alchemy_cms 6.0.0.pre.b4 → 6.0.0.pre.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb49f5d73d0fe450fc5b15c1a31b8ea9db3c281a0ffbc10ea41fac56617f0ba8
-  data.tar.gz: a0a78888094965fc097dcfe0642ef1ea22905300abff1659257d8ae2b7990670
+  metadata.gz: aa6425ce6e3aa16df7d9df57ac4d098093cc6707f95856f4a7030204b82cb7b9
+  data.tar.gz: ea96e420624ff64d60dccaa6e9e425354f85aa47e2a8602a20799414adf37096
 SHA512:
-  metadata.gz: 0ce83617901077c47a15d5e3e3ec48e3f78ff1c879a18467a44aab0c20d69b59f4a7eb698b49688ca6e7d5cd45b1127196084943c4604d7474ea588eeae176e9
-  data.tar.gz: 6e13fe6a39778668e02f5f09c475db1029f28fb42f8f439464798f017169ee28247f45e3a444c5c82a88d2d928cbdc4492ce5ba4d21dea509e61cb8098b8102f
+  metadata.gz: 8842fb9afc57ca77301e7658c3b00ca96306d5de1eda7827ba114d8fa0501fb9d520416ba8e9d100b785c9555be4b0d8f277dde4b44124539c9a9dbe2756d0b7
+  data.tar.gz: d18b971bd54abf71a988e78751ce104d6ba7ea8ad24fd809cdc44e7c4564c65b4f777971819ca7df14ab23162dfeeb5c0ab5936f58097139277fd72fb22567f2

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,46 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '40 4 * * 2'
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/ci.yml

@@ -10,10 +10,11 @@ jobs:
       matrix:
         rails:
           - '6.0'
+          - '6.1'
         ruby:
-          - '2.6.6'
-          - '2.7.2'
-          - '3.0.0'
+          - '2.6.8'
+          - '2.7.4'
+          - '3.0.2'
         database:
           - mysql
           - postgresql

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 6.0.0-rc2 (2021-10-13)
+
+- Fix init link dialog if used in tinymce [#2200](https://github.com/AlchemyCMS/alchemy_cms/pull/2200) ([tvdeyen](https://github.com/tvdeyen))
+
+## 6.0.0-rc1 (2021-09-12)
+
+- Allow Rails 6.1 [#2047](https://github.com/AlchemyCMS/alchemy_cms/pull/2047) ([robinboening](https://github.com/robinboening))
+
+## 6.0.0-b6 (2021-09-02)
+
+- Fix element with ingredients preview text [#2187](https://github.com/AlchemyCMS/alchemy_cms/pull/2187) ([tvdeyen](https://github.com/tvdeyen))
+- Do not validate element during toggle fold and create [#2186](https://github.com/AlchemyCMS/alchemy_cms/pull/2186) ([tvdeyen](https://github.com/tvdeyen))
+## 6.0.0-b5 (2021-08-27)
+
+- Remove spec that tests default data store value [#2184](https://github.com/AlchemyCMS/alchemy_cms/pull/2184) ([tvdeyen](https://github.com/tvdeyen))
+- Remove data store accessor from ingredient base class [#2183](https://github.com/AlchemyCMS/alchemy_cms/pull/2183) ([tvdeyen](https://github.com/tvdeyen))
+
 ## 6.0.0-b4 (2021-08-27)
 
 - Load custom Tinymce config for ingredients [#2182](https://github.com/AlchemyCMS/alchemy_cms/pull/2182) ([tvdeyen](https://github.com/tvdeyen))

data/Gemfile

@@ -3,7 +3,7 @@ source "https://rubygems.org"
 
 gemspec
 
-rails_version = ENV.fetch("RAILS_VERSION", 6.0).to_f
+rails_version = ENV.fetch("RAILS_VERSION", 6.1).to_f
 gem "rails", "~> #{rails_version}.0"
 
 if ENV["DB"].nil? || ENV["DB"] == "sqlite"

data/README.md

@@ -18,7 +18,7 @@ Alchemy is an open source CMS engine written in Ruby on Rails.
 
 Read more about Alchemy on the [website](https://alchemy-cms.com) and in the [guidelines](https://guides.alchemy-cms.com).
 
-**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.0-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.0-stable).**
+**CAUTION: This main branch is a development branch that *can* contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy_cms), or the [latest stable branch (5.2-stable)](https://github.com/AlchemyCMS/alchemy_cms/tree/5.2-stable).**
 
 
 ## ✅ Features

data/SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We support the current major and last minor version of the previous major version with security fixes.
+
+## Reporting a Vulnerability
+
+Please send a preferably encrypted email to hello@alchemy-cms.com
+
+PGP public key finger print
+
+52D3 2070 4BF3 E5C5 035C  BC71 17E9 E620 A96B 4CE0

data/alchemy_cms.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |gem|
     activesupport
     railties
   ].each do |rails_gem|
-    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.1"]
+    gem.add_runtime_dependency rails_gem, [">= 6.0", "< 6.2"]
   end
 
   gem.add_runtime_dependency "active_model_serializers", ["~> 0.10.0"]

