autoforme 1.8.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5112ef1a062e3fa4a586f605365004eb733e25c7e49c7d52d0399d2d5596a692
-  data.tar.gz: 3142feb7e88e43ec825eedb9dfa700dd2c710cdce59b7839241117ad66b6568a
+  metadata.gz: '0198a23636933034920c066694a4acd8e58d5529fbf21ada5f542a7de444cc2c'
+  data.tar.gz: 6cf1f310f06018a91573472c7410c1dda1842b7f96593a82deaf9be5f2bdd524
 SHA512:
-  metadata.gz: 937e7ced506f742fbd9ec7632cf69a6a93b1996d884a63996162a38ad949c0ef3b6022a910fe51748f9792c9d9ce3703ffa6691e321f93bcd9917e05f3f24677
-  data.tar.gz: a369fc3b50aef5cf9546fb512c0d92a63de9cc0f15b8ac16f84b5fa2291f688ea10f0a711ddf9573b3e1c6257015174c147f05af6e7f073ae37be1e392386c85
+  metadata.gz: 8931ddb513d806df30b8a4fe36fb20583597ac4e9f45e1144c5732cff66d09f92a14967a5ac4c35724ac339bfd23af866b454490ffabe99b327dfaff2e1aa787
+  data.tar.gz: '097239f8074dc20537dec29064f24c2e5fbb521cf3586bb828726afc2b436eed190794d2b276e9b108c60bb6a4c3116a35dc651d54e32af5ff74d34e4a6b586e'

data/CHANGELOG

@@ -1,3 +1,29 @@
+=== 1.11.0 (2021-11-30)
+
+* Require forme 2.0.0 (jeremyevans)
+
+* Add support for view_options framework option (nmb, jeremyevans) (#42)
+
+* Drop support for Ruby 1.8 (jeremyevans)
+
+=== 1.10.0 (2021-08-27)
+
+* Do not consider read_only many_to_many associations to be editable (jeremyevans)
+
+* Ignore unique constraint violations when adding associated objects in mtm_update (jeremyevans)
+
+* Handle search fields that cannot be typecast correctly by returning no results (jeremyevans)
+
+=== 1.9.1 (2019-07-22)
+
+* [SECURITY] Escape object display name when displaying association links (adam12)
+
+=== 1.9.0 (2018-07-18)
+
+* Add support for using flash string keys in the Roda support, to work with Roda's sessions plugin (jeremyevans)
+
+* Show correct page title on error pages (jeremyevans)
+
 === 1.8.0 (2018-06-11)
 
 * Add support for Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2013-2018 Jeremy Evans
+Copyright (c) 2013-2021 Jeremy Evans
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to

data/README.rdoc

@@ -22,8 +22,7 @@ flexible in terms of configuration.
 Demo Site :: http://autoforme-demo.jeremyevans.net
 RDoc :: http://autoforme.jeremyevans.net
 Source :: https://github.com/jeremyevans/autoforme
-IRC :: irc://irc.freenode.net/forme
-Google Group :: https://groups.google.com/forum/#!forum/ruby-forme
+Discussion Forum :: https://github.com/jeremyevans/autoforme/discussions
 Bug Tracker :: https://github.com/jeremyevans/autoforme/issues
 
 = Features
@@ -161,12 +160,13 @@ These options are related to displayed output:
 
 form_attributes :: Hash of attributes to use for any form tags
 form_options :: Hash of Forme::Form options to pass for any forms created
-class_display_name :: The string to use when referring to the model class
+class_display_name :: The string to use on pages when referring to the model class.
+                      This defaults to the full class name.
 display_name :: The string to use when referring to a model instance.  Can either be a symbol
                 representing an instance method call, or a Proc called with the model object,
                 the model object and type symbol, or the model object, type symbol, and request,
                 depending on the arity of the Proc.
-link_name :: The string to use in links for the class
+link_name :: The string to use in links for the class. This defaults to +class_display_name+.
 edit_html :: The html to use for a particular object edit field.  Should be a proc that takes the
              model object, column symbol, type symbol, and request and returns the html to use.
 page_footer :: Override the default footer used for pages
@@ -174,6 +174,8 @@ page_header :: Override the default header used for pages
 show_html :: The html to use for displaying the value for an object field.  Should be a proc that takes the
              model object, column symbol, type symbol, and request and returns the html to use.
 table_class :: The html class string to use for the browse and search tables
+view_options :: Hash with options passed when rendering the view (how these options are used varies
+                in each of the supported web frameworks), e.g. <tt>view_options: {:layout => :formelayout}</tt>
 
 These hook options should be callable objects that are called with the model object and the request.
 
