RubyGems - avo - Versions diffs - 0.2.2 → 0.3.2 - Mend

avo 0.2.2 → 0.3.2

Potentially problematic release.

This version of avo might be problematic. Click here for more details.

Files changed (65) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 198006f28e691ccb555906b5533d27ec462f8408db87546ad5b68ac752b851b6
-  data.tar.gz: 2f8a82f6cdb2be871bc1f6444175cab56c3039cc4a3882e8da811df095520ff3
+  metadata.gz: 7fc8f29ce910c3eeb8bb2d80e61bc7b65385fd0b4bbb71ef9cf85556cf943bc3
+  data.tar.gz: 277415ac5daec5c8985d3ee62e2ec3dd779ea23df8b5fbc0993fb64da774a54a
 SHA512:
-  metadata.gz: a92f2a5ee48bd33d43cb8105044921a1ed2a4af5a5a21a86623df92fa48717cd11988e80b2dad383fad7b0492dc5a00143c1f02c616bbef22cd6b38ee78b73af
-  data.tar.gz: 65a815513c65738740a796d7b59c3fff96e9acf4d74e360ddb735c979dab615de270fa15e631782b5f93d9804449a7ab10ec6503cb4efc7272f78f214e0c7278
+  metadata.gz: e44bf33db4a90366e85780d500d0d476b22b74a8cdec88bb39c1da5e86e5dad6c866bef3f5ab8386f6a51b382aa1ec19ec2f8d20e3aa940ced316d8ca3558701
+  data.tar.gz: 2365d6464818c443ccb4808c041c084d1cfa5a795e63419e90524be642c64c817249e59b69b27d569ba97247c50089a58511c8f45d2106716f1d028bb506c3d6

data/Gemfile CHANGED

@@ -23,54 +23,52 @@ gem 'inline_svg'
 gem 'countries'
 # Authorization
-gem "pundit"
-# These are the dummy app's dependencies
-group :development, :test do
-  # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-  gem 'rails', '~> 6.0.2', '>= 6.0.2.2'
-  # Use postgresql as the database for Active Record
-  gem 'pg', '>= 0.18', '< 2.0'
-  # Use Puma as the app server
-  gem 'puma', '~> 4.3.5'
-  # Use SCSS for stylesheets
-  gem 'sass-rails', '>= 6'
-  # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
-  # gem 'turbolinks', '~> 5'
-  # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
-  gem 'jbuilder', '~> 2.7'
-  # Use Redis adapter to run Action Cable in production
-  # gem 'redis', '~> 4.0'
-  # Use Active Model has_secure_password
-  # gem 'bcrypt', '~> 3.1.7'
-  # Use Active Storage variant
-  # gem 'image_processing', '~> 1.2'
-  # Reduces boot times through caching; required in config/boot.rb
-  gem 'bootsnap', '>= 1.4.2', require: false
-  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
-  gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
-  gem 'dotenv-rails'
-  # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'web-console', '>= 3.3.0'
-  gem 'listen', '>= 3.0.5', '< 3.2'
-  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
-  gem 'spring'
-  gem 'spring-watcher-listen', '~> 2.0.0'
-  gem 'factory_bot_rails'
-  gem 'faker'
-  # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-  gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
-  gem 'devise'
-  gem 'database_cleaner'
-  gem 'ruby-debug-ide', require: false
-  gem 'debase'
-end
+gem 'pundit'
+# Dependencies for dummy_app
+# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
+gem 'rails', '~> 6.0.2', '>= 6.0.2.2'
+# Use postgresql as the database for Active Record
+gem 'pg', '>= 0.18', '< 2.0'
+# Use Puma as the app server
+gem 'puma', '~> 4.3.5'
+# Use SCSS for stylesheets
+gem 'sass-rails', '>= 6'
+# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
+# gem 'turbolinks', '~> 5'
+# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+gem 'jbuilder', '~> 2.7'
+# Use Redis adapter to run Action Cable in production
+# gem 'redis', '~> 4.0'
+# Use Active Model has_secure_password
+# gem 'bcrypt', '~> 3.1.7'
+# Use Active Storage variant
+# gem 'image_processing', '~> 1.2'
+# Reduces boot times through caching; required in config/boot.rb
+gem 'bootsnap', '>= 1.4.2', require: false
+# Call 'byebug' anywhere in the code to stop execution and get a debugger console
+gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
+gem 'dotenv-rails'
+# Access an interactive console on exception pages or by calling 'console' anywhere in the code.
+gem 'web-console', '>= 3.3.0'
+gem 'listen', '>= 3.0.5', '< 3.2'
+# Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
+gem 'spring'
+gem 'spring-watcher-listen', '~> 2.0.0'
+gem 'factory_bot_rails'
+gem 'faker'
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+gem 'devise'
+gem 'database_cleaner'
+gem 'ruby-debug-ide', require: false
+gem 'debase'
 group :development, :test do
   gem 'rspec-rails', '~> 4.0.0'
@@ -83,6 +81,7 @@ group :development, :test do
   gem 'rubocop'
   gem 'simplecov', require: false
   gem 'simplecov-cobertura'
+  gem 'webmock'
   # Release helper
   gem 'bump', require: false
@@ -93,3 +92,5 @@ gem 'zeitwerk', '~> 2.3'
 # Pagination
 gem 'kaminari'
+gem 'httparty'

