administrate 0.15.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb407c439ba3795c3161109f57d64a8e20db553d80f583c6d2a66bfe0f713cd7
-  data.tar.gz: 1691010813773e6ecc19b067adb4a610c6624f2ec2d8a03bb6414a683d5d83b0
+  metadata.gz: b6711a800e61649dffc4e96f9ddfaf3af21d364a1cfc659959dc5496357af262
+  data.tar.gz: 3dc0046165d843a60359343d756b584cb7d5a8a505c5ba4c2858749b4aceba28
 SHA512:
-  metadata.gz: 0fc7042ed3389b1cf87a4ba41681e310dc3678e790a5af0d3c3e3d64c213f50b5bf66409069159a18e784c9cdaf5e6d60e2d2614f4647b5ab0d8e0b4e2f6b70e
-  data.tar.gz: 1c8b66a38eca96f2002ccd8b253b4fc7abd082e7376111e2e1be399b870755ce29511982828760fd6a229f5571eb1ace83a9121fae2253db2653218ffbd237ce
+  metadata.gz: 88099b1defc211784c017a82dc2a4f90d91599f664a768acb652dd5a9ac3358b00180bc1f7da7b072e26cb1412b967fb7c244096005ee782fb1719340a832f3b
+  data.tar.gz: 2d01b4c1131ed1a7c2d9f70756c5d9b0b442abf846425c486ae0d9b5ee6d65c9d3e0e3f45b1d9864749c6901cc29cc90f3261c229ba8ba96e26ee552f92e9d88

data/Rakefile

@@ -28,5 +28,3 @@ if defined? RSpec
     t.verbose = false
   end
 end
-
-task default: "bundler:audit"

data/app/assets/javascripts/administrate/application.js

@@ -1,6 +1,4 @@
 //= require jquery
 //= require jquery_ujs
 //= require selectize
-//= require moment
-//= require datetime_picker
 //= require_tree .

data/app/assets/stylesheets/administrate/application.scss

@@ -3,7 +3,6 @@
 @import "reset/normalize";
 
 @import "selectize";
-@import "datetime_picker";
 
 @import "library/clearfix";
 @import "library/data-label";

data/app/assets/stylesheets/administrate/base/_forms.scss

@@ -85,7 +85,7 @@ textarea {
 [type="checkbox"],
 [type="radio"] {
   display: inline;
-  margin-right: $small-spacing / 2;
+  margin-right: $small-spacing * 0.5;
 }
 
 [type="file"] {

data/app/assets/stylesheets/administrate/components/_buttons.scss

@@ -47,5 +47,17 @@ input[type="submit"],
   border: $base-border;
   border-color: $blue;
   color: $blue;
+}
+
+.button--danger {
+  background-color: $red;
+
+  &:hover {
+    background-color: mix($black, $red, 20%);
+    color: $white;
+  }
+}
+
+.button--nav {
   margin-bottom: $base-spacing;
 }

data/app/assets/stylesheets/administrate/components/_flashes.scss

@@ -3,8 +3,8 @@
     background-color: $color;
     color: mix($black, $color, 60%);
     display: block;
-    margin-bottom: $base-spacing / 2;
-    padding: $base-spacing / 2;
+    margin-bottom: $base-spacing * 0.5;
+    padding: $base-spacing * 0.5;
     text-align: center;
 
     a {

data/app/assets/stylesheets/administrate/library/_variables.scss

@@ -14,7 +14,7 @@ $heading-line-height: 1.2 !default;
 // Other Sizes
 $base-border-radius: 4px !default;
 $base-spacing: $base-line-height * 1em !default;
-$small-spacing: $base-spacing / 2 !default;
+$small-spacing: $base-spacing * 0.5 !default;
 
