alchemy_cms 8.2.3 → 8.2.5

data/app/components/alchemy/admin/locale_select.rb

@@ -10,12 +10,12 @@ module Alchemy
       end
 
       def call
-        form_tag(helpers.url_for, method: :get) do
-          if auto_submit
+        if auto_submit
+          form_tag(helpers.url_for, method: :get) do
             content_tag("alchemy-auto-submit", locale_select)
-          else
-            locale_select
           end
+        else
+          locale_select
         end
       end
 

data/app/javascript/alchemy_admin/components/remote_select.js

@@ -14,6 +14,12 @@ export class RemoteSelect extends AlchemyHTMLElement {
     url: { default: "" }
   }
 
+  // Select2 manages its own DOM after initialization, so attribute changes
+  // must not trigger the default re-render which would destroy the widget.
+  static get observedAttributes() {
+    return []
+  }
+
   async connected() {
     await setupSelectLocale()
 
@@ -34,6 +40,11 @@ export class RemoteSelect extends AlchemyHTMLElement {
    * @param {Event} event
    */
   onChange(event) {
+    // Update selection attribute so re-attaching the select2 component to
+    // the same input (e.g. after dragndrop) does not reset the selection.
+    if (event.added) {
+      this.setAttribute("selection", JSON.stringify(event.added))
+    }
     this.dispatchCustomEvent("RemoteSelect.Change", {
       removed: event.removed,
       added: event.added

data/app/javascript/alchemy_admin/image_cropper.js

@@ -89,7 +89,20 @@ export default class ImageCropper {
   }
 
   reset() {
-    this.#cropper.setData(this.defaultBoxSize)
+    const cropper = this.#cropper
+    // Apply the default size. cropperjs clamps the crop box to its maximum size.
+    cropper.setData(this.defaultBoxSize)
+    // When the default box sits at the maximum crop box size, sub-pixel rounding
+    // makes cropperjs treat setData's box as oversized and revert its position
+    // (renderCropBox resets top/left to their old values). Re-apply the position
+    // in canvas coordinates afterwards – that does not touch the size, so it is
+    // not reverted and the mask actually moves to the default box.
+    const canvas = cropper.getCanvasData()
+    const scale = canvas.width / canvas.naturalWidth
+    cropper.setCropBoxData({
+      left: canvas.left + this.defaultBoxSize.x * scale,
+      top: canvas.top + this.defaultBoxSize.y * scale
+    })
     this.update(this.defaultBoxSize)
   }
 

data/app/models/alchemy/attachment.rb

@@ -49,24 +49,16 @@ module Alchemy
     # not tracked via the polymorphic +related_object+ association, so the
     # base scope cannot see them.
     #
-    # Uses a correlated +NOT EXISTS+ subquery that builds the per-row LIKE
-    # pattern with +Arel::Nodes::Concat+, which compiles to +||+ on
-    # SQLite/PostgreSQL and +CONCAT()+ on MySQL.
+    # Extracts referenced attachment IDs from ingredient values via Ruby
+    # regex to stay database-agnostic.
     scope :deletable, -> do
-      ingredients = Alchemy::Ingredient.arel_table
-      pattern = Arel::Nodes::Concat.new(
-        Arel::Nodes::Concat.new(
-          Arel::Nodes.build_quoted("%/attachment/"),
-          arel_table[:id]
-        ),
-        Arel::Nodes.build_quoted("/download%")
-      )
-      referenced = ingredients
-        .project(1)
-        .where(ingredients[:value].matches(pattern))
-
-      where("#{table_name}.id NOT IN (#{RelatableResource::RELATED_INGREDIENTS_SUBQUERY})", type: name)
-        .where.not(referenced.exists)
+      referenced_ids = Alchemy::Ingredient
+        .where("value LIKE '%/attachment/%/download%'")
+        .pluck(:value)
+        .flat_map { |v| v.scan(%r{/attachment/(\d+)/download}).flatten.map(&:to_i) }
+
+      scope = where("#{table_name}.id NOT IN (#{RelatableResource::RELATED_INGREDIENTS_SUBQUERY})", type: name)
+      referenced_ids.any? ? scope.where.not(id: referenced_ids) : scope
     end
 
