autoforme 1.7.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG +6 -0
- data/MIT-LICENSE +1 -1
- data/README.rdoc +1 -1
- data/lib/autoforme/action.rb +15 -11
- data/lib/autoforme/frameworks/rails.rb +1 -1
- data/lib/autoforme/frameworks/roda.rb +14 -2
- data/lib/autoforme/frameworks/sinatra.rb +1 -1
- data/lib/autoforme/version.rb +15 -1
- data/spec/rails_spec_helper.rb +6 -2
- data/spec/roda_spec_helper.rb +7 -1
- data/spec/spec_helper.rb +3 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 5112ef1a062e3fa4a586f605365004eb733e25c7e49c7d52d0399d2d5596a692
|
|
4
|
+
data.tar.gz: 3142feb7e88e43ec825eedb9dfa700dd2c710cdce59b7839241117ad66b6568a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 937e7ced506f742fbd9ec7632cf69a6a93b1996d884a63996162a38ad949c0ef3b6022a910fe51748f9792c9d9ce3703ffa6691e321f93bcd9917e05f3f24677
|
|
7
|
+
data.tar.gz: a369fc3b50aef5cf9546fb512c0d92a63de9cc0f15b8ac16f84b5fa2291f688ea10f0a711ddf9573b3e1c6257015174c147f05af6e7f073ae37be1e392386c85
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
=== 1.8.0 (2018-06-11)
|
|
2
|
+
|
|
3
|
+
* Add support for Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)
|
|
4
|
+
|
|
5
|
+
* Default to size of 10 for select multiple inputs (jeremyevans)
|
|
6
|
+
|
|
1
7
|
=== 1.7.0 (2017-10-27)
|
|
2
8
|
|
|
3
9
|
* Respect Model#forme_namespace method for parameter names (adam12, jeremyevans) (#9)
|
data/MIT-LICENSE
CHANGED
data/README.rdoc
CHANGED
|
@@ -197,7 +197,7 @@ symbol and request).
|
|
|
197
197
|
|
|
198
198
|
Additionally, AutoForme.for accepts a :prefix option that controls where the forms are mounted:
|
|
199
199
|
|
|
200
|
-
|
|
200
|
+
AutoForme.for(:sinatra, self, :prefix=>'/path/to') do
|
|
201
201
|
model Artist
|
|
202
202
|
end
|
|
203
203
|
|
data/lib/autoforme/action.rb
CHANGED
|
@@ -225,11 +225,11 @@ module AutoForme
|
|
|
225
225
|
end
|
|
226
226
|
|
|
227
227
|
# Options to use for the form. If the form uses POST, automatically adds the CSRF token.
|
|
228
|
-
def form_opts
|
|
228
|
+
def form_opts(action=nil)
|
|
229
229
|
opts = model.form_options_for(type, request).dup
|
|
230
230
|
hidden_tags = opts[:hidden_tags] = []
|
|
231
|
-
if csrf = request.csrf_token_hash
|
|
232
|
-
hidden_tags << lambda{|tag| csrf if tag.attr[:method].to_s.upcase == 'POST'}
|
|
231
|
+
if csrf = request.csrf_token_hash(action)
|
|
232
|
+
hidden_tags << lambda{|tag| csrf if (tag.attr[:method] || tag.attr['method']).to_s.upcase == 'POST'}
|
|
233
233
|
end
|
|
234
234
|
opts
|
|
235
235
|
end
|
|
@@ -243,7 +243,8 @@ module AutoForme
|
|
|
243
243
|
# HTML content used for the new action
|
|
244
244
|
def new_page(obj, opts={})
|
|
245
245
|
page do
|
|
246
|
-
|
|
246
|
+
form_attr = form_attributes(:action=>url_for("create"))
|
|
247
|
+
Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
247
248
|
model.columns_for(:new, request).each do |column|
|
|
248
249
|
col_opts = column_options_for(:new, request, obj, column)
|
|
249
250
|
if html = model.edit_html_for(obj, column, :new, request)
|
|
@@ -318,7 +319,8 @@ module AutoForme
|
|
|
318
319
|
end.to_s
|
|
319
320
|
end
|
|
320
321
|
if type == :delete
|
|
321
|
-
|
|
322
|
+
form_attr = form_attributes(:action=>url_for("destroy/#{model.primary_key_value(obj)}"), :method=>:post)
|
|
323
|
+
t << Forme.form(form_attr, form_opts(form_attr[:action])) do |f1|
|
|
322
324
|
f1.button(:value=>'Delete', :class=>'btn btn-danger')
|
|
323
325
|
end.to_s
|
|
324
326
|
else
|
|
@@ -341,7 +343,8 @@ module AutoForme
|
|
