administrate 0.12.0 → 0.20.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 901108f5715bed268b4395d6edadf3738b127425910dc365390847710f19c98f
-  data.tar.gz: 6b61113c5c116250f2e46eaa5dbf77972473b16a6aae8042a6bcaef74f45308e
+  metadata.gz: 8e5544a7c600e80f4f0059f7b4aea8903e46d926b06dea598660baa758ed67ec
+  data.tar.gz: b4aefefcdb03dc10c0570e8d6b1a15629c4a3cee9f5ceb46d306e2b3a57e2454
 SHA512:
-  metadata.gz: ac4790d3bca102b4a27cc73f154e7167620f4589088b1207008f0915521735cfed483fbf085d24e7844e7b092f9f1a7d198ec6113cbc4be877758886c192f097
-  data.tar.gz: da2c64204adee3b43a566c67cf2aa42f37a0a38ea5f35b9988f704491f2b15dcd76210fb2f56f57de1576e77da71f429fe6572493e65933877b29f9eb9e5920f
+  metadata.gz: 18ac7ba09f2f7e36d5c86d492fda86cf2f31239146bcac7dacd47eb124fc793e9c425f1646cdcdcce8a672b1666322b6178cf5a602bc358d794e315050f94d02
+  data.tar.gz: 183d4aafdeeef34031acf4f0fbd29401d39ad368a2b889d509d36560dfcd2b222043ddde8504fddfddcf505017467e6eec74848c422b960233b3492e9198e06d

data/Rakefile

@@ -28,5 +28,3 @@ if defined? RSpec
     t.verbose = false
   end
 end
-
-task default: "bundler:audit"

data/app/assets/javascripts/administrate/application.js

@@ -1,6 +1,4 @@
 //= require jquery
 //= require jquery_ujs
 //= require selectize
-//= require moment
-//= require datetime_picker
 //= require_tree .

data/app/assets/javascripts/administrate/components/associative.js

@@ -0,0 +1,5 @@
+$(function() {
+  $('.field-unit--belongs-to select').selectize({});
+  $(".field-unit--has-many select").selectize({});
+  $('.field-unit--polymorphic select').selectize({});
+});

data/app/assets/javascripts/administrate/components/select.js

@@ -0,0 +1,3 @@
+$(function() {
+  $('.field-unit--select select').selectize({});
+});

data/app/assets/javascripts/administrate/components/table.js

@@ -13,7 +13,7 @@ $(function() {
       var dataUrl = $(event.target).closest("tr").data("url");
       var selection = window.getSelection().toString();
       if (selection.length === 0 && dataUrl) {
-        window.location = dataUrl;
+        window.location = window.location.protocol + '//' + window.location.host + dataUrl;
       }
     }
   };

data/app/assets/stylesheets/administrate/application.scss

@@ -3,7 +3,6 @@
 @import "reset/normalize";
 
 @import "selectize";
-@import "datetime_picker";
 
 @import "library/clearfix";
 @import "library/data-label";

data/app/assets/stylesheets/administrate/base/_forms.scss

@@ -85,7 +85,7 @@ textarea {
 [type="checkbox"],
 [type="radio"] {
   display: inline;
-  margin-right: $small-spacing / 2;
+  margin-right: $small-spacing * 0.5;
 }
 
 [type="file"] {

data/app/assets/stylesheets/administrate/base/_tables.scss

@@ -21,6 +21,9 @@ tr {
 tbody tr {
   &:hover {
     background-color: $base-background-color;
+  }
+
+  [role=link] {
     cursor: pointer;
   }
 

data/app/assets/stylesheets/administrate/components/_attributes.scss

@@ -3,9 +3,9 @@
   clear: left;
   float: left;
   margin-bottom: $base-spacing;
-  margin-top: 0;
+  margin-top: 0.25em;
   text-align: right;
-  width: calc(15% - 1rem);
+  width: calc(20% - 1rem);
 }
 
 .preserve-whitespace {
@@ -17,7 +17,8 @@
   float: left;
   margin-bottom: $base-spacing;
   margin-left: 2rem;
-  width: calc(85% - 1rem);
+  width: calc(80% - 1rem);
+  word-break: break-word;
 }
 