@@ -238,6 +240,66 @@ use AutoForme in Rails development mode.  The best way to handle it is to call
 +AutoForme.for+ in the related controller file, and have an initializer reference
 the controller class, causing the controller file to be loaded.
 
+= Roda
+
+Because Roda uses a routing tree, unlike Rails and Sinatra, with Roda you need to
+dispatch to the autoforme routes at the point in the routing tree where you want
+to mount them.  Additionally, the Roda support offers a Roda plugin for easier
+configuration.
+
+To mount the autoforme routes in the root of the application, you could do:
+
+  class App < Roda
+    plugin :autoforme do
+      model Artist
+    end
+
+    route do
+      # rest of routing tree
+      autoforme
+    end
+  end
+
+To mount the routes in a subpath:
+
+  class App < Roda
+    plugin :autoforme do
+      model Artist
+    end
+
+    route do
+      r.on "admin" do
+        autoforme
+      end
+
+      # rest of routing tree
+    end
+  end
+
+To handle multiple autoforme configurations, mounted at different subpaths:
+
+  class App < Roda
+    plugin :autoforme
+
+    autoforme(name: 'artists')
+      model Artist
+    end
+    autoforme(name: 'albums')
+      model Album
+    end
+
+    route do
+      r.on "artists" do
+        autoforme('artists')
+      end
+      r.on "albums" do
+        autoforme('albums')
+      end
+
+      # rest of routing tree
+    end
+  end
+
 = TODO
 
 * capybara-webkit tests for ajax behavior

data/lib/autoforme/action.rb

@@ -87,7 +87,7 @@ module AutoForme
       else
         return false unless model.supported_action?(normalized_type, request)
 
-        if title = TITLE_MAP[type]
+        if title = TITLE_MAP[@normalized_type]
           @title = "#{model.class_name} - #{title}"
         end
       end
@@ -227,10 +227,15 @@ module AutoForme
     # Options to use for the form.  If the form uses POST, automatically adds the CSRF token.
     def form_opts(action=nil)
       opts = model.form_options_for(type, request).dup
-      hidden_tags = opts[:hidden_tags] = []
-      if csrf = request.csrf_token_hash(action)
-        hidden_tags << lambda{|tag| csrf if (tag.attr[:method] || tag.attr['method']).to_s.upcase == 'POST'}
+
+      opts[:_before_post] = lambda do |form|
+        if csrf_hash = request.csrf_token_hash(action)
+          csrf_hash.each do |name, value|
+            form.tag(:input, :type=>:hidden, :name=>name, :value=>value)
+          end
+        end
       end
+
       opts
     end
 
@@ -626,13 +631,13 @@ module AutoForme
     # page.
     def association_link(mc, assoc_obj)
       if mc
-        t = mc.object_display_name(:association, request, assoc_obj)
+        t = h(mc.object_display_name(:association, request, assoc_obj))
         if mc.supported_action?(type, request)
           t = "<a href=\"#{base_url_for("#{mc.link}/#{type}/#{mc.primary_key_value(assoc_obj)}")}\">#{t}</a>"
         end
         t
       else
-        model.default_object_display_name(assoc_obj)
+        h(model.default_object_display_name(assoc_obj))
       end
     end
 

data/lib/autoforme/frameworks/rails.rb

@@ -58,7 +58,11 @@ module AutoForme
             elsif @autoforme_action.request.xhr?
               render :html=>@autoforme_text.html_safe
             else
-              render :inline=>"<%=raw @autoforme_text %>", :layout=>true
+              opts = framework.opts[:view_options]
+              opts = opts ? opts.dup : {}
+              opts[:layout] = true unless opts.has_key?(:layout)
+              opts[:inline] = "<%=raw @autoforme_text %>"
+              render opts
             end
           else
             render :plain=>'Unhandled Request', :status=>404

data/lib/autoforme/frameworks/roda.rb

@@ -37,22 +37,42 @@ module AutoForme
           @env['HTTP_X_REQUESTED_WITH'] =~ /XMLHttpRequest/i
         end
         
