administrate 0.17.0 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a099c28c8a74491759229e6fe82de763f25b9ff59473d5c70b00d38675e3498
-  data.tar.gz: c24140b9e1bc63eb9ecd5f38cd0cfd3d3c0f125a81370df1dd6663af66121baa
+  metadata.gz: eebcadb06ece9944279b1119e950922a388078a5c9ab5b95d6d8863c1e03994d
+  data.tar.gz: 96a697e2e10228a5f2772b1602985107f7ed428ca63d77c7d6e964a614659b9d
 SHA512:
-  metadata.gz: 8ada94532afa210a359eece24f042fdb7de549cdb6bb94507c044f85df7b26cfbd5855202de2016255d635d2448dcba303d91eac4dc41c896f30e52f95073345
-  data.tar.gz: 98e115c8c3acfe7dc5cab3a3055b5f06dfa5661f9d2eb135c528b474cbe36e6fb51b36a8c88489860a9fda200758ce37f4d60375705f0e0234af4dc2805e75ff
+  metadata.gz: da130cb7cdcfd15321a653a59cfb499411f85324c19216097a6f4a76407268cc6691647e2ccdf86c367bd6c2e1491342324de89e22c9152eddbea8e6ba32b819
+  data.tar.gz: 8813f237457fa4e37abf8d5c350e4fb4f8f536583a6919764bc5c2abb0bc3b3fc436431b41e731722045179c45dcfef0d4c45d8c5534e7d26ee52d151252665f

data/Rakefile

@@ -28,5 +28,3 @@ if defined? RSpec
     t.verbose = false
   end
 end
-
-task default: "bundler:audit"

data/app/assets/javascripts/administrate/application.js

@@ -1,6 +1,4 @@
 //= require jquery
 //= require jquery_ujs
 //= require selectize
-//= require moment
-//= require datetime_picker
 //= require_tree .

data/app/assets/javascripts/administrate/components/select.js

@@ -0,0 +1,3 @@
+$(function() {
+  $('.field-unit--select select').selectize({});
+});

data/app/assets/stylesheets/administrate/application.scss

@@ -3,7 +3,6 @@
 @import "reset/normalize";
 
 @import "selectize";
-@import "datetime_picker";
 
 @import "library/clearfix";
 @import "library/data-label";

data/app/assets/stylesheets/administrate/base/_forms.scss

@@ -85,7 +85,7 @@ textarea {
 [type="checkbox"],
 [type="radio"] {
   display: inline;
-  margin-right: $small-spacing / 2;
+  margin-right: $small-spacing * 0.5;
 }
 
 [type="file"] {

data/app/assets/stylesheets/administrate/components/_buttons.scss

@@ -49,6 +49,15 @@ input[type="submit"],
   color: $blue;
 }
 
+.button--danger {
+  background-color: $red;
+
+  &:hover {
+    background-color: mix($black, $red, 20%);
+    color: $white;
+  }
+}
+
 .button--nav {
   margin-bottom: $base-spacing;
 }

data/app/assets/stylesheets/administrate/components/_field-unit.scss

@@ -2,6 +2,7 @@
   @include administrate-clearfix;
   align-items: center;
   display: flex;
+  flex-wrap: wrap;
   margin-bottom: $base-spacing;
   position: relative;
   width: 100%;
@@ -25,6 +26,12 @@
   }
 }
 
+.field-unit__hint {
+  font-size: 90%;
+  margin-left: calc(15% + 2rem);
+  width: 100%;
+}
+
 .field-unit--nested {
   border: $base-border;
   margin-left: 7.5%;

data/app/assets/stylesheets/administrate/components/_flashes.scss

@@ -3,8 +3,8 @@
     background-color: $color;
     color: mix($black, $color, 60%);
     display: block;
-    margin-bottom: $base-spacing / 2;
-    padding: $base-spacing / 2;
+    margin-bottom: $base-spacing * 0.5;
+    padding: $base-spacing * 0.5;
     text-align: center;
 
     a {

data/app/assets/stylesheets/administrate/library/_variables.scss

@@ -14,7 +14,7 @@ $heading-line-height: 1.2 !default;
 // Other Sizes
 $base-border-radius: 4px !default;
 $base-spacing: $base-line-height * 1em !default;
-$small-spacing: $base-spacing / 2 !default;
+$small-spacing: $base-spacing * 0.5 !default;
 
