avo 2.15.3 → 2.16.1.pre.1.nativefields

data/app/javascript/js/controllers/search_controller.js

@@ -25,6 +25,8 @@ export default class extends Controller {
 
   debouncedFetch = debouncePromise(fetch, this.searchDebounce);
 
+  destroyMethod;
+
   get dataset() {
     return this.autocompleteTarget.dataset
   }
@@ -56,97 +58,52 @@ export default class extends Controller {
     return this.dataset.searchResource === 'global'
   }
 
-  searchUrl(query) {
-    const url = URI()
-
-    return url.segment(this.searchSegments()).search(this.searchParams(query)).toString()
-  }
-
-  searchSegments() {
-    let segments = [
-      window.Avo.configuration.root_path,
-      'avo_api',
-      this.dataset.searchResource,
-      'search',
-    ]
-
-    if (this.isGlobalSearch) {
-      segments = [window.Avo.configuration.root_path, 'avo_api', 'search']
-    }
-
-    return segments
-  }
-
-  searchParams(query) {
-    let params = {
-      q: query,
-      global: false,
-    }
-
-    if (this.isGlobalSearch) {
-      params.global = true
-    }
+  connect() {
+    const that = this
 
-    if (this.isBelongsToSearch || this.isHasManySearch) {
-      params = this.addAssociationParams(params)
-      params = this.addReflectionParams(params)
+    this.buttonTarget.onclick = () => this.showSearchPanel()
 
-      if (this.isBelongsToSearch) {
-        params = {
-          ...params,
-          // eslint-disable-next-line camelcase
-          via_parent_resource_id: this.dataset.viaParentResourceId,
-          // eslint-disable-next-line camelcase
-          via_parent_resource_class: this.dataset.viaParentResourceClass,
-          // eslint-disable-next-line camelcase
-          via_relation: this.dataset.viaRelation,
-        }
+    this.clearValueTargets.forEach((target) => {
+      if (target.getAttribute('value') && this.hasClearButtonTarget) {
+        this.clearButtonTarget.classList.remove('hidden')
       }
-    }
-
-    return params
-  }
+    })
 
-  addAssociationParams(params) {
-    params = {
-      ...params,
-      // eslint-disable-next-line camelcase
-      via_association: this.dataset.viaAssociation,
-      // eslint-disable-next-line camelcase
-      via_association_id: this.dataset.viaAssociationId,
+    if (this.isGlobalSearch) {
+      Mousetrap.bind(['command+k', 'ctrl+k'], () => this.showSearchPanel())
     }
 
-    return params
-  }
-
-  addReflectionParams(params) {
-    params = {
-      ...params,
-      // eslint-disable-next-line camelcase
-      via_reflection_class: this.dataset.viaReflectionClass,
-      // eslint-disable-next-line camelcase
-      via_reflection_id: this.dataset.viaReflectionId,
-    }
+    autocomplete({
+      container: this.autocompleteTarget,
+      placeholder: this.translationKeys.placeholder,
+      translations: {
+        detachedCancelButtonText: this.translationKeys.cancel_button,
+      },
+      autoFocus: true,
+      openOnFocus: true,
+      detachedMediaQuery: '',
+      getSources: ({ query }) => {
+        document.body.classList.add('search-loading')
+        const endpoint = that.searchUrl(query)
 
-    return params
-  }
+        return that
+          .debouncedFetch(endpoint)
+          .then((response) => {
+            document.body.classList.remove('search-loading')
 
-  handleOnSelect({ item }) {
-    if (this.isBelongsToSearch) {
-      this.updateFieldAttribute(this.hiddenIdTarget, 'value', item._id)
-      this.updateFieldAttribute(this.buttonTarget, 'value', item._label)
+            return response.json()
+          })
+          .then((data) => Object.keys(data).map((resourceName) => that.addSource(resourceName, data[resourceName])))
+      },
+    })
 
-      document.querySelector('.aa-DetachedOverlay').remove()
+    // document.addEventListener('turbo:before-render', destroy)
+    // this.destroyMethod = destroy
 