 // Colors
 $white: #fff !default;

data/app/controllers/administrate/application_controller.rb

@@ -5,12 +5,10 @@ module Administrate
     def index
       authorize_resource(resource_class)
       search_term = params[:search].to_s.strip
-      resources = Administrate::Search.new(scoped_resource,
-                                           dashboard_class,
-                                           search_term).run
+      resources = filter_resources(scoped_resource, search_term: search_term)
       resources = apply_collection_includes(resources)
       resources = order.apply(resources)
-      resources = resources.page(params[:_page]).per(records_per_page)
+      resources = paginate_resources(resources)
       page = Administrate::Page::Collection.new(dashboard, order: order)
 
       render locals: {
@@ -47,7 +45,7 @@ module Administrate
 
       if resource.save
         redirect_to(
-          [namespace, resource],
+          after_resource_created_path(resource),
           notice: translate_with_resource("create.success"),
         )
       else
@@ -60,7 +58,7 @@ module Administrate
     def update
       if requested_resource.update(resource_params)
         redirect_to(
-          [namespace, requested_resource],
+          after_resource_updated_path(requested_resource),
           notice: translate_with_resource("update.success"),
         )
       else
@@ -76,25 +74,61 @@ module Administrate
       else
         flash[:error] = requested_resource.errors.full_messages.join("<br/>")
       end
-      redirect_to action: :index
+      redirect_to after_resource_destroyed_path(requested_resource)
     end
 
     private
 
+    def filter_resources(resources, search_term:)
+      Administrate::Search.new(
+        resources,
+        dashboard,
+        search_term,
+      ).run
+    end
+
+    def after_resource_destroyed_path(_requested_resource)
+      { action: :index }
+    end
+
+    def after_resource_created_path(requested_resource)
+      [namespace, requested_resource]
+    end
+
+    def after_resource_updated_path(requested_resource)
+      [namespace, requested_resource]
+    end
+
     helper_method :nav_link_state
     def nav_link_state(resource)
-      resource_name.to_s.pluralize == resource.to_s ? :active : :inactive
+      underscore_resource = resource.to_s.split("/").join("__")
+      resource_name.to_s.pluralize == underscore_resource ? :active : :inactive
     end
 
-    helper_method :valid_action?
-    def valid_action?(name, resource = resource_class)
-      !!routes.detect do |controller, action|
-        controller == resource.to_s.underscore.pluralize && action == name.to_s
-      end
+    # Whether the named action route exists for the resource class.
+    #
+    # @param resource [Class, String, Symbol] A class of resources, or the name
+    #   of a class of resources.
+    # @param action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if a route exists for the resource class and the
+    #   action. `false` otherwise.
+    def existing_action?(resource, action_name)
+      routes.include?([resource.to_s.underscore.pluralize, action_name.to_s])
     end
+    helper_method :existing_action?
+
+    # @deprecated Use {#existing_action} instead. Note that, in
+    #   {#existing_action}, the order of parameters is reversed and
+    #   there is no default value for the `resource` parameter.
+    def valid_action?(action_name, resource = resource_class)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      existing_action?(resource, action_name)
+    end
+    helper_method :valid_action?
 
     def routes
-      @routes ||= Namespace.new(namespace).routes
+      @routes ||= Namespace.new(namespace).routes.to_set
     end
 
     def records_per_page
@@ -102,7 +136,23 @@ module Administrate
     end
 
     def order
-      @order ||= Administrate::Order.new(sorting_attribute, sorting_direction)
+      @order ||= Administrate::Order.new(
+        sorting_attribute,
+        sorting_direction,
+        association_attribute: order_by_field(
+          dashboard_attribute(sorting_attribute),
+        ),
+      )
+    end
+
+    def order_by_field(dashboard)
+      return unless dashboard.try(:options)
+
+      dashboard.options.fetch(:order, nil)
+    end
+
+    def dashboard_attribute(attribute)
+      dashboard.attribute_types[attribute.to_sym] if attribute
     end
 
     def sorting_attribute
@@ -193,9 +243,26 @@ module Administrate
       ).any? { |_name, attribute| attribute.searchable? }
     end
 
-    def show_action?(_action, _resource)
+    # Whether the current user is authorized to perform the named action on the
+    # resource.
+    #
+    # @param _resource [ActiveRecord::Base, Class, String, Symbol] The
+    #   temptative target of the action, or the name of its class.
+    # @param _action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if the current user is authorized to perform the
+    #   action on the resource. `false` otherwise.
+    def authorized_action?(_resource, _action_name)
       true
     end
+    helper_method :authorized_action?
+
+    # @deprecated Use {#authorized_action} instead. Note that the order of
+    #   parameters is reversed in {#authorized_action}.
+    def show_action?(action, resource)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      authorized_action?(resource, action)
+    end
     helper_method :show_action?
 
