RubyGems - alchemy_cms - Versions diffs - 4.0.0.beta → 4.0.0.rc1 - Mend

alchemy_cms 4.0.0.beta → 4.0.0.rc1

Files changed (205) hide show

data/app/views/alchemy/admin/pictures/_filter_bar.html.erb CHANGED

@@ -1,5 +1,3 @@
-<% params_to_keep = [:size, :tagged_with, :query, :element_id, :options, :content_id, :_] %>
 <div id="filter_bar">
   <h2><%= Alchemy.t('Filter') %></h2>
   <%= select_tag(
@@ -19,7 +17,7 @@
   $(function() {
     $('#picture_filter').on('change', function(e) {
       var $this = $(this);
-      var url = '<%= alchemy.admin_pictures_path(merge_params_only(params_to_keep)).html_safe %>';
+      var url = '<%= alchemy.admin_pictures_path(search_filter_params.except(:filter).to_h) %>';
       if ($this.data('remote') === true) {
         $.get(url, {filter: $this.val()}, null, 'script');
       } else {

data/app/views/alchemy/admin/pictures/_overlay_picture_list.html.erb CHANGED

@@ -6,6 +6,6 @@
 <% else %>
   <%= render partial: 'picture_to_assign',
     collection: @pictures,
-    locals: {options: @options, size: @size} %>
+    locals: {options: options_from_params, size: @size} %>
   <%= paginate @pictures, theme: 'alchemy', remote: true %>
 <% end %>

data/app/views/alchemy/admin/pictures/_picture_to_assign.html.erb CHANGED

@@ -1,5 +1,5 @@
 <div class="picture_thumbnail assign_image_list_detail <%= size.blank? ? 'medium' : size %>" name="<%= picture_to_assign.name %>" id="picture_to_assign_<%= picture_to_assign.id %>">
-  <% action_url = create_or_assign_url(picture_to_assign, @options.to_json) %>
+  <% action_url = create_or_assign_url(picture_to_assign, options) %>
   <%= link_to(
     image_tag(
       picture_to_assign.url(size: preview_size(size), flatten: true),

data/app/views/alchemy/admin/pictures/_tag_list.html.erb CHANGED

@@ -7,7 +7,7 @@
   <% if params[:tagged_with].present? %>
     <%= link_to(
       render_icon('delete-small') + Alchemy.t('Remove tag filter'),
-      url_for(tag_list_params.delete_if { |k, v| k == "tagged_with" }.merge(action: 'index')),
+      url_for(search_filter_params.except(:tagged_with)),
       remote: request.xhr?,
       class: 'button small with_icon please_wait'
     ) %>

data/app/views/alchemy/admin/resources/_filter_bar.html.erb CHANGED

@@ -1,5 +1,3 @@
-<% params_to_keep = [:tagged_with, :q] %>
 <div id="filter_bar">
   <h2><%= Alchemy.t('Filter') %></h2>
   <%= select_tag(
@@ -17,7 +15,7 @@
   $(function() {
     $('#resource_filter').on('change', function(e) {
       var $this = $(this);
-      var url = '<%= resources_path(resource_handler.namespaced_resources_name, merge_params_only(params_to_keep)).html_safe %>';
+      var url = '<%= resources_path(resource_handler.namespaced_resources_name, search_filter_params.except(:filter).to_h) %>';
       if ($this.data('remote') === true) {
         $.get(url, {filter: $this.val()}, null, 'script');
       } else {

data/app/views/alchemy/admin/resources/_tag_list.html.erb CHANGED

@@ -7,7 +7,7 @@
   <% if params[:tagged_with].present? %>
     <%= link_to(
       render_icon('delete-small') + Alchemy.t('Remove tag filter'),
-      url_for(tag_list_params.delete_if { |k, v| k == "tagged_with" }.merge(action: 'index')),
+      url_for(search_filter_params.except(:tagged_with)),
       remote: request.xhr?,
       class: 'button small with_icon please_wait'
     ) %>

data/app/views/alchemy/admin/uploader/_button.html.erb CHANGED

@@ -2,7 +2,7 @@
   <%= f.file_field file_attribute,
     class: 'fileupload fileupload--field', multiple: true,
     name: "#{f.object_name}[#{file_attribute}]" %>
-  <%= hidden_field_tag "#{f.object_name}[upload_hash]", Time.current.hash %>
+  <%= hidden_field_tag("#{f.object_name}[upload_hash]", Time.current.hash) if object.respond_to?(:upload_hash) %>
   <%= f.label file_attribute, data: {alchemy_hotkey: 'alt+n'} do %>
     <div class="button_with_label">
       <span class="icon_button"><%= render_icon :upload %></span>

