avo 2.11.0 → 2.11.1.pre.3

data/app/controllers/avo/application_controller.rb

@@ -21,6 +21,7 @@ module Avo
     before_action :set_container_classes
     before_action :add_initial_breadcrumbs
     before_action :set_view
+    before_action :set_sidebar_open
 
     rescue_from Pundit::NotAuthorizedError, with: :render_unauthorized
     rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
@@ -129,7 +130,11 @@ module Avo
     end
 
     def set_related_model
-      @related_model = eager_load_files(@related_resource, @related_resource.class.find_scope).find params[:related_id]
+      @related_model = if @field.is_a? Avo::Fields::HasOneField
+        @model.send params[:related_name]
+      else
+        eager_load_files(@related_resource, @model.send(params[:related_name])).find params[:related_id]
+      end
     end
 
     def set_view
@@ -155,15 +160,20 @@ module Avo
     end
 
     def hydrate_related_resource
-      @related_resource.hydrate(view: action_name.to_sym, user: _current_user)
+      @related_resource.hydrate(view: action_name.to_sym, user: _current_user, model: @model)
     end
 
-    def authorize_action
-      if @model.present?
-        @authorization.set_record(@model).authorize_action action_name.to_sym
-      else
-        @authorization.set_record(@resource.model_class).authorize_action action_name.to_sym
-      end
+    def authorize_base_action
+      class_to_authorize = @model || @resource.model_class
+
+      authorize_action class_to_authorize
+    end
+
+    def authorize_action(class_to_authorize, action = nil)
+      # Use the provided action or figure it out from the request
+      action_to_authorize = action || action_name
+
+      @authorization.set_record(class_to_authorize).authorize_action action_to_authorize.to_sym
     end
 
     # Get the pluralized resource name for this request
@@ -310,10 +320,15 @@ module Avo
 
     def default_url_options
       if params[:force_locale].present?
-        { **super, force_locale: params[:force_locale] }
+        {**super, force_locale: params[:force_locale]}
       else
         super
       end
     end
+
+    def set_sidebar_open
+      value = cookies["#{Avo::COOKIES_KEY}.sidebar.open"]
+      @sidebar_open = value.blank? || value == '1'
+    end
   end
 end

data/app/controllers/avo/associations_controller.rb

@@ -5,12 +5,16 @@ module Avo
     before_action :set_model, only: [:show, :index, :new, :create, :destroy, :order]
     before_action :set_related_resource_name
     before_action :set_related_resource, only: [:show, :index, :new, :create, :destroy, :order]
-    before_action :hydrate_related_resource, only: [:show, :index, :new, :create, :destroy, :order]
+    before_action :set_reflection_field
+    before_action :hydrate_related_resource, only: [:show, :index, :create, :destroy, :order]
     before_action :set_related_model, only: [:show, :order]
+    before_action :set_reflection
     before_action :set_attachment_class, only: [:show, :index, :new, :create, :destroy, :order]
     before_action :set_attachment_resource, only: [:show, :index, :new, :create, :destroy, :order]
     before_action :set_attachment_model, only: [:create, :destroy, :order]
-    before_action :set_reflection, only: [:index, :show, :order]
+    before_action :authorize_index_action, only: :index
+    before_action :authorize_attach_action, only: :new
+    before_action :authorize_detach_action, only: :destroy
 
     def index
       @parent_resource = @resource.dup
@@ -28,6 +32,8 @@ module Avo
     end
 
     def show
+      @parent_resource, @parent_model = @resource, @model
+
       @resource, @model = @related_resource, @related_model
 
       super
@@ -36,12 +42,6 @@ module Avo
     def new
       @resource.hydrate(model: @model)
 
-      begin
-        @field = @resource.get_field_definitions.find { |f| f.id == @related_resource_name.to_sym }
-        @field.hydrate(resource: @resource, model: @model, view: :new)
-      rescue
-      end
-
       if @field.present? && !@field.searchable
         query = @authorization.apply_policy @attachment_class
 
@@ -93,8 +93,12 @@ module Avo
 
     private
 
+    def set_reflection
+      @reflection = @model._reflections[params[:related_name].to_s]
+    end
+
     def set_attachment_class
-      @attachment_class = @model._reflections[params[:related_name].to_s].klass
+      @attachment_class = @reflection.klass
     end
 
     def set_attachment_resource
@@ -102,11 +106,13 @@ module Avo
     end
 
     def set_attachment_model
-      @attachment_model = @model._reflections[params[:related_name].to_s].klass.find attachment_id
+      @attachment_model = @attachment_class.find attachment_id
     end
 
