         when 'OfferDay'
           object = offer_day_verbose(invoice.invoiced, name)
+        when 'Error'
+          object = I18n.t('invoices.error_invoice')
         else
           puts "ERROR : specified invoiced type (#{invoice.invoiced_type}) is unknown"
         end
@@ -174,13 +176,8 @@ def initialize(invoice, subscription_expiration_date)
                                          count: t.booked,
                                          NAME: t.event_price_category.price_category.name)
             end
-          ### wallet credit
-          when nil
-            details = item.description
-
-          ### Other cases (not expected)
           else
-            details += I18n.t('invoices.reservation_other')
+            details += item.description
           end
         end
 

app/services/accounting_export_service.rb

@@ -70,6 +70,11 @@ def items_rows(invoice)
       end
     elsif invoice.invoiced_type == 'WalletTransaction'
       rows << "#{wallet_row(invoice)}\n"
+    elsif invoice.invoiced_type == 'Error'
+      items = invoice.invoice_items.select { |ii| ii.subscription.nil? }
+      items.each do |item|
+        rows << "#{error_row(invoice, item)}\n"
+      end
     end
     rows
   end
@@ -142,6 +147,16 @@ def vat_row(invoice)
     )
   end
 
+  def error_row(invoice, item)
+    row(
+      invoice,
+      account(invoice, :error),
+      account(invoice, :error, type: :label),
+      item.net_amount / 100.00,
+      line_label: label(invoice)
+    )
+  end
+
   # Generate a row of the export, filling the configured columns with the provided values
   def row(invoice, account_code, account_label, amount, line_label: '', debit_method: :debit, credit_method: :credit)
     row = ''
@@ -202,6 +217,8 @@ def account(invoice, account, type: :code, means: :other)
       else
         puts "WARN: Invoice #{invoice.id} is not a wallet credit"
       end
+    when :error
+      Setting.find_by(name: "accounting_Error_#{type}")&.value
     else
       puts "Unsupported account #{account}"
     end || ''

app/validators/reservation_slot_subscription_validator.rb

@@ -7,6 +7,8 @@ def validate(record)
         if record.user.subscribed_plan && s.availability.plan_ids.include?(record.user.subscribed_plan.id)
         elsif s.availability.plan_ids.include?(record.plan_id)
         else
+          # TODO, this validation requires to check if the operator is privileged.
+          # Meanwhile we can't check this, we disable the validation
           record.errors[:slots] << 'slot is restrict for subscriptions'
         end
       end

babel.config.js

@@ -56,7 +56,7 @@ module.exports = function (api) {
       [
         '@babel/plugin-proposal-class-properties',
         {
-          loose: true
+          loose: false
         }
       ],
       [

config/locales/app.admin.de.yml

@@ -598,6 +598,10 @@ de:
         general_space_code: "Abrechnungscode für alle Räume"
         accounting_Space_label: "Raumbezeichnung"
         general_space_label: "Abrechnungs-Label für alle Räume"
+        accounting_Error_code: "Errors code"
+        general_error_code: "Accounting code for erroneous invoices"
+        accounting_Error_label: "Errors label"
+        general_error_label: "Account label for erroneous invoices"
         codes_customization_success: "Anpassung der Abrechnungscodes erfolgreich gespeichert."
         unexpected_error_occurred: "Beim Speichern der Codes ist ein unerwarteter Fehler aufgetreten. Bitte versuchen Sie es später erneut."
         export_accounting_data: "Abrechnungsdaten exportieren"
@@ -1088,7 +1092,7 @@ de:
         error_SETTING_locked: "Die Einstellung konnte nicht aktualisiert werden: {SETTING} ist gesperrt. Bitte kontaktieren Sie Ihren Systemadministrator."
         an_error_occurred_saving_the_setting: "Beim Speichern der Einstellung ist ein Fehler aufgetreten. Bitte versuchen Sie es später erneut."
         book_overlapping_slots_info: "Erlauben / Verhindern der Reservierung von überlappenden Slots"
-        allow_booking: "Buchungen erlauben"
+        prevent_booking: "Buchungen verhindern"
         default_slot_duration: "Standarddauer für Slots"
         duration_minutes: "Dauer (in Minuten)"
         default_slot_duration_info: "Die Verfügbarkeit von Maschinen und Räumen ist in mehrere Slots dieser Dauer aufgeteilt. Dieser Wert kann je Verfügbarkeit überschrieben werden."

