active_scaffold 3.4.43 → 3.5.0

data/lib/active_scaffold/actions/search.rb

@@ -22,8 +22,8 @@ module ActiveScaffold::Actions
           columns = active_scaffold_config.search.columns
           text_search = active_scaffold_config.search.text_search
           query = query.split(active_scaffold_config.search.split_terms) if active_scaffold_config.search.split_terms
-          search_conditions = self.class.create_conditions_for_columns(query, columns, text_search)
-          @filtered = !search_conditions.blank?
+          search_conditions = self.class.conditions_for_columns(query, columns, text_search)
+          @filtered = search_conditions.present?
           active_scaffold_conditions.concat search_conditions if @filtered
 
           references, outer_joins = columns.partition do |column|

data/lib/active_scaffold/actions/show.rb

@@ -1,7 +1,7 @@
 module ActiveScaffold::Actions
   module Show
     def self.included(base)
-      base.before_filter :show_authorized_filter, :only => :show
+      base.before_action :show_authorized_filter, :only => :show
     end
 
     def show
@@ -42,14 +42,13 @@ module ActiveScaffold::Actions
     # May be overridden to customize show routine
     def do_show
       set_includes_for_columns(:show) if active_scaffold_config.actions.include? :list
-      klass = beginning_of_chain.preload(active_scaffold_preload)
-      @record = find_if_allowed(params[:id], :read, klass)
+      get_row
     end
 
     # The default security delegates to ActiveRecordPermissions.
     # You may override the method to customize.
     def show_authorized?(record = nil)
-      (record || self).send(:authorized_for?, :crud_type => :read)
+      (record || self).authorized_for?(crud_type: :read, reason: true)
     end
 
     def show_ignore?(record = nil)
@@ -60,7 +59,7 @@ module ActiveScaffold::Actions
 
     def show_authorized_filter
       link = active_scaffold_config.show.link || active_scaffold_config.show.class.link
-      raise ActiveScaffold::ActionNotAllowed unless send(link.security_method)
+      raise ActiveScaffold::ActionNotAllowed unless Array(send(link.security_method))[0]
     end
 
     def show_formats

data/lib/active_scaffold/actions/subform.rb

@@ -2,7 +2,7 @@ module ActiveScaffold::Actions
   module Subform
     def edit_associated
       do_edit_associated
-      render :action => 'edit_associated', :formats => [:js], :readonly => @column.association.options[:readonly]
+      render :action => 'edit_associated', :formats => [:js], :readonly => @column.association.readonly?
     end
 
     protected
@@ -18,13 +18,15 @@ module ActiveScaffold::Actions
       @column = active_scaffold_config.columns[params[:child_association]]
 
       # NOTE: we don't check whether the user is allowed to update this record, because if not, we'll still let them associate the record. we'll just refuse to do more than associate, is all.
-      @record = @column.association.klass.find(params[:associated_id]) if params[:associated_id]
-      if @record
-        if (association = active_scaffold_config.columns[params[:child_association]].association.reverse)
-          if @record.class.reflect_on_association(association).collection?
-            @record.send(association) << @parent_record
+      if params[:associated_id]
+        @record = @column.association.klass.find(params[:associated_id])
+        if (reverse = @column.association.reverse_association)
+          if reverse.collection?
+            @record.send(reverse.name) << @parent_record
+          elsif @column.association.belongs_to?
+            @parent_record.send("#{@column.name}=", @record)
           else
-            @record.send("#{association}=", @parent_record)
+            @record.send("#{reverse.name}=", @parent_record)
           end
         end
       else

data/lib/active_scaffold/actions/update.rb

@@ -1,7 +1,7 @@
 module ActiveScaffold::Actions
   module Update
     def self.included(base)
-      base.before_filter :update_authorized_filter, :only => [:edit, :update]
+      base.before_action :update_authorized_filter, :only => %i[edit update]
       base.helper_method :update_refresh_list?
     end
 