data/app/views/alchemy/essences/_essence_file_editor.html.erb CHANGED

@@ -3,7 +3,7 @@
     content_id: content.id,
     only: content.settings_value(:only, local_assigns.fetch(:options, {})),
     except: content.settings_value(:except, local_assigns.fetch(:options, {})),
-    options: local_assigns.fetch(:options, {}).to_json
+    options: local_assigns.fetch(:options, {})
   ),
   {
     title: Alchemy.t(:assign_file),
@@ -35,7 +35,7 @@
       <%= link_to_dialog '',
         alchemy.edit_admin_essence_file_path(
           id: content.essence.id,
-          options: local_assigns.fetch(:options, {}).to_json
+          options: local_assigns.fetch(:options, {})
         ),
         {
           title: Alchemy.t(:edit_file_properties),

data/app/views/alchemy/essences/_essence_picture_editor.html.erb CHANGED

@@ -1,6 +1,6 @@
 <%= content_tag :div, id: content.dom_id, data: {"content-id" => content.id}, class: [
     "essence_picture_editor",
-    options[:dragable] ? "dragable_picture" : nil,
+    options[:sortable] ? "draggable_picture" : nil,
     options[:grouped] ? nil : "content_editor"
   ].compact.join(" ") do %>
   <% unless options[:grouped] %><%= content_label(content) %><% end %>
@@ -18,7 +18,7 @@
       <% end %>
     </span>
     <%- if content.ingredient -%>
-      <div class="picture_handle" title="<%= Alchemy.t(:drag_to_sort) if options[:dragable] %>"></div>
+      <div class="picture_handle" title="<%= Alchemy.t(:drag_to_sort) if options[:sortable] %>"></div>
     <%- end -%>
     <div class="picture_image">
       <div class="thumbnail_background<%= ' missing' if content.ingredient.nil? %>">

data/app/views/alchemy/essences/shared/_essence_picture_tools.html.erb CHANGED

@@ -4,7 +4,7 @@
   <%= link_to_dialog render_icon('crop'),
     alchemy.crop_admin_essence_picture_path(
       content.essence,
-      options: content.settings.update(options).to_json
+      options: content.settings.update(options)
     ), {
       size: "1000x615",
       title: Alchemy.t('Edit Picturemask'),
@@ -20,7 +20,7 @@
     element_id: content.element,
     content_id: content.id,
     swap: true,
-    options: options.to_json
+    options: options
   ),
   {
     title: (content.ingredient ? Alchemy.t(:swap_image) : Alchemy.t(:insert_image)),
@@ -47,7 +47,7 @@
   alchemy.edit_admin_essence_picture_path(
     id: content.essence.id,
     content_id: content.id,
-    options: options.to_json
+    options: options
   ), {
     title: Alchemy.t(:edit_image_properties),
     size: edit_picture_dialog_size(content, options)

data/app/views/alchemy/navigation/_renderer.html.erb CHANGED

@@ -1,8 +1,7 @@
 <% if pages.present? %>
 <%= content_tag(
   'ul',
-  :class => html_options[:class] || "navigation level_#{pages.first.level - 1}",
-  :id => html_options[:id]
+  html_options.reverse_merge(class: "navigation level_#{pages.first.level - 1}")
 ) do %>
   <% pages.each do |page| %>
     <% position = 'first' if page == pages.first %>

data/config/brakeman.ignore ADDED

@@ -0,0 +1,65 @@
+{
+  "ignored_warnings": [
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "1dd8f69d9b1bdd4017212f38098f03d2ecb2db06269fb940090f209eee7570c6",
+      "check_name": "MassAssignment",
+      "message": "Parameters should be whitelisted for mass assignment",
+      "file": "app/controllers/alchemy/admin/resources_controller.rb",
+      "line": 128,
+      "link": "http://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(resource_handler.namespaced_resource_name).permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Admin::ResourcesController",
+        "method": "resource_params"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "Because we actually can't know all attributes each inheriting controller supports, we permit all resource model params. It is adviced that all inheriting controllers implement this method and provide its own set of permitted attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
+    },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "26461414e9f6be7b68dd8c7dda1c69b09c92a8e9997c0ac204e1756cae7f3d68",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/views/alchemy/admin/contents/create.js.erb",
+      "line": 1,
+      "link": "http://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => \"alchemy/essences/#{Content.create_from_scratch(Element.find(params[:content][:element_id]), content_params).essence_partial_name}_editor\", { :content => Content.create_from_scratch(Element.find(params[:content][:element_id]), content_params), :options => options_from_params.symbolize_keys, :html_options => (params[:html_options] or {}).symbolize_keys })",
+      "render_path": [{"type":"controller","class":"Alchemy::Admin::ContentsController","method":"create","line":21,"file":"app/controllers/alchemy/admin/contents_controller.rb"}],
+      "location": {
+        "type": "template",
+        "template": "alchemy/admin/contents/create"
+      },
+      "user_input": "params[:content][:element_id]",
+      "confidence": "Weak",
+      "note": "This dynamic render path comes from the Contents essence not from any params or user mutated string. This can safely be ignored."
+    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 70,
+      "fingerprint": "4b4dc24a6f5251bc1a6851597dfcee39608a2932eb7f81a4a241c00fca8a3043",
+      "check_name": "MassAssignment",
+      "message": "Parameters should be whitelisted for mass assignment",
+      "file": "app/controllers/alchemy/admin/elements_controller.rb",
+      "line": 168,
+      "link": "http://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.fetch(:contents, {}).permit!",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Admin::ElementsController",
+        "method": "contents_params"
+      },
+      "user_input": null,
+      "confidence": "Medium",
+      "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
+    }
+  ],
+  "updated": "2017-08-16 15:07:26 +0200",
+  "brakeman_version": "3.7.0"
+}