config/locales/app.admin.en.yml

@@ -598,6 +598,10 @@ en:
         general_space_code: "Accounting code for all spaces"
         accounting_Space_label: "Spaces label"
         general_space_label: "Account label for all spaces"
+        accounting_Error_code: "Errors code"
+        general_error_code: "Accounting code for erroneous invoices"
+        accounting_Error_label: "Errors label"
+        general_error_label: "Account label for erroneous invoices"
         codes_customization_success: "Customization of the accounting codes successfully saved."
         unexpected_error_occurred: "An unexpected error occurred while saving the codes. Please try again later."
         export_accounting_data: "Export accounting data"
@@ -1088,7 +1092,7 @@ en:
         error_SETTING_locked: "Unable to update the setting: {SETTING} is locked. Please contact your system administrator."
         an_error_occurred_saving_the_setting: "An error occurred while saving the setting. Please try again later."
         book_overlapping_slots_info: "Allow / prevent the reservation of overlapping slots"
-        allow_booking: "Allow booking"
+        prevent_booking: "Prevent booking"
         default_slot_duration: "Default duration for slots"
         duration_minutes: "Duration (in minutes)"
         default_slot_duration_info: "Machine and space availabilities are divided in multiple slots of this duration. This value can be overridden per availability."

config/locales/app.admin.es.yml

@@ -598,6 +598,10 @@ es:
         general_space_code: "Accounting code for all spaces"
         accounting_Space_label: "Spaces label"
         general_space_label: "Account label for all spaces"
+        accounting_Error_code: "Errors code"
+        general_error_code: "Accounting code for erroneous invoices"
+        accounting_Error_label: "Errors label"
+        general_error_label: "Account label for erroneous invoices"
         codes_customization_success: "Customization of accounting codes successfully saved."
         unexpected_error_occurred: "An unexpected error occurred while saving the codes. Please try again later."
         export_accounting_data: "Export accounting data"
@@ -1088,7 +1092,7 @@ es:
         error_SETTING_locked: "Unable to update the setting: {SETTING} is locked. Please contact your system administrator."
         an_error_occurred_saving_the_setting: "An error occurred while saving the setting. Please try again later."
         book_overlapping_slots_info: "Allow / prevent the reservation of overlapping slots"
-        allow_booking: "Allow booking"
+        prevent_booking: "Impedir reservas"
         default_slot_duration: "Default duration for slots"
         duration_minutes: "Duration (in minutes)"
         default_slot_duration_info: "Machine and space availabilities are divided in multiple slots of this duration. This value can be overridden per availability."