 // Colors
 $white: #fff !default;

data/app/controllers/administrate/application_controller.rb

@@ -5,12 +5,10 @@ module Administrate
     def index
       authorize_resource(resource_class)
       search_term = params[:search].to_s.strip
-      resources = Administrate::Search.new(scoped_resource,
-                                           dashboard,
-                                           search_term).run
+      resources = filter_resources(scoped_resource, search_term: search_term)
       resources = apply_collection_includes(resources)
       resources = order.apply(resources)
-      resources = resources.page(params[:_page]).per(records_per_page)
+      resources = paginate_resources(resources)
       page = Administrate::Page::Collection.new(dashboard, order: order)
 
       render locals: {
@@ -42,10 +40,11 @@ module Administrate
     end
 
     def create
-      resource = resource_class.new(resource_params)
+      resource = new_resource(resource_params)
       authorize_resource(resource)
 
       if resource.save
+        yield(resource) if block_given?
         redirect_to(
           after_resource_created_path(resource),
           notice: translate_with_resource("create.success"),
@@ -81,6 +80,14 @@ module Administrate
 
     private
 
+    def filter_resources(resources, search_term:)
+      Administrate::Search.new(
+        resources,
+        dashboard,
+        search_term,
+      ).run
+    end
+
     def after_resource_destroyed_path(_requested_resource)
       { action: :index }
     end
@@ -99,15 +106,30 @@ module Administrate
       resource_name.to_s.pluralize == underscore_resource ? :active : :inactive
     end
 
-    helper_method :valid_action?
-    def valid_action?(name, resource = resource_class)
-      !!routes.detect do |controller, action|
-        controller == resource.to_s.underscore.pluralize && action == name.to_s
-      end
+    # Whether the named action route exists for the resource class.
+    #
+    # @param resource [Class, String, Symbol] A class of resources, or the name
+    #   of a class of resources.
+    # @param action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if a route exists for the resource class and the
+    #   action. `false` otherwise.
+    def existing_action?(resource, action_name)
+      routes.include?([resource.to_s.underscore.pluralize, action_name.to_s])
+    end
+    helper_method :existing_action?
+
+    # @deprecated Use {#existing_action} instead. Note that, in
+    #   {#existing_action}, the order of parameters is reversed and
+    #   there is no default value for the `resource` parameter.
+    def valid_action?(action_name, resource = resource_class)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      existing_action?(resource, action_name)
     end
+    helper_method :valid_action?
 
     def routes
-      @routes ||= Namespace.new(namespace).routes
+      @routes ||= Namespace.new(namespace).routes.to_set
     end
 
     def records_per_page
@@ -115,7 +137,23 @@ module Administrate
     end
 
     def order
-      @order ||= Administrate::Order.new(sorting_attribute, sorting_direction)
+      @order ||= Administrate::Order.new(
+        sorting_attribute,
+        sorting_direction,
+        association_attribute: order_by_field(
+          dashboard_attribute(sorting_attribute),
+        ),
+      )
+    end
+
+    def order_by_field(dashboard)
+      return unless dashboard.try(:options)
+
+      dashboard.options.fetch(:order, nil)
+    end
+
+    def dashboard_attribute(attribute)
+      dashboard.attribute_types[attribute.to_sym] if attribute
     end
 
     def sorting_attribute
@@ -164,7 +202,7 @@ module Administrate
 
     def resource_params
       params.require(resource_class.model_name.param_key).
-        permit(dashboard.permitted_attributes).
+        permit(dashboard.permitted_attributes(action_name)).
         transform_values { |v| read_param_value(v) }
     end
 
@@ -177,6 +215,8 @@ module Administrate
         end
       elsif data.is_a?(ActionController::Parameters)
         data.transform_values { |v| read_param_value(v) }
+      elsif data.is_a?(String) && data.blank?
+        nil
       else
         data
       end
@@ -206,18 +246,46 @@ module Administrate
       ).any? { |_name, attribute| attribute.searchable? }
     end
 
