ab_admin 0.6.1 → 0.7.0

data/app/controllers/admin/locators_controller.rb

@@ -9,7 +9,7 @@ class ::Admin::LocatorsController < ::Admin::BaseController
   end
 
   def update
-    if Locator.save(@file, {params[:edit_locale_name] => params[:locale_hash]})
+    if Locator.save(@file, {params[:edit_locale_name] => params.require(:locale_hash).permit!.to_h})
       flash[:notice] = I18n.t('flash.admin.locators.updated')
       redirect_to admin_locators_path
     else

data/app/controllers/admin/manager_controller.rb

@@ -18,6 +18,14 @@ class ::Admin::ManagerController < ::Admin::BaseController
 
   protected
 
+  def button_scopes
+    manager.scopes.map{|scope| [scope.name, scope.options] }
+  end
+
+  def with_scopes(relation)
+    manager.scopes.inject(relation) { |result, scope| scope.apply(result, params) }
+  end
+
   def begin_of_association_chain
     parent
   end
@@ -68,8 +76,9 @@ class ::Admin::ManagerController < ::Admin::BaseController
     manager.default_action_items_for(action_name.to_sym, for_resource) + manager.action_items_for(action_name.to_sym)
   end
 
-  def apply_batch_action(item, batch_action)
-    success = call_method_or_proc_on item, manager.batch_action_list.detect{|a| a.name == batch_action }.data, exec: false
+  def apply_batch_action(item, batch_action, *batch_params)
+    data = manager.batch_action_list.detect{|a| a.name == batch_action }.data
+    success = call_method_or_proc_on item,  data, exec: false, attrs: batch_params
     track_action!("batch_#{batch_action}", item) if settings[:history]
     success
   end
@@ -115,9 +124,29 @@ class ::Admin::ManagerController < ::Admin::BaseController
     end
   end
 
+  def permitted_params
+    attrs = case manager.permitted_params
+              when Proc then
+                instance_exec(&manager.permitted_params)
+              else
+                Array(manager.permitted_params)
+            end
+
+    resource_params = params[resource_class.model_name.param_key]
+    return {} unless resource_params
+    if attrs.first == :all
+      resource_params.permit!
+    else
+      attrs = attrs + AbAdmin.default_permitted_params
+      resource_params.permit(*attrs)
+    end
+  end
+
   def preview_resource_path(item)
     return unless manager.preview_path
-    manager.preview_path.is_a?(Proc) ? instance_exec(item, &manager.preview_path) : send(manager.preview_path, item)
+    I18n.with_locale I18n.default_locale do
+      manager.preview_path.is_a?(Proc) ? instance_exec(item, &manager.preview_path) : send(manager.preview_path, item)
+    end
   end
 
   def admin_partial_name(builder)

data/app/controllers/admin/settings_controller.rb

@@ -4,9 +4,9 @@ class ::Admin::SettingsController < ::Admin::BaseController
   defaults resource_class: Settings
 
   def update
-    Settings.instance.save(params[:settings])
+    Settings.instance.save(params.require(:settings).permit!.to_h)
     Settings.reload_checker.expire
-    redirect_to :back
+    redirect_back fallback_location: admin_root_url
   end
 
   def cache_clear
@@ -31,5 +31,4 @@ class ::Admin::SettingsController < ::Admin::BaseController
   def resource
     Settings.instance
   end
-
 end

data/app/controllers/admin/static_pages_controller.rb

@@ -11,4 +11,9 @@ class Admin::StaticPagesController < Admin::BaseController
     {}
   end
 
+  def permitted_params
+    attrs = [:structure_id, :title, :content, :kind, :is_visible,
+             *StaticPage.all_translated_attribute_names, *AbAdmin.default_permitted_params]
+    params[:static_page].try!(:permit, *attrs)
+  end
 end

