autoforme 1.7.0 → 1.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG +6 -0
- data/MIT-LICENSE +1 -1
- data/README.rdoc +1 -1
- data/lib/autoforme/action.rb +15 -11
- data/lib/autoforme/frameworks/rails.rb +1 -1
- data/lib/autoforme/frameworks/roda.rb +14 -2
- data/lib/autoforme/frameworks/sinatra.rb +1 -1
- data/lib/autoforme/version.rb +15 -1
- data/spec/rails_spec_helper.rb +6 -2
- data/spec/roda_spec_helper.rb +7 -1
- data/spec/spec_helper.rb +3 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 5112ef1a062e3fa4a586f605365004eb733e25c7e49c7d52d0399d2d5596a692
|
|
4
|
+
data.tar.gz: 3142feb7e88e43ec825eedb9dfa700dd2c710cdce59b7839241117ad66b6568a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 937e7ced506f742fbd9ec7632cf69a6a93b1996d884a63996162a38ad949c0ef3b6022a910fe51748f9792c9d9ce3703ffa6691e321f93bcd9917e05f3f24677
|
|
7
|
+
data.tar.gz: a369fc3b50aef5cf9546fb512c0d92a63de9cc0f15b8ac16f84b5fa2291f688ea10f0a711ddf9573b3e1c6257015174c147f05af6e7f073ae37be1e392386c85
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
=== 1.8.0 (2018-06-11)
|
|
2
|
+
|
|
3
|
+
* Add support for Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)
|
|
4
|
+
|
|
5
|
+
* Default to size of 10 for select multiple inputs (jeremyevans)
|
|
6
|
+
|
|
1
7
|
=== 1.7.0 (2017-10-27)
|
|
2
8
|
|
|
3
9
|
* Respect Model#forme_namespace method for parameter names (adam12, jeremyevans) (#9)
|
data/MIT-LICENSE
CHANGED
data/README.rdoc
CHANGED
|
@@ -197,7 +197,7 @@ symbol and request).
|
|
|
197
197
|
|
|
198
198
|
Additionally, AutoForme.for accepts a :prefix option that controls where the forms are mounted:
|
|
199
199
|
|
|
200
|
-
|
|
200
|
+
AutoForme.for(:sinatra, self, :prefix=>'/path/to') do
|
|
201
201
|
model Artist
|
|
202
202
|
end
|
|
203
203
|
|
data/lib/autoforme/action.rb
CHANGED
|
@@ -225,11 +225,11 @@ module AutoForme
|
|
|
225
225
|
end
|
|
226
226
|
|
|
227
227
|
# Options to use for the form. If the form uses POST, automatically adds the CSRF token.
|
|
228
|
-
def form_opts
|
|
228
|
+
def form_opts(action=nil)
|
|
229
229
|
opts = model.form_options_for(type, request).dup
|
|
230
230
|
hidden_tags = opts[:hidden_tags] = []
|
|
231
|
-
if csrf = request.csrf_token_hash
|
|
232
|
-
hidden_tags << lambda{|tag| csrf if tag.attr[:method].to_s.upcase == 'POST'}
|
|
231
|
+
if csrf = request.csrf_token_hash(action)
|
|
232
|
+
hidden_tags << lambda{|tag| csrf if (tag.attr[:method] || tag.attr['method']).to_s.upcase == 'POST'}
|
|
233
233
|
end
|
|
234
234
|
opts
|
|
235
235
|
end
|
|
@@ -243,7 +243,8 @@ module AutoForme
|
|
|
243
243
|
# HTML content used for the new action
|
|
244
244
|
def new_page(obj, opts={})
|
|
245
245
|
page do
|
|
246
|
-
|
|
246
|
+
form_attr = form_attributes(:action=>url_for("create"))
|
|
247
|
+
Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
247
248
|
model.columns_for(:new, request).each do |column|
|
|
248
249
|
col_opts = column_options_for(:new, request, obj, column)
|
|
249
250
|
if html = model.edit_html_for(obj, column, :new, request)
|
|
@@ -318,7 +319,8 @@ module AutoForme
|
|
|
318
319
|
end.to_s
|
|
319
320
|
end
|
|
320
321
|
if type == :delete
|
|
321
|
-
|
|
322
|
+
form_attr = form_attributes(:action=>url_for("destroy/#{model.primary_key_value(obj)}"), :method=>:post)
|
|
323
|
+
t << Forme.form(form_attr, form_opts(form_attr[:action])) do |f1|
|
|
322
324
|
f1.button(:value=>'Delete', :class=>'btn btn-danger')
|
|
323
325
|
end.to_s
|
|
324
326
|
else
|
|
@@ -341,7 +343,8 @@ module AutoForme
|
|
|
341
343
|
def edit_page(obj)
|
|