-    def show_action?(_action, _resource)
+    # Whether the current user is authorized to perform the named action on the
+    # resource.
+    #
+    # @param _resource [ActiveRecord::Base, Class, String, Symbol] The
+    #   temptative target of the action, or the name of its class.
+    # @param _action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] `true` if the current user is authorized to perform the
+    #   action on the resource. `false` otherwise.
+    def authorized_action?(_resource, _action_name)
       true
     end
+    helper_method :authorized_action?
+
+    # @deprecated Use {#authorized_action} instead. Note that the order of
+    #   parameters is reversed in {#authorized_action}.
+    def show_action?(action, resource)
+      Administrate.warn_of_deprecated_authorization_method(__method__)
+      authorized_action?(resource, action)
+    end
     helper_method :show_action?
 
-    def new_resource
-      resource_class.new
+    def new_resource(params = {})
+      resource_class.new(params)
     end
     helper_method :new_resource
 
     def authorize_resource(resource)
-      resource
+      if authorized_action?(resource, action_name)
+        resource
+      else
+        raise Administrate::NotAuthorizedError.new(
+          action: action_name,
+          resource: resource,
+        )
+      end
+    end
+
+    def paginate_resources(resources)
+      resources.page(params[:_page]).per(records_per_page)
     end
   end
 end

data/app/controllers/concerns/administrate/punditize.rb

@@ -2,35 +2,59 @@ module Administrate
   module Punditize
     if Object.const_defined?("Pundit")
       extend ActiveSupport::Concern
-      include Pundit
 
-      included do
-        def scoped_resource
-          policy_scope_admin super
-        end
+      if Pundit.const_defined?(:Authorization)
+        include Pundit::Authorization
+      else
+        include Pundit
+      end
 
-        def authorize_resource(resource)
-          authorize resource
-        end
+      private
 
-        def show_action?(action, resource)
-          Pundit.policy!(pundit_user, resource).send("#{action}?".to_sym)
-        end
+      def policy_namespace
+        []
       end
 
-      private
+      def scoped_resource
+        namespaced_scope = policy_namespace + [super]
+        policy_scope!(pundit_user, namespaced_scope)
+      end
+
+      def authorize_resource(resource)
+        namespaced_resource = policy_namespace + [resource]
+        authorize namespaced_resource
+      end
+
+      def authorized_action?(resource, action)
+        namespaced_resource = policy_namespace + [resource]
+        policy = Pundit.policy!(pundit_user, namespaced_resource)
+        policy.send("#{action}?".to_sym)
+      end
+
+      def policy_scope!(user, scope)
+        policy_scope_class = Pundit::PolicyFinder.new(scope).scope!
 
-      # Like the policy_scope method in stock Pundit, but allows the 'resolve'
-      # to be overridden by 'resolve_admin' for a different index scope in Admin
-      # controllers.
-      def policy_scope_admin(scope)
-        ps = Pundit::PolicyFinder.new(scope).scope!.new(pundit_user, scope)
-        if ps.respond_to? :resolve_admin
-          ps.resolve_admin
+        begin
+          policy_scope = policy_scope_class.new(user, pundit_model(scope))
+        rescue ArgumentError
+          raise(Pundit::InvalidConstructorError,
+                "Invalid #<#{policy_scope_class}> constructor is called")
+        end
+
+        if policy_scope.respond_to? :resolve_admin
+          Administrate.deprecator.warn(
+            "Pundit policy scope `resolve_admin` method is deprecated. " +
+            "Please use a namespaced pundit policy instead.",
+          )
+          policy_scope.resolve_admin
         else
-          ps.resolve
+          policy_scope.resolve
         end
       end
+
+      def pundit_model(record)
+        record.is_a?(Array) ? record.last : record
+      end
     end
   end
 end

data/app/helpers/administrate/application_helper.rb

@@ -4,11 +4,7 @@ module Administrate
     SINGULAR_COUNT = 1
 
     def application_title
-      if Rails::VERSION::MAJOR <= 5
-        Rails.application.class.parent_name.titlecase
-      else
-        Rails.application.class.module_parent_name.titlecase
-      end
+      Rails.application.class.module_parent_name.titlecase
     end
 
     def render_field(field, locals = {})
@@ -29,6 +25,28 @@ module Administrate
       dashboard.try(:model) || resource_name.to_sym
     end
 
