feat(bedrock): adjustments for bedrock (#1459)

Co-authored-by: d064310 <[email protected]>

app/controllers/dashboard_controller.rb

@@ -7,7 +7,7 @@ class DashboardController < ::ScopeController
   include Rescue
 
   prepend_before_action do
-    requested_url = request.env["REQUEST_URI"]
+    requested_url = request.env['REQUEST_URI']
     referer_url = request.referer
     referer_url =
       begin
@@ -17,34 +17,34 @@ class DashboardController < ::ScopeController
       end
 
     unless params[:after_login]
-      params[:after_login] = if requested_url =~ /(\?|\&)modal=true/ &&
-           referer_url =~ /(\?|\&)overlay=.+/
-        referer_url
-      else
-        requested_url
-      end
+      params[:after_login] = if requested_url =~ /(\?|&)modal=true/ &&
+                                referer_url =~ /(\?|&)overlay=.+/
+                               referer_url
+                             else
+                               requested_url
+                             end
     end
   end
 
   before_action :load_help_text
 
   # authenticate user -> current_user is available
   # throws only errors
-  #api_authentication_required domain: ->(c) { c.instance_variable_get(:@scoped_domain_id) },
+  # api_authentication_required domain: ->(c) { c.instance_variable_get(:@scoped_domain_id) },
   #                        domain_name: ->(c) { c.instance_variable_get(:@scoped_domain_name) },
   #                        project: ->(c) { c.instance_variable_get(:@scoped_project_id) },
   #                        rescope: false,
   #                        two_factor: :two_factor_required?,
   #                        except: :terms_of_use
 
   # with redirect
-  authentication_required domain: ->(c) {
-                            c.instance_variable_get(:@scoped_domain_id)
-                          },
-                          domain_name: ->(c) {
+  authentication_required domain: lambda { |c|
+    c.instance_variable_get(:@scoped_domain_id)
+  },
+                          domain_name: lambda { |c|
                             c.instance_variable_get(:@scoped_domain_name)
                           },
-                          project: ->(c) {
+                          project: lambda { |c|
                             c.instance_variable_get(:@scoped_project_id)
                           },
                           rescope: false,
@@ -79,7 +79,7 @@ def rescope_token
         # friendly id entry is nil -> reset @can_access_project, render project
         # not found page and return.
         @can_access_project = false
-        return render(template: "application/exceptions/project_not_found")
+        return render(template: 'application/exceptions/project_not_found')
       end
 
       # NOTE: LEAVE this here because for better review
@@ -89,44 +89,44 @@ def rescope_token
       #
       # if no access this is handled in rescue from above
       # did not return -> check if user projects include the requested project.
-      #has_project_access = services.identity.has_project_access(
+      # has_project_access = services.identity.has_project_access(
       #  @scoped_project_id
-      #)
+      # )
 
-      #unless has_project_access
+      # unless has_project_access
       #  # user has no permissions for requested project -> reset
       #  # @can_access_project, render unauthorized page and return.
       #  @can_access_project = false
       #  return render(template: 'application/exceptions/unauthorized')
-      #end
+      # end
     elsif @scoped_domain_id
       # NOTE: LEAVE hit here because for better review
       # @scoped_project_id is nil and @scoped_domain_id exists -> check if
       # user can access the requested domain.
 
       # check if user has access to current domain, add rescue nil for cases where the token scope inexplicably contains a deleted project
       # without the rescue this call leads to an error message and the user can't see the domain page
-      #has_domain_access = services.identity.has_domain_access(@scoped_domain_id) rescue nil
+      # has_domain_access = services.identity.has_domain_access(@scoped_domain_id) rescue nil
 
-      #unless has_domain_access
+      # unless has_domain_access
       #  # this can happen if the user is using a link to  some domain and project
       #  # user has no permissions for the new domain -> rescope to
       #  # unscoped token and return this will be the startpoint to rescope again
       #  return authentication_rescope_token(domain: nil, project: nil)
-      #end
+      # end
     else
       # both @scoped_project_id and @scoped_domain_id are nil
       # -> render unauthorized page and return.
       @can_access_project = false
-      return render(template: "application/exceptions/unauthorized")
+      return render(template: 'application/exceptions/unauthorized')
     end
     # did not return yet -> rescope token to the 'new' scope.
     begin
       authentication_rescope_token
-    rescue MonsoonOpenstackAuth::Authentication::NotAuthorized => exception
-      if exception.message =~ /has no access to the requested scope/
+    rescue MonsoonOpenstackAuth::Authentication::NotAuthorized => e
+      if e.message =~ /has no access to the requested scope/
         if @scoped_project_id.present?
-          render(template: "application/exceptions/unauthorized")
+          render(template: 'application/exceptions/unauthorized')
         elsif @scoped_domain_id.present?
           authentication_rescope_token(domain: nil, project: nil)
         end
@@ -138,6 +138,7 @@ def rescope_token
   def check_terms_of_use
     @orginal_url = request.original_url
     return if tou_accepted?
+
     render action: :accept_terms_of_use
   end
 
