RubyGems - avo - Versions diffs - 0.2.2 → 0.3.2 - Mend

avo 0.2.2 → 0.3.2

Potentially problematic release.

This version of avo might be problematic. Click here for more details.

Files changed (65) hide show

data/app/controllers/avo/search_controller.rb ADDED

@@ -0,0 +1,55 @@
+require_dependency 'avo/application_controller'
+module Avo
+  class SearchController < ApplicationController
+    before_action :authorize_user
+    def index
+      resources = []
+      resources_to_search_through = App.get_resources
+        .select { |resource| resource.search.present? }
+        .select { |resource| AuthorizationService.authorize_action current_user, resource.model, 'index' }
+        .each do |resource_model|
+          found_resources = add_link_to_search_results(search_resource(resource_model), resource_model)
+          resources.push({
+            label: resource_model.name,
+            resources: found_resources
+          })
+        end
+      render json: {
+        resources: resources
+      }
+    end
+    def resource
+      render json: {
+        resources: add_link_to_search_results(search_resource(avo_resource), avo_resource)
+      }
+    end
+    private
+      def add_link_to_search_results(resources, avo_resource)
+        resources.map do |model|
+          {
+            id: model.id,
+            search_label: model.send(avo_resource.title),
+            link: "/resources/#{model.class.to_s.singularize.underscore}/#{model.id}",
+          }
+        end
+      end
+      def search_resource(avo_resource)
+        avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id], user: current_user)
+      end
+      def authorize_user
+        return if params[:action] == 'index'
+        action = params[:action] == 'resource' ? :index : params[:action]
+        return render_unauthorized unless AuthorizationService::authorize_action current_user, avo_resource.model, action
+      end
+  end
+end

data/app/helpers/avo/application_helper.rb CHANGED

@@ -10,12 +10,16 @@ module Avo
       render partial: 'vendor/avo/partials/logo' rescue render partial: 'partials/logo'
     end
+    def render_header
+      render partial: 'vendor/avo/partials/header' rescue render partial: 'partials/header'
+    end
     def render_footer
       render partial: 'vendor/avo/partials/footer' rescue render partial: 'partials/footer'
     end
-    def render_header
-      render partial: 'vendor/avo/partials/header' rescue render partial: 'partials/header'
+    def render_scripts
+      render partial: 'vendor/avo/partials/scripts' rescue ''
     end
   end
 end

data/app/views/layouts/avo/_javascript.html.erb CHANGED

@@ -2,4 +2,5 @@
   var rootPath = '<%= Avo.configuration.root_path %>';
   var timezone = '<%= Avo.configuration.timezone %>';
   var defaultViewType = '<%= Avo.configuration.default_view_type %>';
+  var license = <%= Avo::App.license.properties.to_json.html_safe %>;
 </script>

data/app/views/layouts/avo/application.html.erb CHANGED

@@ -13,27 +13,44 @@
 <body class="bg-gray-200">
 <div id="app" class="flex min-h-screen flex-row h-full">
-  <application-sidebar :resources='<%= Avo::App.get_resources_navigation.as_json.html_safe %>'>
-    <%= render_logo %>
-  </application-sidebar>
+  <app-layout class="flex flex-1 w-full"
+    :router-key="routerKey"
+    :layout="layout"
+    inline-template
+  >
+    <div>
+      <application-sidebar :resources='<%= Avo::App.get_resources_navigation(current_user).as_json.html_safe %>' v-if="layout !== 'blank'">
+        <template #logo>
+          <%= render_logo %>
+        </template>
+        <template #licensing>
+          <license-warnings></license-warnings>
+        </template>
+      </application-sidebar>
-  <div class="flex-1 h-full overflow-auto">
-    <div class="relative bg-white p-2 shadow-md h-16 w-full flex items-center z-40">
-      <div class="ml-6">
-        <%= render_header %>
-      </div>
-      <div class="flex-1 flex justify-center">
-        <div class="w-64">
-          <resources-search :global="true">
+      <div class="flex-1 h-full overflow-auto">
+        <div class="relative bg-white p-2 shadow-md h-16 w-full flex items-center z-40" v-if="layout !== 'blank'">
+          <div class="ml-6">
+            <%= render_header %>
+          </div>
+          <div class="flex-1 flex justify-center">
+            <div class="w-64">
+              <resources-search :global="true">
+            </div>
+          </div>
         </div>
-      </div>
-    </div>
-    <div class="content p-8">
-      <%= yield %>
-      <%= render_footer %>
+        <div v-if="layout === 'blank'" class="h-full w-full flex justify-center items-center">
+          <%= yield %>
+        </div>
+        <div class="content p-8" v-else>
+          <%= yield %>
+          <%= render_footer %>
+        </div>
+      </div>
     </div>
-  </div>
+  </app-layout>
 </div>
+<%= render_scripts %>
 </body>
 </html>