-      if (this.hasClearButtonTarget) {
-        this.clearButtonTarget.classList.remove('hidden')
-      }
-    } else {
-      Turbo.visit(item._url, { action: 'advance' })
+    // When using search for belongs-to
+    if (this.buttonTarget.dataset.shouldBeDisabled !== 'true') {
+      this.buttonTarget.removeAttribute('disabled')
     }
-
-    // On searchable belongs to the class `aa-Detached` remains on the body making it unscrollable
-    document.body.classList.remove('aa-Detached')
   }
 
   addSource(resourceName, data) {
@@ -221,59 +178,106 @@ export default class extends Controller {
     }
   }
 
-  showSearchPanel() {
-    this.autocompleteTarget.querySelector('button').click()
+  handleOnSelect({ item }) {
+    if (this.isBelongsToSearch) {
+      this.updateFieldAttribute(this.hiddenIdTarget, 'value', item._id)
+      this.updateFieldAttribute(this.buttonTarget, 'value', item._label)
+
+      document.querySelector('.aa-DetachedOverlay').remove()
+
+      if (this.hasClearButtonTarget) {
+        this.clearButtonTarget.classList.remove('hidden')
+      }
+    } else {
+      Turbo.visit(item._url, { action: 'advance' })
+    }
+
+    // On searchable belongs to the class `aa-Detached` remains on the body making it unscrollable
+    document.body.classList.remove('aa-Detached')
   }
 
-  clearValue() {
-    this.clearValueTargets.map((t) => this.updateFieldAttribute(t, 'value', ''))
-    this.clearButtonTarget.classList.add('hidden')
+  searchUrl(query) {
+    const url = URI()
+
+    return url.segment(this.searchSegments()).search(this.searchParams(query)).toString()
   }
 
-  connect() {
-    const that = this
+  searchSegments() {
+    let segments = [
+      window.Avo.configuration.root_path,
+      'avo_api',
+      this.dataset.searchResource,
+      'search',
+    ]
 
-    this.buttonTarget.onclick = () => this.showSearchPanel()
+    if (this.isGlobalSearch) {
+      segments = [window.Avo.configuration.root_path, 'avo_api', 'search']
+    }
 
-    this.clearValueTargets.forEach((target) => {
-      if (target.getAttribute('value') && this.hasClearButtonTarget) {
-        this.clearButtonTarget.classList.remove('hidden')
-      }
-    })
+    return segments
+  }
+
+  searchParams(query) {
+    let params = {
+      q: query,
+      global: false,
+    }
 
     if (this.isGlobalSearch) {
-      Mousetrap.bind(['command+k', 'ctrl+k'], () => this.showSearchPanel())
+      params.global = true
     }
 
-    const { destroy } = autocomplete({
-      container: this.autocompleteTarget,
-      placeholder: this.translationKeys.placeholder,
-      translations: {
-        detachedCancelButtonText: this.translationKeys.cancel_button,
-      },
-      openOnFocus: true,
-      detachedMediaQuery: '',
-      getSources: ({ query }) => {
-        document.body.classList.add('search-loading')
-        const endpoint = that.searchUrl(query)
+    if (this.isBelongsToSearch || this.isHasManySearch) {
+      params = this.addAssociationParams(params)
+      params = this.addReflectionParams(params)
 
-        return that
-          .debouncedFetch(endpoint)
-          .then((response) => {
-            document.body.classList.remove('search-loading')
+      if (this.isBelongsToSearch) {
+        params = {
+          ...params,
+          // eslint-disable-next-line camelcase
+          via_parent_resource_id: this.dataset.viaParentResourceId,
+          // eslint-disable-next-line camelcase
+          via_parent_resource_class: this.dataset.viaParentResourceClass,
+          // eslint-disable-next-line camelcase
+          via_relation: this.dataset.viaRelation,
+        }
+      }
+    }
 
-            return response.json()
-          })
-          .then((data) => Object.keys(data).map((resourceName) => that.addSource(resourceName, data[resourceName])))
-      },
-    })
+    return params
+  }
 
-    document.addEventListener('turbo:before-render', destroy)
+  addAssociationParams(params) {
+    params = {
+      ...params,
+      // eslint-disable-next-line camelcase
+      via_association: this.dataset.viaAssociation,
+      // eslint-disable-next-line camelcase
+      via_association_id: this.dataset.viaAssociationId,
+    }
 