data/app/controllers/admin/structures_controller.rb

@@ -3,15 +3,12 @@ class Admin::StructuresController < Admin::BaseController
 
   load_and_authorize_resource
 
-  #has_scope :visible
-  #has_scope :un_visible
-
   protected
 
   def resource_action_items
     edit_structure = AbAdmin::Config::ActionItem.new({}) { |r| link_to icon('wrench', true), edit_resource_path(r), class: 'btn btn-warning' }
     edit_static_page = AbAdmin::Config::ActionItem.new({}) do |r|
-      link_to(icon('pencil', true), edit_structure_record_path(r), class: 'btn btn-primary') if r.structure_type.static_page?
+      link_to(icon('pencil', true), edit_structure_record_path(r), class: 'btn btn-primary') if r.structure_type.static_page? || r.structure_type.main?
     end
     [edit_static_page, edit_structure, :destroy, :show]
   end
@@ -23,4 +20,13 @@ class Admin::StructuresController < Admin::BaseController
   def settings
     {index_view: 'tree', default_order: 'lft'}
   end
+
+  def permitted_params
+    attrs = [:structure_type_id, :position_type_id, :parent_id, :title, :redirect_url, :is_visible,
+             :structure_type, :position_type,
+             *Structure.simple_slug_columns,
+             *AbAdmin.default_permitted_params,
+             *Structure.all_translated_attribute_names, header_attributes: [:id, *Header.all_translated_attribute_names]]
+    params[:structure].try!(:permit, *attrs)
+  end
 end

data/app/controllers/admin/users_controller.rb

@@ -3,12 +3,12 @@ class Admin::UsersController < Admin::BaseController
 
   def activate
     resource.activate!
-    redirect_to :back
+    redirect_back fallback_location: admin_users_url
   end
 
   def suspend
     resource.suspend!
-    redirect_to :back
+    redirect_back fallback_location: admin_users_url
   end
 
   private
@@ -46,4 +46,11 @@ class Admin::UsersController < Admin::BaseController
     resource
   end
 
+  def permitted_params
+    attrs = [:password, :password_confirmation, :email, :remember_me,
+             :login, :first_name, :last_name, :patronymic, :phone, :skype, :web_site, :address, :birthday,
+             :time_zone, :locale, :bg_color, :gender, *AbAdmin.default_permitted_params]
+    attrs << [:user_role_id] if admin?
+    params[:user].try!(:permit, *attrs)
+  end
 end

data/app/views/admin/base/_search_layout.html.slim

@@ -1,6 +1,5 @@
 #toggle_sidebar_off.btn.btn-large = icon('chevron-left')
 #toggle_sidebar_on.btn.btn-large = icon('chevron-right')
-h3= t('admin.search.title')
 = search_admin_form_for @search, url: collection_path do |f|
   = render 'search_form', f: f
   br

data/app/views/admin/base/index.html.slim

@@ -10,8 +10,7 @@
   .btn-toolbar.pull-right.pjax_links
     .btn-group
       - per_page_variants.each do |c|
-        a.btn.per_page data-val=c href=url_for(params.merge(per_page: c)) class=('active' if c == collection.per_page) = c
+        a.btn.per_page data-val=c href=url_for(params_for_links.merge(per_page: c)) class=('active' if c == collection.per_page) = c
 
 - if pjax? && flash.present?
   script type='text/javascript' = render partial: 'admin/shared/flash', formats: :js, local_assigns: {flash: flash}
-

data/app/views/admin/fileupload/_container.html.slim

@@ -1,15 +1,22 @@
 .fileupload id=options[:container_id] class=options[:container_class]
   = options[:error]
   .fileupload-list.clearfix= render partial: asset_template, collection: assets
-  .fileupload-upload
-    .fileupload-button.pull-left
-      .btn= options[:button_title] || I18n.t("admin.fileupload.button#{'s' if options[:multiple]}")
-      = file_field_tag 'data', multiple: options[:multiple]
-    .fileupload-edit-button.btn.pull-left= t('admin.actions.edit.link')
+  - unless options[:disabled]
+    .fileupload-upload
+      .fileupload-button.pull-left
+        .btn= options[:button_title] || I18n.t("admin.fileupload.button#{'s' if options[:multiple]}")
+        = file_field_tag 'data', multiple: options[:multiple]
+      .fileupload-edit-button.btn.pull-left= t('admin.actions.edit.link')
 