     def new_resource
@@ -204,7 +271,18 @@ module Administrate
     helper_method :new_resource
 
     def authorize_resource(resource)
-      resource
+      if authorized_action?(resource, action_name)
+        resource
+      else
+        raise Administrate::NotAuthorizedError.new(
+          action: action_name,
+          resource: resource,
+        )
+      end
+    end
+
+    def paginate_resources(resources)
+      resources.page(params[:_page]).per(records_per_page)
     end
   end
 end

data/app/controllers/concerns/administrate/punditize.rb

@@ -2,9 +2,11 @@ module Administrate
   module Punditize
     if Object.const_defined?("Pundit")
       extend ActiveSupport::Concern
-      include Pundit
+      include Pundit::Authorization
 
       included do
+        private
+
         def scoped_resource
           policy_scope_admin super
         end
@@ -13,7 +15,7 @@ module Administrate
           authorize resource
         end
 
-        def show_action?(action, resource)
+        def authorized_action?(resource, action)
           Pundit.policy!(pundit_user, resource).send("#{action}?".to_sym)
         end
       end

data/app/helpers/administrate/application_helper.rb

@@ -4,11 +4,7 @@ module Administrate
     SINGULAR_COUNT = 1
 
     def application_title
-      if Rails::VERSION::MAJOR <= 5
-        Rails.application.class.parent_name.titlecase
-      else
-        Rails.application.class.module_parent_name.titlecase
-      end
+      Rails.application.class.module_parent_name.titlecase
     end
 
     def render_field(field, locals = {})
@@ -29,6 +25,28 @@ module Administrate
       dashboard.try(:model) || resource_name.to_sym
     end
 
+    # Unification of
+    # {Administrate::ApplicationController#existing_action? existing_action?}
+    # and
+    # {Administrate::ApplicationController#authorized_action?
+    # authorized_action?}
+    #
+    # @param target [ActiveRecord::Base, Class, Symbol, String] A resource,
+    #   a class of resources, or the name of a class of resources.
+    # @param action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] Whether the action both (a) exists for the record class,
+    #   and (b) the current user is authorized to perform it on the record
+    #   instance or class.
+    def accessible_action?(target, action_name)
+      target = target.to_sym if target.is_a?(String)
+      target_class_or_class_name =
+        target.is_a?(ActiveRecord::Base) ? target.class : target
+
+      existing_action?(target_class_or_class_name, action_name) &&
+        authorized_action?(target, action_name)
+    end
+
     def display_resource_name(resource_name, opts = {})
       dashboard_from_resource(resource_name).resource_name(
         count: opts[:singular] ? SINGULAR_COUNT : PLURAL_MANY_COUNT,
@@ -52,7 +70,7 @@ module Administrate
     end
 
     def sanitized_order_params(page, current_field_name)
-      collection_names = page.item_includes + [current_field_name]
+      collection_names = page.item_associations + [current_field_name]
       association_params = collection_names.map do |assoc_name|
         { assoc_name => %i[order direction page per_page] }
       end

data/app/views/administrate/application/_collection.html.erb

@@ -24,7 +24,8 @@ to display a collection of resources in an HTML table.
       <% collection_presenter.attribute_types.each do |attr_name, attr_type| %>
         <th class="cell-label
         cell-label--<%= attr_type.html_class %>
-        cell-label--<%= collection_presenter.ordered_html_class(attr_name) %>"
+        cell-label--<%= collection_presenter.ordered_html_class(attr_name) %>
+        cell-label--<%= "#{collection_presenter.resource_name}_#{attr_name}" %>"
         scope="col"
         role="columnheader"
         aria-sort="<%= sort_order(collection_presenter.ordered_html_class(attr_name)) %>">
@@ -45,23 +46,26 @@ to display a collection of resources in an HTML table.
           <% end %>
         </th>
       <% end %>
-      <% [valid_action?(:edit, collection_presenter.resource_name),
-          valid_action?(:destroy, collection_presenter.resource_name)].count(true).times do %>
-        <th scope="col"></th>
-      <% end %>
+      <%= render(
+        "collection_header_actions",
+        collection_presenter: collection_presenter,
+        page: page,
+        resources: resources,
+        table_title: "page-title"
+      ) %>
     </tr>
   </thead>
 
