Commit Graph

118 Commits

Author SHA1 Message Date
jordi fita mas 9aee33511a Move page titles to their respective templates
I have been thinking about that, and it does not make that much sense to
have the titles in the Go source anymore: most of them are static text
that i have to remember to set in the controller each time, and when
the time come i have to face a dynamic title i am sure i will manage
with only the template capabilities—worst comes worst, i can always
define a function.

On the other hand, there is no way i can define a template without its
title and i know that everytime that template is used, no matter what
controller rendered it, it will always have that title.
2023-01-31 13:07:17 +01:00
jordi fita mas 586db8d553 Fix the end tag of login’s email field 2023-01-30 16:52:13 +01:00
jordi fita mas 9be4bf538c Remove non-allowed form attribute from a label 2023-01-30 16:51:08 +01:00
jordi fita mas 1a7b9f6bdd Rename extension of templates to .gohtml
Apparently, there are tools that only know how to use that extensions
when referring to Go templates.
2023-01-30 16:48:21 +01:00
jordi fita mas 8344ab2b2e Ignore IntelliJ’s project files 2023-01-30 16:42:15 +01:00
jordi fita mas 77acbc5ced Change a Go variable to camel case 2023-01-30 16:40:51 +01:00
jordi fita mas 019ba0e520 Remove redundant semicolons from Go source 2023-01-30 16:40:08 +01:00
jordi fita mas de73743043 Fix use of invalid CSS property text-color 2023-01-30 16:38:15 +01:00
jordi fita mas 7b3dfc6e44 Remove redundant unit from CSS rule 2023-01-30 16:36:14 +01:00
jordi fita mas 69c60fe388 Clean up SVG icon 2023-01-30 16:33:49 +01:00
jordi fita mas abdf04cd5d Add missing Catalan and Spanish translations 2023-01-30 10:52:22 +01:00
jordi fita mas 5a199a3d8e Add the contact relation and a rough first form 2023-01-29 15:14:31 +01:00
jordi fita mas 9968b4296a Add a “if not exists” to tax revert script 2023-01-29 15:13:47 +01:00
jordi fita mas 717ae9d5d4 Add an (optional) suffix to labels of optional fields
For now i use CSS because we are not sure whether we will keep it this
way or not and, until we finally decide, with CSS is the easiest to
remove later on.
2023-01-29 15:13:47 +01:00
jordi fita mas 1712a81dfc Move the /profile under the company router
This is not necessary per se, but it makes my life easier because that
way i know which company the user was when she went to its profile and
can “return” back in the menu and future nav items.
2023-01-29 15:13:47 +01:00
jordi fita mas 666935b54c Add the tax relation with very rough form and handler 2023-01-28 14:18:58 +01:00
jordi fita mas 0b8107748c Verify, not just test, that company has RLS with policy 2023-01-28 13:10:30 +01:00
jordi fita mas 3b7d4e0d3e Add fieldset for currency in tax details page 2023-01-28 12:25:11 +01:00
jordi fita mas 7513030334 Fix the width of the country’s select 2023-01-28 00:11:56 +01:00
jordi fita mas 0a58e2699e Use a select for company’s country field
At first we thought that a regular text field would do, because we were
afraid that a dropdown would be worse from the point of view of user
experience, but then we realized that we need the country code for VAT
and phone validation, and we can not expect users to input that, of
course.

I had to add the first “i18n table” to the database with the name of all
countries in both Catalan and Spanish and Catalan; English is the
default.  For now i think i do not need a view that would select the
name based on the locale of the current request, because currently i do
not plan on adding any other such table —the currency uses the code and
the symbol, thus no need for localization.

However, now i need the language tag from the locale in order to get the
correct translation, and gotext does not give me any way to access the
inner language.  Thus the need for our Locale type.
2023-01-27 21:30:14 +01:00
jordi fita mas acc0c2c7d5 Remove the drop of company_policy on numerus.company_user
I did not know how to add it, so now it warns me every time because it
does not exist.
2023-01-27 20:15:19 +01:00
jordi fita mas e61e5e87cd Remove an unnecessary truncate from a SQL test 2023-01-27 19:40:38 +01:00
jordi fita mas c0b1c22ee0 Fix typo in SQL comment 2023-01-27 19:36:16 +01:00
jordi fita mas 57d5137913 Allow users update their tax details 2023-01-27 01:08:03 +01:00
jordi fita mas 798289bc8e Add required PostgreSQL extensions as dependencies for Debian 2023-01-24 23:59:28 +01:00
jordi fita mas 627841d4dd Add the company relation and read-only form to edit
I do not have more time to update the update to the company today, but i
believe this is already a good amount of work for a commit.