@@ -149,20 +150,20 @@ def accept_terms_of_use
         .create_with(
           name: current_user.name,
           email: current_user.email,
-          full_name: current_user.full_name,
+          full_name: current_user.full_name
         )
         .find_or_create_by(uid: current_user.id)
         .domain_profiles
         .create!(
           tou_version: Settings.actual_terms.version,
-          domain_id: current_user.user_domain_id,
+          domain_id: current_user.user_domain_id
         )
 
       reset_last_request_cache
       # redirect to original path, this is the case after the TOU view
       if params[:orginal_url]
         redirect_to params[:orginal_url]
-      elsif plugin_available?("identity")
+      elsif plugin_available?('identity')
         redirect_to main_app.domain_home_path(domain_id: @scoped_domain_fid)
       else
         redirect_to main_app.root_path
@@ -178,19 +179,19 @@ def terms_of_use
         UserProfile.tou(
           current_user.id,
           current_user.user_domain_id,
-          Settings.actual_terms.version,
+          Settings.actual_terms.version
         )
     end
     render action: :terms_of_use
   end
 
   def two_factor_required?
-    if ENV["TWO_FACTOR_AUTH_DOMAINS"]
+    if ENV['TWO_FACTOR_AUTH_DOMAINS']
       @two_factor_required =
-        ENV["TWO_FACTOR_AUTH_DOMAINS"]
-          .gsub(/\s+/, "")
-          .split(",")
-          .include?(@scoped_domain_name)
+        ENV['TWO_FACTOR_AUTH_DOMAINS']
+        .gsub(/\s+/, '')
+        .split(',')
+        .include?(@scoped_domain_name)
       return @two_factor_required
     end
     false
@@ -199,7 +200,7 @@ def two_factor_required?
   protected
 
   def show_beta?
-    params[:betafeatures] == "showme"
+    params[:betafeatures] == 'showme'
   end
 
   helper_method :show_beta?
@@ -212,7 +213,7 @@ def raven_context
         email: current_user.email,
         username: current_user.name,
         domain: current_user.user_domain_name,
-        name: current_user.full_name,
+        name: current_user.full_name
       }.reject { |_, v| v.nil? }
 
     Raven.user_context(@sentry_user_context)
@@ -235,28 +236,28 @@ def raven_context
 
   def load_active_project
     return unless @scoped_project_id
+
     # load active project. Try first from ObjectCache and then from API
     cached_active_project = ObjectCache.where(id: @scoped_project_id).first
-    if cached_active_project
-      @active_project =
-        Identity::Project.new(services.identity, cached_active_project.payload)
-    else
-      @active_project = service_user.identity.find_project(@scoped_project_id)
-    end
+    @active_project = if cached_active_project
+                        Identity::Project.new(services.identity, cached_active_project.payload)
+                      else
+                        service_user.identity.find_project(@scoped_project_id)
+                      end
 
     return if @active_project && @active_project.name == @scoped_project_name
 
     @active_project =
       services.identity.find_project(
         @scoped_project_id,
         subtree_as_ids: true,
-        parents_as_ids: true,
+        parents_as_ids: true
       )
     FriendlyIdEntry.update_project_entry(@active_project)
   end
 
   def load_webcli_endpoint
-    @webcli_endpoint = current_user.service_url("webcli")
+    @webcli_endpoint = current_user.service_url('webcli')
   end
 
   def tou_accepted?
@@ -266,15 +267,15 @@ def tou_accepted?
     # in the session for 5 minutes.
     is_cache_expired =
       current_user.id != session[:last_user_id] ||
-        session[:last_request_timestamp].nil? ||
-        (session[:last_request_timestamp] < Time.now - 5.minute)
+      session[:last_request_timestamp].nil? ||
+      (session[:last_request_timestamp] < Time.now - 5.minute)
     if is_cache_expired
       session[:last_request_timestamp] = Time.now
       session[:last_user_id] = current_user.id
       session[:tou_accepted] = UserProfile.tou_accepted?(
         current_user.id,
         current_user.user_domain_id,
-        Settings.actual_terms.version,
+        Settings.actual_terms.version
       )
     end
 
@@ -293,50 +294,79 @@ def set_mailer_host
 
   def project_id_required
     return unless params[:project_id].blank?
+
     raise Core::Error::ProjectNotFound,
-          "The project you have requested was not found."
+          'The project you have requested was not found.'
   end
 
   def load_help_text
+    # Different types of help files are supported:
+    # These files are searched in the corresponding plugin directory in the following order:
+    # 1. Plugin-specific help file (e.g., plugin_SERVICE_NAME_help.md)
+    # 2. General plugin help file (e.g., plugin_help.md)
+    # 3. Plugin-specific help links file (e.g., plugin_SERVICE_NAME_help_links.md)
+    # 4. General plugin help links file (e.g., plugin_help_links.md)
+    # 5. Plugin-specific external help links file (e.g., plugin_SERVICE_NAME_help_links_external.md)
+    # 6. General plugin external help links file (e.g., plugin_help_links_external.md)
+    #
+    # Whether internal or external links are rendered depends on the domain configuration,
+    # which is determined by calling feature_hidden?("internal_help_links").
+
     plugin_path = params[:controller]
 
     plugin_index =
       Core::PluginsManager.available_plugins.find_index do |p|
         plugin_path.starts_with?(p.name)
       end
 
-    unless plugin_index.blank?
-      plugin = Core::PluginsManager.available_plugins.fetch(plugin_index, nil)
-    end
+    plugin = Core::PluginsManager.available_plugins.fetch(plugin_index, nil) unless plugin_index.blank?
 
     return if plugin.blank?
 