   <tbody>
     <% resources.each do |resource| %>
       <tr class="js-table-row"
-          <% if show_action? :show, resource %>
+          <% if accessible_action?(resource, :show) %>
             <%= %(tabindex=0 role=link data-url=#{polymorphic_path([namespace, resource])}) %>
           <% end %>
           >
         <% collection_presenter.attributes_for(resource).each do |attribute| %>
           <td class="cell-data cell-data--<%= attribute.html_class %>">
-            <% if show_action? :show, resource -%>
+            <% if accessible_action?(resource, :show) -%>
               <a href="<%= polymorphic_path([namespace, resource]) -%>"
                  tabindex="-1"
                  class="action-show"
@@ -74,23 +78,15 @@ to display a collection of resources in an HTML table.
           </td>
         <% end %>
 
-        <% if valid_action? :edit, collection_presenter.resource_name %>
-          <td><%= link_to(
-            t("administrate.actions.edit"),
-            [:edit, namespace, resource],
-            class: "action-edit",
-          ) if show_action? :edit, resource%></td>
-        <% end %>
-
-        <% if valid_action? :destroy, collection_presenter.resource_name %>
-          <td><%= link_to(
-            t("administrate.actions.destroy"),
-            [namespace, resource],
-            class: "text-color-red",
-            method: :delete,
-            data: { confirm: t("administrate.actions.confirm") }
-          ) if show_action? :destroy, resource %></td>
-        <% end %>
+        <%= render(
+          "collection_item_actions",
+          collection_presenter: collection_presenter,
+          collection_field_name: collection_field_name,
+          page: page,
+          namespace: namespace,
+          resource: resource,
+          table_title: "page-title"
+        ) %>
       </tr>
     <% end %>
   </tbody>

data/app/views/administrate/application/_collection_header_actions.html.erb

@@ -0,0 +1,4 @@
+<% [existing_action?(collection_presenter.resource_name, :edit),
+    existing_action?(collection_presenter.resource_name, :destroy)].count(true).times do %>
+  <th scope="col"></th>
+<% end %>

data/app/views/administrate/application/_collection_item_actions.html.erb

@@ -0,0 +1,17 @@
+<% if existing_action?(collection_presenter.resource_name, :edit) %>
+  <td><%= link_to(
+    t("administrate.actions.edit"),
+    [:edit, namespace, resource],
+    class: "action-edit",
+  ) if accessible_action?(resource, :edit) %></td>
+<% end %>
+
+<% if existing_action?(collection_presenter.resource_name, :destroy) %>
+  <td><%= link_to(
+    t("administrate.actions.destroy"),
+    [namespace, resource],
+    class: "text-color-red",
+    method: :delete,
+    data: { confirm: t("administrate.actions.confirm") }
+  ) if accessible_action?(resource, :destroy) %></td>
+<% end %>

data/app/views/administrate/application/_flashes.html.erb

@@ -14,6 +14,7 @@ This partial renders flash messages on every page.
 <% if flash.any? %>
   <div class="flashes">
     <% flash.each do |key, value| -%>
+      <% next unless value.respond_to?(:html_safe) %>
       <div class="flash flash-<%= key %>"><%= value.html_safe %></div>
     <% end -%>
   </div>

data/app/views/administrate/application/_form.html.erb

@@ -33,7 +33,7 @@ and renders all form fields for a resource's editable attributes.
     </div>
   <% end %>
 