342
344
|
page do
|
|
343
345
|
t = String.new
|
|
344
|
-
|
|
346
|
+
form_attr = form_attributes(:action=>url_for("update/#{model.primary_key_value(obj)}"))
|
|
347
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
345
348
|
model.columns_for(:edit, request).each do |column|
|
|
346
349
|
col_opts = column_options_for(:edit, request, obj, column)
|
|
347
350
|
if html = model.edit_html_for(obj, column, :edit, request)
|
|
@@ -479,7 +482,8 @@ module AutoForme
|
|
|
479
482
|
page do
|
|
480
483
|
t = String.new
|
|
481
484
|
t << "<h2>Edit #{humanize(assoc)} for #{h model.object_display_name(type, request, obj)}</h2>"
|
|
482
|
-
|
|
485
|
+
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}"))
|
|
486
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
483
487
|
opts = model.column_options_for(:mtm_edit, request, assoc)
|
|
484
488
|
add_opts = opts[:add] ? opts.merge(opts.delete(:add)) : opts
|
|
485
489
|
remove_opts = opts[:remove] ? opts.merge(opts.delete(:remove)) : opts
|
|
@@ -487,9 +491,9 @@ module AutoForme
|
|
|
487
491
|
if model.association_autocomplete?(assoc, request)
|
|
488
492
|
f.input(assoc, {:type=>'text', :class=>'autoforme_autocomplete', :attr=>{'data-type'=>'association', 'data-column'=>assoc, 'data-exclude'=>model.primary_key_value(obj)}, :value=>''}.merge(add_opts))
|
|
489
493
|
else
|
|
490
|
-
f.input(assoc, {:dataset=>model.unassociated_mtm_objects(request, assoc, obj)}.merge(add_opts))
|
|
494
|
+
f.input(assoc, {:dataset=>model.unassociated_mtm_objects(request, assoc, obj), :size=>10}.merge(add_opts))
|
|
491
495
|
end
|
|
492
|
-
f.input(assoc, {:name=>'remove[]', :id=>'remove', :label=>'Disassociate From', :dataset=>model.associated_mtm_objects(request, assoc, obj), :value=>[]}.merge(remove_opts))
|
|
496
|
+
f.input(assoc, {:name=>'remove[]', :id=>'remove', :label=>'Disassociate From', :dataset=>model.associated_mtm_objects(request, assoc, obj), :value=>[], :size=>10}.merge(remove_opts))
|
|
493
497
|
f.button(:value=>'Update', :class=>'btn btn-primary')
|
|
494
498
|
end.to_s
|
|
495
499
|
end
|
|
@@ -641,7 +645,7 @@ module AutoForme
|
|
|
641
645
|
t << "<div class='inline_mtm_add_associations'>"
|
|
642
646
|
assocs.each do |assoc|
|
|
643
647
|
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}&redir=edit"), :class => 'mtm_add_associations', 'data-remove' => "##{assoc}_remove_list")
|
|
644
|
-
t << Forme.form(obj, form_attr, form_opts) do |f|
|
|
648
|
+
t << Forme.form(obj, form_attr, form_opts(form_attr[:action])) do |f|
|
|
645
649
|
opts = model.column_options_for(:mtm_edit, request, assoc)
|
|
646
650
|
add_opts = opts[:add] ? opts.merge(opts.delete(:add)) : opts.dup
|
|
647
651
|
add_opts = {:name=>'add[]', :id=>"add_#{assoc}"}.merge(add_opts)
|
|
@@ -674,7 +678,7 @@ module AutoForme
|
|
|
674
678
|
t << "<li>"
|
|
675
679
|
t << association_link(mc, assoc_obj)
|
|
676
680
|
form_attr = form_attributes(:action=>url_for("mtm_update/#{model.primary_key_value(obj)}?association=#{assoc}&remove%5b%5d=#{model.primary_key_value(assoc_obj)}&redir=edit"), :method=>'post', :class => 'mtm_remove_associations', 'data-add'=>"#add_#{assoc}")
|
|
677
|
-
t << Forme.form(form_attr, form_opts) do |f|
|
|
681
|
+
t << Forme.form(form_attr, form_opts(form_attr[:action])) do |f|
|
|
678
682
|
f.button(:value=>'Remove', :class=>'btn btn-xs btn-danger')
|
|
679
683
|
end.to_s
|
|
680
684
|
t << "</li>"
|
|
@@ -29,7 +29,7 @@ module AutoForme
|
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Use Rails's form_authenticity_token for CSRF protection.
