activeadmin 1.0.0.pre1 → 2.9.0

data/docs/11-decorators.md

@@ -1,14 +1,13 @@
+---
+redirect_from: /docs/11-decorators.html
+---
+
 # Decorators
 
 Active Admin allows you to use the decorator pattern to provide view-specific
 versions of a resource. [Draper](https://github.com/drapergem/draper) is
 recommended but not required.
 
-To use decorator support without Draper, your decorator must support a variety
-of collection methods to support pagination, filtering, etc. See
-[this github issue discussion](https://github.com/activeadmin/activeadmin/issues/3600)
-and [this gem](https://github.com/kiote/activeadmin-poro-decorator) for more details.
-
 ## Example usage
 
 ```ruby
@@ -38,6 +37,22 @@ ActiveAdmin.register Post do
 end
 ```
 
+You can pass any decorator class as an argument to `decorate_with`
+as long as it accepts the record to be decorated as a parameter in
+the initializer, and responds to all the necessary methods.
+
+```ruby
+# app/decorators/post_decorator.rb
+class PostDecorator
+  attr_reader :post
+  delegate_missing_to :post
+
+  def initialize(post)
+    @post = post
+  end
+end
+```
+
 ## Forms
 
 By default, ActiveAdmin does *not* decorate the resource used to render forms.

data/docs/12-arbre-components.md

@@ -1,3 +1,7 @@
+---
+redirect_from: /docs/12-arbre-components.html
+---
+
 # Arbre Components
 
 Arbre allows the creation of shareable and extendable HTML components and is
@@ -18,8 +22,8 @@ ActiveAdmin.register Post do
         row :id
         row 'Tags' do
           post.tags.each do |tag|
-            a tag, href: admin_post_path(q: {tagged_with_contains: tag})          
-            text_node "&nbsp".html_safe
+            a tag, href: admin_post_path(q: {tagged_with_contains: tag})
+            text_node " ".html_safe
           end
         end
       end
@@ -54,9 +58,9 @@ The Columns component allows you draw content into scalable columns. All you
 need to do is define the number of columns and the component will take care of
 the rest.
 
-#### Simple Columns
+### Simple Columns
 
-To create simple columnns, use the `columns` method. Within the block, call
+To create simple columns, use the `columns` method. Within the block, call
 the #column method to create a new column.
 
 ```ruby
@@ -111,6 +115,21 @@ end
 In the above example, the first column will not grow larger than 200px and will
 not shrink less than 100px.
 
+### Custom Column Class
+
+Pass the `:class` option to the column method to set a custom class.
+
+```ruby
+columns do
+  column class: "important" do
+    span "Column # 1"
+  end
+  column do
+    span "Column # 2"
+  end
+end
+```
+
 ## Table For
 
 Table For provides the ability to create tables like those present
@@ -126,25 +145,70 @@ table_for order.payments do
 end
 ```
 
-the `column` method can take a title as its first argument and data
+The `column` method can take a title as its first argument and data
 (`:your_method`) as its second (or first if no title provided). Column also
 takes a block.
 
+### Internationalization
+
+To customize the internationalization for the component, specify a resource to
+use for translations via the `i18n` named parameter. This is only necessary for
+non-`ActiveRecord::Relation` collections:
+
+```ruby
+table_for payments, i18n: Payment do
+  # ...
+end
+```
+
 ## Status tag
 
 Status tags provide convenient syntactic sugar for styling items that have
 status. A common example of where the status tag could be useful is for orders
 that are complete or in progress. `status_tag` takes a status, like
-"In Progress", a type, which defaults to nil, and a hash of options. The
-status_tag will generate html markup that Active Admin css uses in styling.
+"In Progress", and a hash of options. The status_tag will generate HTML markup
+that Active Admin CSS uses in styling.
 
 ```ruby
 status_tag 'In Progress'
 # => <span class='status_tag in_progress'>In Progress</span>
 
-status_tag 'active', :ok
-# => <span class='status_tag active ok'>Active</span>
+status_tag 'active', class: 'important', id: 'status_123', label: 'on'
+# => <span class='status_tag active important' id='status_123'>on</span>
+```
+
+When providing a `true` or `false` value, the `status_tag` will display "Yes"
+or "No". This can be configured through the `"en.active_admin.status_tag"`
+locale.
+
+```ruby
+status_tag true
+# => <span class='status_tag yes'>Yes</span>
+```
+
+In the case that a boolean field is `nil`, it will display "No" as a default.
+But using the `"en.active_admin.status_tag.unset"` locale key, it can be
+configured to display something else.
+
+## Tabs
 
-status_tag 'active', :ok, class: 'important', id: 'status_123', label: 'on'
-# => <span class='status_tag active ok important' id='status_123'>on</span>
+The Tabs component is helpful for saving page real estate. The first tab will be
+the one open when the page initially loads and the rest hidden. You can click
+each tab to toggle back and forth between them. Arbre supports unlimited number
+of tabs.
+
+```ruby
+tabs do
+  tab :active do
+    table_for orders.active do
+      ...
+    end
+  end
+
+  tab :inactive do
+    table_for orders.inactive do
+      ...
+    end
+  end
+end
 ```

data/docs/13-authorization-adapter.md

@@ -1,3 +1,7 @@
+---
+redirect_from: /docs/13-authorization-adapter.html
+---
+
 # Authorization Adapter
 