data/Gemfile.lock CHANGED

@@ -1,11 +1,13 @@
 PATH
   remote: .
   specs:
-    avo (0.2.2)
+    avo (0.3.2)
       countries
+      httparty
       inline_svg
       kaminari
-      rails (~> 6.0.2, >= 6.0.2.1)
+      pundit
+      rails (>= 6.0)
       webpacker
       zeitwerk
@@ -91,6 +93,7 @@ GEM
       i18n_data (~> 0.10.0)
       sixarm_ruby_unaccent (~> 1.1)
       unicode_utils (~> 1.4)
+    crack (0.4.4)
     crass (1.0.6)
     database_cleaner (1.8.5)
     debase (0.2.4.1)
@@ -123,6 +126,10 @@ GEM
     gem-release (2.1.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
+    hashdiff (1.0.1)
+    httparty (0.18.1)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
     i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     i18n_data (0.10.0)
@@ -155,11 +162,15 @@ GEM
     marcel (0.3.3)
       mimemagic (~> 0.3.2)
     method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.0512)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     minitest (5.14.2)
     msgpack (1.3.3)
+    multi_xml (0.6.0)
     nio4r (2.5.4)
     nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
@@ -296,6 +307,10 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
+    webmock (3.9.3)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webpacker (4.3.0)
       activesupport (>= 4.2)
       rack-proxy (>= 0.6.1)
@@ -325,6 +340,7 @@ DEPENDENCIES
   faker
   fuubar
   gem-release
+  httparty
   inline_svg
   jbuilder (~> 2.7)
   kaminari
@@ -345,6 +361,7 @@ DEPENDENCIES
   tzinfo-data
   web-console (>= 3.3.0)
   webdrivers
+  webmock
   webpacker (~> 4.0)
   zeitwerk (~> 2.3)

