RubyGems - avo - Versions diffs - 0.4.1 → 0.4.6 - Mend

avo 0.4.1 → 0.4.6

Potentially problematic release.

This version of avo might be problematic. Click here for more details.

Files changed (42) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12b4c2f7a1b63d7296ac6f9b8edb5f133884ca5b10d1ed5c5a85e230364dad07
-  data.tar.gz: 5dd72ab388c40de38a1a36e3bf077360afabf0e75fe1922feec31f1cc9cd7913
+  metadata.gz: f524eb45dfab913083b9fc23de6c35146d59436336d3e444ae8b525b9a70e6b2
+  data.tar.gz: 4075e8ca48aff4aa7cbd21a52ee6b6e67535a0bcf69652ed3f9298d39fbfde2f
 SHA512:
-  metadata.gz: d2369b3f99c6244a3e0a4966cac220283f2f2bef7c99edbc31e56407f4a3100460691b663486a7bf96626eee5086861e3295f6e04f066cedff79c25f9b4927c5
-  data.tar.gz: d98ce0432dfa0157ea480f21bb028c65bc33e9e2a59e88731efbde478806dcae96a04524ce04993741778329bddaa7083a8be69b71bea4b1282b2219550e2b01
+  metadata.gz: e3c1a13390fee90c6fb892eeae21d66151a66aa29055d16437251060f341bd86eba8315caf0a249330ee5d5f4b1943276cf79862e0bb361ec07f5ba7df50fc1d
+  data.tar.gz: 402ded6bc6111f30321d03eb2282895acdc25761567efb42e260e7c971854a305022f13afe8d300c947792796e2e5fe17c0f36204938ce14c05f4679cc214ccc

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    avo (0.4.1)
+    avo (0.4.6)
       countries
       httparty
       i18n-js

data/app/controllers/avo/application_controller.rb CHANGED

@@ -3,6 +3,9 @@ module Avo
     rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
     protect_from_forgery with: :exception
     before_action :init_app
+    before_action :_authenticate!
+    helper_method :_current_user
     def init_app
       Avo::App.boot if Avo::IN_DEVELOPMENT
@@ -22,6 +25,10 @@ module Avo
       end
     end
+    def _current_user
+      instance_eval(&Avo.configuration.current_user)
+    end
     private
       def resource
         eager_load_files(resource_model).find params[:id]
@@ -54,11 +61,15 @@ module Avo
           record = resource
         end
-        return render_unauthorized unless AuthorizationService::authorize_action current_user, record, params[:action]
+        return render_unauthorized unless AuthorizationService::authorize_action _current_user, record, params[:action]
       end
       def render_unauthorized
         render json: { message: I18n.t('avo.unauthorized') }, status: 403
       end
+      def _authenticate!
+        instance_eval(&Avo.configuration.authenticate)
+      end
   end
 end

data/app/controllers/avo/relations_controller.rb CHANGED

@@ -28,7 +28,7 @@ module Avo
       end
       def attachment_model
-        attachment_class.safe_constantize.find params[:attachment_id]
+        resource._reflections[params[:attachment_name].to_s].klass.find params[:attachment_id]
       end
   end
 end

data/app/controllers/avo/resource_overview_controller.rb CHANGED

@@ -4,7 +4,7 @@ module Avo
   class ResourceOverviewController < ApplicationController
     def index
       resources = App.get_resources
-        .select { |resource| AuthorizationService::authorize session_user, resource.model, Avo.configuration.authorization_methods.stringify_keys['index'] }
+        .select { |resource| AuthorizationService::authorize _current_user, resource.model, Avo.configuration.authorization_methods.stringify_keys['index'] }
         .sort_by(&:name)
         .map do |resource|
           {
@@ -20,10 +20,5 @@ module Avo
         hide_docs: Avo.configuration.hide_documentation_link,
       }
     end
-    private
-      def session_user
-        current_user.present? ? current_user : nil
-      end
   end
 end