data/app/assets/javascripts/alchemy/alchemy.link_dialog.js.coffee

@@ -4,12 +4,13 @@
 class window.Alchemy.LinkDialog extends Alchemy.Dialog
 
   constructor: (@link_object) ->
-    parent_selector = @link_object.dataset.parentSelector
-    parent = document.querySelector(parent_selector)
-    @link_value_field = parent.querySelector("[data-link-value]")
-    @link_title_field = parent.querySelector("[data-link-title]")
-    @link_target_field = parent.querySelector("[data-link-target]")
-    @link_class_field = parent.querySelector("[data-link-class]")
+    if @link_object.dataset
+      parent_selector = @link_object.dataset.parentSelector
+      parent = document.querySelector(parent_selector)
+      @link_value_field = parent.querySelector("[data-link-value]")
+      @link_title_field = parent.querySelector("[data-link-title]")
+      @link_target_field = parent.querySelector("[data-link-target]")
+      @link_class_field = parent.querySelector("[data-link-class]")
     @url = Alchemy.routes.link_admin_pages_path
     @$link_object = $(@link_object)
     @options =

data/app/controllers/alchemy/admin/elements_controller.rb

@@ -32,14 +32,14 @@ module Alchemy
           if @paste_from_clipboard = params[:paste_from_clipboard].present?
             @element = paste_element_from_clipboard
           else
-            @element = Element.create(create_element_params)
+            @element = Element.new(create_element_params)
           end
           if @page.definition["insert_elements_at"] == "top"
             @insert_at_top = true
-            @element.move_to_top
+            @element.position = 1
           end
         end
-        if @element.valid?
+        if @element.save
           render :create
         else
           @element.page_version = @page_version
@@ -91,10 +91,14 @@ module Alchemy
         end
       end
 
+      # Toggle fodls the element and persists the state in the db
+      #
+      # Ingredient validations might make the element invalid.
+      # In this case we are just toggling a UI state and do not care about the validations.
       def fold
         @page = @element.page
         @element.folded = !@element.folded
-        @element.save
+        @element.save(validate: false)
       end
 
       private

data/app/models/alchemy/element/presenters.rb

@@ -99,12 +99,12 @@ module Alchemy
       # The ingredient that's used for element's preview text.
       #
       # It tries to find one of element's ingredients that is defined +as_element_title+.
-      # Takes element's first ingredient if no ingredient is defined +as_element_title+.
+      # Takes element's first defined ingredient if no ingredient is defined +as_element_title+.
       #
       # @return (Alchemy::Ingredient)
       #
       def preview_ingredient
-        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || ingredients.first
+        @_preview_ingredient ||= ingredients.detect(&:preview_ingredient?) || first_ingredient_by_definition
       end
 
       private
@@ -122,6 +122,13 @@ module Alchemy
       def preview_text_from_preview_ingredient(maxlength)
         preview_ingredient&.preview_text(maxlength)
       end
+
+      def first_ingredient_by_definition
+        return if ingredient_definitions.empty?
+
+        role = ingredient_definitions.first["role"]
+        ingredients.detect { |ingredient| ingredient.role == role }
+      end
     end
   end
 end

data/app/models/alchemy/ingredient.rb

@@ -118,11 +118,6 @@ module Alchemy
       value.to_s[0..maxlength - 1]
     end
 
-    # Cross DB adapter data accessor that works
-    def data
-      @_data ||= (self[:data] || {}).with_indifferent_access
-    end
-
     # The path to the view partial of the ingredient
     # @return [String]
     def to_partial_path

data/lib/alchemy/test_support/shared_ingredient_examples.rb

@@ -16,7 +16,6 @@ RSpec.shared_examples_for "an alchemy ingredient" do
   it { is_expected.to belong_to(:related_object).optional }
   it { is_expected.to validate_presence_of(:role) }
   it { is_expected.to validate_presence_of(:type) }
-  it { expect(subject.data).to eq({}) }
 
   describe "#settings" do
     subject { ingredient.settings }

data/lib/alchemy/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Alchemy
-  VERSION = "6.0.0-b4"
+  VERSION = "6.0.0-rc2"
 
   def self.version
     VERSION

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alchemy_cms/admin",
-  "version": "6.0.0-b4",
+  "version": "6.0.0-rc2",
   "description": "AlchemyCMS",
   "browser": "package/admin.js",
   "files": [

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 6.0.0.pre.b4
+  version: 6.0.0.pre.rc2
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -10,10 +10,10 @@ authors:
 - Hendrik Mans
 - Carsten Fregin
 - Martin Meyerhoff
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-27 00:00:00.000000000 Z
+date: 2021-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -24,7 +24,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -34,7 +34,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
@@ -44,7 +44,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -54,7 +54,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: actionview
   requirement: !ruby/object:Gem::Requirement
@@ -64,7 +64,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activejob
   requirement: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -94,7 +94,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -104,7 +104,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -114,7 +114,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -124,7 +124,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -134,7 +134,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -144,7 +144,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -154,7 +154,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -164,7 +164,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -174,7 +174,7 @@ dependencies:
         version: '6.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: active_model_serializers
   requirement: !ruby/object:Gem::Requirement
@@ -724,6 +724,7 @@ files:
 - ".github/ISSUE_TEMPLATE/Bug_report.md"
 - ".github/ISSUE_TEMPLATE/Feature_request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/workflows/brakeman-analysis.yml"
 - ".github/workflows/ci.yml"
 - ".github/workflows/stale.yml"
 - ".gitignore"
@@ -739,6 +740,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - alchemy_cms.gemspec
 - app/assets/config/alchemy_manifest.js
 - app/assets/images/alchemy/alchemy-logo.png
@@ -1516,8 +1518,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.2.28
+signing_key:
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails
 test_files: []
+...