-    def set_reflection
-      @reflection = @model._reflections[params[:related_name].to_s]
+    def set_reflection_field
+      @field = @resource.get_field_definitions.find { |f| f.id == @related_resource_name.to_sym }
+      @field.hydrate(resource: @resource, model: @model, view: :new)
+    rescue
     end
 
     def attachment_id
@@ -121,5 +127,25 @@ module Avo
 
       klass
     end
+
+    def authorize_if_defined(method)
+      @authorization.set_record(@model)
+
+      if @authorization.has_method?(method.to_sym)
+        @authorization.authorize_action method.to_sym
+      end
+    end
+
+    def authorize_index_action
+      authorize_if_defined "view_#{@field.id}?"
+    end
+
+    def authorize_attach_action
+      authorize_if_defined "attach_#{@field.id}?"
+    end
+
+    def authorize_detach_action
+      authorize_if_defined "detach_#{@field.id}?"
+    end
   end
 end

data/app/controllers/avo/base_controller.rb

@@ -10,7 +10,8 @@ module Avo
     before_action :set_model_to_fill
     before_action :set_edit_title_and_breadcrumbs, only: [:edit, :update]
     before_action :fill_model, only: [:create, :update]
-    before_action :authorize_action
+    # Don't run base authorizations for associations
+    before_action :authorize_base_action, if: -> {controller_name != "associations"}
 
     def index
       @page_title = @resource.plural_name.humanize
@@ -320,7 +321,9 @@ module Avo
         .map do |action|
           action.new(model: @model, resource: @resource, view: @view)
         end
-        .select { |action| action.visible_in_view }
+        .select do |action|
+          action.visible_in_view
+        end
     end
 
     def set_applied_filters
@@ -380,7 +383,6 @@ module Avo
 
         add_breadcrumb via_resource.plural_name, resources_path(resource: @resource)
         add_breadcrumb via_resource.model_title, resource_path(model: via_model, resource: via_resource)
-        puts ["via_resource.model_title->", via_resource.model_title].inspect
 
         last_crumb_args = {
           via_resource_class: params[:via_resource_class],

data/app/javascript/js/controllers/fields/date_field_controller.js

@@ -68,7 +68,14 @@ export default class extends Controller {
 
   // Turns the value in the controller wrapper into the timezone of the browser
   initShow() {
-    this.context.element.innerText = this.parsedValue.setZone(this.displayTimezone).toFormat(this.formatValue)
+    let value = this.parsedValue
+
+    // Set the zone only if the type of field is date time.
+    if (this.enableTimeValue) {
+      value = value.setZone(this.displayTimezone)
+    }
+
+    this.context.element.innerText = value.toFormat(this.formatValue)
   }
 
   initEdit() {
@@ -99,10 +106,13 @@ export default class extends Controller {
 
     // enable timezone display
     if (this.enableTimeValue) {
+      console.log(1)
       options.defaultDate = this.parsedValue.setZone(this.displayTimezone).toISO()
 
       options.dateFormat = 'Y-m-d H:i:S'
     } else {
+      console.log(2)
+
       // Because the browser treats the date like a timestamp and updates it at 00:00 hour, when on a western timezone the date will be converted with one day offset.
       // Ex: 2022-01-30 will render as 2022-01-29 on an American timezone
       options.defaultDate = universalTimestamp(this.initialValue)

data/app/javascript/js/controllers/sidebar_controller.js

@@ -0,0 +1,46 @@
+import { Controller } from '@hotwired/stimulus'
+import Cookies from 'js-cookie'
+
+export default class extends Controller {
+  static targets = ['sidebar', 'mainArea']
+
+  static values = {
+    open: Boolean,
+  }
+
+  get cookieKey() {
+    return `${window.Avo.configuration.cookies_key}.sidebar.open`
+  }
+
+  get sidebarOpen() {
+    return Cookies.get(this.cookieKey) === '1'
+  }
+
+  set cookie(state) {
+    Cookies.set(this.cookieKey, state === true ? 1 : 0)
+  }
+
+  markSidebarClosed() {
+    Cookies.set(this.cookieKey, '0')
+    this.openValue = false
+    this.mainAreaTarget.classList.remove('sidebar-open')
+  }
+
+  markSidebarOpen() {
+    Cookies.set(this.cookieKey, '1')
+    this.openValue = true
+    this.mainAreaTarget.classList.add('sidebar-open')
+  }
+
+  toggleSidebar() {
+    if (this.openValue) {
+      this.markSidebarClosed()
+    } else {
+      this.markSidebarOpen()
+    }
+  }
+
+  toggleSidebarOnMobile() {
+    this.sidebarTarget.classList.toggle('hidden')
+  }
+}