|
|
32
|
-
def csrf_token_hash
|
|
32
|
+
def csrf_token_hash(action=nil)
|
|
33
33
|
vc = @controller.view_context
|
|
34
34
|
{vc.request_forgery_protection_token.to_s=>vc.form_authenticity_token} if vc.protect_against_forgery?
|
|
35
35
|
end
|
|
@@ -38,8 +38,20 @@ module AutoForme
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
# Use Rack::Csrf for csrf protection if it is defined.
|
|
41
|
-
def csrf_token_hash
|
|
42
|
-
|
|
41
|
+
def csrf_token_hash(action=nil)
|
|
42
|
+
if @controller.respond_to?(:check_csrf!)
|
|
43
|
+
# Using route_csrf plugin
|
|
44
|
+
# :nocov:
|
|
45
|
+
token = if @controller.use_request_specific_csrf_tokens?
|
|
46
|
+
@controller.csrf_token(@controller.csrf_path(action))
|
|
47
|
+
else
|
|
48
|
+
@controller.csrf_token
|
|
49
|
+
end
|
|
50
|
+
{@controller.csrf_field=>token}
|
|
51
|
+
# :nocov:
|
|
52
|
+
elsif defined?(::Rack::Csrf)
|
|
53
|
+
{::Rack::Csrf.field=>::Rack::Csrf.token(@env)}
|
|
54
|
+
end
|
|
43
55
|
end
|
|
44
56
|
end
|
|
45
57
|
|
data/lib/autoforme/version.rb
CHANGED
|
@@ -1,8 +1,22 @@
|
|
|
1
1
|
# frozen-string-literal: true
|
|
2
2
|
|
|
3
3
|
module AutoForme
|
|
4
|
+
# The major version of AutoForme, updated only for major changes that are
|
|
5
|
+
# likely to require modification to apps using AutoForme.
|
|
6
|
+
MAJOR = 1
|
|
7
|
+
|
|
8
|
+
# The minor version of AutoForme, updated for new feature releases of AutoForme.
|
|
9
|
+
MINOR = 8
|
|
10
|
+
|
|
11
|
+
# The patch version of AutoForme, updated only for bug fixes from the last
|
|
12
|
+
# feature release.
|
|
13
|
+
TINY = 0
|
|
14
|
+
|
|
4
15
|
# Version constant, use <tt>AutoForme.version</tt> instead.
|
|
5
|
-
VERSION =
|
|
16
|
+
VERSION = "#{MAJOR}.#{MINOR}.#{TINY}".freeze
|
|
17
|
+
|
|
18
|
+
# The full version of AutoForme as a number (1.8.0 => 10800)
|
|
19
|
+
VERSION_NUMBER = MAJOR*10000 + MINOR*100 + TINY
|
|
6
20
|
|
|
7
21
|
# Returns the version as a frozen string (e.g. '0.1.0')
|
|
8
22
|
def self.version
|
data/spec/rails_spec_helper.rb
CHANGED
|
@@ -5,6 +5,9 @@ require 'autoforme'
|
|
|
5
5
|
class AutoFormeSpec::App
|
|
6
6
|
def self.autoforme(klass=nil, opts={}, &block)
|
|
7
7
|
sc = Class.new(Rails::Application)
|
|
8
|
+
def sc.name
|
|
9
|
+
"AutoForme Test"
|
|
10
|
+
end
|
|
8
11
|
framework = nil
|
|
9
12
|
sc.class_eval do
|
|
10
13
|
controller = Class.new(ActionController::Base)
|
|
@@ -50,13 +53,14 @@ HTML
|
|
|
50
53
|
end
|
|
51
54
|
end
|
|
52
55
|
|
|
53
|
-
|
|
56
|
+
st = routes.append do
|
|
54
57
|
get 'session/set', :controller=>'autoforme', :action=>'session_set'