data/README.md CHANGED

@@ -1,15 +1,41 @@
 ![Tests](https://github.com/avo-hq/avo/workflows/Tests/badge.svg)
 ![reviewdog](https://github.com/avo-hq/avo/workflows/reviewdog/badge.svg)
 [![codecov](https://codecov.io/gh/avo-hq/avo/branch/master/graph/badge.svg?token=Q2LMFE4989)](https://codecov.io/gh/avo-hq/avo)
+[![Maintainability](https://api.codeclimate.com/v1/badges/676a0afa2cc79f03aa29/maintainability)](https://codeclimate.com/github/avo-hq/avo/maintainability)
-# Avo
-Configuration-based, no-maintenance, extendable Ruby on Rails admin
+![](https://avohq.io/img/logo-full-stroke-tiny-2x.png)
+**Configuration-based, no-maintenance, extendable Ruby on Rails admin**
 Avo is a beautiful next-generation framework that empowers you, the developer, to create fantastic admin panels for your Ruby on Rails apps with the flexibility to fit your needs as you grow.
-[Get started](https://avohq.io/get-started)
+## Get started
+**Website**: [avohq.io](https://avohq.io)\
+**Documentation**: [docs.avohq.io](https://docs.avohq.io)\
+**Twitter**: [avo_hq](https://twitter.com/avo_hq)\
+**Community chat**: [discord](https://discord.gg/pkTF6y8)\
+**Issue tracker**: [GitHub issues](http://github.com/avo-hq/avo/issues)
+## Features
-## Installation
+  - **Code driven configuration** - Configure your Rails dashboard entirely by writing Ruby code.
+  - **Resource Management** - Create a CRUD interface for Active Record from one command. No more copy-pasting view and controller files around.
+  - **Active Storage support** - Amazingly easy, **one-line**, single or multi-file integration with **ActiveStorage**.
+  - **Grid view** - Beautiful card layout to showcase your content.
+  - **Actions** - Run custom actions to one or more of your resources with as little as pressing a button 💪
+  - **Filters** - Write your own custom filters to quickly segment your data.
+  - **Keeps your app clean** - You don't need to change your app to use Avo. Drop it in your existing app or add it to a new one and you're done 🙌
+  - **Custom fields***- No worries if we missed a field you need. Generate a custom field in a jiffy.
+  - **Dashboard widgets and metrics*** - Customize your dashboard with the tools and analytics you need.
+  - **Custom tools*** - You need to add a page with something completely new, you've got it!
+  - **Authorization** - Leverage Pundit policies to build a robust and scalable authorization system.
+  - **Themable*** - Dress it up into your own colors.
+  - **Localization*** - Have it available in any language you need.
+  *Some features are still under development
+# Installation
 Add this line to your application's `Gemfile`:
 ```ruby
@@ -20,8 +46,3 @@ And then execute:
 ```bash
 $ bundle install
 ```
-Website: [avohq.io](https://avohq.io)\
-Docs: [docs.avohq.io](https://docs.avohq.io)\
-Twitter: [avo_hq](https://twitter.com/avo_hq)\
-Community: [discord](https://discord.gg/pkTF6y8)

data/app/controllers/avo/application_controller.rb CHANGED

@@ -5,7 +5,10 @@ module Avo
     before_action :init_app
     def init_app
-      Avo::App.init
+      Avo::App.boot unless Rails.env.production?
+      Avo::App.init request
+      @license = Avo::App.license
     end
     def exception_logger(exception)
@@ -20,6 +23,20 @@ module Avo
     end
     private
+      def resource
+        eager_load_files(resource_model).find params[:id]
+      end
+      def eager_load_files(query)
+        if avo_resource.attached_file_fields.present?
+          avo_resource.attached_file_fields.map(&:id).map do |field|
+            query = query.send :"with_attached_#{field}"
+          end
+        end
+        query
+      end
       def resource_model
         avo_resource.model
       end
@@ -27,5 +44,21 @@ module Avo
       def avo_resource
         App.get_resource params[:resource_name].to_s.camelize.singularize
       end
+      def authorize_user
+        return if params[:controller] == 'avo/search'
+        model = record = avo_resource.model
+        if ['show', 'edit', 'update'].include?(params[:action]) && params[:controller] == 'avo/resources'
+          record = resource
+        end
+        return render_unauthorized unless AuthorizationService::authorize_action current_user, record, params[:action]
+      end
+      def render_unauthorized
+        render json: { message: 'Unauthorized' }, status: 403
+      end
   end
 end

data/app/controllers/avo/filters_controller.rb ADDED

@@ -0,0 +1,19 @@
+require_dependency 'avo/application_controller'
+module Avo
+  class FiltersController < ApplicationController
+    before_action :authorize_user
+    def index
+      filters = []
+      avo_resource.get_filters.each do |filter|
+        filters.push(filter.new.render_response)
+      end
+      render json: {
+        filters: filters,
+      }
+    end
+  end
+end

data/app/controllers/avo/relations_controller.rb ADDED

@@ -0,0 +1,34 @@
+require_dependency 'avo/application_controller'
+module Avo
+  class RelationsController < ApplicationController
+    before_action :authorize_user
+    def attach
+      resource.send(params[:attachment_name]) << attachment_model
+      render json: {
+        success: true,
+        message: "#{attachment_class} attached.",
+      }
+    end
+    def detach
+      resource.send(params[:attachment_name]).delete attachment_model
+      render json: {
+        success: true,
+        message: "#{attachment_class} attached.",
+      }
+    end
+    private
+      def attachment_class
+        App.get_model_class_by_name params[:attachment_name].pluralize 1
+      end