-    // When using search for belongs-to
-    if (this.buttonTarget.dataset.shouldBeDisabled !== 'true') {
-      this.buttonTarget.removeAttribute('disabled')
+    return params
+  }
+
+  addReflectionParams(params) {
+    params = {
+      ...params,
+      // eslint-disable-next-line camelcase
+      via_reflection_class: this.dataset.viaReflectionClass,
+      // eslint-disable-next-line camelcase
+      via_reflection_id: this.dataset.viaReflectionId,
     }
+
+    return params
+  }
+
+  showSearchPanel() {
+    this.autocompleteTarget.querySelector('button').click()
+  }
+
+  clearValue() {
+    this.clearValueTargets.map((target) => this.updateFieldAttribute(target, 'value', ''))
+    this.clearButtonTarget.classList.add('hidden')
   }
 
   // Private

data/app/views/avo/actions/show.html.erb

@@ -25,7 +25,11 @@
       <% if @action.get_fields.present? %>
         <div class="mt-4">
           <% @action.get_fields.each_with_index do |field, index| %>
-            <%= render field.component_for_view(:edit).new field: field, resource: @resource, index: index, form: form, displayed_in_modal: true %>
+            <%= render field
+              .hydrate(resource: @resource, model: @resource.model, user: @resource.user, view: @view)
+              .component_for_view(:edit)
+              .new(field: field, resource: @resource, index: index, form: form, displayed_in_modal: true)
+            %>
           <% end %>
         </div>
       <% end %>

data/avo.gemspec

@@ -41,7 +41,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "active_link_to"
   spec.add_dependency "image_processing"
   spec.add_dependency "view_component", "2.60"
-  spec.add_dependency "hotwire-rails"
+  spec.add_dependency "turbo-rails"
   spec.add_dependency "addressable"
   spec.add_dependency "meta-tags"
   spec.add_dependency "breadcrumbs_on_rails"

data/config/master.key

@@ -0,0 +1 @@
+2aeb23d82b909d9c6b5abb62f7058c2a

data/lib/avo/base_action.rb

@@ -73,26 +73,36 @@ module Avo
     def get_attributes_for_action
       get_fields.map do |field|
         [field.id, field.value]
-      end
-        .to_h
+      end.to_h
     end
 
     def handle_action(**args)
       models, fields, current_user, resource = args.values_at(:models, :fields, :current_user, :resource)
-      avo_fields = get_fields.map { |field| [field.id, field] }.to_h
+      # Fetching the field definitions and not the actual fields (get_fields) because they will break if the user uses a `visible` block and adds a condition using the `params` variable. The params are different in the show method and the handle method.
+      action_fields = get_field_definitions.map { |field| [field.id, field] }.to_h
+
+      # For some fields, like belongs_to, the id and database_id differ (user vs user_id).
+      # That's why we need to fetch the database_id for when we process the action.
+      action_fields_by_database_id = action_fields.map do |id, value|
+        [value.database_id.to_sym, value]
+      end.to_h
 
       if fields.present?
         processed_fields = fields.to_unsafe_h.map do |name, value|
-          [name, avo_fields[name.to_sym].resolve_attribute(value)]
+          field = action_fields_by_database_id[name.to_sym]
+
+          next if field.blank?
+
+          [name, field.resolve_attribute(value)]
         end
 
-        processed_fields = processed_fields.to_h
+        processed_fields = processed_fields.reject(&:blank?).to_h
       else
         processed_fields = {}
       end
 
       args = {
-        fields: processed_fields,
+        fields: processed_fields.with_indifferent_access,
         current_user: current_user,
         resource: resource
       }
@@ -175,6 +185,15 @@ module Avo
       self
     end
 
+    # We're overriding this method to hydrate with the proper resource attribute.
+    def hydrate_fields(model: nil, view: nil)
+      fields.map do |field|
+        field.hydrate(model: @model, view: @view, resource: resource)
+      end
+
+      self
+    end
+
     private
 
     def add_message(body, type = :info)

data/lib/avo/base_resource.rb

@@ -30,6 +30,7 @@ module Avo
     class_attribute :search_query, default: nil
     class_attribute :search_query_help, default: ""
     class_attribute :includes, default: []
+    class_attribute :authorization_policy
     class_attribute :translation_key
     class_attribute :default_view_type, default: :table
     class_attribute :devise_password_optional, default: false
@@ -92,7 +93,7 @@ module Avo
       end
 
       def authorization
-        Avo::Services::AuthorizationService.new Avo::App.current_user
+        Avo::Services::AuthorizationService.new Avo::App.current_user, model_class, policy_class: authorization_policy
       end
 
       def order_actions
@@ -263,7 +264,7 @@ module Avo
           field.computed
         end
         .map do |field|
-          [field.database_id(model).to_s, field]
+          [field.database_id.to_s, field]
         end
         .to_h
 