-  <% page.attributes.each do |attribute| -%>
+  <% page.attributes(controller.action_name).each do |attribute| -%>
     <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
       <%= render_field attribute, f: f %>
     </div>

data/app/views/administrate/application/_icons.html.erb

@@ -1,4 +1,4 @@
-<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
+<svg hidden xmlns="http://www.w3.org/2000/svg">
   <symbol id="icon-cancel" viewBox="0 0 48 48">
     <path fill-rule="evenodd" d="M24 19.757l-8.485-8.485c-.784-.783-2.047-.782-2.827 0l-1.417 1.416c-.777.777-.78 2.046.002 2.827L19.757 24l-8.485 8.485c-.783.784-.782 2.047 0 2.827l1.416 1.417c.777.777 2.046.78 2.827-.002L24 28.243l8.485 8.485c.784.783 2.047.782 2.827 0l1.417-1.416c.777-.777.78-2.046-.002-2.827L28.243 24l8.485-8.485c.783-.784.782-2.047 0-2.827l-1.416-1.417c-.777-.777-2.046-.78-2.827.002L24 19.757zM24 47c12.703 0 23-10.297 23-23S36.703 1 24 1 1 11.297 1 24s10.297 23 23 23z" />
   </symbol>

data/app/views/administrate/application/_index_header.html.erb

@@ -0,0 +1,28 @@
+<% content_for(:title) do %>
+  <%= display_resource_name(page.resource_name) %>
+<% end %>
+
+<header class="main-content__header" role="banner">
+  <h1 class="main-content__page-title" id="page-title">
+    <%= content_for(:title) %>
+  </h1>
+
+  <% if show_search_bar %>
+    <%= render(
+      "search",
+      search_term: search_term,
+      resource_name: display_resource_name(page.resource_name)
+    ) %>
+  <% end %>
+
+  <div>
+    <%= link_to(
+      t(
+        "administrate.actions.new_resource",
+        name: display_resource_name(page.resource_name, singular: true).downcase
+      ),
+      [:new, namespace, page.resource_path.to_sym],
+      class: "button",
+    ) if accessible_action?(new_resource, :new) %>
+  </div>
+</header>

data/app/views/administrate/application/_navigation.html.erb

@@ -8,13 +8,13 @@ as defined by the routes in the `admin/` namespace
 %>
 
 <nav class="navigation" role="navigation">
-  <%= link_to(t("administrate.navigation.back_to_app"), root_url, class: "button button--alt") if defined?(root_url) %>
+  <%= link_to(t("administrate.navigation.back_to_app"), root_url, class: "button button--alt button--nav") if defined?(root_url) %>
 
   <% Administrate::Namespace.new(namespace).resources_with_index_route.each do |resource| %>
     <%= link_to(
       display_resource_name(resource),
       resource_index_route(resource),
       class: "navigation__link navigation__link--#{nav_link_state(resource)}"
-    ) if valid_action?(:index, resource) && show_action?(:index, model_from_resource(resource)) %>
+    ) if accessible_action?(model_from_resource(resource), :index) %>
   <% end %>
 </nav>

data/app/views/administrate/application/_pagination.html.erb

@@ -0,0 +1 @@
+<%= paginate resources, param_name: '_page' %>

data/app/views/administrate/application/edit.html.erb

@@ -27,7 +27,7 @@ It displays a header, and renders the `_form` partial to do the heavy lifting.
       t("administrate.actions.show_resource", name: page.page_title),
       [namespace, page.resource],
       class: "button",
-    ) if valid_action?(:show) && show_action?(:show, page.resource) %>
+    ) if accessible_action?(page.resource, :show) %>
   </div>
 </header>
 

data/app/views/administrate/application/index.html.erb

@@ -23,34 +23,14 @@ It renders the `_table` partial to display details about the resources.
 [1]: http://www.rubydoc.info/gems/administrate/Administrate/Page/Collection
 %>
 