 .attribute--nested {

data/app/assets/stylesheets/administrate/components/_buttons.scss

@@ -41,3 +41,23 @@ input[type="submit"],
     }
   }
 }
+
+.button--alt {
+  background-color: transparent;
+  border: $base-border;
+  border-color: $blue;
+  color: $blue;
+}
+
+.button--danger {
+  background-color: $red;
+
+  &:hover {
+    background-color: mix($black, $red, 20%);
+    color: $white;
+  }
+}
+
+.button--nav {
+  margin-bottom: $base-spacing;
+}

data/app/assets/stylesheets/administrate/components/_cells.scss

@@ -1,4 +1,6 @@
 .cell-label {
+  padding-top: 0.15em;
+
   &:hover {
     a {
       color: $action-color;

data/app/assets/stylesheets/administrate/components/_field-unit.scss

@@ -2,6 +2,7 @@
   @include administrate-clearfix;
   align-items: center;
   display: flex;
+  flex-wrap: wrap;
   margin-bottom: $base-spacing;
   position: relative;
   width: 100%;
@@ -17,20 +18,39 @@
 .field-unit__field {
   float: left;
   margin-left: 2rem;
-  width: 45%;
+  max-width: 50rem;
+  width: 100%;
+
+  .optgroup-header {
+    font-weight: $bold-font-weight;
+  }
+}
+
+.field-unit__hint {
+  font-size: 90%;
+  margin-left: calc(15% + 2rem);
+  width: 100%;
 }
 
 .field-unit--nested {
   border: $base-border;
   margin-left: 7.5%;
+  max-width: 60rem;
   padding: $small-spacing;
-  width: 50%;
+  width: 100%;
 
   .field-unit__field {
-    width: calc(75% - 1rem);
+    width: 100%;
   }
 
   .field-unit__label {
-    width: calc(25% - 1rem);
+    width: 10rem;
+  }
+}
+
+.field-unit--required {
+  label::after {
+    color: $red;
+    content: " *";
   }
 }

data/app/assets/stylesheets/administrate/components/_flashes.scss

@@ -1,18 +1,10 @@
-$base-spacing: 1.5em !default;
-$flashes: (
-  "alert": #fff6bf,
-  "error": #fbe3e4,
-  "notice": #e5edf8,
-  "success": #e6efc2,
-) !default;
-
 @each $flash-type, $color in $flashes {
   .flash-#{$flash-type} {
     background-color: $color;
     color: mix($black, $color, 60%);
     display: block;
-    margin-bottom: $base-spacing / 2;
-    padding: $base-spacing / 2;
+    margin-bottom: $base-spacing * 0.5;
+    padding: $base-spacing * 0.5;
     text-align: center;
 
     a {

data/app/assets/stylesheets/administrate/components/_main-content.scss

@@ -5,6 +5,7 @@
               0 2px 2px rgba($black, 0.2);
   flex: 1 1 100%;
   padding-bottom: 10vh;
+  min-width: 800px;
 }
 
 .main-content__header,

data/app/assets/stylesheets/administrate/components/_navigation.scss

@@ -2,9 +2,8 @@ $_navigation-link-padding: 0.6em;
 
 .navigation {
   flex: 1 0 10rem;
-  padding-bottom: $base-spacing;
-  padding-right: calc(#{$base-spacing} - #{$_navigation-link-padding});
-  padding-top: $base-spacing;
+  padding: $base-spacing;
+  padding-left: 0;
 }
 
 .navigation__link {

data/app/assets/stylesheets/administrate/library/_variables.scss

@@ -14,7 +14,7 @@ $heading-line-height: 1.2 !default;
 // Other Sizes
 $base-border-radius: 4px !default;
 $base-spacing: $base-line-height * 1em !default;
-$small-spacing: $base-spacing / 2 !default;
+$small-spacing: $base-spacing * 0.5 !default;
 
 // Colors
 $white: #fff !default;
@@ -22,8 +22,10 @@ $black: #000 !default;
 
 $blue: #1976d2 !default;
 $red: #d32f2f !default;
-$light-yellow: #f0cd66 !default;
-$light-green: #4ab471 !default;
+$light-yellow: #fff6bf !default;
+$light-red: #fbe3e4 !default;
+$light-green: #e6efc2 !default;
+$light-blue: #e5edf8 !default;
 
 $grey-0: #f6f7f7 !default;
 $grey-1: #dfe0e1 !default;
@@ -47,12 +49,12 @@ $focus-outline: $focus-outline-width solid $focus-outline-color;
 $focus-outline-offset: 1px;
 
 // Flash Colors
-$flash-colors: (
-  alert: $light-yellow,
-  error: $red,
-  notice: mix($white, $blue, 50%),
-  success: $light-green
-);
+$flashes: (
+  "alert": $light-yellow,
+  "error": $light-red,
+  "notice": $light-blue,
+  "success": $light-green
+) !default;
 