@@ -285,8 +286,9 @@ module Avo
       model
     end
 
-    def authorization
-      Avo::Services::AuthorizationService.new(user, model || model_class)
+    def authorization(user: nil)
+      current_user = user || Avo::App.current_user
+      Avo::Services::AuthorizationService.new(current_user, model || model_class, policy_class: authorization_policy)
     end
 
     def file_hash

data/lib/avo/base_resource_tool.rb

@@ -13,7 +13,7 @@ module Avo
 
     def initialize(**args)
       # Set the visibility
-      show_on :show
+      show_on Avo.configuration.resource_default_view
 
       show_on args[:show_on] if args[:show_on].present?
       hide_on args[:hide_on] if args[:hide_on].present?

data/lib/avo/concerns/fetches_things.rb

@@ -48,9 +48,11 @@ module Avo
         end
 
         # Returns the Avo resource by singular snake_cased name
+        # From all the resources that use the same model_class, it will fetch the first one in alphabetical order
         #
         # get_resource_by_name('User') => UserResource
         # get_resource_by_name(User) => UserResource
+
         def get_resource_by_model_name(klass)
           # Fetch the mappings imposed by the user.
           # If they are present, use those ones.

data/lib/avo/configuration.rb

@@ -36,6 +36,7 @@ module Avo
     attr_accessor :profile_menu
     attr_accessor :model_resource_mapping
     attr_accessor :tabs_style
+    attr_accessor :resource_default_view
     attr_writer :branding
 
     def initialize
@@ -83,6 +84,7 @@ module Avo
       @profile_menu = nil
       @model_resource_mapping = {}
       @tabs_style = :tabs
+      @resource_default_view = :show
     end
 
     def current_user_method(&block)

data/lib/avo/fields/base_field.rb

@@ -76,6 +76,8 @@ module Avo
         @as_description = args[:as_description] || false
         @index_text_align = args[:index_text_align] || :left
         @html = args[:html] || nil
+        @view = args[:view] || nil
+        @value = args[:value] || nil
 
         @args = args
 
@@ -155,6 +157,8 @@ module Avo
       end
 
       def value(property = nil)
+        return @value if @value.present?
+
         property ||= id
 
         # Get model value
@@ -191,7 +195,7 @@ module Avo
       end
 
       # Try to see if the field has a different database ID than it's name
-      def database_id(model)
+      def database_id
         foreign_key
       rescue
         id

data/lib/avo/fields/belongs_to_field.rb

@@ -210,7 +210,7 @@ module Avo
         model
       end
 
-      def database_id(model)
+      def database_id
         # If the field is a polymorphic value, return the polymorphic_type as key and pre-fill the _id in fill_field.
         return "#{polymorphic_as}_type" if polymorphic_as.present?
 

data/lib/avo/fields/has_and_belongs_to_many_field.rb

@@ -5,7 +5,7 @@ module Avo
         args[:updatable] = false
 
         hide_on :all
-        show_on :show
+        show_on Avo.configuration.resource_default_view
 
         super(id, **args, &block)
       end

data/lib/avo/fields/has_base_field.rb

@@ -30,7 +30,7 @@ module Avo
       end
 
       def resource
-        Avo::App.get_resource_by_model_name @model.class
+        @resource || Avo::App.get_resource_by_model_name(@model.class)
       end
 
       def turbo_frame
@@ -108,6 +108,10 @@ module Avo
       def frame_id
         use_resource.present? ? use_resource.route_key.to_sym : @id
       end
+
+      def default_view
+        Avo.configuration.skip_show_view ? :edit : :show
+      end
     end
   end
 end

data/lib/avo/fields/has_many_field.rb

@@ -5,7 +5,7 @@ module Avo
         args[:updatable] = false
 
         hide_on :all
-        show_on :show
+        show_on Avo.configuration.resource_default_view
 
         super(id, **args, &block)
       end

data/lib/avo/fields/select_field.rb

@@ -30,6 +30,7 @@ module Avo
           if display_value
             options.invert
           else
+            # We need to use the label attribute as the option value because Rails casts it like that
             options.map { |label, value| [label, label] }.to_h
           end
         elsif display_value