 Active Admin offers the ability to define and use your own authorization
@@ -6,8 +10,8 @@ taken. By default, '#authorized?' returns true.
 
 ## Setting up your own AuthorizationAdapter
 
-Setting up your own `AuthorizationAdapter` is easy! The following example shows
-how to set up and tie your authorization adapter class to Active Admin:
+The following example shows how to set up and tie your authorization
+adapter class to Active Admin:
 
 ```ruby
 # app/models/only_authors_authorization.rb
@@ -37,7 +41,11 @@ application's `config/initializers/active_admin.rb` and add/modify the line:
 config.authorization_adapter = "OnlyAuthorsAuthorization"
 ```
 
-Authorization adapters can be configured per ActiveAdmin namespace as well, for example:
+Now, whenever a controller action is performed, the `OnlyAuthorsAuthorization`'s
+`#authorized?` method will be called.
+
+Authorization adapters can be configured per ActiveAdmin namespace as well, for
+example:
 
 ```ruby
 ActiveAdmin.setup do |config|
@@ -50,9 +58,6 @@ ActiveAdmin.setup do |config|
 end
 ```
 
-Now, whenever a controller action is performed, the `OnlyAuthorsAuthorization`'s
-`#authorized?` method will be called.
-
 ## Getting Access to the Current User
 
 From within your authorization adapter, you can call the `#user` method to
@@ -70,9 +75,9 @@ end
 
 ## Scoping Collections in Authorization Adapters
 
-`ActiveAdmin::AuthorizationAdapter` also provides a hook method (`#scope_collection`)
-for the adapter to scope the resource's collection. For example, you may want to
-centralize the scoping:
+`ActiveAdmin::AuthorizationAdapter` also provides a hook method
+(`#scope_collection`) for the adapter to scope the resource's collection. For
+example, you may want to centralize the scoping:
 
 ```ruby
 class OnlyMyAccount < ActiveAdmin::AuthorizationAdapter
@@ -93,7 +98,7 @@ and will be scoped accordingly.
 
 ## Managing Access to Pages
 
-Pages, just like resources, get authorized also. When authorization a page, the
+Pages, just like resources, get authorized too. When authorizing a page, the
 subject will be an instance of `ActiveAdmin::Page`.
 
 ```ruby
@@ -101,7 +106,9 @@ class OnlyDashboard < ActiveAdmin::AuthorizationAdapter
   def authorized?(action, subject = nil)
     case subject
     when ActiveAdmin::Page
-      action == :read && subject.name == "Dashboard" && subject.namespace.name == :admin
+      action == :read &&
+        subject.name == "Dashboard" &&
+        subject.namespace.name == :admin
     else
       false
     end
@@ -113,24 +120,23 @@ end
 
 By default Active Admin simplifies the controller actions into 4 actions:
 
-  * `:read` - This controls if the user can view the menu item as well as the
-    index and show screens.
-  * `:create` - This controls if the user can view the new screen and submit
-    the form to the create action.
-  * `:update` - This controls if the user can view the edit screen and submit
-    the form to the update action.
-  * `:destroy` - This controls if the user can delete a resource.
+* `:read` - This controls if the user can view the menu item as well as the
+  index and show screens.
+* `:create` - This controls if the user can view the new screen and submit
+  the form to the create action.
+* `:update` - This controls if the user can view the edit screen and submit
+  the form to the update action.
+* `:destroy` - This controls if the user can delete a resource.
 
 Each of these actions is available as a constant. Eg: `:read` is available as
 `ActiveAdmin::Authorization::READ`.
 
-
 ## Checking for Authorization in Controllers and Views
 
 Active Admin provides a helper method to check if the current user is
 authorized to perform an action on a subject.
 