+      def attachment_model
+        attachment_class.safe_constantize.find params[:attachment_id]
+      end
+  end
+end

data/app/controllers/avo/resource_overview_controller.rb CHANGED

@@ -3,13 +3,15 @@ require_dependency 'avo/application_controller'
 module Avo
   class ResourceOverviewController < ApplicationController
     def index
-      resources = App.get_resources.map do |resource|
-        {
-          name: resource.name,
-          url: resource.url,
-          count: resource.model.count,
-        }
-      end
+      resources = App.get_resources
+        .select { |resource| AuthorizationService::authorize session_user, resource.model, Avo.configuration.authorization_methods.stringify_keys['index'] }
+        .map do |resource|
+          {
+            name: resource.name,
+            url: resource.url,
+            count: resource.model.count,
+          }
+        end
       render json: {
         resources: resources,
@@ -17,5 +19,10 @@ module Avo
         hide_docs: Avo.configuration.hide_documentation_link,
       }
     end
+    private
+      def session_user
+        current_user.present? ? current_user : nil
+      end
   end
 end

data/app/controllers/avo/resources_controller.rb CHANGED

@@ -2,21 +2,26 @@ require_dependency 'avo/application_controller'
 module Avo
   class ResourcesController < ApplicationController
+    before_action :authorize_user
     def index
       params[:page] ||= 1
       params[:per_page] ||= Avo.configuration.per_page
       params[:sort_by] = params[:sort_by].present? ? params[:sort_by] : :created_at
       params[:sort_direction] = params[:sort_direction].present? ? params[:sort_direction] : :desc
-      filters = get_filters
+      query = AuthorizationService.with_policy current_user, resource_model
       if params[:via_resource_name].present? and params[:via_resource_id].present? and params[:via_relationship].present?
-        # get the reated resource (via_resource)
-        related_resource = App.get_resource_by_name(params[:via_resource_name])
-        related_model = related_resource.model
-        # fetch the entries
-        query = related_model.find(params[:via_resource_id]).public_send(params[:via_relationship])
+        # get the related resource (via_resource)
+        related_model = App.get_resource_by_name(params[:via_resource_name]).model
+        relation = related_model.find(params[:via_resource_id]).public_send(params[:via_relationship])
+        query = AuthorizationService.with_policy current_user, relation
         params[:per_page] = Avo.configuration.via_per_page
       elsif ['has_many', 'has_and_belongs_to_many'].include? params[:for_relation]
+        # has_many searchable query
         resources = resource_model.all.map do |model|
           {
             value: model.id,
@@ -27,22 +32,18 @@ module Avo
         return render json: {
           resources: resources
         }
-      else
-        query = resource_model
       end
       query = query.order("#{params[:sort_by]} #{params[:sort_direction]}")
-      if filters.present?
-        filters.each do |filter_class, filter_value|
-          query = filter_class.safe_constantize.new.apply_query request, query, filter_value
-        end
+      applied_filters.each do |filter_class, filter_value|
+        query = filter_class.safe_constantize.new.apply_query request, query, filter_value
       end
       # Eager load the attachments
       query = eager_load_files(query)
-      # Eager lood the relations
+      # Eager load the relations
       if avo_resource.includes.present?
         query = query.includes(*avo_resource.includes)
       end
@@ -51,48 +52,21 @@ module Avo
       resources_with_fields = []
       resources.each do |resource|
-        resources_with_fields << Avo::Resources::Resource.hydrate_resource(resource, avo_resource, :index)
+        resources_with_fields << Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :index, user: current_user)
       end
-      meta = {
-        per_page_steps: Avo.configuration.per_page_steps,
-        available_view_types: avo_resource.available_view_types,
-        default_view_type: avo_resource.default_view_type || Avo.configuration.default_view_type,
-      }
       render json: {
         success: true,
-        meta: meta,
+        meta: build_meta,
         resources: resources_with_fields,
         per_page: params[:per_page],
         total_pages: resources.total_pages,
       }
     end
-    def search
-      if params[:resource_name].present?
-        resources = add_link_to_search_results search_resource(avo_resource)
-      else
-        resources = []
-        resources_to_search_through = App.get_resources.select { |r| r.search.present? }
-        resources_to_search_through.each do |resource_model|
-          found_resources = add_link_to_search_results search_resource(resource_model)
-          resources.push({
-            label: resource_model.name,
-            resources: found_resources
-          })
-        end
-      end
-      render json: {
-        resources: resources
-      }
-    end
     def show
       render json: {
-        resource: Avo::Resources::Resource.hydrate_resource(resource, avo_resource, @view || :show),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: @view || :show, user: current_user),
       }
     end
@@ -120,7 +94,7 @@ module Avo
       render json: {
         success: true,
-        resource: Avo::Resources::Resource.hydrate_resource(resource, avo_resource, :show),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :show, user: current_user),