|
341
343
|
def edit_page(obj)
|
|
342
344
|
page do
|
|
343
345
|
t = String.new
|
|
344
|
-
|
|
346
|
+
form_attr = form_attributes(:action=>url_for("update/#{model.primary_key_value(obj)}"))
|
|
347
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
345
348
|
model.columns_for(:edit, request).each do |column|
|
|
346
349
|
col_opts = column_options_for(:edit, request, obj, column)
|
|
347
350
|
if html = model.edit_html_for(obj, column, :edit, request)
|
|
@@ -479,7 +482,8 @@ module AutoForme
|
|
|
479
482
|
page do
|
|
480
483
|
t = String.new
|
|
481
484
|
t << "<h2>Edit #{humanize(assoc)} for #{h model.object_display_name(type, request, obj)}</h2>"
|
|
482
|
-
|
|
485
|
+
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}"))
|
|
486
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
483
487
|
opts = model.column_options_for(:mtm_edit, request, assoc)
|
|
484
488
|
add_opts = opts[:add] ? opts.merge(opts.delete(:add)) : opts
|
|
485
489
|
remove_opts = opts[:remove] ? opts.merge(opts.delete(:remove)) : opts
|
|
@@ -487,9 +491,9 @@ module AutoForme
|
|
|
487
491
|
if model.association_autocomplete?(assoc, request)
|
|
488
492
|
f.input(assoc, {:type=>'text', :class=>'autoforme_autocomplete', :attr=>{'data-type'=>'association', 'data-column'=>assoc, 'data-exclude'=>model.primary_key_value(obj)}, :value=>''}.merge(add_opts))
|
|
489
493
|
else
|
|
490
|
-
f.input(assoc, {:dataset=>model.unassociated_mtm_objects(request, assoc, obj)}.merge(add_opts))
|
|
494
|
+
f.input(assoc, {:dataset=>model.unassociated_mtm_objects(request, assoc, obj), :size=>10}.merge(add_opts))
|
|
491
495
|
end
|
|
492
|
-
f.input(assoc, {:name=>'remove[]', :id=>'remove', :label=>'Disassociate From', :dataset=>model.associated_mtm_objects(request, assoc, obj), :value=>[]}.merge(remove_opts))
|
|
496
|
+
f.input(assoc, {:name=>'remove[]', :id=>'remove', :label=>'Disassociate From', :dataset=>model.associated_mtm_objects(request, assoc, obj), :value=>[], :size=>10}.merge(remove_opts))
|
|
493
497
|
f.button(:value=>'Update', :class=>'btn btn-primary')
|
|
494
498
|
end.to_s
|
|
495
499
|
end
|
|
@@ -641,7 +645,7 @@ module AutoForme
|
|
|
641
645
|
t << "<div class='inline_mtm_add_associations'>"
|
|
642
646
|
assocs.each do |assoc|
|
|
643
647
|
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}&redir=edit"), :class => 'mtm_add_associations', 'data-remove' => "##{assoc}_remove_list")
|
|
644
|
-
t << Forme.form(obj, form_attr, form_opts) do |f|
|
|
648
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
645
649
|
opts = model.column_options_for(:mtm_edit, request, assoc)
|
|
646
650
|
add_opts = opts[:add] ? opts.merge(opts.delete(:add)) : opts.dup
|
|
647
651
|
add_opts = {:name=>'add[]', :id=>"add_#{assoc}"}.merge(add_opts)
|
|
@@ -674,7 +678,7 @@ module AutoForme
|
|
|
674
678
|
t << "<li>"
|
|
675
679
|
t << association_link(mc, assoc_obj)
|
|
676
680
|
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}&remove%5b%5d=#{model.primary_key_value(assoc_obj)}&redir=edit"), :method=>'post', :class => 'mtm_remove_associations', 'data-add'=>"#add_#{assoc}")
|
|
677
|
-
t << Forme.form(form_attr, form_opts) do |f|
|
|
681
|
+
t << Forme.form(form_attr, form_opts(form_attr[:action])) do |f|
|
|
678
682
|
f.button(:value=>'Remove', :class=>'btn btn-xs btn-danger')
|
|
679
683
|
end.to_s
|
|
680
684
|
t << "</li>"
|
|
@@ -29,7 +29,7 @@ module AutoForme
|
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Use Rails's form_authenticity_token for CSRF protection.
