diff --git a/app/models/contact.rb b/app/models/contact.rb index a3570b2af..0dc92b51e 100644 --- a/app/models/contact.rb +++ b/app/models/contact.rb @@ -21,6 +21,7 @@ # created_at :datetime not null # updated_at :datetime not null # account_id :integer not null +# company_id :bigint # # Indexes # @@ -28,6 +29,7 @@ # index_contacts_on_account_id_and_contact_type (account_id,contact_type) # index_contacts_on_account_id_and_last_activity_at (account_id,last_activity_at DESC NULLS LAST) # index_contacts_on_blocked (blocked) +# index_contacts_on_company_id (company_id) # index_contacts_on_lower_email_account_id (lower((email)::text), account_id) # index_contacts_on_name_email_phone_number_identifier (name,email,phone_number,identifier) USING gin # index_contacts_on_nonempty_fields (account_id,email,phone_number,identifier) WHERE (((email)::text <> ''::text) OR ((phone_number)::text <> ''::text) OR ((identifier)::text <> ''::text)) @@ -244,3 +246,4 @@ class Contact < ApplicationRecord Rails.configuration.dispatcher.dispatch(CONTACT_DELETED, Time.zone.now, contact: self) end end +Contact.include_mod_with('Concerns::Contact') diff --git a/app/models/super_admin.rb b/app/models/super_admin.rb index 316d60c7b..9bcee9b8a 100644 --- a/app/models/super_admin.rb +++ b/app/models/super_admin.rb @@ -19,7 +19,7 @@ # message_signature :text # name :string not null # otp_backup_codes :text -# otp_required_for_login :boolean default(FALSE), not null +# otp_required_for_login :boolean default(FALSE) # otp_secret :string # provider :string default("email"), not null # pubsub_token :string diff --git a/app/models/user.rb b/app/models/user.rb index 4923d0a35..cc25357f6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -19,7 +19,7 @@ # message_signature :text # name :string not null # otp_backup_codes :text -# otp_required_for_login :boolean default(FALSE), not null +# otp_required_for_login :boolean default(FALSE) # otp_secret :string # provider :string default("email"), not null # pubsub_token :string diff --git a/config/locales/en.yml b/config/locales/en.yml index 0c76f8beb..6afab9253 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -76,6 +76,9 @@ en: invalid: Invalid email phone_number: invalid: should be in e164 format + companies: + domain: + invalid: must be a valid domain name categories: locale: unique: should be unique in the category and portal diff --git a/config/routes.rb b/config/routes.rb index 757d20620..639c51da7 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -153,6 +153,7 @@ Rails.application.routes.draw do end end + resources :companies, only: [:index, :show, :create, :update, :destroy] resources :contacts, only: [:index, :show, :update, :create, :destroy] do collection do get :active diff --git a/db/migrate/20250929105219_create_companies.rb b/db/migrate/20250929105219_create_companies.rb new file mode 100644 index 000000000..10fa415c1 --- /dev/null +++ b/db/migrate/20250929105219_create_companies.rb @@ -0,0 +1,14 @@ +class CreateCompanies < ActiveRecord::Migration[7.1] + def change + create_table :companies do |t| + t.string :name, null: false + t.string :domain + t.text :description + t.references :account, null: false + + t.timestamps + end + add_index :companies, [:name, :account_id] + add_index :companies, [:domain, :account_id] + end +end diff --git a/db/migrate/20250929132305_add_company_to_contacts.rb b/db/migrate/20250929132305_add_company_to_contacts.rb new file mode 100644 index 000000000..e79de34b8 --- /dev/null +++ b/db/migrate/20250929132305_add_company_to_contacts.rb @@ -0,0 +1,5 @@ +class AddCompanyToContacts < ActiveRecord::Migration[7.1] + def change + add_reference :contacts, :company, null: true + end +end diff --git a/db/schema.rb b/db/schema.rb index f31d05cc3..c0d539f6a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -570,6 +570,18 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_03_091242) do t.index ["phone_number"], name: "index_channel_whatsapp_on_phone_number", unique: true end + create_table "companies", force: :cascade do |t| + t.string "name", null: false + t.string "domain" + t.text "description" + t.bigint "account_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["account_id"], name: "index_companies_on_account_id" + t.index ["domain", "account_id"], name: "index_companies_on_domain_and_account_id" + t.index ["name", "account_id"], name: "index_companies_on_name_and_account_id" + end + create_table "contact_inboxes", force: :cascade do |t| t.bigint "contact_id" t.bigint "inbox_id" @@ -602,6 +614,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_03_091242) do t.string "location", default: "" t.string "country_code", default: "" t.boolean "blocked", default: false, null: false + t.bigint "company_id" t.index "lower((email)::text), account_id", name: "index_contacts_on_lower_email_account_id" t.index ["account_id", "contact_type"], name: "index_contacts_on_account_id_and_contact_type" t.index ["account_id", "email", "phone_number", "identifier"], name: "index_contacts_on_nonempty_fields", where: "(((email)::text <> ''::text) OR ((phone_number)::text <> ''::text) OR ((identifier)::text <> ''::text))" @@ -609,6 +622,7 @@ ActiveRecord::Schema[7.1].define(version: 2025_10_03_091242) do t.index ["account_id"], name: "index_contacts_on_account_id" t.index ["account_id"], name: "index_resolved_contact_account_id", where: "(((email)::text <> ''::text) OR ((phone_number)::text <> ''::text) OR ((identifier)::text <> ''::text))" t.index ["blocked"], name: "index_contacts_on_blocked" + t.index ["company_id"], name: "index_contacts_on_company_id" t.index ["email", "account_id"], name: "uniq_email_per_account_contact", unique: true t.index ["identifier", "account_id"], name: "uniq_identifier_per_account_contact", unique: true t.index ["name", "email", "phone_number", "identifier"], name: "index_contacts_on_name_email_phone_number_identifier", opclass: :gin_trgm_ops, using: :gin diff --git a/enterprise/app/controllers/api/v1/accounts/companies_controller.rb b/enterprise/app/controllers/api/v1/accounts/companies_controller.rb new file mode 100644 index 000000000..a33e4c6b2 --- /dev/null +++ b/enterprise/app/controllers/api/v1/accounts/companies_controller.rb @@ -0,0 +1,40 @@ +class Api::V1::Accounts::CompaniesController < Api::V1::Accounts::EnterpriseAccountsController + before_action :check_authorization + before_action :fetch_company, only: [:show, :update, :destroy] + + def index + @companies = Current.account.companies.ordered_by_name + end + + def show; end + + def create + @company = Current.account.companies.build(company_params) + @company.save! + end + + def update + @company.update!(company_params) + end + + def destroy + @company.destroy! + head :ok + end + + private + + def check_authorization + raise Pundit::NotAuthorizedError unless ChatwootApp.enterprise? + + authorize(Company) + end + + def fetch_company + @company = Current.account.companies.find(params[:id]) + end + + def company_params + params.require(:company).permit(:name, :domain, :description, :avatar) + end +end diff --git a/enterprise/app/models/company.rb b/enterprise/app/models/company.rb new file mode 100644 index 000000000..764cb2a9c --- /dev/null +++ b/enterprise/app/models/company.rb @@ -0,0 +1,33 @@ +# == Schema Information +# +# Table name: companies +# +# id :bigint not null, primary key +# description :text +# domain :string +# name :string not null +# created_at :datetime not null +# updated_at :datetime not null +# account_id :bigint not null +# +# Indexes +# +# index_companies_on_account_id (account_id) +# index_companies_on_domain_and_account_id (domain,account_id) +# index_companies_on_name_and_account_id (name,account_id) +# +class Company < ApplicationRecord + include Avatarable + validates :account_id, presence: true + validates :name, presence: true, length: { maximum: Limits::COMPANY_NAME_LENGTH_LIMIT } + validates :domain, allow_blank: true, format: { + with: /\A[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)+\z/, + message: I18n.t('errors.companies.domain.invalid') + } + validates :description, length: { maximum: Limits::COMPANY_DESCRIPTION_LENGTH_LIMIT } + + belongs_to :account + has_many :contacts, dependent: :nullify + + scope :ordered_by_name, -> { order(:name) } +end diff --git a/enterprise/app/models/enterprise/concerns/account.rb b/enterprise/app/models/enterprise/concerns/account.rb index b82d84b0a..cae32e86c 100644 --- a/enterprise/app/models/enterprise/concerns/account.rb +++ b/enterprise/app/models/enterprise/concerns/account.rb @@ -13,6 +13,7 @@ module Enterprise::Concerns::Account has_many :captain_custom_tools, dependent: :destroy_async, class_name: 'Captain::CustomTool' has_many :copilot_threads, dependent: :destroy_async + has_many :companies, dependent: :destroy_async has_many :voice_channels, dependent: :destroy_async, class_name: '::Channel::Voice' has_one :saml_settings, dependent: :destroy_async, class_name: 'AccountSamlSettings' diff --git a/enterprise/app/models/enterprise/concerns/contact.rb b/enterprise/app/models/enterprise/concerns/contact.rb new file mode 100644 index 000000000..9139fc67e --- /dev/null +++ b/enterprise/app/models/enterprise/concerns/contact.rb @@ -0,0 +1,6 @@ +module Enterprise::Concerns::Contact + extend ActiveSupport::Concern + included do + belongs_to :company, optional: true + end +end diff --git a/enterprise/app/policies/company_policy.rb b/enterprise/app/policies/company_policy.rb new file mode 100644 index 000000000..1c252967c --- /dev/null +++ b/enterprise/app/policies/company_policy.rb @@ -0,0 +1,21 @@ +class CompanyPolicy < ApplicationPolicy + def index? + true + end + + def show? + true + end + + def create? + true + end + + def update? + true + end + + def destroy? + @account_user.administrator? + end +end diff --git a/enterprise/app/views/api/v1/accounts/companies/_company.json.jbuilder b/enterprise/app/views/api/v1/accounts/companies/_company.json.jbuilder new file mode 100644 index 000000000..71c4d3b9b --- /dev/null +++ b/enterprise/app/views/api/v1/accounts/companies/_company.json.jbuilder @@ -0,0 +1,7 @@ +json.id company.id +json.name company.name +json.domain company.domain +json.description company.description +json.avatar_url company.avatar_url +json.created_at company.created_at +json.updated_at company.updated_at diff --git a/enterprise/app/views/api/v1/accounts/companies/create.json.jbuilder b/enterprise/app/views/api/v1/accounts/companies/create.json.jbuilder new file mode 100644 index 000000000..b3bc80cfd --- /dev/null +++ b/enterprise/app/views/api/v1/accounts/companies/create.json.jbuilder @@ -0,0 +1,3 @@ +json.payload do + json.partial! 'company', company: @company +end diff --git a/enterprise/app/views/api/v1/accounts/companies/index.json.jbuilder b/enterprise/app/views/api/v1/accounts/companies/index.json.jbuilder new file mode 100644 index 000000000..e68bd8543 --- /dev/null +++ b/enterprise/app/views/api/v1/accounts/companies/index.json.jbuilder @@ -0,0 +1,5 @@ +json.payload do + json.array! @companies do |company| + json.partial! 'company', company: company + end +end diff --git a/enterprise/app/views/api/v1/accounts/companies/show.json.jbuilder b/enterprise/app/views/api/v1/accounts/companies/show.json.jbuilder new file mode 100644 index 000000000..b3bc80cfd --- /dev/null +++ b/enterprise/app/views/api/v1/accounts/companies/show.json.jbuilder @@ -0,0 +1,3 @@ +json.payload do + json.partial! 'company', company: @company +end diff --git a/enterprise/app/views/api/v1/accounts/companies/update.json.jbuilder b/enterprise/app/views/api/v1/accounts/companies/update.json.jbuilder new file mode 100644 index 000000000..b3bc80cfd --- /dev/null +++ b/enterprise/app/views/api/v1/accounts/companies/update.json.jbuilder @@ -0,0 +1,3 @@ +json.payload do + json.partial! 