data/app/views/partials/_header.html.erb CHANGED

	@@ -1 +1 @@
1	- <%= link_to Avo.configuration.app_name, ~~main_app.root_path~~, class: 'text-green-600 font-semibold', target: :_blank %>
1	+ <%= link_to Avo.configuration.app_name, '/', class: 'text-green-600 font-semibold', target: :_blank %>

data/avo.gemspec CHANGED

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.name        = 'avo'
   spec.version     = Avo::VERSION
   spec.authors     = ['Adrian Marin', 'Mihai Marin']
-  spec.email       = ['adrian@avohq.io']
+  spec.email       = ['avo@avohq.io']
   spec.homepage    = 'https://avohq.io'
   spec.summary     = 'Configuration-based, no-maintenance, extendable Ruby on Rails admin.'
   spec.description = 'Avo is a beautiful next-generation framework that empowers you, the developer, to create fantastic admin panels for your Ruby on Rails apps with the flexibility to fit your needs as you grow.'
@@ -32,10 +32,12 @@ Gem::Specification.new do |spec|
   spec.files = Dir['{bin,app,config,db,lib,public}/**/*', 'MIT-LICENSE', 'Rakefile', 'README.md', 'avo.gemspec', 'Gemfile', 'Gemfile.lock']
     .reject { |file| file.start_with? 'app/frontend' }
-  spec.add_dependency 'rails', '~> 6.0.2', '>= 6.0.2.1'
+  spec.add_dependency 'rails', '>= 6.0'
   spec.add_dependency 'kaminari'
   spec.add_dependency 'zeitwerk'
   spec.add_dependency 'inline_svg'
   spec.add_dependency 'webpacker'
   spec.add_dependency 'countries'
+  spec.add_dependency 'pundit'
+  spec.add_dependency 'httparty'
 end

data/config/credentials.yml.enc ADDED

@@ -0,0 +1 @@

+ u5m9Je6F3j/LCnOwcN7cXW37M63Bs0KNZC1fHRObWx4YQkV9DJl1k9H9+mlvV3irAC7NZB9H0BExhxquReVe2N0v6s3E3EvOWY8wfZhFONJpK8V0qerYJIhJvCOOPv0hfS/HQdcvUQx/i1faXEgr8QVR7nGVBHUzulwgab0lUBSAV0jjEbT6o+amTojFudelgtw0zmlZW9JL7OZ/IwZ7zxbi8/yoWB52lU4VKOxZV7AEWAVDzL/0ZogLRG12BsTSmqC0jS5ocdnOgV0X7oNeYL9HINqLLM5suBB+BOf3xL6vgngu7UDRAAQ/mN2TDGsvklF8bwVz0dDVQ0RuvdeQ9TWEeM75hhzGKG6wPKBjh4ebrKp7g9TT76F6omLe/hG30MbohGxaLVHIJjyJixfKlLlYwdNWeOjXwYsn--7CEWrUIlraWa8R0S--ia1zVj/2AXISMmbinw6S7g==