+    # Unification of
+    # {Administrate::ApplicationController#existing_action? existing_action?}
+    # and
+    # {Administrate::ApplicationController#authorized_action?
+    # authorized_action?}
+    #
+    # @param target [ActiveRecord::Base, Class, Symbol, String] A resource,
+    #   a class of resources, or the name of a class of resources.
+    # @param action_name [String, Symbol] The name of an action that might be
+    #   possible to perform on a resource or resource class.
+    # @return [Boolean] Whether the action both (a) exists for the record class,
+    #   and (b) the current user is authorized to perform it on the record
+    #   instance or class.
+    def accessible_action?(target, action_name)
+      target = target.to_sym if target.is_a?(String)
+      target_class_or_class_name =
+        target.is_a?(ActiveRecord::Base) ? target.class : target
+
+      existing_action?(target_class_or_class_name, action_name) &&
+        authorized_action?(target, action_name)
+    end
+
     def display_resource_name(resource_name, opts = {})
       dashboard_from_resource(resource_name).resource_name(
         count: opts[:singular] ? SINGULAR_COUNT : PLURAL_MANY_COUNT,
@@ -52,7 +70,7 @@ module Administrate
     end
 
     def sanitized_order_params(page, current_field_name)
-      collection_names = page.item_includes + [current_field_name]
+      collection_names = page.item_associations + [current_field_name]
       association_params = collection_names.map do |assoc_name|
         { assoc_name => %i[order direction page per_page] }
       end

data/app/views/administrate/application/_collection.html.erb

@@ -25,17 +25,16 @@ to display a collection of resources in an HTML table.
         <th class="cell-label
         cell-label--<%= attr_type.html_class %>
         cell-label--<%= collection_presenter.ordered_html_class(attr_name) %>
-        cell-label--<%= "#{resource_name}_#{attr_name}" %>"
+        cell-label--<%= "#{collection_presenter.resource_name}_#{attr_name}" %>"
         scope="col"
-        role="columnheader"
         aria-sort="<%= sort_order(collection_presenter.ordered_html_class(attr_name)) %>">
         <%= link_to(sanitized_order_params(page, collection_field_name).merge(
           collection_presenter.order_params_for(attr_name, key: collection_field_name)
         )) do %>
         <%= t(
           "helpers.label.#{collection_presenter.resource_name}.#{attr_name}",
-          default: resource_class.human_attribute_name(attr_name),
-        ).titleize %>
+          default: resource_class.human_attribute_name(attr_name).titleize,
+        ) %>
             <% if collection_presenter.ordered_by?(attr_name) %>
               <span class="cell-label__sort-indicator cell-label__sort-indicator--<%= collection_presenter.ordered_html_class(attr_name) %>">
                 <svg aria-hidden="true">
@@ -59,13 +58,13 @@ to display a collection of resources in an HTML table.
   <tbody>
     <% resources.each do |resource| %>
       <tr class="js-table-row"
-          <% if show_action? :show, resource %>
+          <% if accessible_action?(resource, :show) %>
             <%= %(tabindex=0 role=link data-url=#{polymorphic_path([namespace, resource])}) %>
           <% end %>
           >
         <% collection_presenter.attributes_for(resource).each do |attribute| %>
           <td class="cell-data cell-data--<%= attribute.html_class %>">
-            <% if show_action? :show, resource -%>
+            <% if accessible_action?(resource, :show) -%>
               <a href="<%= polymorphic_path([namespace, resource]) -%>"
                  tabindex="-1"
                  class="action-show"