config/locales/app.admin.fr.yml

@@ -598,6 +598,10 @@ fr:
         general_space_code: "Code comptable pour tous les espaces"
         accounting_Space_label: "Libellé espaces"
         general_space_label: "Libellé du compte pour tous les espaces"
+        accounting_Error_code: "Code erreurs"
+        general_error_code: "Code comptable pour les factures en erreur"
+        accounting_Error_label: "Libellé erreurs"
+        general_error_label: "Libellé du compte pour les factures en erreur"
         codes_customization_success: "La personnalisation des codes comptables a bien été enregistrée."
         unexpected_error_occurred: "Une erreur inattendue est survenue lors de l’enregistrement des codes. Veuillez réessayer plus tard."
         export_accounting_data: "Exporter les données comptables"
@@ -768,7 +772,7 @@ fr:
         tags: "Étiquettes"
         tag_name: "Nom de l'étiquette"
         tag_identifier: "Identifiant à utiliser"
-        download_example: "Ficher d'exemple"
+        download_example: "Fichier d'exemple"
         select_file: "Choisissez un fichier"
         import: "Importer"
         update_field: "Champ de référence pour les utilisateurs à mettre à jour"
@@ -1088,7 +1092,7 @@ fr:
         error_SETTING_locked: "Impossible de mettre à jour le paramètre : {SETTING} est verrouillé. Veuillez contacter votre administrateur système."
         an_error_occurred_saving_the_setting: "Une erreur est survenue pendant l'enregistrement du paramètre. Veuillez réessayer plus tard."
         book_overlapping_slots_info: "Autoriser / empêcher la réservation de créneaux qui se chevauchent"
-        allow_booking: "Autoriser la réservation"
+        prevent_booking: "Empêcher la réservation"
         default_slot_duration: "Durée par défaut pour les créneaux"
         duration_minutes: "Durée (en minutes)"
         default_slot_duration_info: "Les disponibilités des machines et des espaces sont divisées en plusieurs créneaux de cette durée. Cette valeur peur être changée pour chaque disponibilité."

config/locales/app.admin.pt.yml

@@ -598,6 +598,10 @@ pt:
         general_space_code: "Código de contabilidade para todos os espaços"
         accounting_Space_label: "Rótulo de espaços"
         general_space_label: "Rótulo de conta para todos os espaços"
+        accounting_Error_code: "Errors code"
+        general_error_code: "Accounting code for erroneous invoices"
+        accounting_Error_label: "Errors label"
+        general_error_label: "Account label for erroneous invoices"
         codes_customization_success: "Customization of accounting codes successfully saved."
         unexpected_error_occurred: "Ocorreu um erro inesperado ao salvar os códigos. Tente novamente mais tarde."
         export_accounting_data: "Exportar dados de contabilidade"
@@ -1088,7 +1092,7 @@ pt:
         error_SETTING_locked: "Não foi possível atualizar a configuração: {SETTING} está bloqueado. Por favor contate o administrador do sistema."
         an_error_occurred_saving_the_setting: "Ocorreu um erro ao salvar a configuração. Por favor, tente novamente mais tarde."
         book_overlapping_slots_info: "Permitir / impedir a reserva de slots sobrepostos"
-        allow_booking: "Permitir reserva"
+        prevent_booking: "Prevent booking"
         default_slot_duration: "Duração padrão para slots"
         duration_minutes: "Duração (em minutos)"
         default_slot_duration_info: "Máquina e espaço disponíveis são divididos em vários slots desta duração. Esse valor pode ser substituído por disponibilidade."

config/locales/app.admin.zu.yml

@@ -598,6 +598,10 @@ zu:
         general_space_code: "crwdns7677:0crwdne7677:0"
         accounting_Space_label: "crwdns7679:0crwdne7679:0"
         general_space_label: "crwdns7681:0crwdne7681:0"
+        accounting_Error_code: "crwdns21470:0crwdne21470:0"
+        general_error_code: "crwdns21472:0crwdne21472:0"
+        accounting_Error_label: "crwdns21474:0crwdne21474:0"
+        general_error_label: "crwdns21476:0crwdne21476:0"
         codes_customization_success: "crwdns7683:0crwdne7683:0"
         unexpected_error_occurred: "crwdns20578:0crwdne20578:0"
         export_accounting_data: "crwdns7685:0crwdne7685:0"
@@ -1088,7 +1092,7 @@ zu:
         error_SETTING_locked: "crwdns20640:0{SETTING}crwdne20640:0"
         an_error_occurred_saving_the_setting: "crwdns20380:0crwdne20380:0"
         book_overlapping_slots_info: "crwdns20642:0crwdne20642:0"
-        allow_booking: "crwdns20644:0crwdne20644:0"
+        prevent_booking: "crwdns21478:0crwdne21478:0"
         default_slot_duration: "crwdns20646:0crwdne20646:0"
         duration_minutes: "crwdns20648:0crwdne20648:0"
         default_slot_duration_info: "crwdns20650:0crwdne20650:0"