RubyGems - avo - Versions diffs - 0.2.3 → 0.4.1 - Mend

avo 0.2.3 → 0.4.1

Potentially problematic release.

This version of avo might be problematic. Click here for more details.

Files changed (87) hide show

data/lib/avo/app/fields/has_and_belongs_to_many.rb CHANGED

@@ -27,6 +27,7 @@ module Avo
         fields[:relation_class] = target_resource.class.to_s
         fields[:path] = target_resource.url
         fields[:relationship] = :has_and_belongs_to_many
+        fields[:relationship_model] = target_resource.model.name
         fields
       end

data/lib/avo/app/fields/has_many.rb CHANGED

@@ -27,6 +27,7 @@ module Avo
         fields[:relation_class] = target_resource.class.to_s
         fields[:path] = target_resource.url
         fields[:relationship] = :has_many
+        fields[:relationship_model] = target_resource.model.name
         fields
       end

data/lib/avo/app/fields/has_one.rb CHANGED

@@ -13,7 +13,7 @@ module Avo
         hide_on :create
-        @placeholder = 'Choose an option'
+        @placeholder = I18n.t 'avo.choose_an_option'
         @relation_method = name.to_s.parameterize.underscore
       end
@@ -43,7 +43,7 @@ module Avo
           end
         end
-        fields[:resource_name_plural] = target_resource.resource_name_plural
+        fields[:plural_name] = target_resource.plural_name
         fields
       end

data/lib/avo/app/fields/id_field.rb CHANGED

@@ -1,14 +1,14 @@
 module Avo
   module Fields
     class IdField < Field
-      DEFAULT_VALUE = 'id'
       def initialize(name, **args, &block)
+        default_value = 'id'
         if name.nil?
-          @name = name = DEFAULT_VALUE
+          @name = name = default_value
         elsif !name.is_a? String and !name.is_a? Symbol
           args_copy = name
-          @name = name = DEFAULT_VALUE
+          @name = name = default_value
           args = args_copy
         end

data/lib/avo/app/fields/markdown_field.rb ADDED

@@ -0,0 +1,27 @@
+require_relative 'field'
+module Avo
+  module Fields
+    class MarkdownField < Field
+      def initialize(name, **args, &block)
+        @defaults = {
+          component: 'markdown-field',
+        }
+        super(name, **args, &block)
+        hide_on :index
+        @always_show = args[:always_show].present? ? args[:always_show] : false
+        @height = args[:height].present? ? args[:height].to_s : 'auto'
+      end
+      def hydrate_field(fields, model, resource, view)
+        {
+          always_show: @always_show,
+          height: @height
+        }
+      end
+    end
+  end
+end

data/lib/avo/app/fields/password_field.rb CHANGED

@@ -8,9 +8,11 @@ module Avo
           component: 'password-field',
         }
+        show_on :forms
         super(name, **args, &block)
-        only_on :forms
+        hide_on [:index, :show]
       end
     end
   end

data/lib/avo/app/fields/select_field.rb CHANGED

@@ -12,7 +12,7 @@ module Avo
         @options = args[:options].present? ? args[:options] : {}
         @enum = args[:enum].present? ? args[:enum] : nil
         @display_value = args[:display_value].present? ? args[:display_value] : false
-        @placeholder = args[:placeholder].present? ? args[:placeholder].to_s : 'Choose an option'
+        @placeholder = args[:placeholder].present? ? args[:placeholder].to_s : I18n.t('avo.choose_an_option')
       end
       def hydrate_field(fields, model, resource, view)