-    .fileupload-info
-      - if options[:extensions]
-        .fileupload-info-extensions= options[:extensions].join(', ')
-      .fileupload-info-max_size== "#{t('admin.fileupload.max_size')}: <b>#{options[:max_size]}</b> MB"
+      .fileupload-info
+        - if options[:extensions]
+          .fileupload-info-extensions= options[:extensions].join(', ')
+        .fileupload-info-max_size== "#{t('admin.fileupload.max_size')}: <b>#{options[:max_size]}</b> MB"
 
-= init_js("new AdminAssets(#{js_options.to_json})")
+javascript:
+  if (document.readyState == 'complete') {
+    new AdminAssets(#{{js_options.to_json}});
+  }
+  else {
+    $(function(){new AdminAssets(#{{js_options.to_json}});});
+  }

data/app/views/admin/shared/_content_actions.html.slim

@@ -7,12 +7,24 @@
       ul.dropdown-menu
         - batch_action_list.each do |batch_action|
           li
-            a.batch_action_link href='#' data-action=batch_action.name data-confirm=batch_action.confirm = batch_action.title
+            a.batch_action_link(
+              href='#'
+              data-form=batch_action.form
+              data-action=batch_action.name
+              data-confirm=batch_action.confirm
+            )
+              = batch_action.title
   - unless button_scopes.blank?
     .btn-group.pjax_links
       - button_scopes.each do |name, opts|
-        - active = params[opts[:as]]
-        a.btn href=url_for(opts[:as] => (active ? nil : 1)) class=('active' if active) = t "admin.scopes.#{name}", default: name
+        - param_name = opts[:as] || name
+        - active = params[param_name]
+        a.btn href=url_for(param_name => (active ? nil : 1)) class=('active' if active)
+          = t "admin.scopes.#{name}", default: name.to_s.titleize
+          - if opts[:badge]
+            - scope_count = resource_class.send(name).count
+            - unless scope_count.zero?
+              span.badge< class=("badge-#{opts[:badge][:type] || 'important'}") = scope_count
 
   a.btn.pull-left#columns_hider_show href="#columns_hider" data-toggle='modal' = t 'admin.columns_hider.button'
 
@@ -29,9 +41,9 @@
     .btn-group.downloads
       = icon('download-alt')
       /- %w(csv xls json).each do |format|
-      - %w(csv xls).each do |format|
-        - next if format == 'xls' && !defined?(Mime::XLSX)
-        = link_to format, params.merge(per_page: 10_000, format: format), id: "export_#{format}"
+      - %w(csv xlsx).each do |format|
+        - next if format == 'xlsx' && !Mime[:xlsx]
+        = link_to format, params_for_links.merge(per_page: 10_000, format: format), id: "export_#{format}"
 
   - if @search && settings[:sort_buttons]
     .btn-group

data/app/views/admin/shared/_locale_tabs.html.slim

@@ -1,8 +1,8 @@
 .tabbable.locale_tabs
   ul.nav.nav-tabs
-    - Globalize.available_locales.each_with_index do |l, i|
+    - locales.each_with_index do |l, i|
       li class=('active' if i.zero?)
         a data-toggle="tab" href="##{l}" class="ico_#{l}" = t("admin.langs.#{l}", default: l.to_s)
   .tab-content
-    - Globalize.available_locales.each_with_index do |l, i|
-      .tab-pane id=l class="tab_#{l} #{'active' if i.zero?}" = loc_html[l]
+    - locales.each_with_index do |l, i|
+      .tab-pane id=l class="tab_#{l} #{'active' if i.zero?}" = locale_html[l]

data/app/views/admin/structures/_form.html.slim

@@ -3,7 +3,8 @@
     = f.input :title, locale: l
     = f.input :redirect_url, locale: l, as: :string
 
-  = f.input :slug
+  - Structure.simple_slug_columns.each do |column|
+    = f.input column
   - if @structure.moveable?
     = f.input :parent, as: :tree_select
   = f.input :structure_type_id, collection: StructureType.all

data/app/views/layouts/admin/_footer.html.slim

@@ -1,7 +1,8 @@
-footer
-  ' Powered by
-  a href='https://github.com/leschenko/ab_admin' target='_blank' = "AbAdmin #{AbAdmin::VERSION}"
-  .muted.footer-notes= AbAdmin.footer_notes
+- if AbAdmin.footer
+  footer
+    ' Powered by
+    a href='https://github.com/leschenko/ab_admin' target='_blank' = "AbAdmin #{AbAdmin::VERSION}"
+    .muted.footer-notes= AbAdmin.footer_notes
 