+        # Set the flash at notice level when redirecting, so it shows
+        # up on the redirected page.
+        def set_flash_notice(message)
+          @controller.flash[flash_symbol_keys? ? :notice : 'notice'] = message
+        end
+
+        # Set the current flash at error level, used when displaying
+        # pages when there is an error.
+        def set_flash_now_error(message)
+          @controller.flash.now[flash_symbol_keys? ? :error : 'error'] = message
+        end
+
         # Use Rack::Csrf for csrf protection if it is defined.
         def csrf_token_hash(action=nil)
           if @controller.respond_to?(:check_csrf!)
             # Using route_csrf plugin
-            # :nocov:
             token = if @controller.use_request_specific_csrf_tokens?
               @controller.csrf_token(@controller.csrf_path(action))
+              # :nocov:
             else
               @controller.csrf_token
+              # :nocov:
             end
             {@controller.csrf_field=>token}
             # :nocov:
           elsif defined?(::Rack::Csrf)
             {::Rack::Csrf.field=>::Rack::Csrf.token(@env)}
+            # :nocov:
           end
         end
+
+        private
+
+        def flash_symbol_keys?
+          !@controller.opts[:sessions_convert_symbols]
+        end
       end
 
       attr_reader :route_proc
@@ -88,7 +108,10 @@ module AutoForme
             elsif @autoforme_action.request.xhr?
               @autoforme_text
             else
-              view(:content=>@autoforme_text)
+              opts = framework.opts[:view_options]
+              opts = opts ? opts.dup : {}
+              opts[:content] = @autoforme_text
+              view(opts)
             end
           end
         end

data/lib/autoforme/frameworks/sinatra.rb

@@ -50,7 +50,9 @@ module AutoForme
             elsif @autoforme_action.request.xhr?
               @autoforme_text
             else
-              erb "<%= @autoforme_text %>".dup
+              opts = framework.opts[:view_options]
+              opts = opts ? opts.dup : {}
+              erb("<%= @autoforme_text %>".dup, opts ? opts.dup : {})
             end
           else
             pass

data/lib/autoforme/model.rb

@@ -389,7 +389,7 @@ module AutoForme
     
     def normalize_mtm_associations(assocs)
       if assocs == :all
-        mtm_association_names
+        editable_mtm_association_names
       else
         Array(assocs)
       end

data/lib/autoforme/models/sequel.rb

@@ -98,14 +98,26 @@ module AutoForme
         ref[:keys].zip(ref[:primary_keys].map{|k| obj.send(k)})
       end
 
+      # Array of many to many association name strings for editable
+      # many to many associations.
+      def editable_mtm_association_names
+        association_names([:many_to_many]) do |r|
+          model.method_defined?(r.add_method) && model.method_defined?(r.remove_method)
+        end
+      end
+
       # Array of many to many association name strings.
       def mtm_association_names
         association_names([:many_to_many])
       end
 
-      # Array of association name strings for given association types
+      # Array of association name strings for given association types. If a block is
+      # given, only include associations where the block returns truthy.
       def association_names(types=SUPPORTED_ASSOCIATION_TYPES)
-        model.all_association_reflections.select{|r| types.include?(r[:type])}.map{|r| r[:name]}.sort_by(&:to_s)
+        model.all_association_reflections.
+          select{|r| types.include?(r[:type]) && (!block_given? || yield(r))}.
+          map{|r| r[:name]}.
+          sort_by(&:to_s)
       end
 