data/db/migrate/20130827094554_alchemy_two_point_six.rb CHANGED

@@ -5,7 +5,7 @@
 # In order to upgrade from an old version of Alchemy, you have to run all migrations from
 # each version you missed up to the version you want to upgrade to, before running this migration.
 #
-class AlchemyTwoPointSix < ActiveRecord::Migration
+class AlchemyTwoPointSix < ActiveRecord::Migration[4.2]
   def up
     unless table_exists?('alchemy_attachments')
       create_table "alchemy_attachments" do |t|

data/db/migrate/20130828121054_remove_do_not_index_from_alchemy_essence_texts.rb CHANGED

@@ -1,4 +1,4 @@
-class RemoveDoNotIndexFromAlchemyEssenceTexts < ActiveRecord::Migration
+class RemoveDoNotIndexFromAlchemyEssenceTexts < ActiveRecord::Migration[4.2]
   def up
     remove_column :alchemy_essence_texts, :do_not_index
   end

data/db/migrate/20130828121120_remove_do_not_index_from_alchemy_essence_richtexts.rb CHANGED

@@ -1,4 +1,4 @@
-class RemoveDoNotIndexFromAlchemyEssenceRichtexts < ActiveRecord::Migration
+class RemoveDoNotIndexFromAlchemyEssenceRichtexts < ActiveRecord::Migration[4.2]
   def up
     remove_column :alchemy_essence_richtexts, :do_not_index
   end

data/db/migrate/20130918201742_add_published_at_to_alchemy_pages.rb CHANGED

@@ -1,4 +1,4 @@
-class AddPublishedAtToAlchemyPages < ActiveRecord::Migration
+class AddPublishedAtToAlchemyPages < ActiveRecord::Migration[4.2]
   def change
     add_column :alchemy_pages, :published_at, :timestamp
   end

data/db/migrate/20150608204610_add_parent_element_id_to_alchemy_elements.rb CHANGED

@@ -1,4 +1,4 @@
-class AddParentElementIdToAlchemyElements < ActiveRecord::Migration
+class AddParentElementIdToAlchemyElements < ActiveRecord::Migration[4.2]
   def change
     add_column :alchemy_elements, :parent_element_id, :integer
     add_index :alchemy_elements, [:page_id, :parent_element_id]

data/db/migrate/20150729151825_add_link_text_to_alchemy_essence_files.rb CHANGED

@@ -1,4 +1,4 @@
-class AddLinkTextToAlchemyEssenceFiles < ActiveRecord::Migration
+class AddLinkTextToAlchemyEssenceFiles < ActiveRecord::Migration[4.2]
   def change
     add_column :alchemy_essence_files, :link_text, :string
   end

data/db/migrate/20150906195818_add_locale_to_alchemy_languages.rb CHANGED

@@ -1,4 +1,4 @@
-class AddLocaleToAlchemyLanguages < ActiveRecord::Migration
+class AddLocaleToAlchemyLanguages < ActiveRecord::Migration[4.2]
   def change
     add_column :alchemy_languages, :locale, :string
     execute \

data/db/migrate/20160108174834_add_timebased_publishing_columns_to_pages.rb CHANGED

@@ -1,4 +1,4 @@
-class AddTimebasedPublishingColumnsToPages < ActiveRecord::Migration
+class AddTimebasedPublishingColumnsToPages < ActiveRecord::Migration[4.2]
   def up
     add_column :alchemy_pages, :public_on, :datetime
     add_column :alchemy_pages, :public_until, :datetime

data/db/migrate/20160422195310_add_image_file_format_to_alchemy_pictures.rb CHANGED