data/app/views/administrate/application/_collection_header_actions.html.erb

@@ -1,4 +1,4 @@
-<% [valid_action?(:edit, collection_presenter.resource_name),
-    valid_action?(:destroy, collection_presenter.resource_name)].count(true).times do %>
+<% [existing_action?(collection_presenter.resource_name, :edit),
+    existing_action?(collection_presenter.resource_name, :destroy)].count(true).times do %>
   <th scope="col"></th>
 <% end %>

data/app/views/administrate/application/_collection_item_actions.html.erb

@@ -1,17 +1,17 @@
-<% if valid_action?(:edit, collection_presenter.resource_name) %>
+<% if existing_action?(collection_presenter.resource_name, :edit) %>
   <td><%= link_to(
     t("administrate.actions.edit"),
     [:edit, namespace, resource],
     class: "action-edit",
-  ) if show_action?(:edit, resource) %></td>
+  ) if accessible_action?(resource, :edit) %></td>
 <% end %>
 
-<% if valid_action?(:destroy, collection_presenter.resource_name) %>
+<% if existing_action?(collection_presenter.resource_name, :destroy) %>
   <td><%= link_to(
     t("administrate.actions.destroy"),
     [namespace, resource],
     class: "text-color-red",
     method: :delete,
     data: { confirm: t("administrate.actions.confirm") }
-  ) if show_action?(:destroy, resource) %></td>
+  ) if accessible_action?(resource, :destroy) %></td>
 <% end %>

data/app/views/administrate/application/_form.html.erb

@@ -33,10 +33,25 @@ and renders all form fields for a resource's editable attributes.
     </div>
   <% end %>
 
-  <% page.attributes(controller.action_name).each do |attribute| -%>
-    <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
-      <%= render_field attribute, f: f %>
-    </div>
+  <% page.attributes(controller.action_name).each do |title, attributes| -%>
+    <fieldset class="<%= "field-unit--nested" if title.present? %>">
+      <% if title.present? %>
+        <legend><%= t "helpers.label.#{f.object_name}.#{title}", default: title %></legend>
+      <% end %>
+
+      <% attributes.each do |attribute| %>
+        <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
+          <%= render_field attribute, f: f %>
+
+          <% hint_key = "administrate.field_hints.#{page.resource_name}.#{attribute.name}" %>
+          <% if I18n.exists?(hint_key) -%>
+            <div class="field-unit__hint">
+              <%= I18n.t(hint_key) %>
+            </div>
+          <% end -%>
+        </div>
+      <% end %>
+    </fieldset>
   <% end -%>
 
   <div class="form-actions">

data/app/views/administrate/application/_index_header.html.erb

@@ -2,7 +2,7 @@
   <%= display_resource_name(page.resource_name) %>
 <% end %>
 
-<header class="main-content__header" role="banner">
+<header class="main-content__header">
   <h1 class="main-content__page-title" id="page-title">
     <%= content_for(:title) %>
   </h1>
@@ -23,6 +23,6 @@
       ),
       [:new, namespace, page.resource_path.to_sym],
       class: "button",
-    ) if valid_action?(:new) && show_action?(:new, new_resource) %>
+    ) if accessible_action?(new_resource, :new) %>
   </div>
 </header>

data/app/views/administrate/application/_navigation.html.erb

@@ -7,7 +7,7 @@ for all resources in the admin dashboard,
 as defined by the routes in the `admin/` namespace
 %>
 
-<nav class="navigation" role="navigation">
+<nav class="navigation">
   <%= link_to(t("administrate.navigation.back_to_app"), root_url, class: "button button--alt button--nav") if defined?(root_url) %>
 
   <% Administrate::Namespace.new(namespace).resources_with_index_route.each do |resource| %>
@@ -15,6 +15,6 @@ as defined by the routes in the `admin/` namespace
       display_resource_name(resource),
       resource_index_route(resource),
       class: "navigation__link navigation__link--#{nav_link_state(resource)}"
-    ) if valid_action?(:index, resource) && show_action?(:index, model_from_resource(resource)) %>
+    ) if accessible_action?(model_from_resource(resource), :index) %>
   <% end %>
 </nav>

data/app/views/administrate/application/_pagination.html.erb

@@ -0,0 +1 @@
+<%= paginate resources, param_name: local_assigns.fetch(:param_name, "_page") %>

data/app/views/administrate/application/edit.html.erb

@@ -17,7 +17,7 @@ It displays a header, and renders the `_form` partial to do the heavy lifting.
 