The company is going to be used for row level security, as users will
only have access to the data from companies they are granted access, by
virtue of being in the company_user relation.

I did not know how add a row level security policy to the company_user
because i needed the to select on the same relation and this is not
allowed, because it would create an infinite loop.

Had to add the vat, pg_libphonenumber, and uri extensions in order to
validate VAT identification numbers, phone numbers, and URIs,
repectively.  These libraries are not in Debian, but i created packages
for them all in https://dev.tandem.ws/tandem.
2023-01-24 21:46:07 +01:00
jordi fita mas c037f671f8 Refactor authenticated redirection to a common handler 2023-01-24 21:44:23 +01:00
jordi fita mas d9c93b8797 Add function to change the current user’s password
This function does not ask for the confirmation because this is an
user-facing issue, not for the database.

Still missing: validation and proper error messages.
2023-01-23 21:41:14 +01:00
jordi fita mas 56d149e211 Remove execution grant on build_cookie to guest
There is no need for a guest to build any cookie, since they have none.
2023-01-23 21:40:22 +01:00
jordi fita mas 5eeaab2013 Use user’ß email for auth funcs and return cookie on email change
This is for security, just in case two users have the same cookie,
althought it is unlikely, but nevertheless less guessable.

I also need to refresh the cookie when the user changes their email
address, because it is liked toghether.  It does mean that it will
logout from everywhere else, but i can not do anything about that.
2023-01-23 21:18:55 +01:00
jordi fita mas f9e22c0789 Complete the style of the profile dialog 2023-01-23 19:35:49 +01:00
jordi fita mas 22509dd683 Implement profile menu with <details>
It works better than with the weird hover behaviour i could do in CSS,
and it already has most of the aria roles needed.

The only tricky part is to allow closing it by clicking anywhere else,
that is done by “extending” the <summary> to the whole screen, with a
lower z-index than the menu but higher than the rest of controls, that
way we force people to click on that summary.
2023-01-23 18:52:18 +01:00
jordi fita mas c7e34cc488 Leave the label always to the same position on the left 2023-01-23 12:44:56 +01:00
jordi fita mas c84f3f9e80 Allow guest access to user_profile with an empty profile
I want this so that the Go application does not need to know the exact
details of the settings that the database sets when applying the cookie;
it just needs to select from the user_profile that already knows this.

Also, that way i can get the user’s language from its profile with a
single select, without having to check whether we are guest or
authenticated.

With that, i can skip the content negotiation if the user already told
us what language they want.
2023-01-23 01:18:47 +01:00
jordi fita mas b5968b1179 Use current_app_user to logout
Do not want people being able to logout other users just by setting a
number in a setting.
2023-01-23 01:18:05 +01:00
jordi fita mas c6eb1ef24e Change input field to be “Material-like”, as per design 2023-01-23 00:41:54 +01:00
jordi fita mas 1675ada70b Make the menu work as a menu 2023-01-22 22:30:15 +01:00
jordi fita mas 5505fa41c3 Use “layouts” for the common HTML between pages
Had to call xgettext on Go source files because now the title comes from
there, as i assume i will have titles like "Invoice #INVxxxx" that have
to come from the database that the template does not know.
2023-01-22 21:41:50 +01:00
jordi fita mas fa6ddc70b3 Prefix with “Must” all functions that panic
Just following what the standard library does.
2023-01-22 20:37:43 +01:00
jordi fita mas 7e5e6121ac Gofmt recover.go 2023-01-22 20:37:34 +01:00
jordi fita mas 6f2da865c0 Reduce HTML’s font-size to (usually) have 1rem = 10px
It is far easier for me to “see” the sizes if they are multiples of 10,
especially given that the designs we do in Penpot use a 10 × 10 pixels
grid.
2023-01-22 20:27:43 +01:00
jordi fita mas 8fa3367f6c Add a deployment test while building the Debian package 2023-01-22 04:32:03 +01:00
jordi fita mas ea9e830a75 Add user_profile view to update the profile with form
Since users do not have access to the auth scheme, i had to add a view
that selects only the data that they can see of themselves (i.e., no
password or cookie).

I wanted to use the `request.user.id` setting that i set in
check_cookie, but this would be bad because anyone can change that
parameter and, since the view is created by the owner, could see and
*change* the values of everyone just by knowing their id.  Thus, now i
use the cookie instead, because it is way harder to figure out, and if
you already have it you can just set to your browser and the user is
fucked anyway; the database can not help here.