       # Save the object, returning the object if successful, or nil if not.
@@ -158,7 +170,7 @@ module AutoForme
         params = request.params
         ds = apply_associated_eager(:search, request, all_dataset_for(type, request))
         columns_for(:search_form, request).each do |c|
-          if (v = params[c.to_s]) && !v.empty?
+          if (v = params[c.to_s]) && !(v = v.to_s).empty?
             if association?(c)
               ref = model.association_reflection(c)
               ads = ref.associated_dataset
@@ -168,9 +180,16 @@ module AutoForme
               primary_key = S.qualify(ref.associated_class.table_name, ref.primary_key)
               ds = ds.where(S.qualify(model.table_name, ref[:key])=>ads.where(primary_key=>v).select(primary_key))
             elsif column_type(c) == :string
-              ds = ds.where(S.ilike(S.qualify(model.table_name, c), "%#{ds.escape_like(v.to_s)}%"))
+              ds = ds.where(S.ilike(S.qualify(model.table_name, c), "%#{ds.escape_like(v)}%"))
             else
-              ds = ds.where(S.qualify(model.table_name, c)=>model.db.typecast_value(column_type(c), v))
+              begin
+                typecasted_value = model.db.typecast_value(column_type(c), v)
+              rescue S::InvalidValue
+                ds = ds.where(false)
+                break
+              else
+                ds = ds.where(S.qualify(model.table_name, c)=>typecasted_value)
+              end
             end
           end
         end
@@ -293,7 +312,17 @@ module AutoForme
               ids.each do |id|
                 next if id.to_s.empty?
                 ret = assoc_class ? assoc_class.with_pk(:association, request, id) : obj.send(:_apply_association_options, ref, ref.associated_class.dataset.clone).with_pk!(id)
-                obj.send(meth, ret)
+                begin
+                  model.db.transaction(:savepoint=>true){obj.send(meth, ret)}
+                rescue S::UniqueConstraintViolation
+                  # Already added, safe to ignore
+                rescue S::ConstraintViolation
+                  # Old versions of sqlite3 and jdbc-sqlite3 can raise generic
+                  # ConstraintViolation instead of UniqueConstraintViolation
+                  # :nocov:
+                  raise unless model.db.database_type == :sqlite
+                  # :nocov:
+                end
               end
             end
           end

data/lib/autoforme/version.rb

@@ -6,7 +6,7 @@ module AutoForme
   MAJOR = 1
 
   # The minor version of AutoForme, updated for new feature releases of AutoForme.
-  MINOR = 8
+  MINOR = 11
 
   # The patch version of AutoForme, updated only for bug fixes from the last
   # feature release.

data/lib/autoforme.rb

@@ -1,7 +1,6 @@
 # frozen-string-literal: true
 
 require 'forme'
-require 'thread'
 require 'rack/utils'
 
 module AutoForme
@@ -50,10 +49,10 @@ module AutoForme
   end
 end
 
-require 'autoforme/opts_attributes'
-require 'autoforme/model'
-require 'autoforme/framework'
-require 'autoforme/request'
-require 'autoforme/action'
-require 'autoforme/table'
-require 'autoforme/version'
+require_relative 'autoforme/opts_attributes'
+require_relative 'autoforme/model'
+require_relative 'autoforme/framework'
+require_relative 'autoforme/request'
+require_relative 'autoforme/action'
+require_relative 'autoforme/table'
+require_relative 'autoforme/version'

data/lib/roda/plugins/autoforme.rb

@@ -1,6 +1,6 @@
 # frozen-string-literal: true
 
-require 'autoforme'
+require_relative '../../autoforme'
 
 class Roda
   module RodaPlugins

data/spec/all.rb

@@ -1,2 +1,2 @@
 puts "Running specs with #{ENV['FRAMEWORK']||'roda'} framework"
-Dir['./spec/*_spec.rb'].each{|f| require f}
+Dir.new(File.dirname(__FILE__)).each{|f| require_relative f if f.end_with?('_spec.rb')}

data/spec/associations_spec.rb

@@ -1,4 +1,4 @@
-require './spec/spec_helper'
+require_relative 'spec_helper'
 
 describe AutoForme do
   before(:all) do
@@ -51,6 +51,50 @@ describe AutoForme do
     page.all('td').map{|s| s.text}.must_equal ["Album1b", "Artist2", "Show", "Edit", "Delete"]
   end
 
+  it "should escape display names in association links" do
+    app_setup do
+      model Artist
+      model Album do
+        columns [:name, :artist]
+      end
+      association_links :all
+    end
+
+    visit("/Artist/new")
+    fill_in 'Name', :with=>'Art&"ist2'
+    click_button 'Create'
+
+    visit("/Album/new")
+    fill_in 'Name', :with=>'Album1'
+    select 'Art&"ist2'
+    click_button 'Create'
+
+    click_link 'Edit'
+    select 'Album1'
+    click_button 'Edit'
+    page.html.must_match(%r{- <a href="/Artist/edit/\d+">Art&amp;&quot;ist2})
+  end
+
+  it "should escape display names in association links" do
+    app_setup do
+      model Album do
+        columns [:name, :artist]
+      end
+      association_links :all
+    end
+
+    Artist.create(:name=>'Art&"ist2')
+    visit("/Album/new")
+    fill_in 'Name', :with=>'Album1'
+    select 'Art&"ist2'
+    click_button 'Create'
+
+    click_link 'Edit'
+    select 'Album1'
+    click_button 'Edit'
+    page.html.must_include("- Art&amp;&quot;ist2")
+  end
+
   it "should use text boxes for associated objects on new/edit/search forms if associated model uses autocompleting" do
     app_setup do
       model Artist do