     # We need to define this method here to have it available in the validations below.

data/app/models/alchemy/page.rb

@@ -615,7 +615,17 @@ module Alchemy
     end
 
     def check_descendants_for_menu_nodes
-      pages_with_nodes = descendants.joins(:nodes).reorder("alchemy_pages.lft").distinct
+      # awesome_nested_set's before_destroy runs first and closes the gap left
+      # by this page, shifting the following siblings' lft/rgt leftward. For a
+      # leaf the next sibling then lands exactly on this page's lft, so the
+      # inclusive comparison the `descendants` helper uses (lft >= self.lft)
+      # would match it. Restrict to true descendants with strict bounds. Build
+      # on nested_set_scope so the acts_as_nested_set scope stays in sync.
+      pages_with_nodes = nested_set_scope
+        .where("alchemy_pages.lft > ? AND alchemy_pages.rgt < ?", lft, rgt)
+        .joins(:nodes)
+        .reorder("alchemy_pages.lft")
+        .distinct
       if pages_with_nodes.exists?
         errors.add(:descendants, :still_attached_to_nodes, page_names: pages_with_nodes.map(&:name).to_sentence)
         throw :abort

data/app/models/alchemy/page_version.rb

@@ -29,32 +29,6 @@ module Alchemy
 
     before_destroy :delete_elements
 
-    # Determines if this version is public
-    #
-    # Takes the two timestamps +public_on+ and +public_until+
-    # and returns true if the time given (+Time.current+ per default)
-    # is in this timespan.
-    #
-    # @param time [DateTime] (Time.current)
-    # @returns Boolean
-    def public?(time = Current.preview_time)
-      already_public_for?(time) && still_public_for?(time)
-    end
-
-    # Determines if this version is already public for given time
-    # @param time [DateTime] (Current.preview_time)
-    # @returns Boolean
-    def already_public_for?(time = Current.preview_time)
-      !public_on.nil? && public_on <= time
-    end
-
-    # Determines if this version is still public for given time
-    # @param time [DateTime] (Current.preview_time)
-    # @returns Boolean
-    def still_public_for?(time = Current.preview_time)
-      public_until.nil? || public_until >= time
-    end
-
     def element_repository
       ElementsRepository.new(elements)
     end

data/app/models/concerns/alchemy/publishable.rb

@@ -46,7 +46,7 @@ module Alchemy
     #
     # @returns Boolean
     def publishable?
-      !public_on.nil? && still_public_for?
+      !public_on.nil? && still_public_for?(at: Time.current)
     end
 
     # Determines if this record is already public for given time

data/app/services/alchemy/element_preloader.rb

@@ -61,7 +61,7 @@ module Alchemy
 
       elements_by_id.each_value do |element|
         children = elements_by_parent[element.id] || []
-        children = children.sort_by(&:position)
+        children = children.sort_by { |c| c.position.to_i }
 
         # Manually set the association target
         element.association(:all_nested_elements).target = children

data/app/stylesheets/alchemy/admin/notices.scss

@@ -70,6 +70,15 @@ alchemy-message {
     font-size: var(--font-size_medium);
   }
 
+  h1,
+  h2,
+  h3,
+  p {
+    &:last-child {
+      margin-bottom: 0;
+    }
+  }
+
   a[href] {
     text-decoration-color: inherit;
     text-decoration-thickness: 1px;

data/app/views/alchemy/admin/pages/_table.html.erb

@@ -6,7 +6,7 @@
           <%= render_icon "file-edit", size: "xl" %>
         </sl-tooltip>
       <% else %>
-        <%= render_icon "file-edit", size: "xl" %>
+        <%= render_icon "file", size: "xl" %>
       <% end %>
     <% else %>
       <sl-tooltip class="like-hint-tooltip" content="<%= Alchemy.t("Your user role does not allow you to edit this page") %>" placement="bottom-start">