'company', company: @company +end diff --git a/lib/limits.rb b/lib/limits.rb index 5da178bf4..c0fc03806 100644 --- a/lib/limits.rb +++ b/lib/limits.rb @@ -6,6 +6,8 @@ module Limits GREETING_MESSAGE_MAX_LENGTH = 10_000 CATEGORIES_PER_PAGE = 1000 AUTO_ASSIGNMENT_BULK_LIMIT = 100 + COMPANY_NAME_LENGTH_LIMIT = 100 + COMPANY_DESCRIPTION_LENGTH_LIMIT = 1000 MAX_CUSTOM_FILTERS_PER_USER = 1000 def self.conversation_message_per_minute_limit diff --git a/spec/enterprise/controllers/api/v1/accounts/companies_controller_spec.rb b/spec/enterprise/controllers/api/v1/accounts/companies_controller_spec.rb new file mode 100644 index 000000000..f62991ad1 --- /dev/null +++ b/spec/enterprise/controllers/api/v1/accounts/companies_controller_spec.rb @@ -0,0 +1,141 @@ +require 'rails_helper' + +RSpec.describe 'Companies API', type: :request do + let(:account) { create(:account) } + + describe 'GET /api/v1/accounts/{account.id}/companies' do + context 'when it is an unauthenticated user' do + it 'returns unauthorized' do + get "/api/v1/accounts/#{account.id}/companies" + expect(response).to have_http_status(:unauthorized) + end + end + + context 'when it is an authenticated user' do + let(:admin) { create(:user, account: account, role: :administrator) } + let!(:company1) { create(:company, name: 'Company 1', account: account) } + let!(:company2) { create(:company, account: account) } + + it 'returns all companies' do + get "/api/v1/accounts/#{account.id}/companies", + headers: admin.create_new_auth_token, + as: :json + expect(response).to have_http_status(:success) + response_body = response.parsed_body + expect(response_body['payload'].size).to eq(2) + expect(response_body['payload'].map { |c| c['name'] }).to contain_exactly(company1.name, company2.name) + end + end + end + + describe 'GET /api/v1/accounts/{account.id}/companies/{id}' do + context 'when it is an authenticated user' do + let(:admin) { create(:user, account: account, role: :administrator) } + let(:company) { create(:company, account: account) } + + it 'returns the company' do + get "/api/v1/accounts/#{account.id}/companies/#{company.id}", + headers: admin.create_new_auth_token, + as: :json + expect(response).to have_http_status(:success) + response_body = response.parsed_body + expect(response_body['payload']['name']).to eq(company.name) + expect(response_body['payload']['id']).to eq(company.id) + end + end + end + + describe 'POST /api/v1/accounts/{account.id}/companies' do + context 'when it is an authenticated user' do + let(:admin) { create(:user, account: account, role: :administrator) } + let(:valid_params) do + { + company: { + name: 'New Company', + domain: 'newcompany.com', + description: 'A new company' + } + } + end + + it 'creates a new company' do + expect do + post "/api/v1/accounts/#{account.id}/companies", + params: valid_params, + headers: admin.create_new_auth_token, + as: :json + end.to change(Company, :count).by(1) + + expect(response).to have_http_status(:success) + response_body = response.parsed_body + expect(response_body['payload']['name']).to eq('New Company') + expect(response_body['payload']['domain']).to eq('newcompany.com') + end + + it 'returns error for invalid params' do + invalid_params = { company: { name: '' } } + + post "/api/v1/accounts/#{account.id}/companies", + params: invalid_params, + headers: admin.create_new_auth_token, + as: :json + expect(response).to have_http_status(:unprocessable_entity) + end + end + end + + describe 'PATCH /api/v1/accounts/{account.id}/companies/{id}' do + context 'when it is an authenticated user' do + let(:admin) { create(:user, account: account, role: :administrator) } + let(:company) { create(:company, account: account) } + let(:update_params) do + { + company: { + name: 'Updated Company Name', + domain: 'updated.com' + } + } + end + + it 'updates the company' do + patch "/api/v1/accounts/#{account.id}/companies/#{company.id}", + params: update_params, + headers: admin.create_new_auth_token, + as: :json + expect(response).to have_http_status(:success) + response_body = response.parsed_body + expect(response_body['payload']['name']).to eq('Updated Company Name') + expect(response_body['payload']['domain']).to eq('updated.com') + end + end + end + + describe 'DELETE /api/v1/accounts/{account.id}/companies/{id}' do + context 'when it is an authenticated administrator' do + let(:admin) { create(:user, account: account, role: :administrator) } + let(:company) { create(:company, account: account) } + + it 'deletes the company' do + company + expect do + delete "/api/v1/accounts/#{account.id}/companies/#{company.id}", + headers: admin.create_new_auth_token, + as: :json + end.to change(Company, :count).by(-1) + expect(response).to have_http_status(:ok) + end + end + + context 'when it is a regular agent' do + let(:agent) { create(:user, account: account, role: :agent) } + let(:company) { create(:company, account: account) } + + it 'returns unauthorized' do + delete "/api/v1/accounts/#{account.id}/companies/#{company.id}", + headers: agent.create_new_auth_token, + as: :json + expect(response).to have_http_status(:unauthorized) + end + end + end +end diff --git a/spec/enterprise/models/company_spec.rb b/spec/enterprise/models/company_spec.rb new file mode 100644 index 000000000..820e6ee7d --- /dev/null +++ b/spec/enterprise/models/company_spec.rb @@ -0,0 +1,38 @@ +require 'rails_helper' + +RSpec.describe Company, type: :model do + context 'with validations' do + it { is_expected.to validate_presence_of(:account_id) } + it { is_expected.to validate_presence_of(:name) } + it { is_expected.to validate_length_of(:name).is_at_most(100) } + it { is_expected.to validate_length_of(:description).is_at_most(1000) } + + describe 'domain validation' do + it { is_expected.to allow_value('example.com').for(:domain) } + it { is_expected.to allow_value('sub.example.com').for(:domain) } + it { is_expected.to allow_value('').for(:domain) } + it { is_expected.to allow_value(nil).for(:domain) } + it { is_expected.not_to allow_value('invalid-domain').for(:domain) } + it { is_expected.not_to allow_value('.example.com').for(:domain) } + end + end + + context 'with associations' do + it { is_expected.to belong_to(:account) } + it { is_expected.to have_many(:contacts).dependent(:nullify) } + end + + describe 'scopes' do + let(:account) { create(:account) } + let!(:company_b) { create(:company, name: 'B Company', account: account) } + let!(:company_a) { create(:company, name: 'A Company', account: account) } + let!(:company_c) { create(:company, name: 'C Company', account: account) } + + describe '.ordered_by_name' do + it 'orders companies by name alphabetically' do + companies = described_class.where(account: account).ordered_by_name + expect(companies.map(&:name)).to eq([company_a.name, company_b.name, company_c.name]) + end + end + end +end diff --git a/spec/enterprise/policies/company_policy_spec.rb b/spec/enterprise/policies/company_policy_spec.rb new file mode 100644 index 000000000..9f7d9f0cc --- /dev/null +++ b/spec/enterprise/policies/company_policy_spec.rb @@ -0,0 +1,33 @@ +require 'rails_helper' + +RSpec.describe CompanyPolicy, type: :policy do + subject(:company_policy) { described_class } + + let(:account) { create(:account) } + let(:administrator) { create(:user, :administrator, account: account) } + let(:agent) { create(:user, account: account) } + let(:company) { create(:company, account: account) } + + let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } } + let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } } + + permissions :index?, :show?, :create?, :update? do + context 'when administrator' do + it { expect(company_policy).to permit(administrator_context, company) } + end + + context 'when agent' do + it { expect(company_policy).to permit(agent_context, company) } + end + end + + permissions :destroy? do + context 'when administrator' do + it { expect(company_policy).to permit(administrator_context, company) } + end + + context 'when agent' do + it { expect(company_policy).not_to permit(agent_context, company) } + end + end +end diff --git a/spec/factories/companies.rb b/spec/factories/companies.rb new file mode 100644 index 000000000..bdf7e9e9f --- /dev/null +++ b/spec/factories/companies.rb @@ -0,0 +1,20 @@ +FactoryBot.define do + factory :company do + sequence(:name) { |n| "Company #{n}" } + sequence(:domain) { |n| "company#{n}.com" } + description { 'A sample company description' } + account + + trait :without_domain do + domain { nil } + end + + trait :with_avatar do + avatar { fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png') } + end + + trait :with_long_description do + description { 'A' * 500 } + end + end +end