@@ -135,28 +135,35 @@ module ActiveScaffold::Actions
     def do_update_column
       # delete from params so update :table won't break urls, also they shouldn't be used in sort links too
       value = params.delete(:value)
-      column = params.delete(:column).to_sym
+      column = params.delete(:column)
       params.delete(:original_html)
       params.delete(:original_value)
       @column = active_scaffold_config.columns[column]
-      @record = find_if_allowed(params[:id], :read)
+      @record = value_record = find_if_allowed(params[:id], :read)
       return unless @record.authorized_for?(:crud_type => :update, :column => column)
+      if @column.delegated_association
+        value_record = @record.send(@column.delegated_association.name)
+        value_record ||= @record.association(@column.delegated_association.name).build
+        return unless value_record.authorized_for?(:crud_type => :update, :column => column)
+      end
 
       value ||=
         unless @column.column.nil? || @column.column.null
           default_val = @column.column.default
-          default_val = @column.column.cast_type.type_cast_from_user default_val if Rails.version >= '4.2.0'
+          default_val = ActiveScaffold::Core.column_type_cast default_val, @column.column if Rails.version >= '4.2.0'
           default_val == true ? false : default_val
         end
       unless @column.nil?
-        value = column_value_from_param_value(@record, @column, value)
-        value = [] if value.nil? && @column.form_ui && @column.plural_association?
+        value = column_value_from_param_value(value_record, @column, value)
+        value = [] if value.nil? && @column.form_ui && @column.association.try(:collection?)
       end
 
-      @record.send("#{@column.name}=", value)
+      value_record.send("#{@column.name}=", value)
       before_update_save(@record)
-      self.successful = @record.save
-      if self.successful? && active_scaffold_config.actions.include?(:list)
+      self.successful = value_record.save
+      if !successful?
+        flash.now[:error] = value_record.errors.full_messages.presence
+      elsif active_scaffold_config.actions.include?(:list)
         if @column.inplace_edit_update == :table
           params.delete(:id)
           do_list
@@ -180,19 +187,19 @@ module ActiveScaffold::Actions
 
     # The default security delegates to ActiveRecordPermissions.
     # You may override the method to customize.
-    def update_authorized?(record = nil)
-      (!nested? || !nested.readonly?) && (record || self).authorized_for?(:crud_type => :update)
+    def update_authorized?(record = nil, column = nil)
+      (!nested? || !nested.readonly?) && (record || self).authorized_for?(crud_type: :update, column: column, reason: true)
     end
 
     def update_ignore?(record = nil)
-      !self.authorized_for?(:crud_type => :update)
+      !authorized_for?(:crud_type => :update)
     end
 
     private
 
     def update_authorized_filter
       link = active_scaffold_config.update.link || active_scaffold_config.update.class.link
-      raise ActiveScaffold::ActionNotAllowed unless send(link.security_method)
+      raise ActiveScaffold::ActionNotAllowed unless Array(send(link.security_method))[0]
     end
 
     def edit_formats

data/lib/active_scaffold/active_record_permissions.rb

@@ -22,11 +22,15 @@ module ActiveScaffold
     mattr_accessor :default_permission
     @@default_permission = true
 
+    # if enabled, string returned on authorized methods will be interpreted as not authorized and used as reason
+    mattr_accessor :not_authorized_reason
+    @@not_authorized_reason = false
+
     # This is a module aimed at making the current_user available to ActiveRecord models for permissions.
     module ModelUserAccess
       module Controller
         def self.included(base)
-          base.prepend_before_filter :assign_current_user_to_models
+          base.prepend_before_action :assign_current_user_to_models
         end
 
         # We need to give the ActiveRecord classes a handle to the current user. We don't want to just pass the object,
@@ -91,22 +95,37 @@ module ActiveScaffold
         # options[:crud_type] should be a CRUD verb (:create, :read, :update, :destroy)
         # options[:column] should be the name of a model attribute
         # options[:action] is the name of a method
+        # options[:reason] if returning reason is expected, it will return array with authorized and reason, or nil if no reason
         def authorized_for?(options = {})
-          raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] && ![:create, :read, :update, :delete].include?(options[:crud_type])
+          raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] && !%i[create read update delete].include?(options[:crud_type])
 
+          not_authorized_reason = ActiveRecordPermissions.not_authorized_reason
           # collect other possibly-related methods that actually exist
           methods = cached_authorized_for_methods(options)
           return ActiveRecordPermissions.default_permission if methods.empty?
-          return send(methods.first) if methods.one?
+          if methods.one?
+            result = send(methods.first)
+            # if not_authorized_reason enabled interpret String as reason for not authorized
+            authorized, reason = not_authorized_reason && result.is_a?(String) ? [false, result] : result
+            # return array with reason only if requested with options[:reason]
+            return options[:reason] ? [authorized, reason] : authorized
+          end
 