data/app/javascript/js/controllers.js

@@ -16,7 +16,6 @@ import ItemSelectorController from './controllers/item_selector_controller'
 import KeyValueController from './controllers/fields/key_value_controller'
 import LoadingButtonController from './controllers/loading_button_controller'
 import MenuController from './controllers/menu_controller'
-import MobileController from './controllers/mobile_controller'
 import ModalController from './controllers/modal_controller'
 import MultipleSelectFilterController from './controllers/multiple_select_filter_controller'
 import PerPageController from './controllers/per_page_controller'
@@ -26,6 +25,7 @@ import ResourceShowController from './controllers/resource_show_controller'
 import SearchController from './controllers/search_controller'
 import SelectController from './controllers/select_controller'
 import SelectFilterController from './controllers/select_filter_controller'
+import SidebarController from './controllers/sidebar_controller'
 import SimpleMdeController from './controllers/fields/simple_mde_controller'
 import TabsController from './controllers/tabs_controller'
 import TagsFieldController from './controllers/fields/tags_field_controller'
@@ -46,7 +46,6 @@ application.register('item-select-all', ItemSelectAllController)
 application.register('item-selector', ItemSelectorController)
 application.register('loading-button', LoadingButtonController)
 application.register('menu', MenuController)
-application.register('mobile', MobileController)
 application.register('modal', ModalController)
 application.register('multiple-select-filter', MultipleSelectFilterController)
 application.register('per-page', PerPageController)
@@ -56,6 +55,7 @@ application.register('resource-show', ResourceShowController)
 application.register('search', SearchController)
 application.register('select', SelectController)
 application.register('select-filter', SelectFilterController)
+application.register('sidebar', SidebarController)
 application.register('tabs', TabsController)
 application.register('tags-field', TagsFieldController)
 application.register('text-filter', TextFilterController)

data/app/views/avo/base/edit.html.erb

@@ -1,2 +1 @@
 <%= render Avo::Views::ResourceEditComponent.new(resource: @resource, view: @view, actions: @actions) %>
-

data/app/views/avo/base/index.html.erb

@@ -10,6 +10,7 @@
       reflection: @reflection,
       turbo_frame: params[:turbo_frame],
       parent_model: @parent_model,
+      parent_resource: @parent_resource,
       applied_filters: @applied_filters,
     )
   %>

data/app/views/avo/base/show.html.erb

@@ -1,3 +1,9 @@
 <%= render Avo::TurboFrameWrapperComponent.new(params[:turbo_frame]) do %>
-  <%= render Avo::Views::ResourceShowComponent.new(resource: @resource, reflection: @reflection, actions: @actions) %>
+  <%= render Avo::Views::ResourceShowComponent.new(
+    resource: @resource,
+    reflection: @reflection,
+    actions: @actions,
+    parent_model: @parent_model,
+    parent_resource: @parent_resource,
+  ) %>
 <% end %>

data/app/views/avo/partials/_javascript.html.erb

@@ -3,4 +3,5 @@
   Avo.configuration.timezone = '<%= Avo.configuration.timezone %>'
   Avo.configuration.root_path = '<%= root_path_without_url %>'
   Avo.configuration.search_debounce = '<%= Avo.configuration.search_debounce %>'
+  Avo.configuration.cookies_key = '<%= Avo::COOKIES_KEY %>'
 <% end %>