-<% content_for(:title) do %>
-  <%= display_resource_name(page.resource_name) %>
-<% end %>
-
-<header class="main-content__header" role="banner">
-  <h1 class="main-content__page-title" id="page-title">
-    <%= content_for(:title) %>
-  </h1>
-
-  <% if show_search_bar %>
-    <%= render(
-      "search",
-      search_term: search_term,
-      resource_name: display_resource_name(page.resource_name)
-    ) %>
-  <% end %>
-
-  <div>
-    <%= link_to(
-      t(
-        "administrate.actions.new_resource",
-        name: display_resource_name(page.resource_name, singular: true).downcase
-      ),
-      [:new, namespace, page.resource_path],
-      class: "button",
-    ) if valid_action?(:new) && show_action?(:new, new_resource) %>
-  </div>
-</header>
+<%=
+  render("index_header",
+    resources: resources,
+    search_term: search_term,
+    page: page,
+    show_search_bar: show_search_bar,
+  )
+%>
 
 <section class="main-content__body main-content__body--flush">
   <%= render(
@@ -62,5 +42,5 @@ It renders the `_table` partial to display details about the resources.
     table_title: "page-title"
   ) %>
 
-  <%= paginate resources, param_name: '_page' %>
+  <%= render("pagination", resources: resources) %>
 </section>

data/app/views/administrate/application/show.html.erb

@@ -28,7 +28,15 @@ as well as a link to its edit page.
       t("administrate.actions.edit_resource", name: page.page_title),
       [:edit, namespace, page.resource],
       class: "button",
-    ) if valid_action?(:edit) && show_action?(:edit, page.resource) %>
+    ) if accessible_action?(page.resource, :edit) %>
+
+    <%= link_to(
+      t("administrate.actions.destroy"),
+      [namespace, page.resource],
+      class: "button button--danger",
+      method: :delete,
+      data: { confirm: t("administrate.actions.confirm") }
+    ) if accessible_action?(page.resource, :destroy) %>
   </div>
 </header>
 

data/app/views/fields/belongs_to/_index.html.erb

@@ -16,7 +16,7 @@ By default, the relationship is rendered as a link to the associated object.
 %>
 
 <% if field.data %>
-  <% if valid_action?(:show, field.associated_class) %>
+  <% if accessible_action?(field.data, :show) %>
     <%= link_to(
       field.display_associated_resource,
       [namespace, field.data],

data/app/views/fields/belongs_to/_show.html.erb

@@ -16,7 +16,7 @@ By default, the relationship is rendered as a link to the associated object.
 %>
 
 <% if field.data %>
-  <% if valid_action?(:show, field.associated_class) %>
+  <% if accessible_action?(field.data, :show) %>
     <%= link_to(
       field.display_associated_resource,
       [namespace, field.data],

data/app/views/fields/date/_form.html.erb

@@ -2,7 +2,6 @@
 # Date Form Partial
 
 This partial renders an input element for a date attribute.
-By default, the input is a text field that is augmented with [DateTimePicker].
 
 ## Local variables:
 
@@ -13,12 +12,11 @@ By default, the input is a text field that is augmented with [DateTimePicker].
   A wrapper around the Date value pulled from the database.
 
 [1]: http://www.rubydoc.info/gems/administrate/Administrate/Field/Date
-[DateTimePicker]: https://github.com/Eonasdan/bootstrap-datetimepicker
 %>
 
 <div class="field-unit__label">
   <%= f.label field.attribute %>
 </div>
 <div class="field-unit__field">
-  <%= f.text_field field.attribute, data: { type: 'date' }  %>
+  <%= f.date_field field.attribute %>
 </div>

data/app/views/fields/date_time/_form.html.erb

@@ -2,7 +2,6 @@
 # DateTime Form Partial
 
 This partial renders an input element for a datetime attribute.
-By default, the input is a text field that is augmented with [DateTimePicker].
 
 ## Local variables:
 
@@ -13,12 +12,11 @@ By default, the input is a text field that is augmented with [DateTimePicker].
   A wrapper around the DateTime value pulled from the database.
 
 [1]: http://www.rubydoc.info/gems/administrate/Administrate/Field/DateTime
-[DateTimePicker]: https://github.com/Eonasdan/bootstrap-datetimepicker
 %>
 
 <div class="field-unit__label">
   <%= f.label field.attribute %>
 </div>
 <div class="field-unit__field">
-  <%= f.text_field field.attribute, data: { type: 'datetime' }  %>
+  <%= f.datetime_local_field field.attribute, step: 1 %>
 </div>