I **am** going to use the user id in row level security policies, but
not the value coming for the setting but instaed the one in the
`user_profile`, since it already is “derived” from the cookie, that’s
why i added that column to the view.

The profile includes the language, that i do not use it yet to switch
the locale, so i had to add a relation of the available languages, for
constraint purposes.  There is no NULL language, and instead i added the
“Undefined” language, with ‘und’ tag’, to represent “do not know/use
content negotiation”.

The languages in that relation are the same i used to have inside
locale.go, because there is no point on having options for languages i
do not have the translation for, so i now configure the list of
available languages user in content negotiation from that relation.

Finally, i have added all font from RemixIcon because that’s what we
used in the design and i am going to use quite a lot of them.

There is duplication in the views; i will address that in a different
commit.
2023-01-22 02:23:09 +01:00
jordi fita mas 052c9c8caa Add a function to set request settings and the role
I did not like the idea that it was the Go server who should set values
such as request.user or set the role, because this is mostly something
that only the database wants for itself, such as when calling logout.  I
am also planning to use these setings for row security with the user’s
id, that the Go application has no need for, but with the current
approach i would need to return it from check_cookie so that it can
return it back to the database when acquiring the connection.

I would have used the same function to set the settings and the role,
but security definer functions—obviously in retrospect—can not set the
role, because then could switch to any role of the user that defined the
function, not the roles they are member of.  Thus, a new function.

I did not want to do that every time i needed the database connection
within the same request, because it would perform the same operations
each time—it is the same cookie, afterall—, so new connections are
request scoped and passed along in the context.
2023-01-19 13:07:32 +01:00
jordi fita mas 090570df60 Change contractor to freelancer 2023-01-19 01:41:27 +01:00
jordi fita mas e38420697b Add Catalan and Spanish translation with gotext[3]
I had to choose between [1], [2], and [3].

As far as i could find, [1] is not easy to work with templates[4] and at
the moment is not maintained[5].

Both [2] and [3] use the same approach to be used from within templates:
you have to define a FuncMap with template functions that call the
message catalog.  Also, both libraries seems to be reasonably
maintained, and have packages in Debian’s repository.

However, [2] repeats the same mistakes that POSIX did with its
catalogs—using identifiers that are not the strings in the source
language—, however this time the catalogs are written in JSON or YAML!
This, somehow, makes things worse….

[3], the one i settled with, is fine and decently maintained.  There are
some surprising things, such as to be able to use directly the PO file,
and that it has higher priority over the corresponding MO, or that the
order of parameters is reversed in respect to gettext.  However, it uses
a saner format, and is a lot easier to work with than [3].

The problem, of course, is that xgettext does not know how to find
translatable strings inside the template.  [3] includes a CLI tool
similar to xgettext, but is not a drop-in replacement[6] and does not
process templates.

The proper way to handle this would be to add a parser to xgettext, but
for now i found out that if i surround the call to the translation
functions from within the template with parentheses, i can trick
xgettext into believing it is parsing Scheme code, and extracts the
strings successfully—at least, for what i have tried.  Had to add the
keyword for pgettext, because Schemed does not have it, but at least i
can do that with command line parameters.

For now i left only Spanish and Catalan as the two available languages,
even though the source text is written in English, because that way i
can make sure i do not leave strings untranslated.

[1]: https://golang.org/x/text
[2]: https://github.com/nicksnyder/go-i18n
[3]: https://github.com/leonelquinteros/gotext
[4]: https://github.com/golang/go/issues/39954
[5]: https://github.com/golang/go/issues/12750
[6]: https://github.com/leonelquinteros/gotext/issues/38
2023-01-18 20:26:30 +01:00
jordi fita mas afd4bc16b7 Add the schema for all function’s tests
With that check_cookie function i realized that the schema of functions
is important, otherwise pgTAP could give me the OK when it finds the
function in a different schema than what i intended.
2023-01-18 14:13:58 +01:00
jordi fita mas c4fc37349b Move check_cookie to public and give access to authenticator
I do not want to give access to authenticator until i know who the user
is, herefore that function can not be in the numerus schema as the
authenticator user can not see it.
2023-01-18 14:12:59 +01:00
jordi fita mas c369364642 Add the SQL for the demo 2023-01-17 22:30:01 +01:00
jordi fita mas d434d040af Add the very basic styles 2023-01-17 22:28:47 +01:00