data/app/views/avo/partials/_navbar.html.erb

@@ -2,8 +2,11 @@
   class="fixed bg-white p-2 w-full flex flex-shrink-0 items-center z-50 px-4 lg:px-4 border-b space-x-4 lg:space-x-0 h-16 <%= 'print:hidden' if Avo.configuration.hide_layout_when_printing %>"
   v-if="layout !== 'blank'"
 >
-  <div class="flex items-center space-x-2 lg:space-x-0 w-auto lg:w-64 flex-shrink-0 h-full">
-    <%= a_button class: 'lg:hidden', icon: 'menu', size: :xs, compact: true, style: :text, data: { action: 'click->mobile#toggleSidebar' } %>
+  <div class="flex items-center space-x-2 w-auto lg:w-64 flex-shrink-0 h-full">
+    <div>
+      <%= a_button class: 'lg:hidden', icon: 'menu', size: :xs, compact: true, style: :text, data: { action: 'click->sidebar#toggleSidebarOnMobile' } %>
+      <%= a_button class: 'hidden lg:block', icon: 'menu', size: :xs, compact: true, style: :text, data: { action: 'click->sidebar#toggleSidebar' } %>
+    </div>
     <%= render partial: "avo/partials/logo" %>
   </div>
   <div class="flex-1 flex items-center justify-between lg:justify-start space-x-2 sm:space-x-8 lg:pl-4">

data/app/views/layouts/avo/application.html.erb

@@ -19,12 +19,12 @@
     <% end %>
   </head>
   <body class="bg-gray-25 os-mac">
-    <div class="relative flex flex-1 w-full min-h-full" data-controller="mobile">
+    <div class="relative flex flex-1 w-full min-h-full" data-controller="sidebar" data-sidebar-open-value="<%= @sidebar_open %>">
       <div class="flex-1 flex flex-col max-w-full">
         <%= render partial: "avo/partials/navbar" %>
-        <div class="flex-1 flex pt-16 relative">
+        <div data-sidebar-target="mainArea" class="content-area flex-1 flex pt-16 relative <%= 'sidebar-open' if @sidebar_open %>">
           <%= render Avo::SidebarComponent.new %>
-          <div class="lg:pl-64 flex-1 flex flex-col min-h-full max-w-full">
+          <div class="main-content-area flex-1 flex flex-col min-h-full max-w-full">
             <div class="content p-4 lg:p-6 flex-1 flex flex-col justify-between items-stretch <%= @container_classes %>">
               <%= render partial: "avo/partials/custom_tools_alert" %>
               <div class="flex flex-1 flex-col justify-between items-stretch space-y-8">

data/avo.gemspec

@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "httparty"
   spec.add_dependency "active_link_to"
   spec.add_dependency "image_processing"
-  spec.add_dependency "view_component"
+  spec.add_dependency "view_component", "2.60"
   spec.add_dependency "hotwire-rails"
   spec.add_dependency "addressable"
   spec.add_dependency "meta-tags"

data/lib/avo/base_action.rb

@@ -1,7 +1,5 @@
 module Avo
   class BaseAction
-    extend HasContext
-
     include Avo::Concerns::HasFields
 
     class_attribute :name, default: nil
@@ -23,8 +21,16 @@ module Avo
     attr_accessor :user
 
     delegate :view, to: :class
+    delegate :context, to: ::Avo::App
+    delegate :current_user, to: ::Avo::App
+    delegate :params, to: ::Avo::App
+    delegate :view_context, to: ::Avo::App
+    delegate :avo, to: :view_context
+    delegate :main_app, to: :view_context
 
     class << self
+      delegate :context, to: ::Avo::App
+
       def form_data_attributes
         # We can't respond with a file download from Turbo se we disable it on the form
         if may_download_file
@@ -64,10 +70,6 @@ module Avo
       @response[:messages] = []
     end
 
-    def context
-      self.class.context
-    end
-
     def get_attributes_for_action
       get_fields.map do |field|
         [field.id, field.value]

data/lib/avo/base_resource.rb

@@ -1,7 +1,6 @@
 module Avo
   class BaseResource
     extend ActiveSupport::DescendantsTracker
-    extend HasContext
 
     include ActionView::Helpers::UrlHelper
     include Avo::Concerns::HasModel
@@ -18,6 +17,7 @@ module Avo
     delegate :resource_path, to: :view_context
     delegate :resources_path, to: :view_context
     delegate :t, to: ::I18n
+    delegate :context, to: ::Avo::App
 
     attr_accessor :view
     attr_accessor :model
@@ -50,6 +50,7 @@ module Avo
 
     class << self
       delegate :t, to: ::I18n
+      delegate :context, to: ::Avo::App
 
       def grid(&block)
         grid_collector = GridCollector.new
@@ -244,10 +245,6 @@ module Avo
       view_types
     end
 