 = cache [I18n.locale, 'admin', 'footer'] do
   = render 'admin/fileupload/asset_templates'

data/app/views/layouts/admin/application.html.slim

@@ -8,6 +8,8 @@ html id="controller_#{controller_name}"
     = include_fv
     = javascript_include_tag 'ab_admin/application'
     = csrf_meta_tags
+    - if AbAdmin.favicon_path
+      link rel="icon" type="image/x-icon" href=AbAdmin.favicon_path
     = yield(:head)
   body id="action_#{action_name}" class="resource_#{resource_collection_name} #{AbAdmin.body_css_class}"
     #wrap

data/config/locales/ru.yml

@@ -110,6 +110,7 @@ ru:
     form:
       cancel: Отмена
       save: Сохранить
+      saving: Сохранение
       save_and_add_another: Сохранить & новый
       save_and_edit: Сохранить & редактировать
       save_and_edit_next: Сохранить и след.

data/config/routes.rb

@@ -1,7 +1,6 @@
 Rails.application.routes.draw do
-
   namespace :admin do
-    root to: 'dashboards#index'
+    root to: 'dashboards#index', as: :root
     get 'dashboards', as: 'dashboards'
 
     resources :structures do
@@ -33,27 +32,23 @@ Rails.application.routes.draw do
 
     post 'translate' => AbAdmin::I18nTools::TranslateApp
 
-    controller 'manager', constraints: {format: /(html|js|json|xml|csv|xls|xlsx)/} do
-      scope '(/:parent_resource/:parent_resource_id)/:model_name' do
-        get '/new', action: :new, as: 'new'
-        post '/batch', action: :batch, as: 'batch'
-        post '/rebuild', action: :rebuild, as: 'rebuild'
-        match '/custom_action', action: :custom_action, as: 'collection_action', via: :all
-
-        scope ':id' do
-          get '/edit', action: :edit, as: 'edit'
-          get '/history', action: :history, as: 'history'
-          match '/custom_action', action: :custom_action, as: 'member_action', via: :all
-          get '/', action: :show, as: 'show'
-          patch '/', action: :update, as: 'update'
-          delete '/', action: :destroy, as: 'destroy'
-        end
-
-        get '/', action: :index, as: 'index'
-        post '/', action: :create, as: 'create'
+    scope '(/:parent_resource/:parent_resource_id)/:model_name', controller: 'manager', constraints: {format: /(html|js|json|xml|csv|xls|xlsx)/} do
+      get '/new', action: :new, as: 'new'
+      post '/batch', action: :batch, as: 'batch'
+      post '/rebuild', action: :rebuild, as: 'rebuild'
+      match '/custom_action', action: :custom_action, as: 'collection_action', via: :all
+
+      scope ':id' do
+        get '/edit', action: :edit, as: 'edit'
+        get '/history', action: :history, as: 'history'
+        match '/custom_action', action: :custom_action, as: 'member_action', via: :all
+        get '/', action: :show, as: 'show'
+        patch '/', action: :update, as: 'update'
+        delete '/', action: :destroy, as: 'destroy'
       end
-    end
 
+      get '/', action: :index, as: 'index'
+      post '/', action: :create, as: 'create'
+    end
   end
-
 end

data/lib/ab_admin.rb

@@ -8,6 +8,9 @@ require 'ab_admin/core_ext'
 require 'ab_admin/engine'
 
 module AbAdmin
+  DOMAINNAME_REGEXP = /\A(?:[0-9a-z]\.|[0-9a-z][0-9a-z\-]*[0-9a-z]+\.)+[a-z]{2,6}\z/
+  EMAIL_REGEXP = /\A[_A-Za-z0-9\-\+]+(?:\.[_A-Za-z0-9\-\+]+)*@(?:[0-9a-z]\.|[0-9a-z][0-9a-z\-]*[0-9a-z]+\.)+[a-z]{2,6}\z/
+
   autoload :Utils, 'ab_admin/utils'
   autoload :Devise, 'ab_admin/devise'
   autoload :AbstractResource, 'ab_admin/abstract_resource'
@@ -134,6 +137,8 @@ module AbAdmin
 
   mattr_accessor :body_css_class
 
+  mattr_accessor :favicon_path
+
   mattr_accessor :devise_layout
   @@devise_layout = 'admin/devise'
 