data/spec/basic_spec.rb

@@ -1,4 +1,4 @@
-require './spec/spec_helper'
+require_relative 'spec_helper'
 
 describe AutoForme do
   before(:all) do
@@ -12,6 +12,7 @@ describe AutoForme do
   it "should have basic functionality working" do
     app_setup(Artist)
     visit("/Artist/new")
+    page.html.must_include '<!DOCTYPE html>'
     page.title.must_equal 'Artist - New'
     fill_in 'Name', :with=>'TestArtistNew'
     click_button 'Create'
@@ -573,7 +574,7 @@ describe AutoForme do
     page.all('td').map{|s| s.text}.must_equal []
   end
 
-  it "should correct handle validation errors" do
+  it "should correctly handle validation errors" do
     app_setup(Artist)
     Artist.send(:define_method, :validate) do
       errors.add(:name, "bad name") if name == 'Foo'
@@ -583,6 +584,7 @@ describe AutoForme do
     page.title.must_equal 'Artist - New'
     fill_in 'Name', :with=>'Foo'
     click_button 'Create'
+    page.title.must_equal 'Artist - New'
     page.html.must_include 'Error Creating Artist'
     page.html.must_include 'bad name'
     fill_in 'Name', :with=>'TestArtistNew'
@@ -597,6 +599,7 @@ describe AutoForme do
     click_button 'Edit'
     fill_in 'Name', :with=>'Foo'
     click_button 'Update'
+    page.title.must_equal 'Artist - Edit'
     page.html.must_include 'Error Updating Artist'
     page.html.must_include 'bad name'
     fill_in 'Name', :with=>'TestArtistUpdate'
@@ -605,6 +608,13 @@ describe AutoForme do
     page.html.must_match(/Name.+TestArtistUpdate/m)
     page.current_path.must_match %r{/Artist/edit/\d+}
   end
+
+  it "should support view_options" do
+    app_setup(Artist, view_options: {:layout=>false}){}
+    visit("/Artist/browse")
+    page.html.wont_include '<!DOCTYPE html>'
+    page.all('table').first['id'].must_equal 'autoforme_table'
+  end
 end
 
 describe AutoForme do
@@ -952,19 +962,29 @@ describe AutoForme do
   after(:all) do
     Object.send(:remove_const, :Artist)
   end
-
-  it "should display decimals in float format in tables" do
+  before do
     app_setup(Artist)
     visit("/Artist/new")
     page.title.must_equal 'Artist - New'
     fill_in 'Num', :with=>'1.01'
     click_button 'Create'
+    visit("/Artist/browse")
+  end
+
+  it "should display decimals in float format in tables" do
     click_link 'Artist'
     page.all('tr td:first-child').map{|s| s.text}.must_equal %w'1.01'
     click_link 'Search'
     click_button 'Search'
     page.all('tr td:first-child').map{|s| s.text}.must_equal %w'1.01'
   end
+
+  it "should treat invalid search fields as returning no results" do
+    click_link 'Search'
+    fill_in 'Num', :with=>'3/3/2020'
+    click_button 'Search'
+    page.all('tr td:first-child').map{|s| s.text}.must_equal []
+  end
 end
 
 describe AutoForme do

data/spec/mtm_spec.rb

@@ -1,4 +1,4 @@
-require './spec/spec_helper'
+require_relative 'spec_helper'
 