data/app/controllers/avo/resources_controller.rb CHANGED

@@ -10,14 +10,14 @@ module Avo
       params[:sort_by] = params[:sort_by].present? ? params[:sort_by] : :created_at
       params[:sort_direction] = params[:sort_direction].present? ? params[:sort_direction] : :desc
-      query = AuthorizationService.with_policy current_user, resource_model
+      query = AuthorizationService.with_policy _current_user, resource_model
       if params[:via_resource_name].present? and params[:via_resource_id].present? and params[:via_relationship].present?
         # get the related resource (via_resource)
         related_model = App.get_resource_by_name(params[:via_resource_name]).model
         relation = related_model.find(params[:via_resource_id]).public_send(params[:via_relationship])
-        query = AuthorizationService.with_policy current_user, relation
+        query = AuthorizationService.with_policy _current_user, relation
         params[:per_page] = Avo.configuration.via_per_page
       elsif ['has_many', 'has_and_belongs_to_many'].include? params[:for_relation]
@@ -52,7 +52,7 @@ module Avo
       resources_with_fields = []
       resources.each do |resource|
-        resources_with_fields << Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :index, user: current_user)
+        resources_with_fields << Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :index, user: _current_user)
       end
       render json: {
@@ -66,7 +66,7 @@ module Avo
     def show
       render json: {
-        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: @view || :show, user: current_user),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: @view || :show, user: _current_user),
       }
     end
@@ -94,7 +94,7 @@ module Avo
       render json: {
         success: true,
-        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :show, user: current_user),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :show, user: _current_user),
         message: I18n.t('avo.resource_updated'),
       }
     end
@@ -117,14 +117,14 @@ module Avo
       render json: {
         success: true,
-        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :create, user: current_user),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :create, user: _current_user),
         message: I18n.t('avo.resource_created'),
       }
     end
     def new
       render json: {
-        resource: Avo::Resources::Resource.hydrate_resource(model: resource_model.new, resource: avo_resource, view: :create, user: current_user),
+        resource: Avo::Resources::Resource.hydrate_resource(model: resource_model.new, resource: avo_resource, view: :create, user: _current_user),
       }
     end
@@ -224,8 +224,8 @@ module Avo
         avo_resource.get_filters.each do |filter_class|
           filter = filter_class.new
-          if filter.default_value.present?
-            filter_defaults[filter_class.to_s] = filter.default_value
+          if filter.default.present?
+            filter_defaults[filter_class.to_s] = filter.default
           end
         end
@@ -252,17 +252,11 @@ module Avo
       def build_meta
         {
-          per_page_steps: Avo.configuration.per_page_steps,
+          per_page_steps: [*Avo.configuration.per_page_steps, Avo.configuration.per_page.to_i].sort.uniq,
           available_view_types: avo_resource.available_view_types,
           default_view_type: avo_resource.default_view_type || Avo.configuration.default_view_type,
           translation_key: avo_resource.translation_key,
-          authorization: {
-            create: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['create']),
-            edit: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['edit']),
-            update: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['update']),
-            show: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['show']),
-            destroy: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['destroy']),
-          },
+          authorization: AuthorizationService::authorized_methods(_current_user, avo_resource.model)
         }
       end
   end

data/app/controllers/avo/search_controller.rb CHANGED

@@ -9,7 +9,7 @@ module Avo
       resources_to_search_through = App.get_resources
         .select { |resource| resource.search.present? }
-        .select { |resource| AuthorizationService.authorize_action current_user, resource.model, 'index' }
+        .select { |resource| AuthorizationService.authorize_action _current_user, resource.model, 'index' }
         .each do |resource_model|
           found_resources = add_link_to_search_results(search_resource(resource_model), resource_model)
           resources.push({
@@ -41,7 +41,7 @@ module Avo
       end
       def search_resource(avo_resource)
-        avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id], user: current_user)
+        avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id], user: _current_user)
       end
       def authorize_user
@@ -49,7 +49,7 @@ module Avo
         action = params[:action] == 'resource' ? :index : params[:action]
-        return render_unauthorized unless AuthorizationService::authorize_action current_user, avo_resource.model, action
+        return render_unauthorized unless AuthorizationService::authorize_action _current_user, avo_resource.model, action
       end
   end
 end

