alchemy_cms 6.0.0.pre.b6 → 6.0.0.pre.rc4

data/app/assets/stylesheets/tinymce/skins/alchemy/content.min.css.scss

@@ -30,7 +30,7 @@ td,th {
 
 .mce-object {
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/object.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/object.gif') no-repeat center;
 }
 
 .mce-pagebreak {
@@ -55,7 +55,7 @@ td,th {
   width: 9px!important;
   height: 9px!important;
   border: 1px dotted #3a3a3a;
-  background: #d5d5d5 url(img/anchor.gif) no-repeat center;
+  background: #d5d5d5 url('tinymce/skins/alchemy/fonts/img/anchor.gif') no-repeat center;
 }
 
 .mce-nbsp {
@@ -77,7 +77,7 @@ hr {
 }
 
 .mce-spellchecker-word {
-  background: url(img/wline.gif) repeat-x bottom left;
+  background: url('tinymce/skins/alchemy/fonts/img/wline.gif') repeat-x bottom left;
   cursor: default;
 }
 

data/app/assets/stylesheets/tinymce/skins/alchemy/skin.min.css.scss

@@ -1561,23 +1561,23 @@ i.mce-i-resize {
   opacity: 0.6;
   filter: alpha(opacity=60);
   zoom: 1;
-  background: #fff url('img/loader.gif') no-repeat center center;
+  background: #fff url('tinymce/skins/alchemy/fonts/img/loader.gif') no-repeat center center;
 }
 
 @font-face {
   font-family: 'tinymce';
-  src: url('fonts/tinymce.woff') format('woff'),
-       url('fonts/tinymce.ttf') format('truetype'),
-       url('fonts/tinymce.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }
 
 @font-face {
   font-family: 'tinymce-small';
-  src: url('fonts/tinymce-small.woff') format('woff'),
-       url('fonts/tinymce-small.ttf') format('truetype'),
-       url('fonts/tinymce-small.svg#tinymce') format('svg');
+  src: url('tinymce/skins/alchemy/fonts/tinymce-small.woff') format('woff'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.ttf') format('truetype'),
+       url('tinymce/skins/alchemy/fonts/tinymce-small.svg#tinymce') format('svg');
   font-weight: normal;
   font-style: normal;
 }

data/app/controllers/alchemy/admin/base_controller.rb

@@ -40,9 +40,7 @@ module Alchemy
       def exception_handler(error)
         exception_logger(error)
         show_error_notice(error)
-        if defined?(Airbrake)
-          notify_airbrake(error) unless Rails.env.development? || Rails.env.test?
-        end
+        notify_error_tracker(error)
       end
 
       # Displays an error notice in the Alchemy backend.
@@ -146,6 +144,14 @@ module Alchemy
             site
           end
       end
+
+      def notify_error_tracker(exception)
+        if ::Alchemy::ErrorTracking.notification_handler.respond_to?(:call)
+          ::Alchemy::ErrorTracking.notification_handler.call(exception)
+        else
+          Rails.logger.warn("To use the Alchemy::ErrorTracking.notification_handler, it must respond to #call.")
+        end
+      end
     end
   end
 end

data/app/models/alchemy/attachment.rb

@@ -28,7 +28,7 @@ module Alchemy
       after_assign { |f| write_attribute(:file_mime_type, f.mime_type) }
     end
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     has_many :essence_files, class_name: "Alchemy::EssenceFile", foreign_key: "attachment_id"
     has_many :contents, through: :essence_files

data/app/models/alchemy/element.rb

@@ -57,7 +57,7 @@ module Alchemy
     #
     acts_as_list scope: [:page_version_id, :fixed, :parent_element_id]
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     has_many :contents, dependent: :destroy, inverse_of: :element
 

data/app/models/alchemy/node.rb

@@ -7,7 +7,7 @@ module Alchemy
     before_destroy :check_if_related_essence_nodes_present
 
     acts_as_nested_set scope: "language_id", touch: true
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     belongs_to :language, class_name: "Alchemy::Language"
     belongs_to :page, class_name: "Alchemy::Page", optional: true, inverse_of: :nodes

data/app/models/alchemy/page.rb

@@ -88,7 +88,7 @@ module Alchemy
 
     acts_as_nested_set(dependent: :destroy, scope: [:layoutpage, :language_id])
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     belongs_to :language
 

data/app/models/alchemy/picture.rb

@@ -110,7 +110,7 @@ module Alchemy
       case_sensitive: false,
       message: Alchemy.t("not a valid image")
 