data/config/routes.rb CHANGED

@@ -1,20 +1,24 @@
 Avo::Engine.routes.draw do
   root 'home#index'
-  get '/avo-api/search',                  to: 'resources#search'
-  get '/avo-api/:resource_name/search',   to: 'resources#search'
-  get '/avo-api/:resource_name',          to: 'resources#index'
-  get '/avo-api/:resource_name/filters',  to: 'resources#filters'
+  get '/avo-api/:resource_name/filters',  to: 'filters#index'
   get '/avo-api/:resource_name/actions',  to: 'actions#index'
   post '/avo-api/:resource_name/actions', to: 'actions#handle'
+  get '/avo-api/search',                  to: 'search#index'
+  get '/avo-api/:resource_name/search',   to: 'search#resource'
+  get '/avo-api/:resource_name',          to: 'resources#index'
   post '/avo-api/:resource_name',         to: 'resources#create'
-  get '/avo-api/:resource_name/fields',   to: 'resources#fields'
+  get '/avo-api/:resource_name/new',      to: 'resources#new'
   get '/avo-api/:resource_name/:id',      to: 'resources#show'
   get '/avo-api/:resource_name/:id/edit', to: 'resources#edit'
   put '/avo-api/:resource_name/:id',      to: 'resources#update'
   delete '/avo-api/:resource_name/:id',   to: 'resources#destroy'
-  post '/avo-api/:resource_name/:id/attach/:attachment_name/:attachment_id', to: 'resources#attach'
-  post '/avo-api/:resource_name/:id/detach/:attachment_name/:attachment_id', to: 'resources#detach'
+  post '/avo-api/:resource_name/:id/attach/:attachment_name/:attachment_id', to: 'relations#attach'
+  post '/avo-api/:resource_name/:id/detach/:attachment_name/:attachment_id', to: 'relations#detach'
   # Tools
   get '/avo-tools/resource-overview', to: 'resource_overview#index'

data/lib/avo.rb CHANGED

@@ -11,6 +11,8 @@ require_relative 'avo/app/filters/select_filter'
 require_relative 'avo/app/resource'
+require_relative 'avo/app/licensing/license_manager'
 module Avo
   ROOT_PATH = Pathname.new(File.join(__dir__, '..'))

data/lib/avo/app/app.rb CHANGED

@@ -4,37 +4,35 @@ require_relative 'filters/select_filter'
 require_relative 'filters/boolean_filter'
 require_relative 'resource'
 require_relative 'tool'
+require_relative 'authorization_service'
 module Avo
   class App
     @@app = {
       root_path: '',
-      tools: [],
-      tool_classes: [],
       resources: [],
       field_names: {},
     }
+    @@license = nil
     class << self
-      def init
+      def boot
         @@app[:root_path] = Pathname.new(File.join(__dir__, '..', '..'))
-        # get_tools
-        # init_tools
         init_fields
+      end
+      def init(current_request = nil)
         init_resources
+        @@license = LicenseManager.new(HQ.new(current_request).response).license
       end
       def app
         @@app
       end
-      # def tools
-      #   @@app[:tools]
-      # end
-      # def get_tools
-      #   @@app[:tool_classes] = ToolsManager.get_tools
-      # end
+      def license
+        @@license
+      end
       # This method will take all fields available in the Avo::Fields namespace and create a method for them.
       #
@@ -129,23 +127,14 @@ module Avo
         name.to_s.camelize.singularize
       end
-      # def init_tools
-      #   @@app[:tool_classes].each do |tool_class|
-      #     @@app[:tools].push tool_class.new
-      #   end
-      # end
-      # def render_navigation
-      #   navigation = []
-      #   @@app[:tools].each do |tool|
-      #     navigation.push(tool.render_navigation) if tool.class.method_defined?(:render_navigation)
-      #   end
-      #   navigation.join('')
-      # end
-      def get_resources_navigation
-        App.get_resources.map { |resource| { label: resource.resource_name_plural.humanize, resource_name: resource.url.pluralize } }.to_json.to_s.html_safe
+      def get_resources_navigation(user)
+        App.get_resources
+          .select { |resource| AuthorizationService::authorize user, resource.model, Avo.configuration.authorization_methods.stringify_keys['index'] }
+          .map { |resource| { label: resource.resource_name_plural.humanize, resource_name: resource.url.pluralize } }
+          .reject { |i| i.blank? }
+          .to_json
+          .to_s
+          .html_safe
       end
     end
   end

data/lib/avo/app/authorization_service.rb ADDED

@@ -0,0 +1,40 @@
+module Avo
+  class AuthorizationService
+    class << self
+      def authorize(user, record, action)
+        return true if skip_authorization
+        begin
+          if Pundit.policy user, record
+            Pundit.authorize user, record, action
+          end
+          true
+        rescue Pundit::NotAuthorizedError => error
+          false
+        end
+      end
+      def authorize_action(user, record, action)
+        action = Avo.configuration.authorization_methods.stringify_keys[action.to_s]
+        return true if action.nil?
+        authorize user, record, action
+      end
+      def with_policy(user, model)
+        return model if skip_authorization
+        begin
+          Pundit.policy_scope! user, model
+        rescue => exception
+          model
+        end
+      end
+      def skip_authorization
+        Avo::App.license.lacks :authorization
+      end
+    end
+  end
+end