 describe AutoForme do
   before(:all) do
@@ -507,3 +507,115 @@ describe AutoForme do
     page.all('select')[1].all('option').map{|s| s.text}.must_equal ["Album2", "Album3"]
   end
 end
+
+describe AutoForme do
+  before(:all) do
+    db_setup(:artists=>[[:name, :string]], :albums=>[[:name, :string]], :albums_artists=>proc{column :album_id, :integer, :table=>:albums; column :artist_id, :integer, :table=>:artists; primary_key [:album_id, :artist_id]})
+    model_setup(:Artist=>[:artists, [[:many_to_many, :albums]]], :Album=>[:albums, [[:many_to_many, :artists]]])
+  end
+  after(:all) do
+    Object.send(:remove_const, :Album)
+    Object.send(:remove_const, :Artist)
+  end
+
+  it "should handle unique constraint violation errors when adding associated objects" do
+    app_setup do
+      model Artist do
+        mtm_associations :albums
+      end
+      model Album
+    end
+
+    artist = Artist.create(:name=>'Artist1')
+    album = Album.create(:name=>'Album1')
+
+    visit("/Artist/mtm_edit")
+    page.title.must_equal 'Artist - Many To Many Edit'
+    select("Artist1")
+    click_button "Edit"
+
+    find('h2').text.must_equal 'Edit Albums for Artist1'
+    page.all('select')[0].all('option').map{|s| s.text}.must_equal ["Album1"]
+    page.all('select')[1].all('option').map{|s| s.text}.must_equal []
+    select("Album1", :from=>"Associate With")
+    artist.add_album(album)
+    click_button "Update"
+    page.html.must_include 'Updated albums association for Artist'
+    Artist.first.albums.map{|x| x.name}.must_equal %w'Album1'
+  end
+
+  it "should handle unique constraint violation errors when adding associated objects" do
+    app_setup do
+      model Artist do
+        mtm_associations :albums
+      end
+      model Album
+    end
+
+    artist = Artist.create(:name=>'Artist1')
+    album = Album.create(:name=>'Album1')
+    artist.add_album(album)
+
+    visit("/Artist/mtm_edit")
+    page.title.must_equal 'Artist - Many To Many Edit'
+    select("Artist1")
+    click_button "Edit"
+
+    find('h2').text.must_equal 'Edit Albums for Artist1'
+    page.all('select')[0].all('option').map{|s| s.text}.must_equal []
+    page.all('select')[1].all('option').map{|s| s.text}.must_equal ["Album1"]
+    select("Album1", :from=>"Disassociate From")
+    artist.remove_album(album)
+    click_button "Update"
+    page.html.must_include 'Updated albums association for Artist'
+    Artist.first.albums.map{|x| x.name}.must_equal []
+  end
+end
+
+describe AutoForme do
+  before(:all) do
+    db_setup(:artists=>[[:name, :string]], :albums=>[[:name, :string]], :albums_artists=>[[:album_id, :integer, {:table=>:albums}], [:artist_id, :integer, {:table=>:artists}]])
+    model_setup(:Artist=>[:artists, [[:many_to_many, :albums, :read_only=>true]]], :Album=>[:albums, [[:many_to_many, :artists, :read_only=>true]]])
+  end
+  after(:all) do
+    Object.send(:remove_const, :Album)
+    Object.send(:remove_const, :Artist)
+  end
+
+  it "should not automatically setup mtm support for read-only associations" do
+    app_setup do
+      model Artist do
+        mtm_associations :all
+        association_links :all
+      end
+      model Album do
+        mtm_associations :all
+        association_links :all
+      end
+    end
+
+    visit("/Artist/new")
+    page.html.wont_include 'Artist/mtm_edit'
+    fill_in 'Name', :with=>'Artist1'
+    click_button 'Create'
+    click_link 'Edit'
+    select 'Artist1'
+    click_button 'Edit'
+    page.html.must_include 'Albums'
+    page.html.wont_include '>associate<'
+    visit("/Artist/mtm_edit")
+    page.html.must_include 'Unhandled Request'
+
+    visit("/Album/new")
+    page.html.wont_include 'Album/mtm_edit'
+    fill_in 'Name', :with=>'Album1'
+    click_button 'Create'
+    click_link 'Edit'
+    select 'Album1'
+    click_button 'Edit'
+    page.html.must_include 'Artists'
+    page.html.wont_include '>associate<'
+    visit("/Album/mtm_edit")
+    page.html.must_include 'Unhandled Request'
+  end
+end