-    stampable stamper_class_name: Alchemy.user_class_name
+    stampable stamper_class_name: Alchemy.user_class.name
 
     scope :named, ->(name) { where("#{table_name}.name LIKE ?", "%#{name}%") }
     scope :recent, -> { where("#{table_name}.created_at > ?", Time.current - 24.hours).order(:created_at) }

data/app/views/alchemy/ingredients/_picture_editor.html.erb

@@ -54,7 +54,7 @@
     <%= f.hidden_field :link_title, data: { link_title: true }, id: nil %>
     <%= f.hidden_field :link_class_name, data: { link_class: true }, id: nil %>
     <%= f.hidden_field :link_target, data: { link_target: true }, id: nil %>
-    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: nil %>
-    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: nil %>
+    <%= f.hidden_field :crop_from, data: { crop_from: true }, id: picture_editor.form_field_id(:crop_from) %>
+    <%= f.hidden_field :crop_size, data: { crop_size: true }, id: picture_editor.form_field_id(:crop_size) %>
   <% end %>
 <% end %>

data/config/brakeman.ignore

@@ -58,7 +58,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/resources_controller.rb",
-      "line": 136,
+      "line": 209,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.require(resource_handler.namespaced_resource_name).permit!",
       "render_path": null,
@@ -86,7 +86,7 @@
           "type": "controller",
           "class": "Alchemy::Admin::ElementsController",
           "method": "fold",
-          "line": 97,
+          "line": 102,
           "file": "app/controllers/alchemy/admin/elements_controller.rb",
           "rendered": {
             "name": "alchemy/admin/elements/fold",
@@ -109,7 +109,7 @@
       "check_name": "MassAssignment",
       "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
       "file": "app/controllers/alchemy/admin/elements_controller.rb",
-      "line": 150,
+      "line": 155,
       "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
       "code": "params.fetch(:contents, {}).permit!",
       "render_path": null,
@@ -122,6 +122,26 @@
       "confidence": "Medium",
       "note": "`Alchemy::Content` is a polymorphic association of any kind of model extending `Alchemy::Essence`. Since we can't know the attributes of all potential essences we need to permit all attributes. As this all happens inside the password protected /admin namespace this can be considered a false positive."
     },
+    {
+      "warning_type": "Command Injection",
+      "warning_code": 14,
+      "fingerprint": "6addfcb9d23d2d6f699f2f3542169744ff749dc4d0a97f8ac783ab92593e1d84",
+      "check_name": "Execute",
+      "message": "Possible command injection",
+      "file": "lib/alchemy/upgrader.rb",
+      "line": 30,
+      "link": "https://brakemanscanner.org/docs/warning_types/command_injection/",
+      "code": "`yarn add @alchemy_cms/admin@~#{Alchemy.version}`",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Alchemy::Upgrader",
+        "method": "update_npm_package"
+      },
+      "user_input": "Alchemy.version",
+      "confidence": "Medium",
+      "note": "The alchemy version is safe"
+    },
     {
       "warning_type": "Cross-Site Scripting",
       "warning_code": 4,
@@ -255,6 +275,6 @@
       "note": ""
     }
   ],
-  "updated": "2021-06-29 20:56:10 +0200",
-  "brakeman_version": "5.0.1"
+  "updated": "2021-10-26 21:44:59 +0200",
+  "brakeman_version": "5.1.1"
 }

data/lib/alchemy/engine.rb

@@ -40,9 +40,16 @@ module Alchemy
       if Alchemy.user_class
         ActiveSupport.on_load(:active_record) do
           Alchemy.user_class.model_stamper
-          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class_name)
+          Alchemy.user_class.stampable(stamper_class_name: Alchemy.user_class.name)
         end
       end
     end
+
+    initializer "alchemy.error_tracking" do
+      if defined?(Airbrake)
+        require_relative "error_tracking/airbrake_handler"
+        Alchemy::ErrorTracking.notification_handler = Alchemy::ErrorTracking::AirbrakeHandler
+      end
+    end
   end
 end

data/lib/alchemy/error_tracking/airbrake_handler.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Alchemy
+  module ErrorTracking
+    class AirbrakeHandler < BaseHandler
+      def self.call(exception)
+        return if ["development", "test"].include?(Rails.env)
+
+        notify_airbrake(exception)
+      end
+    end
+  end
+end

data/lib/alchemy/error_tracking.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Alchemy
+  module ErrorTracking
+    class BaseHandler
+      def self.call(exception)
+        # implement your own notification method
+      end
+    end
+
+    mattr_accessor :notification_handler
+    @@notification_handler = BaseHandler
+  end
+end

data/lib/alchemy/taggable.rb

@@ -22,13 +22,20 @@ module Alchemy
     end
 
     module ClassMethods
-      # Find all records matching all of the given tags.
-      # Separate multiple tags by comma.
-      def tagged_with(names)
+      def tagged_with(names = [], **args)
         if names.is_a? String
           names = names.split(/,\s*/)
         end
-        super(names: names, match: :all)
+
+        unless args[:match]
+          args.merge!(match: :all)
+        end
+
+        if names.any?
+          args.merge!(names: names)
+        end
+
+        super(args)
       end
 