|
|
32
|
-
def csrf_token_hash
|
|
32
|
+
def csrf_token_hash(action=nil)
|
|
33
33
|
vc = @controller.view_context
|
|
34
34
|
{vc.request_forgery_protection_token.to_s=>vc.form_authenticity_token} if vc.protect_against_forgery?
|
|
35
35
|
end
|
|
@@ -38,8 +38,20 @@ module AutoForme
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
# Use Rack::Csrf for csrf protection if it is defined.
|
|
41
|
-
def csrf_token_hash
|
|
42
|
-
|
|
41
|
+
def csrf_token_hash(action=nil)
|
|
42
|
+
if @controller.respond_to?(:check_csrf!)
|
|
43
|
+
# Using route_csrf plugin
|
|
44
|
+
# :nocov:
|
|
45
|
+
token = if @controller.use_request_specific_csrf_tokens?
|
|
46
|
+
@controller.csrf_token(@controller.csrf_path(action))
|
|
47
|
+
else
|
|
48
|
+
@controller.csrf_token
|
|
49
|
+
end
|
|
50
|
+
{@controller.csrf_field=>token}
|
|
51
|
+
# :nocov:
|
|
52
|
+
elsif defined?(::Rack::Csrf)
|
|
53
|
+
{::Rack::Csrf.field=>::Rack::Csrf.token(@env)}
|
|
54
|
+
end
|
|
43
55
|
end
|
|
44
56
|
end
|
|
45
57
|
|
data/lib/autoforme/version.rb
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
1
|
# frozen-string-literal: true
|
|
2
2
|
|
|
3
3
|
module AutoForme
|
|
4
|
+
# The major version of AutoForme, updated only for major changes that are
|
|
5
|
+
# likely to require modification to apps using AutoForme.
|
|
6
|
+
MAJOR = 1
|
|
7
|
+
|
|
8
|
+
# The minor version of AutoForme, updated for new feature releases of AutoForme.
|
|
9
|
+
MINOR = 8
|
|
10
|
+
|
|
11
|
+
# The patch version of AutoForme, updated only for bug fixes from the last
|
|
12
|
+
# feature release.
|
|
13
|
+
TINY = 0
|
|
14
|
+
|
|
4
15
|
# Version constant, use <tt>AutoForme.version</tt> instead.
|
|
5
|
-
VERSION =
|
|
16
|
+
VERSION = "#{MAJOR}.#{MINOR}.#{TINY}".freeze
|
|
17
|
+
|
|
18
|
+
# The full version of AutoForme as a number (1.8.0 => 10800)
|
|
19
|
+
VERSION_NUMBER = MAJOR*10000 + MINOR*100 + TINY
|
|
6
20
|
|
|
7
21
|
# Returns the version as a frozen string (e.g. '0.1.0')
|
|
8
22
|
def self.version
|
data/spec/rails_spec_helper.rb
CHANGED
|
@@ -5,6 +5,9 @@ require 'autoforme'
|
|
|
5
5
|
class AutoFormeSpec::App
|
|
6
6
|
def self.autoforme(klass=nil, opts={}, &block)
|
|
7
7
|
sc = Class.new(Rails::Application)
|
|
8
|
+
def sc.name
|
|
9
|
+
"AutoForme Test"
|
|
10
|
+
end
|
|
8
11
|
framework = nil
|
|
9
12
|
sc.class_eval do
|
|
10
13
|
controller = Class.new(ActionController::Base)
|
|
@@ -50,13 +53,14 @@ HTML
|
|
|
50
53
|
end
|
|
51
54
|
end
|
|
52
55
|
|
|
53
|
-
|
|
56
|
+
st = routes.append do
|
|
54
57
|
get 'session/set', :controller=>'autoforme', :action=>'session_set'