data/app/views/layouts/avo/_javascript.html.erb CHANGED

@@ -1,8 +1,8 @@
-<script>
+<%= javascript_tag nonce: true do %>
   var rootPath = '<%= Avo.configuration.root_path %>';
   var timezone = '<%= Avo.configuration.timezone %>';
   var locale = '<%= Avo.configuration.locale %>';
   var defaultViewType = '<%= Avo.configuration.default_view_type %>';
   var license = <%= Avo::App.license.properties.to_json.html_safe %>;
-  var avoResources = <%= Avo::App.get_available_resources(current_user).as_json.html_safe %>;
-</script>
+  var avoResources = <%= Avo::App.get_available_resources(_current_user).as_json.html_safe %>;
+<% end %>

data/app/views/layouts/avo/_translations.html.erb CHANGED

@@ -1,5 +1,5 @@
-<script>
+<%= javascript_tag nonce: true do %>
   I18n.defaultLocale = 'en';
   I18n.locale = "<%= Avo.configuration.language_code %>";
-</script>
+<% end %>
 <%= javascript_include_tag 'translations', skip_pipeline: true %>

data/app/views/layouts/avo/application.html.erb CHANGED

@@ -30,8 +30,8 @@
         </template>
       </application-sidebar>
-      <div class="flex-1 h-full overflow-auto">
-        <div class="relative bg-white p-2 shadow-md h-16 w-full flex items-center z-50" v-if="layout !== 'blank'">
+      <div class="flex-1 flex flex-col h-full overflow-auto">
+        <div class="relative bg-white p-2 shadow-md h-16 w-full flex flex-shrink-0 items-center z-50" v-if="layout !== 'blank'">
           <div class="ml-6">
             <%= render_header %>
           </div>
@@ -46,7 +46,7 @@
           <%= yield %>
         </div>
-        <div class="content p-8" v-else>
+        <div class="content p-8 flex-1 flex flex-col justify-between items-stretch" v-else>
           <%= yield %>
           <%= render_footer %>
         </div>

data/lib/avo/app/app.rb CHANGED

@@ -132,6 +132,16 @@ module Avo
         self.get_resource name.singularize.camelize
       end
+      # This returns the Avo resource by singular snake_cased name
+      #
+      # get_resource_by_name('User') => Avo::Resources::User
+      # get_resource_by_name(User) => Avo::Resources::User
+      def get_resource_by_model_name(name)
+        get_resources.find do |resource|
+          resource.class.name.demodulize == name.to_s
+        end
+      end
       # This returns the Rails model class by singular snake_cased name
       #
       # get_model_class_by_name('user') => User

data/lib/avo/app/fields/belongs_to.rb CHANGED

@@ -22,7 +22,8 @@ module Avo
         fields[:searchable] = @searchable
         fields[:is_relation] = true
         fields[:database_id] = foreign_key model
-        target_resource = App.get_resources.find { |r| r.class == "Avo::Resources::#{name}".safe_constantize }
+        target_resource = get_target_resource model
         relation_model = model.public_send(@relation_method)
@@ -61,6 +62,16 @@ module Avo
           model.class.reflections[@relation_method].foreign_key
         end
       end
+      def get_target_resource(model)
+        if model._reflections[id.to_s].klass.present?
+          App.get_resource_by_model_name model._reflections[id.to_s].klass.to_s
+        elsif model._reflections[id.to_s].options[:class_name].present?
+          App.get_resource_by_model_name model._reflections[id.to_s].options[:class_name]
+        else
+          App.get_resource_by_name class_name.to_s
+        end
+      end
     end
   end
 end

data/lib/avo/app/fields/has_many.rb CHANGED

@@ -6,6 +6,7 @@ module Avo
           updatable: false,
           component: 'has-many-field'
         }
+        @through = args[:through]
         super(name, **args, &block)
@@ -27,6 +28,7 @@ module Avo
         fields[:relation_class] = target_resource.class.to_s
         fields[:path] = target_resource.url
         fields[:relationship] = :has_many
+        fields[:through] = @through
         fields[:relationship_model] = target_resource.model.name
         fields
@@ -40,8 +42,8 @@ module Avo
         if @resource.present?
           App.get_resources.find { |r| r.class == @resource }
         else
-          class_name = model._reflections[id.to_s].options[:class_name].present? ? model._reflections[id.to_s].options[:class_name] : model._reflections[id.to_s].name
-          App.get_resources.find { |r| r.class == "Avo::Resources::#{class_name.to_s.camelcase.singularize}".safe_constantize }
+          class_name = model._reflections[id.to_s].options[:class_name].present? ? model._reflections[id.to_s].options[:class_name] : model._reflections[id.to_s].klass.name
+          App.get_resource_by_model_name class_name
         end
       end
     end