@@ -152,6 +157,9 @@ module AbAdmin
   mattr_accessor :test_settings
   @@test_settings = {}
 
+  mattr_accessor :footer
+  @@footer = true
+
   mattr_accessor :footer_notes
 
   mattr_accessor :default_url_options
@@ -179,12 +187,14 @@ module AbAdmin
   mattr_accessor :per_page_variants
   @@per_page_variants = [50, 100, 500, 1000]
 
+  mattr_accessor :default_permitted_params
+  @@default_permitted_params = [:fileupload_guid]
+
   extend Utils
 
   def self.setup
     yield self
   end
-
 end
 
 

data/lib/ab_admin/abstract_resource.rb

@@ -8,7 +8,7 @@ module AbAdmin
 
     attr_accessor :model, :table, :search, :export, :form, :modal_form, :show, :preview_path, :actions, :custom_settings,
                   :batch_action_list, :action_items, :disabled_action_items, :resource_action_items, :tree_node_renderer,
-                  :parent_resources, :custom_actions
+                  :parent_resources, :custom_actions, :permitted_params, :scopes
 
     def initialize
       @actions = ACTIONS
@@ -20,6 +20,7 @@ module AbAdmin
       @action_items_for = {}
       @parent_resources = []
       @custom_actions = []
+      @scopes = []
       @model = self.class.name.sub('AbAdmin', '').safe_constantize
       add_admin_addition_to_model
     end
@@ -58,6 +59,10 @@ module AbAdmin
         instance.preview_path = block_given? ? block : value
       end
 
+      def permitted_params(*values, &block)
+        instance.permitted_params = block_given? ? block : values
+      end
+
       def actions(*actions_to_keep)
         instance.actions = begin
           options = actions_to_keep.extract_options!
@@ -123,6 +128,10 @@ module AbAdmin
       def collection_action(name, options={}, &block)
         instance.custom_actions << AbAdmin::Config::CustomAction.new(name, options.merge(collection: true), &block)
       end
+
+      def scope(name, options={}, &block)
+        instance.scopes << AbAdmin::Config::Scope.new(name, options, &block)
+      end
     end
 
     def export
@@ -164,4 +173,4 @@ module AbAdmin
       model.included_modules.include?(module_constant)
     end
   end
-end
+end

data/lib/ab_admin/carrierwave/base_uploader.rb

@@ -1,18 +1,16 @@
-# encoding: utf-8
 require 'mime/types'
 require 'mini_magick'
 require 'carrierwave/processing/mini_magick'
-require 'carrierwave/processing/mime_types'
 
 module AbAdmin
   module CarrierWave
     class BaseUploader < ::CarrierWave::Uploader::Base
       include ::CarrierWave::MiniMagick
-      include ::CarrierWave::MimeTypes
       include AbAdmin::Utils::EvalHelpers
 
-      class_attribute :transliterate
+      class_attribute :transliterate, :human_filenames
       self.transliterate = true
+      self.human_filenames = true
 
       attr_accessor :internal_identifier
 
@@ -20,8 +18,6 @@ module AbAdmin
 
       storage :file
 
-      process :set_content_type
-
       with_options if: :image? do |img|
         img.process :strip
         img.process cropper: lambda { |model| model.cropper_geometry }
@@ -30,19 +26,35 @@ module AbAdmin
 
       process :set_model_info
 
+      def strict_filename(for_file=filename)
+        "#{version_name || secure_token}#{File.extname(for_file).downcase}"
+      end
+
       def save_original_name(file)
         model.original_name ||= file.original_filename if file.respond_to?(:original_filename)
       end
 