@@ -1,4 +1,4 @@
-class AddImageFileFormatToAlchemyPictures < ActiveRecord::Migration
+class AddImageFileFormatToAlchemyPictures < ActiveRecord::Migration[4.2]
   def up
     add_column :alchemy_pictures, :image_file_format, :string

data/db/migrate/20160617224938_change_alchemy_pages_locked_to_locked_at.rb CHANGED

@@ -1,4 +1,4 @@
-class ChangeAlchemyPagesLockedToLockedAt < ActiveRecord::Migration
+class ChangeAlchemyPagesLockedToLockedAt < ActiveRecord::Migration[4.2]
   def up
     add_column :alchemy_pages, :locked_at, :datetime
     update <<-SQL.strip_heredoc

data/db/migrate/20160912223112_add_index_to_alchemy_pages_rgt.rb CHANGED

@@ -1,4 +1,4 @@
-class AddIndexToAlchemyPagesRgt < ActiveRecord::Migration
+class AddIndexToAlchemyPagesRgt < ActiveRecord::Migration[4.2]
   def up
     add_index :alchemy_pages, :rgt
   end

data/db/migrate/20160927205604_add_foreign_key_indices_and_null_constraints.rb CHANGED

@@ -1,4 +1,4 @@
-class AddForeignKeyIndicesAndNullConstraints < ActiveRecord::Migration
+class AddForeignKeyIndicesAndNullConstraints < ActiveRecord::Migration[4.2]
   def change
     change_column_null :alchemy_cells, :page_id, false, 0
     change_column_null :alchemy_contents, :element_id, false, 0

data/db/migrate/20160928080104_add_foreign_keys.rb CHANGED

@@ -1,4 +1,4 @@
-class AddForeignKeys < ActiveRecord::Migration
+class AddForeignKeys < ActiveRecord::Migration[4.2]
   def change
     add_foreign_key :alchemy_cells, :alchemy_pages,
       column: :page_id,

data/lib/alchemy/ability_helper.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy::AbilityHelper
   # Ensures usage of Alchemy's permissions class.
   #

data/lib/alchemy/admin/locale.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Admin
     module Locale

data/lib/alchemy/auth_accessors.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Provides authentication accessors.
 #
 # Alchemy has some defaults for user model name and login logout path names:

data/lib/alchemy/cache_digests/template_tracker.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module CacheDigests
     class TemplateTracker

data/lib/alchemy/config.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # encoding: utf-8
 module Alchemy

data/lib/alchemy/configuration_methods.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module ConfigurationMethods
     extend ActiveSupport::Concern

data/lib/alchemy/controller_actions.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module ControllerActions
     extend ActiveSupport::Concern

data/lib/alchemy/deprecation.rb ADDED

@@ -0,0 +1,3 @@
+module Alchemy
+  Deprecation = ActiveSupport::Deprecation.new('5.0', 'Alchemy')
+end

data/lib/alchemy/errors.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # Custom error classes.
 #
 module Alchemy

data/lib/alchemy/essence.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'active_record'
 module Alchemy #:nodoc:

data/lib/alchemy/filetypes.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Filetypes
     ARCHIVE_FILE_TYPES = ["application/zip", "application/x-rar"]

data/lib/alchemy/forms/builder.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Forms
     class Builder < SimpleForm::FormBuilder

data/lib/alchemy/hints.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Hints
     # Returns a hint

data/lib/alchemy/i18n.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class << self
     # Alchemy shortcut translation method

data/lib/alchemy/logger.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Logger
     # Logs a debug message to the Rails standard logger and adds some nicer formatting

data/lib/alchemy/modules.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module Modules
     mattr_accessor :alchemy_modules

data/lib/alchemy/name_conversions.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 # encoding: utf-8
 module Alchemy

data/lib/alchemy/on_page_layout.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   # = Provides a DSL to define callbacks run in a before filter on pages show action
   #

data/lib/alchemy/on_page_layout/callbacks_runner.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   module OnPageLayout
     # Runs OnPageLayout callbacks

data/lib/alchemy/page_layout.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Alchemy
   class PageLayout
     class << self
@@ -157,7 +159,7 @@ module Alchemy
       #
       def read_definitions_file
         if File.exist?(layouts_file_path)
-          YAML.safe_load(ERB.new(File.read(layouts_file_path)).result, [Date], [], true) || []
+          YAML.safe_load(ERB.new(File.read(layouts_file_path)).result, [Date, Symbol], [], true) || []
         else
           raise LoadError, "Could not find page_layouts.yml file! Please run `rails generate alchemy:scaffold`"
         end