     # get name of the specific service inside the plugin
     # remove plugin name from path
-    path = plugin_path.split("/")
+    path = plugin_path.split('/')
     path.shift
-    service_name = path.join("_")
+    service_name = path.join('_')
 
     # try to find the help file, check first for service specific help file,
     # next for general plugin help file
     help_file = File.join(plugin.path, "plugin_#{service_name}_help.md")
-    unless File.exist?(help_file)
-      help_file = File.join(plugin.path, "plugin_help.md")
-    end
+    # second try to find the general help file
+    help_file = File.join(plugin.path, 'plugin_help.md') unless File.exist?(help_file)
 
+    help_links = ''
     # try to find the links file, check first for service specific links file,
     # next for general plugin links file
     help_links = File.join(plugin.path, "plugin_#{service_name}_help_links.md")
-    unless File.exist?(help_links)
-      help_links = File.join(plugin.path, "plugin_help_links.md")
+    # second try to find the general links file
+    help_links = File.join(plugin.path, 'plugin_help_links.md') unless File.exist?(help_links)
+    help_links_external = File.join(plugin.path, "plugin_#{service_name}_help_links_external.md")
+    # second try to find the general links file
+    unless File.exist?(help_links_external)
+      help_links_external = File.join(plugin.path, 'plugin_help_links_external.md')
     end
 
     # load plugin specific help text
-    @plugin_help_text = File.new(help_file, "r").read if File.exist?(help_file)
-    return unless File.exist?(help_links)
+    @plugin_help_text = File.new(help_file, 'r').read if File.exist?(help_file)
+
     # load plugin specific help links
-    @plugin_help_links = File.new(help_links, "r").read
-    @plugin_help_links =
-      @plugin_help_links.gsub('#{@sap_docu_url}', sap_url_for("documentation"))
+    if @domain_config.feature_hidden?('internal_help_links')
+      # Load external Help
+      # load plugin specific help external links
+      if File.exist?(help_links_external)
+        plugin_help_links_external = File.new(help_links_external, 'r').read
+        if @plugin_help_links
+          @plugin_help_links += plugin_help_links_external
+        elsif plugin_help_links_external
+          @plugin_help_links = plugin_help_links_external
+        end
+      end
+    elsif File.exist?(help_links)
+      # load internal help links
+      @plugin_help_links = File.new(help_links, 'r').read
+      # replace internal links with the placeholder of the correct url
+      @plugin_help_links = @plugin_help_links.gsub('#{@sap_docu_url}', sap_url_for('documentation'))
+    end
   end
 end

app/views/application/_cloudops_nav.html.haml

@@ -28,7 +28,7 @@
               -# loading:"lazy" this is needed to run the cypress tests in our CI because
               -# https://avatars.wdf.sap.corp/avatar/ is not accessible from CI. Otherwise the tests will fail!
               -# cypress is based on chromium/electron and loading:"lazy" is only interpreted in that browser
-              %img.avatar{src: url_for_avatar, async: true, loading:"lazy"}
+              %img.avatar{src: url_for_avatar, height: 24, async: true, loading:"lazy"}
               = current_user.full_name
               %span.caret
             %ul.dropdown-menu{:role => "menu"}

app/views/application/_help_text.html.haml

@@ -4,11 +4,16 @@
       %a.close-button{href: "#{}", data: {toggle: "help"}}
         x
 
-      .row
-        .plugin-help-text
+      - unless @plugin_help_links.nil?
+        .row
+          .plugin-help-text
+            :markdown
+              #{@plugin_help_text}
+          .plugin-help-links
+            %h4 Useful Links
+            :markdown
+              #{@plugin_help_links}
+      - else
+        .row{style: "margin: 10px;"}
           :markdown
             #{@plugin_help_text}
-
-        .plugin-help-links
-          :markdown
-            #{@plugin_help_links}

config/support/domain_config.yaml

@@ -7,6 +7,7 @@ domains:
       - documentation
       - support
       - domain_switcher
+      - internal_help_links
     disabled_plugins:
       # following plugins name should be the same as the plugin name in the plugins directory
       - test-plugin
@@ -17,3 +18,4 @@ domains:
       - "test_02"
       - "test_01"
     dns_c_subdomain: false
+

plugins/audit/plugin_help_links.md

@@ -1,3 +1,2 @@
-#### Useful Links
-* [Audit Documentation](#{@sap_docu_url}docs/audit/)
-* [Event Attributes](#{@sap_docu_url}docs/audit/events.html)
+- [Audit Documentation](#{@sap_docu_url}docs/audit/)
+- [Event Attributes](#{@sap_docu_url}docs/audit/events.html)