           # if any method returns false, then return false
-          return false if methods.any? { |m| !send(m) }
+          methods.each do |method|
+            result = send(method)
+            # if not_authorized_reason enabled interpret String as reason for not authorized
+            authorized, reason = not_authorized_reason && result.is_a?(String) ? [false, result] : [result, nil]
+            next if authorized
+            # return array with reason only if requested with options[:reason]
+            return options[:reason] ? [authorized, reason] : authorized
+          end
           true
         end
 
         def cached_authorized_for_methods(options)
           key = "#{options[:crud_type]}##{options[:column]}##{options[:action]}"
-          if self.is_a? Class
+          if is_a? Class
             self.class_security_methods ||= {}
             self.class_security_methods[key] ||= authorized_for_methods(options)
           else

data/lib/active_scaffold/attribute_params.rb

@@ -33,26 +33,25 @@ module ActiveScaffold
   module AttributeParams
     protected
 
-    # workaround to update counters when belongs_to changes on persisted record on Rails 3
     # workaround to update counters when polymorphic has_many changes on persisted record
-    # TODO: remove when rails3 support is removed and counter cache for polymorphic has_many association works on rails4
+    # TODO: remove when rails4 support is removed or counter cache for polymorphic has_many association works on rails4
     def hack_for_has_many_counter_cache(parent_record, column, value)
       association = parent_record.association(column.name)
       counter_attr = association.send(:cached_counter_attribute_name)
       difference = value.select(&:persisted?).size - parent_record.send(counter_attr)
 
       if parent_record.new_record?
-        if Rails.version == '4.2.0'
+        if Rails.version >= '4.2.0'
           parent_record.send "#{column.name}=", value
           parent_record.send "#{counter_attr}_will_change!"
-        else # < 4.2 or > 4.2.0
+        else # < 4.2
           parent_record.send "#{counter_attr}=", difference
           parent_record.send "#{column.name}=", value
         end
       else
         # don't decrement counter for deleted records, on destroy they will update counter
         difference += (parent_record.send(column.name) - value).size
-        association.send :update_counter, difference unless difference == 0
+        association.send :update_counter, difference unless difference.zero?
       end
 
       # update counters on old parents if belongs_to is changed
@@ -63,21 +62,18 @@ module ActiveScaffold
       parent_record.send "#{column.name}=", value if parent_record.persisted?
     end
 
+    # rails 4 needs this hack for polymorphic has_many
     # TODO: remove when hack_for_has_many_counter_cache is not needed
     def hack_for_has_many_counter_cache?(parent_record, column)
-      return unless column.association.try(:macro) == :has_many && parent_record.association(column.name).send(:has_cached_counter?)
-      if Rails.version < '4.0' # rails 3 needs this hack always
-        true
-      else # rails 4 needs this hack for polymorphic has_many
-        column.association.options[:as]
-      end
+      column.association.counter_cache_hack? && parent_record.association(column.name).send(:has_cached_counter?)
     end
 
     # workaround for updating counters twice bug on rails4 (https://github.com/rails/rails/pull/14849)
+    # rails 4 needs this hack for non-polymorphic belongs_to, when selecting record, not creating new one (value is Hash)
+    # rails 5 needs this hack for belongs_to, when selecting record, not creating new one (value is Hash)
     # TODO: remove when pull request is merged and no version with bug is supported
-    def counter_cache_hack?(column, value)
-      return unless Rails.version >= '4.0' && !value.is_a?(Hash)
-      column.association.try(:belongs_to?) && column.association.options[:counter_cache] && !column.association.options[:polymorphic]
+    def counter_cache_hack?(association, value)
+      !params_hash?(value) && association.belongs_to? && association.counter_cache_hack?
     end
 
     # Takes attributes (as from params[:record]) and applies them to the parent_record. Also looks for
@@ -110,7 +106,7 @@ module ActiveScaffold
             value = update_column_from_params(parent_record, column, attributes[column.name], avoid_changes)
           end
         rescue => e
-          logger.error "#{e.class.name}: #{e.message} -- on the ActiveScaffold column = :#{column.name} for #{parent_record.inspect}#{" with value #{value}" if value}"
+          Rails.logger.error "#{e.class.name}: #{e.message} -- on the ActiveScaffold column = :#{column.name} for #{parent_record.inspect}#{" with value #{value}" if value}"
           raise
         end
       end
@@ -120,14 +116,20 @@ module ActiveScaffold
 