data/spec/rails_spec_helper.rb

@@ -1,8 +1,13 @@
-require 'rubygems'
+require 'rails'
 require 'action_controller/railtie'
-require 'autoforme'
+require_relative '../lib/autoforme'
 
 class AutoFormeSpec::App
+  class << self
+    # Workaround for action_view railtie deleting the finalizer
+    attr_accessor :av_finalizer
+  end
+
   def self.autoforme(klass=nil, opts={}, &block)
     sc = Class.new(Rails::Application)
     def sc.name
@@ -16,7 +21,7 @@ class AutoFormeSpec::App
       resolver = Class.new(ActionView::Resolver)
       resolver.class_eval do
         template = ActionView::Template
-        t = [template.new(<<HTML, "layout", template.handler_for_extension(:erb), {:virtual_path=>'layout', :format=>'erb', :updated_at=>Time.now})]
+        code = (<<HTML)
 <!DOCTYPE html>
 <html>
 <head><title><%= @autoforme_action.title if @autoforme_action %></title></head>
@@ -30,6 +35,11 @@ class AutoFormeSpec::App
 <%= yield %>
 </body></html>"
 HTML
+        if Rails.version > '6'
+          t = [template.new(code, "layout", template.handler_for_extension(:erb), :virtual_path=>'layout', :format=>'erb', :locals=>[])]
+        else
+          t = [template.new(code, "layout", template.handler_for_extension(:erb), :virtual_path=>'layout', :format=>'erb', :updated_at=>Time.now)]
+        end
 
         define_method(:find_templates){|*args| t}
       end
@@ -57,19 +67,39 @@ HTML
         get 'session/set', :controller=>'autoforme', :action=>'session_set'
       end.inspect
       config.secret_token = st if Rails.respond_to?(:version) && Rails.version < '5.2'
+      config.hosts << "www.example.com" if config.respond_to?(:hosts)
       config.active_support.deprecation = :stderr
       config.middleware.delete(ActionDispatch::ShowExceptions)
       config.middleware.delete(Rack::Lock)
       config.secret_key_base = st*15
       config.eager_load = true
+      if Rails.version.start_with?('4')
+        # Work around issue in backported openssl environments where
+        # secret is 64 bytes intead of 32 bytes
+        require 'active_support/message_encryptor'
+        def (ActiveSupport::MessageEncryptor).new(secret, *signature_key_or_options)
+          obj = allocate
+          obj.send(:initialize, secret[0, 32], *signature_key_or_options)
+          obj
+        end
+      end
       if Rails.version > '4.2'
         config.action_dispatch.cookies_serializer = :json
       end
       if Rails.version > '5'
         # Force Rails to dispatch to correct controller
         ActionDispatch::Routing::RouteSet::Dispatcher.class_eval do
+          alias controller controller
           define_method(:controller){|_| controller}
         end
+        config.session_store :cookie_store, :key=>'_autoforme_test_session'
+      end
+      if Rails.version > '6'
+        if AutoFormeSpec::App.av_finalizer
+          config.action_view.finalize_compiled_template_methods = AutoFormeSpec::App.av_finalizer
+        else
+          AutoFormeSpec::App.av_finalizer = config.action_view.finalize_compiled_template_methods
+        end
       end
       initialize!
     end

data/spec/roda_spec.rb

@@ -1,4 +1,4 @@
-require './spec/spec_helper'
+require_relative 'spec_helper'
 
 describe AutoForme do
   before(:all) do

data/spec/roda_spec_helper.rb

@@ -1,11 +1,9 @@
-require 'rubygems'
 require 'roda'
-require 'autoforme'
+require_relative '../lib/autoforme'
 require 'rack/csrf'
 
 begin
-  require 'erubis'
-  require 'tilt/erubis'
+  require 'tilt/erubi'
 rescue LoadError
   require 'tilt/erb'
 end
@@ -14,23 +12,38 @@ class AutoFormeSpec::App < Roda
   opts[:unsupported_block_result] = :raise
   opts[:unsupported_matcher] = :raise
   opts[:verbatim_string_matcher] = true
+  opts[:check_dynamic_arity] = opts[:check_arity] = :warn
 