         message: 'Resource updated',
       }
     end
@@ -143,16 +117,14 @@ module Avo
       render json: {
         success: true,
-        resource: Avo::Resources::Resource.hydrate_resource(resource, avo_resource, :create),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :create, user: current_user),
         message: 'Resource created',
       }
     end
-    def fields
-      resource = resource_model.new
+    def new
       render json: {
-        resource: Avo::Resources::Resource.hydrate_resource(resource, avo_resource, :create),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource_model.new, resource: avo_resource, view: :create, user: current_user),
       }
     end
@@ -164,64 +136,7 @@ module Avo
       }
     end
-    def filters
-      avo_filters = avo_resource.get_filters
-      filters = []
-      avo_filters.each do |filter|
-        filters.push(filter.new.render_response)
-      end
-      render json: {
-        filters: filters,
-      }
-    end
-    def attach
-      attachment_class = App.get_model_class_by_name params[:attachment_name].pluralize 1
-      attachment_model = attachment_class.safe_constantize.find params[:attachment_id]
-      attached = resource.send(params[:attachment_name]) << attachment_model
-      render json: {
-        success: true,
-        message: "#{attachment_class} attached.",
-      }
-    end
-    def detach
-      attachment_class = App.get_model_class_by_name params[:attachment_name].pluralize 1
-      attachment_model = attachment_class.safe_constantize.find params[:attachment_id]
-      attached = resource.send(params[:attachment_name]).delete attachment_model
-      render json: {
-        success: true,
-        message: "#{attachment_class} attached.",
-      }
-    end
-    def cast_nullable(params)
-      fields = avo_resource.get_fields
-      nullable_fields = fields.filter { |field| field.nullable }
-                              .map { |field| [field.id, field.null_values] }
-                              .to_h
-      params.each do |key, value|
-        nullable = nullable_fields[key.to_sym]
-        if nullable.present? && value.in?(nullable)
-          params[key] = nil
-        end
-      end
-      params
-    end
     private
-      def resource
-        eager_load_files(resource_model).find params[:id]
-      end
       def permitted_params
         permitted = avo_resource.get_fields.select(&:updatable).map do |field|
           # If it's a relation
@@ -250,41 +165,6 @@ module Avo
         params.require(:resource).permit(permitted_params)
       end
-      def search_resource(avo_resource)
-        avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id])
-      end
-      def add_link_to_search_results(resources)
-        resources.map do |model|
-          resource = model.as_json
-          resource[:link] = "/resources/#{model.class.to_s.singularize.underscore}/#{model.id}"
-          resource
-        end
-      end
-      def eager_load_files(query)
-        if avo_resource.attached_file_fields.present?
-          avo_resource.attached_file_fields.map(&:id).map do |field|
-            query = query.send :"with_attached_#{field}"
-          end
-        end
-        query
-      end
-      def process_file_field(field, attachment)
-        if attachment.is_a? ActionDispatch::Http::UploadedFile
-          # New file has been attached
-          field.attach attachment
-        elsif attachment.blank?
-          # File has been deleted
-          field.purge
-        elsif attachment.is_a? String
-          # Field is unchanged
-        end
-      end
       def update_file_fields
         # Pick and attach file fields
         attached_file_fields = avo_resource.attached_file_fields
@@ -322,7 +202,19 @@ module Avo
         end
       end
-      def get_filters
+      def process_file_field(field, attachment)
+        if attachment.is_a? ActionDispatch::Http::UploadedFile
+          # New file has been attached
+          field.attach attachment
+        elsif attachment.blank?
+          # File has been deleted
+          field.purge
+        elsif attachment.is_a? String
+          # Field is unchanged
+        end
+      end
+      def applied_filters
         if params[:filters].present?
           return JSON.parse(Base64.decode64(params[:filters]))
         end
@@ -339,5 +231,37 @@ module Avo
         filter_defaults
       end
+      def cast_nullable(params)
+        fields = avo_resource.get_fields
+        nullable_fields = fields.filter { |field| field.nullable }
+                                .map { |field| [field.id, field.null_values] }
+                                .to_h
+        params.each do |key, value|
+          nullable = nullable_fields[key.to_sym]
+          if nullable.present? && value.in?(nullable)
+            params[key] = nil
+          end
+        end
+        params
+      end
+      def build_meta
+        {
+          per_page_steps: Avo.configuration.per_page_steps,
+          available_view_types: avo_resource.available_view_types,
+          default_view_type: avo_resource.default_view_type || Avo.configuration.default_view_type,
+          authorization: {
+            create: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['create']),
+            update: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['update']),
+            show: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['show']),
+            destroy: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['destroy']),
+          },
+        }
+      end
   end
 end