|
|
55
58
|
end.inspect
|
|
59
|
+
config.secret_token = st if Rails.respond_to?(:version) && Rails.version < '5.2'
|
|
56
60
|
config.active_support.deprecation = :stderr
|
|
57
61
|
config.middleware.delete(ActionDispatch::ShowExceptions)
|
|
58
62
|
config.middleware.delete(Rack::Lock)
|
|
59
|
-
config.secret_key_base =
|
|
63
|
+
config.secret_key_base = st*15
|
|
60
64
|
config.eager_load = true
|
|
61
65
|
if Rails.version > '4.2'
|
|
62
66
|
config.action_dispatch.cookies_serializer = :json
|
data/spec/roda_spec_helper.rb
CHANGED
|
@@ -31,7 +31,11 @@ class AutoFormeSpec::App < Roda
|
|
|
31
31
|
HTML
|
|
32
32
|
|
|
33
33
|
use Rack::Session::Cookie, :secret => '1'
|
|
34
|
-
|
|
34
|
+
if ENV['RODA_ROUTE_CSRF'].to_i > 0
|
|
35
|
+
plugin :route_csrf, :require_request_specific_tokens=>ENV['RODA_ROUTE_CSRF'] == '1'
|
|
36
|
+
else
|
|
37
|
+
use Rack::Csrf
|
|
38
|
+
end
|
|
35
39
|
|
|
36
40
|
template_opts = {:default_encoding=>nil}
|
|
37
41
|
plugin :render, :layout=>{:inline=>LAYOUT}, :template_opts=>template_opts, :opts=>template_opts
|
|
@@ -54,6 +58,8 @@ HTML
|
|
|
54
58
|
end
|
|
55
59
|
|
|
56
60
|
route do |r|
|
|
61
|
+
check_csrf! if ENV['RODA_ROUTE_CSRF'].to_i > 0
|
|
62
|
+
|
|
57
63
|
r.get 'session/set' do
|
|
58
64
|
session.merge!(r.params)
|
|
59
65
|
''
|
data/spec/spec_helper.rb
CHANGED
|
@@ -24,13 +24,15 @@ require "./spec/#{ENV['FRAMEWORK']}_spec_helper"
|
|
|
24
24
|
require 'capybara'
|
|
25
25
|
require 'capybara/dsl'
|
|
26
26
|
require 'rack/test'
|
|
27
|
+
|
|
28
|
+
ENV['MT_NO_PLUGINS'] = '1' # Work around stupid autoloading of plugins
|
|
27
29
|
gem 'minitest'
|
|
28
30
|
require 'minitest/autorun'
|
|
29
31
|
require 'minitest/hooks/default'
|
|
30
32
|
|
|
31
33
|
if ENV['WARNING']
|
|
32
34
|
require 'warning'
|
|
33
|
-
Warning.ignore([:missing_ivar, :fixnum])
|
|
35
|
+
Warning.ignore([:missing_ivar, :fixnum, :not_reached])
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
require './spec/sequel_spec_helper'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: autoforme
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-06-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: forme
|
|
@@ -267,7 +267,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
267
267
|
version: '0'
|
|
268
268
|
requirements: []
|
|
269
269
|
rubyforge_project:
|
|
270
|
-
rubygems_version: 2.6
|
|
270
|
+
rubygems_version: 2.7.6
|
|
271
271
|
signing_key:
|
|
272
272
|
specification_version: 4
|
|
273
273
|
summary: Web Administrative Console for Roda/Sinatra/Rails and Sequel::Model
|