-Simply use the `#authorized?(action, subject) method to check.
+Use the `#authorized?(action, subject)` method to check.
 
 ```ruby
 ActiveAdmin.register Post do
@@ -174,28 +180,28 @@ end
 
 Sub-classing `ActiveAdmin::AuthorizationAdapter` is fairly low level. Many times
 it's nicer to have a simpler DSL for managing authorization. Active Admin
-provides an adapter out of the box for [CanCan](https://github.com/ryanb/cancan)
-and [CanCanCan](https://github.com/CanCanCommunity/cancancan).
+provides an adapter out of the box for [CanCanCan](https://github.com/CanCanCommunity/cancancan).
 
-To use the CanCan adapter, simply update the configuration in the Active Admin
+To use the CanCan adapter, update the configuration in the Active Admin
 initializer:
 
 ```ruby
 config.authorization_adapter = ActiveAdmin::CanCanAdapter
 ```
 
-You can also specify a method to be called on unauthorized access. This is necessary
-in order to prevent a redirect loop that can happen if a user tries to access a page
-they don't have permissions for (see [#2081](https://github.com/activeadmin/activeadmin/issues/2081)).
+You can also specify a method to be called on unauthorized access. This is
+necessary in order to prevent a redirect loop that can happen if a user tries to
+access a page they don't have permissions for (see
+[#2081](https://github.com/activeadmin/activeadmin/issues/2081)).
 
 ```ruby
 config.on_unauthorized_access = :access_denied
 ```
 
-The method `access_denied` would be defined in `application_controller.rb`. Here is one
-example that redirects the user from the page they don't have permission to
-access to a resource they have permission to access (organizations in this case), and
-also displays the error message in the browser:
+The method `access_denied` would be defined in `application_controller.rb`. Here
+is one example that redirects the user from the page they don't have permission
+to access to a resource they have permission to access (organizations in this
+case), and also displays the error message in the browser:
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -214,7 +220,7 @@ changed from the initializer:
 config.cancan_ability_class = "MyCustomAbility"
 ```
 
-Now you can simply use CanCan or CanCanCan the way that you would expect and
+Now you can simply use CanCanCan the way that you would expect and
 Active Admin will use it for authorization:
 
 ```ruby
@@ -226,23 +232,54 @@ class Ability
     can :manage, Post
     can :read, User
     can :manage, User, id: user.id
-    can :read, ActiveAdmin::Page, name: "Dashboard", namespace_name: :admin
+    can :read, ActiveAdmin::Page, name: "Dashboard", namespace_name: "admin"
   end
 
 end
 ```
 
-To view more details about the API's, visit project pages of [CanCan](https://github.com/ryanb/cancan) and [CanCanCan](https://github.com/CanCanCommunity/cancancan).
+To view more details about the API's, visit project pages of
+[CanCanCan](https://github.com/CanCanCommunity/cancancan).
 
 ## Using the Pundit Adapter
 
-Active Admin provides an adapter out of the box also for [Pundit](https://github.com/elabs/pundit).
+Active Admin also provides an adapter out of the box for
+[Pundit](https://github.com/varvet/pundit).
 
-To use the Pundit adapter, simply update the configuration in the Active Admin
+To use the Pundit adapter, update the configuration in the Active Admin
 initializer:
 
 ```ruby
 config.authorization_adapter = ActiveAdmin::PunditAdapter
 ```
 
-You can simply use Pundit the way that you would expect and Active Admin will use it for authorization. Check Pundit's documentation to [set up Pundit in your application](https://github.com/elabs/pundit#installation). If you want to use batch actions just ensure that `destroy_all?` method is defined in your policy class. You can use this [template policy](https://github.com/activeadmin/activeadmin/blob/master/spec/support/templates/policies/application_policy.rb) in your application instead of default one generated by Pundit's `rails g pundit:install` command.
+Once that's done, Active Admin will pick up your Pundit policies, and use
+them for authorization. For more information about setting up Pundit, see
+[their documentation](https://github.com/varvet/pundit#installation).
+
+Pundit also has [verify_authorized and/or verify_policy_scoped
+methods](https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used)
+to enforce usage of `authorized` and `policy_scope`. This conflicts with Active
+Admin's authorization architecture, so if you're using those features, you'll
+want to disable them for Active Admin's controllers:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include Pundit
+  after_action :verify_authorized, except: :index, unless: :active_admin_controller?
+  after_action :verify_policy_scoped, only: :index, unless: :active_admin_controller?
+
+  def active_admin_controller?
+    is_a?(ActiveAdmin::BaseController)
+  end
+end
+```
+
+If you want to use batch actions, ensure that `destroy_all?` method is defined
+in your policy class. You can use this [template
+policy](https://github.com/activeadmin/activeadmin/blob/master/spec/support/templates/policies/application_policy.rb)
+in your application instead of default one generated by Pundit's
+`rails g pundit:install` command.
+
+In addition, there are [example policies](https://github.com/activeadmin/activeadmin/tree/master/spec/support/templates/policies/active_admin)
+for restricting access to ActiveAdmin's pages and comments.

data/docs/14-gotchas.md

@@ -1,30 +1,45 @@
-#Gotchas
+---
+redirect_from: /docs/14-gotchas.html
+---
+
+# Gotchas
+
+## Security
+
+### Spreadsheet applications vulnerable to unescaped CSV data
+
+If your CSV export includes untrusted data provided by your users, it's possible
+that they could include an executable formula that could call arbitrary commands
+on your computer. See
+[#4256](https://github.com/activeadmin/activeadmin/issues/4256) for more
+details.
 