|
|
55
58
|
end.inspect
|
|
59
|
+
config.secret_token = st if Rails.respond_to?(:version) && Rails.version < '5.2'
|
|
56
60
|
config.active_support.deprecation = :stderr
|
|
57
61
|
config.middleware.delete(ActionDispatch::ShowExceptions)
|
|
58
62
|
config.middleware.delete(Rack::Lock)
|
|
59
|
-
config.secret_key_base =
|
|
63
|
+
config.secret_key_base = st*15
|
|
60
64
|
config.eager_load = true
|
|
61
65
|
if Rails.version > '4.2'
|
|
62
66
|
config.action_dispatch.cookies_serializer = :json
|
data/spec/roda_spec_helper.rb
CHANGED
|
@@ -31,7 +31,11 @@ class AutoFormeSpec::App < Roda
|
|
|
31
31
|
HTML
|
|
32
32
|
|
|
33
33
|
use Rack::Session::Cookie, :secret => '1'
|
|
34
|
-
|
|
34
|
+
if ENV['RODA_ROUTE_CSRF'].to_i > 0
|
|
35
|
+
plugin :route_csrf, :require_request_specific_tokens=>ENV['RODA_ROUTE_CSRF'] == '1'
|
|
36
|
+
else
|
|
37
|
+
use Rack::Csrf
|
|
38
|
+
end
|
|
35
39
|
|
|
36
40
|
template_opts = {:default_encoding=>nil}
|
|
37
41
|
plugin :render, :layout=>{:inline=>LAYOUT}, :template_opts=>template_opts, :opts=>template_opts
|
|
@@ -54,6 +58,8 @@ HTML
|
|
|
54
58
|
end
|
|
55
59
|
|
|
56
60
|
route do |r|
|
|
61
|
+
check_csrf! if ENV['RODA_ROUTE_CSRF'].to_i > 0
|
|
62
|
+
|
|
57
63
|
r.get 'session/set' do
|
|
58
64
|
session.merge!(r.params)
|
|
59
65
|
''
|
data/spec/spec_helper.rb
CHANGED
|
@@ -24,13 +24,15 @@ require "./spec/#{ENV['FRAMEWORK']}_spec_helper"
|
|
|
24
24
|
require 'capybara'
|
|
25
25
|
require 'capybara/dsl'
|
|
26
26
|
require 'rack/test'
|
|
27
|
+
|
|
28
|
+
ENV['MT_NO_PLUGINS'] = '1' # Work around stupid autoloading of plugins
|
|
27
29
|
gem 'minitest'
|
|
28
30
|
require 'minitest/autorun'
|
|
29
31
|
require 'minitest/hooks/default'
|
|
30
32
|
|
|
31
33
|
if ENV['WARNING']
|
|
32
34
|
require 'warning'
|
|
33
|
-
Warning.ignore([:missing_ivar, :fixnum])
|
|
35
|
+
Warning.ignore([:missing_ivar, :fixnum, :not_reached])
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
require './spec/sequel_spec_helper'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: autoforme
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-06-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: forme
|
|
@@ -267,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
267
267
|
version: '0'
|
|
268
268
|
requirements: []
|
|
269
269
|
rubyforge_project:
|
|
270
|
-
rubygems_version: 2.6
|
|
270
|
+
rubygems_version: 2.7.6
|
|
271
271
|
signing_key:
|
|
272
272
|
specification_version: 4
|
|
273
273
|
summary: Web Administrative Console for Roda/Sinatra/Rails and Sequel::Model
|