-    def context
-      self.class.context
-    end
-
     def attached_file_fields
       get_field_definitions.select do |field|
         [Avo::Fields::FileField, Avo::Fields::FilesField].include? field.class

data/lib/avo/concerns/has_fields.rb

@@ -252,9 +252,14 @@ module Avo
           if item.respond_to? :visible_on?
             next unless item.visible_on?(view)
           end
+          # each field has it's own visibility checker
           if item.respond_to? :visible?
             next unless item.visible?
           end
+          # check if the user is authorized to view it
+          if item.respond_to? :authorized?
+            next unless item.hydrate(model: @model).authorized?
+          end
 
           if item.is_field?
             if item.has_own_panel?

data/lib/avo/concerns/has_html_attributes.rb

@@ -58,7 +58,7 @@ module Avo
             end
             .to_h
 
-          extra_attributes.merge attributes
+          attributes.merge extra_attributes
         else
           attributes
         end

data/lib/avo/fields/has_base_field.rb

@@ -78,6 +78,17 @@ module Avo
 
         super view
       end
+
+      def authorized?
+        method = "view_#{id}?".to_sym
+        service = resource.authorization
+
+        if service.has_method? method
+          service.authorize_action(method, raise_exception: false)
+        else
+          true
+        end
+      end
     end
   end
 end

data/lib/avo/fields/text_field.rb

@@ -3,12 +3,14 @@ module Avo
     class TextField < BaseField
       attr_reader :link_to_resource
       attr_reader :as_html
+      attr_reader :protocol
 
       def initialize(id, **args, &block)
         super(id, **args, &block)
 
-        @link_to_resource = args[:link_to_resource].present? ? args[:link_to_resource] : false
-        @as_html = args[:as_html].present? ? args[:as_html] : false
+        add_boolean_prop args, :link_to_resource
+        add_boolean_prop args, :as_html
+        add_string_prop args, :protocol
       end
     end
   end

data/lib/avo/services/authorization_service.rb

@@ -4,43 +4,6 @@ module Avo
       attr_accessor :user
       attr_accessor :record
 
-      def initialize(user = nil, record = nil)
-        @user = user
-        @record = record
-      end
-
-      def authorize(action, **args)
-        self.class.authorize(user, record, action, **args)
-      end
-
-      def set_record(record)
-        @record = record
-
-        self
-      end
-
-      def set_user(user)
-        @user = user
-
-        self
-      end
-
-      def authorize_action(action, **args)
-        self.class.authorize_action(user, record, action, **args)
-      end
-
-      def apply_policy(model)
-        self.class.apply_policy(user, model)
-      end
-
-      def defined_methods(model, **args)
-        self.class.defined_methods(user, model, **args)
-      end
-
-      def has_method?(method, **args)
-        self.class.defined_methods(user, record, **args).include? method.to_sym
-      end
-
       class << self
         def authorize(user, record, action, **args)
           return true if skip_authorization
@@ -111,6 +74,10 @@ module Avo
 
         def defined_methods(user, record, **args)
           Pundit.policy!(user, record).methods
+        rescue Pundit::NotDefinedError => e
+          return [] unless Avo.configuration.raise_error_on_missing_policy
+
+          raise e
         rescue => error
           if args[:raise_exception] == false
             []
@@ -119,6 +86,43 @@ module Avo
           end
         end
       end
+
+      def initialize(user = nil, record = nil)
+        @user = user
+        @record = record
+      end
+
+      def authorize(action, **args)
+        self.class.authorize(user, record, action, **args)
+      end
+
+      def set_record(record)
+        @record = record
+
+        self
+      end
+
+      def set_user(user)
+        @user = user
+
+        self
+      end
+
+      def authorize_action(action, **args)
+        self.class.authorize_action(user, record, action, **args)
+      end
+
+      def apply_policy(model)
+        self.class.apply_policy(user, model)
+      end
+
+      def defined_methods(model, **args)
+        self.class.defined_methods(user, model, **args)
+      end
+
+      def has_method?(method, **args)
+        defined_methods(record, **args).include? method.to_sym
+      end
     end
   end
 end

data/lib/avo/version.rb

@@ -1,3 +1,3 @@
 module Avo
-  VERSION = "2.11.0" unless const_defined?(:VERSION)
+  VERSION = "2.11.1.pre.3" unless const_defined?(:VERSION)
 end

data/lib/avo.rb

@@ -39,6 +39,7 @@ module Avo
   ROOT_PATH = Pathname.new(File.join(__dir__, ".."))
   IN_DEVELOPMENT = ENV["AVO_IN_DEVELOPMENT"] == "1"
   PACKED = !IN_DEVELOPMENT
+  COOKIES_KEY = "avo"
 
   class LicenseVerificationTemperedError < StandardError; end