     def update_column_from_params(parent_record, column, attribute, avoid_changes = false)
       value = column_value_from_param_value(parent_record, column, attribute, avoid_changes)
-      if avoid_changes && column.plural_association?
+      if avoid_changes && column.association
         parent_record.association(column.name).target = value
-      elsif counter_cache_hack?(column, attribute)
+        parent_record.send("#{column.association.foreign_key}=", value.try(:id)) if column.association.belongs_to?
+      elsif column.association && counter_cache_hack?(column.association, attribute)
         parent_record.send "#{column.association.foreign_key}=", value.try(:id)
         parent_record.association(column.name).target = value
+      elsif column.association.try(:collection?) && column.association.through? && !column.association.through_reflection.collection?
+        through = column.association.through_reflection.name
+        through_record = parent_record.send(through)
+        through_record ||= parent_record.send "build_#{through}"
+        through_record.send "#{column.association.source_reflection.name}=", value
       else
         begin
-          if hack_for_has_many_counter_cache?(parent_record, column)
+          if column.association && hack_for_has_many_counter_cache?(parent_record, column)
             hack_for_has_many_counter_cache(parent_record, column, value)
           else
             parent_record.send "#{column.name}=", value
@@ -137,7 +139,7 @@ module ActiveScaffold
           parent_record.association(column.name).target = value if column.association
         end
       end
-      if column.association && [:has_one, :has_many].include?(column.association.macro) && column.association.reverse
+      if column.association.try(:reverse_association).try(:belongs_to?)
         Array(value).each { |v| v.send("#{column.association.reverse}=", parent_record) if v.new_record? }
       end
       value
@@ -146,10 +148,10 @@ module ActiveScaffold
     def column_value_from_param_value(parent_record, column, value, avoid_changes = false)
       # convert the value, possibly by instantiating associated objects
       form_ui = column.form_ui || column.column.try(:type)
-      if form_ui && self.respond_to?("column_value_for_#{form_ui}_type", true)
+      if form_ui && respond_to?("column_value_for_#{form_ui}_type", true)
         send("column_value_for_#{form_ui}_type", parent_record, column, value)
-      elsif value.is_a?(Hash)
-        column_value_from_param_hash_value(parent_record, column, value, avoid_changes)
+      elsif params_hash? value
+        column_value_from_param_hash_value(parent_record, column, params_hash(value), avoid_changes)
       else
         column_value_from_param_simple_value(parent_record, column, value)
       end
@@ -171,10 +173,14 @@ module ActiveScaffold
       new_value
     end
 
+    def column_value_for_month_type(parent_record, column, value)
+      Date.parse("#{value}-01")
+    end
+
     def column_value_from_param_simple_value(parent_record, column, value)
-      if column.singular_association?
+      if column.association.try :singular?
         if value.present?
-          if column.polymorphic_association?
+          if column.association.polymorphic?
             class_name = parent_record.send(column.association.foreign_type)
             class_name.constantize.find(value) if class_name.present?
           else
@@ -182,22 +188,23 @@ module ActiveScaffold
             column.association.klass.find(value)
           end
         end
-      elsif column.plural_association?
+      elsif column.association.try :collection?
         column_plural_assocation_value_from_value(column, Array(value))
       elsif column.number? && column.options[:format] && column.form_ui != :number
         column.number_to_native(value)
       else
         # convert empty strings into nil. this works better with 'null => true' columns (and validations),
-        # and 'null => false' columns should just convert back to an empty string.
-        # ... but we can at least check the ConnectionAdapter::Column object to see if nulls are allowed
-        value = nil if value.is_a?(String) && value.empty? && !column.column.nil? && column.column.null
+        # for 'null => false' columns is just converted to default value from column
+        if value.is_a?(String) && value.empty? && !column.column.nil?
+          value = column.column.null ? nil : column.column.default
+        end
         value
       end
     end
 
     def column_plural_assocation_value_from_value(column, value)
       # it's an array of ids
-      if value && !value.empty?
+      if value.present?
         ids = value.select(&:present?)
         ids.empty? ? [] : column.association.klass.find(ids)
       else
@@ -206,32 +213,35 @@ module ActiveScaffold
     end
 
     def column_value_from_param_hash_value(parent_record, column, value, avoid_changes = false)
-      if column.singular_association?
+      if column.association.try :singular?
         manage_nested_record_from_params(parent_record, column, value, avoid_changes)
-      elsif column.plural_association?
+      elsif column.association.try :collection?
         # HACK: to be able to delete all associated records, hash will include "0" => ""
-        value.collect { |_, val| manage_nested_record_from_params(parent_record, column, val, avoid_changes) unless val.blank? }.compact
+        values = value.values.reject(&:blank?)
+        values.collect { |val| manage_nested_record_from_params(parent_record, column, val, avoid_changes) }.compact
       else
         value
       end
     end
 