data/lib/avo/app/fields/has_and_belongs_to_many.rb CHANGED

@@ -27,6 +27,7 @@ module Avo
         fields[:relation_class] = target_resource.class.to_s
         fields[:path] = target_resource.url
         fields[:relationship] = :has_and_belongs_to_many
+        fields[:relationship_model] = target_resource.model.name
         fields
       end

data/lib/avo/app/fields/has_many.rb CHANGED

@@ -27,6 +27,7 @@ module Avo
         fields[:relation_class] = target_resource.class.to_s
         fields[:path] = target_resource.url
         fields[:relationship] = :has_many
+        fields[:relationship_model] = target_resource.model.name
         fields
       end

data/lib/avo/app/fields/id_field.rb CHANGED

@@ -1,14 +1,14 @@
 module Avo
   module Fields
     class IdField < Field
-      DEFAULT_VALUE = 'id'
       def initialize(name, **args, &block)
+        default_value = 'id'
         if name.nil?
-          @name = name = DEFAULT_VALUE
+          @name = name = default_value
         elsif !name.is_a? String and !name.is_a? Symbol
           args_copy = name
-          @name = name = DEFAULT_VALUE
+          @name = name = default_value
           args = args_copy
         end

data/lib/avo/app/licensing/community_license.rb ADDED

@@ -0,0 +1,4 @@
+module Avo
+  class CommunityLicense < License
+  end
+end

data/lib/avo/app/licensing/hq.rb ADDED

@@ -0,0 +1,85 @@
+module Avo
+  class HQ
+    attr_accessor :current_request
+    ENDPOINT = 'https://avohq.io/api/v1/licenses/check'
+    CACHE_KEY = 'avo.hq.response'
+    REQUEST_TIMEOUT = 5 # seconds
+    def initialize(current_request)
+      @current_request = current_request
+    end
+    def response
+      @hq_response or request
+    end
+    private
+      def request
+        return cached_response if has_cached_response
+        begin
+          perform_and_cache_request
+        rescue HTTParty::Error => exception
+          cache_and_return_error 'HTTP client error.', exception.message
+        rescue Net::OpenTimeout => exception
+          cache_and_return_error 'Request timeout.', exception.message
+        rescue SocketError => exception
+          cache_and_return_error 'Connection error.', exception.message
+        end
+      end
+      def perform_and_cache_request
+        hq_response = perform_request
+        return cache_and_return_error 'Avo HQ Internal server error.', hq_response.body if hq_response.code == 500
+        cache_response 1.hour.to_i, hq_response.parsed_response if hq_response.code == 200
+      end
+      def cache_response(time, response)
+        response.merge!(
+          expiry: time,
+          **payload,
+        ).stringify_keys!
+        Rails.cache.write(CACHE_KEY, response, expires_in: time)
+        @hq_response = response
+        response
+      end
+      def perform_request
+        puts 'Performing request to avohq.io API to check license availability.'.inspect if Rails.env.development?
+        HTTParty.post ENDPOINT, body: payload.to_json, headers: { 'Content-type': 'application/json' }, timeout: REQUEST_TIMEOUT
+      end
+      def payload
+        {
+          license: Avo.configuration.license,
+          license_key: Avo.configuration.license_key,
+          avo_version: Avo::VERSION,
+          rails_version: Rails::VERSION::STRING,
+          ruby_version: RUBY_VERSION,
+          environment: Rails.env,
+          ip: current_request.ip,
+          host: current_request.host,
+          port: current_request.port,
+        }
+      end
+      def cache_and_return_error(error, exception_message = '')
+        cache_response 5.minutes.to_i, { error: error, exception_message: exception_message }.stringify_keys
+      end
+      def has_cached_response
+        Rails.cache.exist? CACHE_KEY
+      end
+      def cached_response
+        Rails.cache.read CACHE_KEY
+      end
+  end
+end