 // Border
 $base-border-color: $grey-1 !default;

data/app/controllers/administrate/application_controller.rb

@@ -3,13 +3,12 @@ module Administrate
     protect_from_forgery with: :exception
 
     def index
+      authorize_resource(resource_class)
       search_term = params[:search].to_s.strip
-      resources = Administrate::Search.new(scoped_resource,
-                                           dashboard_class,
-                                           search_term).run
+      resources = filter_resources(scoped_resource, search_term: search_term)
       resources = apply_collection_includes(resources)
       resources = order.apply(resources)
-      resources = resources.page(params[:page]).per(records_per_page)
+      resources = paginate_resources(resources)
       page = Administrate::Page::Collection.new(dashboard, order: order)
 
       render locals: {
@@ -27,7 +26,7 @@ module Administrate
     end
 
     def new
-      resource = resource_class.new
+      resource = new_resource
       authorize_resource(resource)
       render locals: {
         page: Administrate::Page::Form.new(dashboard, resource),
@@ -41,31 +40,32 @@ module Administrate
     end
 
     def create
-      resource = resource_class.new(resource_params)
+      resource = new_resource(resource_params)
       authorize_resource(resource)
 
       if resource.save
+        yield(resource) if block_given?
         redirect_to(
-          [namespace, resource],
+          after_resource_created_path(resource),
           notice: translate_with_resource("create.success"),
         )
       else
         render :new, locals: {
           page: Administrate::Page::Form.new(dashboard, resource),
-        }
+        }, status: :unprocessable_entity
       end
     end
 
     def update
       if requested_resource.update(resource_params)
         redirect_to(
-          [namespace, requested_resource],
+          after_resource_updated_path(requested_resource),
           notice: translate_with_resource("update.success"),
         )
       else
         render :edit, locals: {
           page: Administrate::Page::Form.new(dashboard, requested_resource),
-        }
+        }, status: :unprocessable_entity
       end
     end
 
@@ -75,25 +75,61 @@ module Administrate
       else
         flash[:error] = requested_resource.errors.full_messages.join("<br/>")
       end
-      redirect_to action: :index
+      redirect_to after_resource_destroyed_path(requested_resource)
     end
 
     private
 
+    def filter_resources(resources, search_term:)
+      Administrate::Search.new(
+        resources,
+        dashboard,
+        search_term,
+      ).run
+    end
+
+    def after_resource_destroyed_path(_requested_resource)
+      { action: :index }
+    end
+
+    def after_resource_created_path(requested_resource)
+      [namespace, requested_resource]
+    end
+
+    def after_resource_updated_path(requested_resource)
+      [namespace, requested_resource]
+    end
+
     helper_method :nav_link_state
     def nav_link_state(resource)
-      resource_name.to_s.pluralize == resource.to_s ? :active : :inactive
+      underscore_resource = resource.to_s.split("/").join("__")
+      resource_name.to_s.pluralize == underscore_resource ? :active : :inactive
     end
 
-    helper_method :valid_action?
-    def valid_action?(name, resource = resource_class)
-      !!routes.detect do |controller, action|
-        controller == resource.to_s.underscore.pluralize && action == name.to_s
-      end
+    # Whether the named action route exists for the resource class.
+    #
+    # @param resource [Class, String, Symbol] A class of resources, or the name
+    #   of a class of resources.
+    # @param action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if a route exists for the resource class and the
+    #   action. `false` otherwise.
+    def existing_action?(resource, action_name)
+      routes.include?([resource.to_s.underscore.pluralize, action_name.to_s])
     end
+    helper_method :existing_action?
+
+    # @deprecated Use {#existing_action} instead. Note that, in
+    #   {#existing_action}, the order of parameters is reversed and
+    #   there is no default value for the `resource` parameter.
+    def valid_action?(action_name, resource = resource_class)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      existing_action?(resource, action_name)
+    end
+    helper_method :valid_action?
 
     def routes
-      @routes ||= Namespace.new(namespace).routes
+      @routes ||= Namespace.new(namespace).routes.to_set
     end
 
     def records_per_page
@@ -102,11 +138,44 @@ module Administrate
 
     def order
       @order ||= Administrate::Order.new(
-        params.fetch(resource_name, {}).fetch(:order, nil),
-        params.fetch(resource_name, {}).fetch(:direction, nil),
+        sorting_attribute,
+        sorting_direction,
+        association_attribute: order_by_field(
+          dashboard_attribute(sorting_attribute),
+        ),
       )
     end
 
+    def order_by_field(dashboard)
+      return unless dashboard.try(:options)
+
+      dashboard.options.fetch(:order, nil)
+    end
+
+    def dashboard_attribute(attribute)
+      dashboard.attribute_types[attribute.to_sym] if attribute
+    end
+
+    def sorting_attribute
+      sorting_params.fetch(:order) { default_sorting_attribute }
+    end
+
+    def default_sorting_attribute
+      nil
+    end
+
+    def sorting_direction
+      sorting_params.fetch(:direction) { default_sorting_direction }
+    end
+
+    def default_sorting_direction
+      nil
+    end
+
+    def sorting_params
+      Hash.try_convert(request.query_parameters[resource_name]) || {}
+    end
+
     def dashboard
       @dashboard ||= dashboard_class.new
     end
@@ -133,7 +202,7 @@ module Administrate
 
     def resource_params
       params.require(resource_class.model_name.param_key).
-        permit(dashboard.permitted_attributes).
+        permit(dashboard.permitted_attributes(action_name)).
         transform_values { |v| read_param_value(v) }
     end
 