 <% content_for(:title) { t("administrate.actions.edit_resource", name: page.page_title) } %>
 
-<header class="main-content__header" role="banner">
+<header class="main-content__header">
   <h1 class="main-content__page-title">
     <%= content_for(:title) %>
   </h1>
@@ -27,7 +27,7 @@ It displays a header, and renders the `_form` partial to do the heavy lifting.
       t("administrate.actions.show_resource", name: page.page_title),
       [namespace, page.resource],
       class: "button",
-    ) if valid_action?(:show) && show_action?(:show, page.resource) %>
+    ) if accessible_action?(page.resource, :show) %>
   </div>
 </header>
 

data/app/views/administrate/application/index.html.erb

@@ -42,5 +42,5 @@ It renders the `_table` partial to display details about the resources.
     table_title: "page-title"
   ) %>
 
-  <%= paginate resources, param_name: '_page' %>
+  <%= render("pagination", resources: resources) %>
 </section>

data/app/views/administrate/application/new.html.erb

@@ -22,7 +22,7 @@ to do the heavy lifting.
   ) %>
 <% end %>
 
-<header class="main-content__header" role="banner">
+<header class="main-content__header">
   <h1 class="main-content__page-title">
     <%= content_for(:title) %>
   </h1>

data/app/views/administrate/application/show.html.erb

@@ -18,7 +18,7 @@ as well as a link to its edit page.
 
 <% content_for(:title) { t("administrate.actions.show_resource", name: page.page_title) } %>
 
-<header class="main-content__header" role="banner">
+<header class="main-content__header">
   <h1 class="main-content__page-title">
     <%= content_for(:title) %>
   </h1>
@@ -28,22 +28,38 @@ as well as a link to its edit page.
       t("administrate.actions.edit_resource", name: page.page_title),
       [:edit, namespace, page.resource],
       class: "button",
-    ) if valid_action?(:edit) && show_action?(:edit, page.resource) %>
+    ) if accessible_action?(page.resource, :edit) %>
+
+    <%= link_to(
+      t("administrate.actions.destroy"),
+      [namespace, page.resource],
+      class: "button button--danger",
+      method: :delete,
+      data: { confirm: t("administrate.actions.confirm") }
+    ) if accessible_action?(page.resource, :destroy) %>
   </div>
 </header>
 
 <section class="main-content__body">
   <dl>
-    <% page.attributes.each do |attribute| %>
-      <dt class="attribute-label" id="<%= attribute.name %>">
-      <%= t(
-        "helpers.label.#{resource_name}.#{attribute.name}",
-        default: page.resource.class.human_attribute_name(attribute.name),
-      ) %>
-      </dt>
-
-      <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
-          ><%= render_field attribute, page: page %></dd>
+    <% page.attributes.each do |title, attributes| %>
+      <fieldset class="<%= "field-unit--nested" if title.present? %>">
+        <% if title.present? %>
+          <legend><%= t "helpers.label.#{page.resource_name}.#{title}", default: title %></legend>
+        <% end %>
+
+        <% attributes.each do |attribute| %>
+          <dt class="attribute-label" id="<%= attribute.name %>">
+          <%= t(
+            "helpers.label.#{resource_name}.#{attribute.name}",
+            default: page.resource.class.human_attribute_name(attribute.name),
+          ) %>
+          </dt>
+
+          <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
+              ><%= render_field attribute, page: page %></dd>
+        <% end %>
+      </fieldset>
     <% end %>
   </dl>
 </section>

data/app/views/fields/belongs_to/_index.html.erb

@@ -16,7 +16,7 @@ By default, the relationship is rendered as a link to the associated object.
 %>
 
 <% if field.data %>
-  <% if valid_action?(:show, field.associated_class) && show_action?(:show, field.associated_class) %>
+  <% if accessible_action?(field.data, :show) %>
     <%= link_to(
       field.display_associated_resource,
       [namespace, field.data],