data/lib/avo/app/filter.rb CHANGED

@@ -4,8 +4,6 @@ module Avo
     attr_accessor :component
     attr_accessor :default
-    @@default = nil
     def initialize
       @name ||= 'Filter'
       @component ||= 'boolean-filter'
@@ -18,7 +16,7 @@ module Avo
         name: name,
         options: options,
         component: component,
-        default: default_value,
+        default: default,
         filter_class: self.class.to_s,
       }
     end
@@ -32,14 +30,5 @@ module Avo
     def id
       self.class.name.underscore.gsub('/', '_')
     end
-    # These methods helps us set a default value in the testing environment
-    def default_value
-      @@default || default
-    end
-    def self.set_default(value)
-      @@default = value
-    end
   end
 end

data/lib/avo/app/resource.rb CHANGED

@@ -13,7 +13,14 @@ module Avo
       class << self
         def hydrate_resource(model:, resource:, view: :index, user:)
-          default_panel_name = I18n.t 'avo.resource_details', name: resource.name
+          case view
+          when :show
+            panel_name = I18n.t 'avo.resource_details', name: resource.name.downcase.upcase_first
+          when :edit
+            panel_name = I18n.t('avo.edit_item', item: resource.name.downcase).upcase_first
+          when :create
+            panel_name = I18n.t('avo.create_new_item', item: resource.name.downcase).upcase_first
+          end
           resource_with_fields = {
             id: model.id,
@@ -26,7 +33,7 @@ module Avo
             fields: [],
             grid_fields: {},
             panels: [{
-              name: default_panel_name,
+              name: panel_name,
               component: 'panel',
             }]
           }
@@ -46,7 +53,7 @@ module Avo
             next if furnished_field.blank?
-            furnished_field[:panel_name] = default_panel_name
+            furnished_field[:panel_name] = panel_name
             furnished_field[:show_on_show] = field.show_on_show
             if field.has_own_panel?

data/lib/avo/app/services/authorization_service.rb CHANGED

@@ -3,6 +3,7 @@ module Avo
     class << self
       def authorize(user, record, action)
         return true if skip_authorization
+        return true if user.nil?
         begin
           if Pundit.policy user, record
@@ -24,6 +25,7 @@ module Avo
       def with_policy(user, model)
         return model if skip_authorization
+        return model if user.nil?
         begin
           Pundit.policy_scope! user, model
@@ -35,6 +37,12 @@ module Avo
       def skip_authorization
         Avo::App.license.lacks :authorization
       end
+      def authorized_methods(user, record)
+        [:create, :edit, :update, :show, :destroy].map do |method|
+          [method, authorize(user, record, Avo.configuration.authorization_methods[method])]
+        end.to_h
+      end
     end
   end
 end

data/lib/avo/configuration.rb CHANGED

@@ -14,6 +14,8 @@ module Avo
     attr_accessor :license
     attr_accessor :license_key
     attr_accessor :authorization_methods
+    attr_accessor :authenticate
+    attr_accessor :current_user
     def initialize
       @root_path = '/avo'
@@ -29,6 +31,8 @@ module Avo
       @hide_documentation_link = false
       @license = 'community'
       @license_key = nil
+      @current_user = proc {}
+      @authenticate = proc {}
       @authorization_methods = {
         index: 'index?',
         show: 'show?',
@@ -51,6 +55,14 @@ module Avo
         'en'
       end
     end
+    def current_user_method(&block)
+      @current_user = block if block.present?
+    end
+    def authenticate_with(&block)
+      @authenticate = block if block.present?
+    end
   end
   def self.configuration