   LAYOUT = <<HTML
 <!DOCTYPE html>
 <html>
 <head><title><%= @autoforme_action.title if @autoforme_action %></title></head>
 <body>
-<% if flash[:notice] %>
-  <div class="alert alert-success"><p><%= flash[:notice] %></p></div>
+<% if notice = opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice] %>
+  <div class="alert alert-success"><p><%= notice %></p></div>
 <% end %>
-<% if flash[:error] %>
-  <div class="alert alert-error"><p><%= flash[:error] %></p></div>
+<% if error = opts[:sessions_convert_symbols] ? flash['error'] : flash[:error] %>
+  <div class="alert alert-error"><p><%= error %></p></div>
 <% end %>
 <%= yield %>
 </body></html>"
 HTML
 
-  use Rack::Session::Cookie, :secret => '1'
+  plugin :flash
+
+  if defined?(Roda::RodaVersionNumber) && Roda::RodaVersionNumber >= 30100
+    if ENV['RODA_ROUTE_CSRF'] == '0'
+      require 'roda/session_middleware'
+      opts[:sessions_convert_symbols] = true
+      use RodaSessionMiddleware, :secret=>SecureRandom.random_bytes(64)
+    else
+      ENV['RODA_ROUTE_CSRF'] ||= '1'
+      plugin :sessions, :secret=>SecureRandom.random_bytes(64)
+    end
+  else
+    use Rack::Session::Cookie, :secret => '1'
+  end
+
   if ENV['RODA_ROUTE_CSRF'].to_i > 0
     plugin :route_csrf, :require_request_specific_tokens=>ENV['RODA_ROUTE_CSRF'] == '1'
   else
@@ -42,7 +55,6 @@ HTML
   plugin :not_found do
     'Unhandled Request'
   end
-  plugin :flash
 
   def self.autoforme(klass=nil, opts={}, &block)
     sc = Class.new(self)

data/spec/sequel_spec_helper.rb

@@ -1,4 +1,3 @@
-require 'rubygems'
 require 'sequel'
 require 'logger'
 

data/spec/sinatra_spec_helper.rb

@@ -1,6 +1,5 @@
-require 'rubygems'
 require 'sinatra/base'
-require 'autoforme'
+require_relative '../lib/autoforme'
 require 'sinatra/flash'
 require 'rack/csrf'
 

data/spec/spec_helper.rb

@@ -1,4 +1,3 @@
-require 'rubygems'
 $: << File.expand_path(File.join(__FILE__, '../../lib'))
 ENV['FRAMEWORK'] ||= 'roda'
 
@@ -19,7 +18,7 @@ if ENV['COVERAGE']
   end
 end
 
-require "./spec/#{ENV['FRAMEWORK']}_spec_helper"
+require_relative "#{ENV['FRAMEWORK']}_spec_helper"
 
 require 'capybara'
 require 'capybara/dsl'
@@ -27,7 +26,7 @@ require 'rack/test'
 
 ENV['MT_NO_PLUGINS'] = '1' # Work around stupid autoloading of plugins
 gem 'minitest'
-require 'minitest/autorun'
+require 'minitest/global_expectations/autorun'
 require 'minitest/hooks/default'
 
 if ENV['WARNING']
@@ -35,7 +34,7 @@ if ENV['WARNING']
   Warning.ignore([:missing_ivar, :fixnum, :not_reached])
 end
 
-require './spec/sequel_spec_helper'
+require_relative 'sequel_spec_helper'
 
 class Minitest::HooksSpec
   include Rack::Test::Methods

data/spec/unit_spec.rb

@@ -1,4 +1,4 @@
-require './spec/spec_helper'
+require_relative 'spec_helper'
 
 describe AutoForme do
   before(:all) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: autoforme
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-11 00:00:00.000000000 Z
+date: 2021-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: forme
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: minitest-global_expectations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -243,7 +257,12 @@ files:
 homepage: http://github.com/jeremyevans/autoforme
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/jeremyevans/autoforme/issues
+  changelog_uri: http://autoforme.jeremyevans.net/files/CHANGELOG.html
+  documentation_uri: http://autoforme.jeremyevans.net
+  mailing_list_uri: https://github.com/jeremyevans/autoforme/discussions
+  source_code_uri: https://github.com/jeremyevans/autoforme
 post_install_message: 
 rdoc_options:
 - "--quiet"
@@ -259,15 +278,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.2.32
 signing_key: 
 specification_version: 4
 summary: Web Administrative Console for Roda/Sinatra/Rails and Sequel::Model