data/lib/avo/app/licensing/community_license.rb ADDED

@@ -0,0 +1,4 @@
+module Avo
+  class CommunityLicense < License
+  end
+end

data/lib/avo/app/licensing/hq.rb ADDED

@@ -0,0 +1,86 @@
+module Avo
+  class HQ
+    attr_accessor :current_request
+    ENDPOINT = 'https://avohq.io/api/v1/licenses/check'
+    CACHE_KEY = 'avo.hq.response'
+    REQUEST_TIMEOUT = 5 # seconds
+    def initialize(current_request)
+      @current_request = current_request
+      @cache_store = Avo::App.cache_store
+    end
+    def response
+      @hq_response or request
+    end
+    private
+      def request
+        return cached_response if has_cached_response
+        begin
+          perform_and_cache_request
+        rescue HTTParty::Error => exception
+          cache_and_return_error 'HTTP client error.', exception.message
+        rescue Net::OpenTimeout => exception
+          cache_and_return_error 'Request timeout.', exception.message
+        rescue SocketError => exception
+          cache_and_return_error 'Connection error.', exception.message
+        end
+      end
+      def perform_and_cache_request
+        hq_response = perform_request
+        return cache_and_return_error 'Avo HQ Internal server error.', hq_response.body if hq_response.code == 500
+        cache_response 1.hour.to_i, hq_response.parsed_response if hq_response.code == 200
+      end
+      def cache_response(time, response)
+        response.merge!(
+          expiry: time,
+          **payload,
+        ).stringify_keys!
+        @cache_store.write(CACHE_KEY, response, expires_in: time)
+        @hq_response = response
+        response
+      end
+      def perform_request
+        puts 'Performing request to avohq.io API to check license availability.'.inspect if Rails.env.development?
+        HTTParty.post ENDPOINT, body: payload.to_json, headers: { 'Content-type': 'application/json' }, timeout: REQUEST_TIMEOUT
+      end
+      def payload
+        {
+          license: Avo.configuration.license,
+          license_key: Avo.configuration.license_key,
+          avo_version: Avo::VERSION,
+          rails_version: Rails::VERSION::STRING,
+          ruby_version: RUBY_VERSION,
+          environment: Rails.env,
+          ip: current_request.ip,
+          host: current_request.host,
+          port: current_request.port,
+        }
+      end
+      def cache_and_return_error(error, exception_message = '')
+        cache_response 5.minutes.to_i, { error: error, exception_message: exception_message }.stringify_keys
+      end
+      def has_cached_response
+        @cache_store.exist? CACHE_KEY
+      end
+      def cached_response
+        @cache_store.read CACHE_KEY
+      end
+  end
+end

data/lib/avo/app/licensing/license.rb ADDED

@@ -0,0 +1,48 @@
+module Avo
+  class License
+    attr_accessor :id
+    attr_accessor :response
+    attr_accessor :valid
+    def initialize(response)
+      @response = response
+      @id = response['id']
+      @valid = response['valid']
+    end
+    def valid?
+      valid
+    end
+    def invalid?
+      !valid?
+    end
+    def pro?
+      id == 'pro'
+    end
+    def error
+      @response['error']
+    end
+    def properties
+      @response.slice 'valid', 'id', 'error'
+    end
+    def abilities
+      []
+    end
+    def can(ability)
+      abilities.include? ability
+    end
+    def cant(ability)
+      !can ability
+    end
+    alias_method :has, :can
+    alias_method :lacks, :cant
+  end
+end

data/lib/avo/app/licensing/license_manager.rb ADDED

@@ -0,0 +1,25 @@
+require_relative 'license'
+require_relative 'community_license'
+require_relative 'pro_license'
+require_relative 'null_license'
+module Avo
+  class LicenseManager
+    def initialize(hq_response)
+      @hq_response = hq_response
+    end
+    def license
+      return NullLicense.new if Rails.env.test? and ENV['RUN_WITH_NULL_LICENSE'] == '1'
+      case @hq_response['id']
+      when 'community'
+        CommunityLicense.new @hq_response
+      when 'pro'
+        ProLicense.new @hq_response
+      else
+        NullLicense.new @hq_response
+      end
+    end
+  end
+end

data/lib/avo/app/licensing/null_license.rb ADDED

@@ -0,0 +1,12 @@
+module Avo
+  class NullLicense < License
+    def initialize(response = nil)
+      response ||= {
+        id: 'community',
+        valid: true,
+      }
+      super(response)
+    end
+  end
+end

data/lib/avo/app/licensing/pro_license.rb ADDED

@@ -0,0 +1,9 @@
+module Avo
+  class ProLicense < License
+    def abilities
+      [
+        :authorization,
+      ]
+    end
+  end
+end