       # Returns all unique tags

data/lib/alchemy/upgrader.rb

@@ -24,6 +24,12 @@ module Alchemy
           todo "Check the default configuration file (./config/alchemy/config.yml.defaults) for new configuration options and insert them into your config file.", "Configuration has changed"
         end
       end
+
+      def update_npm_package
+        desc "Install new npm package."
+        `yarn add @alchemy_cms/admin@~#{Alchemy.version}`
+        log "Installed new npm package."
+      end
     end
   end
 end

data/lib/alchemy/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Alchemy
-  VERSION = "6.0.0-b6"
+  VERSION = "6.0.0-rc4"
 
   def self.version
     VERSION

data/lib/alchemy_cms.rb

@@ -37,6 +37,7 @@ require_relative "alchemy/controller_actions"
 require_relative "alchemy/deprecation"
 require_relative "alchemy/element_definition"
 require_relative "alchemy/elements_finder"
+require_relative "alchemy/error_tracking"
 require_relative "alchemy/errors"
 require_relative "alchemy/essence"
 require_relative "alchemy/filetypes"

data/lib/generators/alchemy/install/install_generator.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "rails/generators"
 require "alchemy/install/tasks"
+require "alchemy/version"
 
 module Alchemy
   module Generators
@@ -88,7 +89,7 @@ module Alchemy
       end
 
       def add_npm_package
-        run "yarn add @alchemy_cms/admin"
+        run "yarn add @alchemy_cms/admin@~#{Alchemy.version}"
       end
 
       def copy_alchemy_entry_point

data/lib/tasks/alchemy/upgrade.rake

@@ -17,6 +17,7 @@ namespace :alchemy do
     task prepare: [
       "alchemy:upgrade:database",
       "alchemy:upgrade:config",
+      "alchemy:upgrade:package",
     ]
 
     desc "Alchemy Upgrader: Prepares the database."
@@ -30,6 +31,11 @@ namespace :alchemy do
       Alchemy::Upgrader.copy_new_config_file
     end
 
+    desc "Alchemy Upgrader: Install new Node package."
+    task package: [:environment] do
+      Alchemy::Upgrader.update_npm_package
+    end
+
     desc "Upgrade Alchemy to v5.0"
     task "5.0" => [
       "alchemy:upgrade:prepare",

data/package/admin.js

@@ -5,6 +5,7 @@ import fileEditors from "./src/file_editors"
 import pictureEditors from "./src/picture_editors"
 import ImageLoader from "./src/image_loader"
 import ImageCropper from "./src/image_cropper"
+import Datepicker from "./src/datepicker"
 
 // Global Alchemy object
 if (typeof window.Alchemy === "undefined") {
@@ -20,5 +21,6 @@ Object.assign(Alchemy, {
   fileEditors,
   pictureEditors,
   ImageLoader: ImageLoader.init,
-  ImageCropper
+  ImageCropper,
+  Datepicker
 })

data/package/src/datepicker.js

@@ -0,0 +1,39 @@
+import flatpickr from "flatpickr"
+
+export default function Datepicker(scope = document) {
+  if (scope === "") {
+    scope = document
+  } else if (scope instanceof String) {
+    scope = document.querySelectorAll(scope)
+  }
+
+  const datepickerInputs = scope.querySelectorAll("input[data-datepicker-type]")
+
+  // Initializes the datepickers on the text inputs and sets the proper type
+  // to enable browsers default datepicker if the current OS is iOS.
+  if (Alchemy.isiOS) {
+    datepickerInputs.forEach((input) => {
+      input.attributes.type = input.dataset.datepickerType
+    })
+  } else {
+    datepickerInputs.forEach((input) => {
+      const type = input.dataset.datepickerType
+      const options = {
+        // alchemy_i18n supports `zh_CN` etc., but flatpickr only has two-letter codes (`zh`)
+        locale: Alchemy.locale.slice(0, 2),
+        altInput: true,
+        altFormat: Alchemy.t(`formats.${type}`),
+        altInputClass: "flatpickr-input",
+        enableTime: /time/.test(type),
+        noCalendar: type === "time",
+        time_24hr: Alchemy.t("formats.time_24hr"),
+        onValueUpdate(_selectedDates, _dateStr, instance) {
+          return Alchemy.setElementDirty(
+            instance.element.closest(".element-editor")
+          )
+        }
+      }
+      flatpickr(input, options)
+    })
+  }
+}

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alchemy_cms/admin",
-  "version": "6.0.0-b6",
+  "version": "6.0.0-rc4",
   "description": "AlchemyCMS",
   "browser": "package/admin.js",
   "files": [
@@ -24,6 +24,7 @@
   },
   "homepage": "https://github.com/AlchemyCMS/alchemy_cms#readme",
   "dependencies": {
+    "flatpickr": "^4.6.9",
     "lodash-es": "^4.17.21",
     "sortablejs": "^1.10.2"
   },