+      def base_filename_part
+        if version_name
+          version_name.to_s.start_with?('retina_') ? "#{version_name.to_s.sub(/^retina_/, '')}@2x" : version_name.to_s
+        else
+          secure_token
+        end
+      end
+
       def full_filename(for_file=filename)
-        ext = File.extname(for_file)
+        human_filenames ? human_full_filename(for_file) : strict_filename(for_file)
+      end
+
+      def human_full_filename(for_file=filename)
+        ext = File.extname(for_file).downcase
         human_filename_part = for_file.chomp(ext)
-        tech_filename_part = "#{version_name || secure_token}#{ext}"
+        tech_filename_part = "#{base_filename_part}#{ext}"
         human_filename_part == secure_token ? tech_filename_part : "#{human_filename_part}_#{tech_filename_part}"
       end
 
       def full_original_filename
-        "#{version_name || secure_token}#{File.extname(store_filename)}"
+        "#{base_filename_part}#{File.extname(store_filename)}"
       end
 
       # use secure token in the filename for non processed image
@@ -60,7 +72,7 @@ module AbAdmin
       alias_method :store_filename, :filename
 
       def filename
-        internal_identifier || model.send("#{mounted_as}_file_name") || (store_filename && "#{secure_token}#{File.extname(store_filename)}")
+        internal_identifier || model.send("#{mounted_as}_file_name") || (store_filename && "#{secure_token}#{File.extname(store_filename).downcase}")
       end
 
       def write_internal_identifier(internal_identifier)
@@ -73,34 +85,42 @@ module AbAdmin
       def model_filename(base_filename, record)
         custom_file_name = model.build_filename(base_filename, record)
         return unless custom_file_name
-        normalize_filename(custom_file_name) + File.extname(base_filename)
+        normalize_filename(custom_file_name) + File.extname(base_filename).downcase
       end
 
       def normalize_filename(raw_filename)
-        I18n.transliterate(raw_filename).parameterize('_').gsub(/[\-_]+/, '_').downcase
+        parameterize_args = ActiveSupport::VERSION::MAJOR > 4 ? {separator: '_'} : '_'
+        I18n.transliterate(raw_filename).parameterize(parameterize_args).gsub(/[\-_]+/, '_').downcase
       end
 
       # rename files via move
       def rename_via_move(new_file_name)
-        dir = File.dirname(path)
-
-        moves = []
-        versions.values.unshift(self).each do |v|
-          from_path = File.join(dir, v.full_filename)
-          to_path = File.join(dir, v.full_filename(new_file_name))
-          return false if from_path == to_path || !File.exists?(from_path)
-          moves << [from_path, to_path]
+        if human_filenames
+          dir = File.dirname(path)
+
+          moves = []
+          versions.values.unshift(self).each do |v|
+            from_path = File.join(dir, v.full_filename)
+            to_path = File.join(dir, v.full_filename(new_file_name))
+            next if from_path == to_path || !File.exists?(from_path)
+            moves << [from_path, to_path]
+          end
+          moves.each { |move| FileUtils.mv(*move) }
         end
-        moves.each { |move| FileUtils.mv(*move) }
 
         write_internal_identifier new_file_name
         model.send("write_#{mounted_as}_identifier")
-        retrieve_from_store!(new_file_name)
+        retrieve_from_store!(new_file_name) if human_filenames
+
         new_file_name
       end
 
       private :write_internal_identifier, :store_filename, :model_filename
 
+      def rmagick_included?
+        self.class.included_modules.map(&:to_s).include?('CarrierWave::RMagick')
+      end
+
       # prevent large number of subdirectories
       def store_dir
         str_id = model.id.to_s.rjust(4, '0')
@@ -126,7 +146,7 @@ module AbAdmin
 
         unless percentage.blank?
           manipulate! do |img|
-            img.quality(percentage.to_s)
+            img.quality percentage.to_s
             img = yield(img) if block_given?
             img
           end
@@ -141,7 +161,7 @@ module AbAdmin
 
         unless degrees.blank?
           manipulate! do |img|
-            img.rotate(degrees.to_s)
+            rmagick_included? ? img.rotate!(degrees.to_i) : img.rotate(degrees.to_s)
             img = yield(img) if block_given?
             img
           end
@@ -179,7 +199,7 @@ module AbAdmin
       end
 
       def image?(new_file = nil)
-        (file || new_file).content_type.include? 'image'
+        AbAdmin.image_types.include?((file || new_file).content_type)
       end
 
       def dimensions