data/lib/avo/app/resource.rb CHANGED

@@ -12,14 +12,17 @@ module Avo
       attr_reader :default_view_type
       class << self
-        def hydrate_resource(model, resource, view = :index)
-          default_panel_name = "#{resource.name} details"
+        def hydrate_resource(model:, resource:, view: :index, user:)
+          default_panel_name = I18n.t 'avo.resource_details', name: resource.name
           resource_with_fields = {
             id: model.id,
-            resource_name_singular: resource.resource_name_singular,
-            resource_name_plural: resource.resource_name_plural,
+            authorization: get_authorization(user, model),
+            singular_name: resource.singular_name,
+            plural_name: resource.plural_name,
             title: model[resource.title],
+            translation_key: resource.translation_key,
+            path: resource.url,
             fields: [],
             grid_fields: {},
             panels: [{
@@ -39,6 +42,8 @@ module Avo
             furnished_field = field.fetch_for_resource(model, resource, view)
+            next unless field_resource_authorized field, furnished_field, user
             next if furnished_field.blank?
             furnished_field[:panel_name] = default_panel_name
@@ -74,19 +79,41 @@ module Avo
           "/resources/#{url}"
         end
+        def get_authorization(user, model)
+          [:create, :edit, :update, :show, :destroy].map do |action|
+            [action, AuthorizationService::authorize_action(user, model, action)]
+          end.to_h
+        end
+        def field_resource_authorized(field, furnished_field, user)
+          if [Avo::Fields::HasManyField, Avo::Fields::HasAndBelongsToManyField].include? field.class
+            return true if furnished_field[:relationship_model].nil?
+            AuthorizationService.authorize user, furnished_field[:relationship_model].safe_constantize, Avo.configuration.authorization_methods.stringify_keys['index']
+          else
+            true
+          end
+        end
       end
       def name
         return @name if @name.present?
+        return I18n.t(@translation_key, count: 1).capitalize if @translation_key
         self.class.name.demodulize.titlecase
       end
-      def resource_name_singular
+      def singular_name
+        return I18n.t(@translation_key, count: 1).capitalize if @translation_key
         name
       end
-      def resource_name_plural
+      def plural_name
+        return I18n.t(@translation_key, count: 2).capitalize if @translation_key
         name.pluralize
       end
@@ -108,6 +135,10 @@ module Avo
         'id'
       end
+      def translation_key
+        @translation_key
+      end
       def model
         return @model if @model.present?
@@ -138,26 +169,26 @@ module Avo
         @search
       end
-      def query_search(query: '', via_resource_name: , via_resource_id:)
-        db_query = self.model
+      def query_search(query: '', via_resource_name: , via_resource_id:, user:)
+        model_class = self.model
+        db_query = AuthorizationService.with_policy(user, model_class)
         if via_resource_name.present?
-          related_resource = App.get_resource_by_name(via_resource_name)
-          related_model = related_resource.model
-          db_query = related_model.find(via_resource_id).public_send(self.resource_name_plural.downcase)
+          related_model = App.get_resource_by_name(via_resource_name).model
+          db_query = related_model.find(via_resource_id).public_send(self.plural_name.downcase)
         end
+        new_query = []
         [self.search].flatten.each_with_index do |search_by, index|
-          query_string = "text(#{search_by}) ILIKE '%#{query}%'"
+          new_query.push 'or' if index != 0
-          if index == 0
-            db_query = db_query.where query_string
-          else
-            db_query = db_query.or(self.model.where query_string)
-          end
+          new_query.push "text(#{search_by}) ILIKE '%#{query}%'"
         end
-        db_query.select("#{:id}, #{title} as \"name\"")
+        db_query.where(new_query.join(' '))
       end
       def model

data/lib/avo/app/services/authorization_service.rb ADDED

@@ -0,0 +1,40 @@
+module Avo
+  class AuthorizationService
+    class << self
+      def authorize(user, record, action)
+        return true if skip_authorization
+        begin
+          if Pundit.policy user, record
+            Pundit.authorize user, record, action
+          end
+          true
+        rescue Pundit::NotAuthorizedError => error
+          false
+        end
+      end
+      def authorize_action(user, record, action)
+        action = Avo.configuration.authorization_methods.stringify_keys[action.to_s]
+        return true if action.nil?
+        authorize user, record, action
+      end
+      def with_policy(user, model)
+        return model if skip_authorization
+        begin
+          Pundit.policy_scope! user, model
+        rescue => exception
+          model
+        end
+      end
+      def skip_authorization
+        Avo::App.license.lacks :authorization
+      end
+    end
+  end
+end