data/db/migrate/20251106150010_convert_select_value_for_multiple.rb

@@ -1,11 +1,18 @@
 class ConvertSelectValueForMultiple < ActiveRecord::Migration[7.1]
   def up
     say_with_time "Converting Alchemy::Ingredients::Select values to multiple" do
-      update <<-SQL.squish
-        UPDATE alchemy_ingredients
-        SET value = '["' || value || '"]'
-        WHERE type = 'Alchemy::Ingredients::Select' AND value NOT LIKE '["%"]';
-      SQL
+      Alchemy::Ingredients::Select
+        .where.not("value LIKE ?", '["%')
+        .update_all(
+          Arel.sql(
+            case ActiveRecord::Base.connection.adapter_name
+            when /mysql|mariadb/i
+              "value = CONCAT('[\"', value, '\"]')"
+            else
+              "value = '[\"' || value || '\"]'"
+            end
+          )
+        )
     end
   end
 end

data/lib/alchemy/configuration/collection_option.rb

@@ -66,7 +66,7 @@ module Alchemy
       end
 
       def get_item_class(item_type)
-        "Alchemy::Configuration::#{item_type.to_s.classify}Option".constantize
+        "Alchemy::Configuration::#{item_type.to_s.camelcase}Option".constantize
       end
     end
   end

data/lib/alchemy/routing_constraints.rb

@@ -16,11 +16,21 @@ module Alchemy
       @request = request
       @params = @request.params
 
-      handable_format? && no_rails_route?
+      handable_format? && no_dotfile_route? && no_rails_route?
     end
 
     private
 
+    # We don't want to handle requests to dotfile URLs.
+    #
+    # A page urlname never starts with a dot, so any such request
+    # (/.well-known/ ACME challenges, /.env or /.git probes, etc.)
+    # should never be served by a page.
+    #
+    def no_dotfile_route?
+      !@params["urlname"].start_with?(".")
+    end
+
     # We only want html requests to be handled by us.
     #
     # If an unknown format is requested we want to handle this,

data/lib/alchemy/test_support/shared_publishable_examples.rb

@@ -212,4 +212,41 @@ RSpec.shared_examples_for "being publishable" do |factory_name|
       end
     end
   end
+
+  describe "#publishable?" do
+    context "when public_on is nil" do
+      let(:page_version) { build(factory_name, public_on: nil) }
+
+      it { expect(page_version.publishable?).to be(false) }
+    end
+
+    context "when public_on is set and public_until is nil" do
+      let(:page_version) { build(factory_name, public_on: Time.current) }
+
+      it { expect(page_version.publishable?).to be(true) }
+    end
+
+    context "when public_on is set and public_until is in the past" do
+      let(:page_version) do
+        build(factory_name,
+          public_on: Time.current - 2.days,
+          public_until: Time.current - 1.day)
+      end
+
+      it { expect(page_version.publishable?).to be(false) }
+    end
+
+    context "when Current.preview_time is set to a future time" do
+      let(:page_version) do
+        build(factory_name,
+          public_on: Time.current - 1.day,
+          public_until: Time.current + 1.day)
+      end
+
+      it "uses Time.current instead of the preview_time" do
+        Alchemy::Current.preview_time = Time.current + 1.week
+        expect(page_version.publishable?).to be(true)
+      end
+    end
+  end
 end

data/lib/alchemy/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Alchemy
-  VERSION = "8.2.3"
+  VERSION = "8.2.5"
 
   def self.version
     VERSION

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alchemy_cms
 version: !ruby/object:Gem::Version
-  version: 8.2.3
+  version: 8.2.5
 platform: ruby
 authors:
 - Thomas von Deyen
@@ -1490,7 +1490,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - ImageMagick (libmagick), v6.6 or greater.
-rubygems_version: 4.0.6
+rubygems_version: 4.0.10
 specification_version: 4
 summary: A powerful, userfriendly and flexible CMS for Rails
 test_files: []