     def manage_nested_record_from_params(parent_record, column, attributes, avoid_changes = false)
-      return nil unless build_record_from_params(attributes, column, parent_record)
+      return nil unless build_record_from_params?(attributes, column, parent_record)
       record = find_or_create_for_params(attributes, column, parent_record)
       if record
         record_columns = active_scaffold_config_for(column.association.klass).subform.columns
-        record_columns.constraint_columns = [column.association.reverse]
+        prev_constraints = record_columns.constraint_columns
+        record_columns.constraint_columns = [column.association.reverse].compact
         update_record_from_params(record, record_columns, attributes, avoid_changes)
+        record_columns.constraint_columns = prev_constraints
         record.unsaved = true
       end
       record
     end
 
-    def build_record_from_params(params, column, record)
+    def build_record_from_params?(params, column, record)
       current = record.send(column.name)
       klass = column.association.klass
-      (column.plural_association? && !column.show_blank_record?(current)) || !attributes_hash_is_empty?(params, klass)
+      (column.association.collection? && !column.show_blank_record?(current)) || !attributes_hash_is_empty?(params, klass)
     end
 
     # Attempts to create or find an instance of the klass of the association in parent_column from the
@@ -261,12 +271,11 @@ module ActiveScaffold
       end
     end
 
-    def save_record_to_association(record, association_name, value)
-      association = record.class.reflect_on_association(association_name) if association_name
+    def save_record_to_association(record, association, value)
       if association.try(:collection?)
-        record.send(association_name) << value
+        record.send(association.name) << value
       elsif association
-        record.send("#{association_name}=", value)
+        record.send("#{association.name}=", value)
       end
     end
 
@@ -274,24 +283,26 @@ module ActiveScaffold
     # This isn't a literal emptiness - it's an attempt to discern whether the user intended it to be empty or not.
     def attributes_hash_is_empty?(hash, klass)
       # old style date form management... ignore them too
-      part_ignore_column_types = [:datetime, :date, :time]
+      part_ignore_column_types = [:datetime, :date, :time, Time, Date]
 
       hash.all? do |key, value|
         # convert any possible multi-parameter attributes like 'created_at(5i)' to simply 'created_at'
         parts = key.to_s.split('(')
         column_name = parts.first
-        column = klass.columns_hash[column_name]
+        column = ActiveScaffold::OrmChecks.columns_hash(klass)[column_name]
+        column_type = ActiveScaffold::OrmChecks.column_type(klass, column_name) if column
 
-        # booleans and datetimes will always have a value. so we ignore them when checking whether the hash is empty.
+        # datetimes will always have a value. so we ignore them when checking whether the hash is empty.
         # this could be a bad idea. but the current situation (excess record entry) seems worse.
-        next true if column && parts.length > 1 && part_ignore_column_types.include?(column.type)
+        next true if column && parts.length > 1 && part_ignore_column_types.include?(column_type)
 
         # defaults are pre-filled on the form. we can't use them to determine if the user intends a new row.
+        # booleans always have value, so they are ignored if not changed from default
         default_value = column_default_value(column_name, klass, column)
         casted_value = column ? ActiveScaffold::Core.column_type_cast(value, column) : value
         next true if casted_value == default_value
 
-        if value.is_a?(Hash)
+        if params_hash? value
           attributes_hash_is_empty?(value, klass)
         elsif value.is_a?(Array)
           value.all?(&:blank?)
@@ -303,10 +314,18 @@ module ActiveScaffold
 
     def column_default_value(column_name, klass, column)
       return unless column
-      if Rails.version < '4.2'
-        column.default
-      else
-        column.type_cast_from_database(column.default)
+      if ActiveScaffold::OrmChecks.mongoid? klass
+        column.default_val
+      elsif ActiveScaffold::OrmChecks.active_record? klass
+        if Rails.version < '4.2'
+          column.default
+        elsif Rails.version < '5.0'
+          column.type_cast_from_database(column.default)
+        else
+          column_type = ActiveScaffold::OrmChecks.column_type(klass, column_name)
+          cast_type = ActiveModel::Type.lookup column_type
+          cast_type ? cast_type.deserialize(column.default) : column.default
+        end
       end
     end
   end