@@ -144,6 +213,10 @@ module Administrate
         else
           raise "Unrecognised param data: #{data.inspect}"
         end
+      elsif data.is_a?(ActionController::Parameters)
+        data.transform_values { |v| read_param_value(v) }
+      elsif data.is_a?(String) && data.blank?
+        nil
       else
         data
       end
@@ -153,6 +226,7 @@ module Administrate
       to: :resource_resolver
     helper_method :namespace
     helper_method :resource_name
+    helper_method :resource_class
 
     def resource_resolver
       @resource_resolver ||=
@@ -172,18 +246,46 @@ module Administrate
       ).any? { |_name, attribute| attribute.searchable? }
     end
 
-    def show_action?(_action, _resource)
+    # Whether the current user is authorized to perform the named action on the
+    # resource.
+    #
+    # @param _resource [ActiveRecord::Base, Class, String, Symbol] The
+    #   temptative target of the action, or the name of its class.
+    # @param _action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if the current user is authorized to perform the
+    #   action on the resource. `false` otherwise.
+    def authorized_action?(_resource, _action_name)
       true
     end
+    helper_method :authorized_action?
+
+    # @deprecated Use {#authorized_action} instead. Note that the order of
+    #   parameters is reversed in {#authorized_action}.
+    def show_action?(action, resource)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      authorized_action?(resource, action)
+    end
     helper_method :show_action?
 
-    def new_resource
-      resource_class.new
+    def new_resource(params = {})
+      resource_class.new(params)
     end
     helper_method :new_resource
 
     def authorize_resource(resource)
-      resource
+      if authorized_action?(resource, action_name)
+        resource
+      else
+        raise Administrate::NotAuthorizedError.new(
+          action: action_name,
+          resource: resource,
+        )
+      end
+    end
+
+    def paginate_resources(resources)
+      resources.page(params[:_page]).per(records_per_page)
     end
   end
 end

data/app/controllers/concerns/administrate/punditize.rb

@@ -2,35 +2,59 @@ module Administrate
   module Punditize
     if Object.const_defined?("Pundit")
       extend ActiveSupport::Concern
-      include Pundit
 
-      included do
-        def scoped_resource
-          policy_scope_admin super
-        end
+      if Pundit.const_defined?(:Authorization)
+        include Pundit::Authorization
+      else
+        include Pundit
+      end
 
-        def authorize_resource(resource)
-          authorize resource
-        end
+      private
 
-        def show_action?(action, resource)
-          Pundit.policy!(pundit_user, resource).send("#{action}?".to_sym)
-        end
+      def policy_namespace
+        []
       end
 
-      private
+      def scoped_resource
+        namespaced_scope = policy_namespace + [super]
+        policy_scope!(pundit_user, namespaced_scope)
+      end
+
+      def authorize_resource(resource)
+        namespaced_resource = policy_namespace + [resource]
+        authorize namespaced_resource
+      end
+
+      def authorized_action?(resource, action)
+        namespaced_resource = policy_namespace + [resource]
+        policy = Pundit.policy!(pundit_user, namespaced_resource)
+        policy.send("#{action}?".to_sym)
+      end
+
+      def policy_scope!(user, scope)
+        policy_scope_class = Pundit::PolicyFinder.new(scope).scope!
 
-      # Like the policy_scope method in stock Pundit, but allows the 'resolve'
-      # to be overridden by 'resolve_admin' for a different index scope in Admin
-      # controllers.
-      def policy_scope_admin(scope)
-        ps = Pundit::PolicyFinder.new(scope).scope!.new(pundit_user, scope)
-        if ps.respond_to? :resolve_admin
-          ps.resolve_admin
+        begin
+          policy_scope = policy_scope_class.new(user, pundit_model(scope))
+        rescue ArgumentError
+          raise(Pundit::InvalidConstructorError,
+                "Invalid #<#{policy_scope_class}> constructor is called")
+        end
+
+        if policy_scope.respond_to? :resolve_admin
+          Administrate.deprecator.warn(
+            "Pundit policy scope `resolve_admin` method is deprecated. " +
+            "Please use a namespaced pundit policy instead.",
+          )
+          policy_scope.resolve_admin
         else
-          ps.resolve
+          policy_scope.resolve
         end
       end
+
+      def pundit_model(record)
+        record.is_a?(Array) ? record.last : record
+      end
     end
   end
 end