 ## Session Commits & Asset Pipeline
 
-When configuring the asset pipeline ensure that the asset prefix 
-(`config.assets.prefix`) is not the same as the namespace of ActiveAdmin 
-(default namespace is `/admin`). If they are the same Sprockets will prevent the 
-session from being committed. Flash messages won't work and you will be unable to 
+When configuring the asset pipeline ensure that the asset prefix
+(`config.assets.prefix`) is not the same as the namespace of ActiveAdmin
+(default namespace is `/admin`). If they are the same Sprockets will prevent the
+session from being committed. Flash messages won't work and you will be unable to
 use the session for storing anything.
 
-For more information see the following post: 
-[http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session](http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session)
+For more information see [the following
+post](http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session).
 
 ## Helpers
 
-There are two knowing gotchas with helpers. This hopefully will help you to
+There are two known gotchas with helpers. This hopefully will help you to
 find a solution.
 
 ### Helpers are not reloading in development
 
-This is a known and still open [issue](https://github.com/activeadmin/activeadmin/issues/697)
-the only way is to restart your server each time you change a helper.
+This is a known and still open
+[issue](https://github.com/activeadmin/activeadmin/issues/697) the only way is
+to restart your server each time you change a helper.
 
 ### Helper maybe not included by default
 
-If you use `config.action_controller.include_all_helpers = false` in your application config, 
-you need to include it by hand.
+If you use `config.action_controller.include_all_helpers = false` in your
+application config, you need to include it by hand.
 
 #### Solutions
 
@@ -53,23 +68,27 @@ end
 
 ## CSS
 
-In order to avoid the override of your application style with the Active Admin one, you can do one of this things:
-* You can properly move the generated file `active_admin.css.scss` from `app/assets/stylesheets` to `vendor/assets/stylesheets`.
-* You can remove all `require_tree` comands from your root level css files, where the `active_admin.css.scss` is in the tree.
+In order to avoid the override of your application style with the Active Admin
+one, you can do one of these things:
+
+* You can properly move the generated file `active_admin.scss` from
+  `app/assets/stylesheets` to `vendor/assets/stylesheets`.
+* You can remove all `require_tree` commands from your root level css files,
+  where the `active_admin.scss` is in the tree.
 
 ## Conflicts
 
 ### With gems that provides a `search` class method on a model
 
-If a gem defines a `search` class method on a model, this can result in conflicts 
+If a gem defines a `search` class method on a model, this can result in conflicts
 with the same method provided by `ransack` (a dependency of ActiveAdmin).
 
-Each of this conflicts need to solved is a different way. Some solutions are 
+Each of this conflicts need to solved is a different way. Some solutions are
 listed below.
 
 #### `tire`, `retire` and `elasticsearch-rails`
 
-This conflict can be solved, by using explicitly the `search` method of `tire`, 
+This conflict can be solved, by using explicitly the `search` method of `tire`,
 `retire` or `elasticsearch-rails`:
 
 ##### For `tire` and `retire`
@@ -90,3 +109,30 @@ YourModel.__elasticsearch__.search
 YourModel.solr_search
 ```
 
+### Rails 5 scaffold generators
+
+Active Admin requires the `inherited_resources` gem which may break scaffolding
+under Rails 5 as it replaces the default scaffold generator. The solution is to
+configure the default controller in `config/application.rb` as outlined in
+[activeadmin/inherited_resources#195](https://github.com/activeadmin/inherited_resources/issues/195)
+
+```ruby
+module SampleApp
+  class Application < Rails::Application
+    ...
+    config.app_generators.scaffold_controller = :scaffold_controller
+    ...
+  end
+end
+```
+
+## Authentication & Application Controller
+
+The `ActiveAdmin::BaseController` inherits from the `ApplicationController`. Any
+authentication method(s) specified in the `ApplicationController` callbacks will
+be called instead of the authentication method in the active admin config file.
+For example, if the ApplicationController has a callback `before_action
+:custom_authentication_method` and the config file's authentication method is
+`config.authentication_method = :authenticate_active_admin_user`, then
+`custom_authentication_method` will be called instead of
+`authenticate_active_admin_user`.