data/lib/avo/menu/base_item.rb

@@ -9,6 +9,7 @@ class Avo::Menu::BaseItem
   option :items, default: proc { [] }
   option :name, default: proc { "" }
   option :visible, default: proc { true }
+  option :data, default: proc { {} }
 
   def visible?
     return visible if visible.in? [true, false]

data/lib/avo/menu/builder.rb

@@ -22,9 +22,11 @@ class Avo::Menu::Builder
   end
 
   # Adds a link
-  def link(name, **args)
-    @menu.items << Avo::Menu::Link.new(name: name, **args)
+  def link(name, path = nil, **args)
+    path ||= args[:path]
+    @menu.items << Avo::Menu::Link.new(name: name, path: path, **args)
   end
+  alias_method :link_to, :link
 
   # Validates and adds a resource
   def resource(name, **args)

data/lib/avo/menu/menu.rb

@@ -1,2 +1,4 @@
 class Avo::Menu::Menu < OpenStruct
+
+
 end

data/lib/avo/services/authorization_service.rb

@@ -5,13 +5,14 @@ module Avo
       attr_accessor :record
 
       class << self
-        def authorize(user, record, action, **args)
+        def authorize(user, record, action, policy_class: nil, **args)
           return true if skip_authorization
           return true if user.nil?
 
+          policy_class ||= Pundit.policy(user, record)&.class
           begin
-            if Pundit.policy user, record
-              Pundit.authorize user, record, action
+            if policy_class&.new(user, record)
+              Pundit.authorize user, record, action, policy_class: policy_class
             end
 
             true
@@ -28,7 +29,7 @@ module Avo
           end
         end
 
-        def authorize_action(user, record, action, **args)
+        def authorize_action(user, record, action, policy_class: nil, **args)
           action = Avo.configuration.authorization_methods.stringify_keys[action.to_s] || action
 
           # If no action passed we should raise error if the user wants that.
@@ -41,16 +42,18 @@ module Avo
 
           # Add the question mark if it's missing
           action = "#{action}?" unless action.end_with? "?"
-
-          authorize user, record, action, **args
+          authorize(user, record, action, policy_class: policy_class, **args)
         end
 
-        def apply_policy(user, model)
-          return model if skip_authorization
-          return model if user.nil?
+        def apply_policy(user, model, policy_class: nil)
+          return model if skip_authorization || user.nil?
 
           begin
-            Pundit.policy_scope! user, model
+            if policy_class
+              policy_class::Scope.new(user, model).resolve
+            else
+              Pundit.policy_scope! user, model
+            end
           rescue Pundit::NotDefinedError => e
             return model unless Avo.configuration.raise_error_on_missing_policy
 
@@ -68,12 +71,12 @@ module Avo
           end.to_h
         end
 
-        def get_policy(user, record)
-          Pundit.policy user, record
-        end
+        def defined_methods(user, record, policy_class: nil, **args)
+          return Pundit.policy!(user, record).methods if policy_class.nil?
 
-        def defined_methods(user, record, **args)
-          Pundit.policy!(user, record).methods
+          # I'm aware this will not raise a Pundit error.
+          # Should the policy not exist, it will however raise an uninitialized constant error, which is probably what we want when specifying a custom policy
+          policy_class.new(user, record).methods
         rescue Pundit::NotDefinedError => e
           return [] unless Avo.configuration.raise_error_on_missing_policy
 
@@ -87,13 +90,14 @@ module Avo
         end
       end
 
-      def initialize(user = nil, record = nil)
+      def initialize(user = nil, record = nil, policy_class: nil)
         @user = user
         @record = record
+        @policy_class = policy_class || Pundit.policy(user, record)&.class
       end
 
       def authorize(action, **args)
-        self.class.authorize(user, record, action, **args)
+        self.class.authorize(user, record, action, policy_class: @policy_class, **args)
       end
 
       def set_record(record)
@@ -109,15 +113,15 @@ module Avo
       end
 
       def authorize_action(action, **args)
-        self.class.authorize_action(user, record, action, **args)
+        self.class.authorize_action(user, record, action, policy_class: @policy_class, **args)
       end
 
       def apply_policy(model)
-        self.class.apply_policy(user, model)
+        self.class.apply_policy(user, model, policy_class: @policy_class)
       end
 
       def defined_methods(model, **args)
-        self.class.defined_methods(user, model, **args)
+        self.class.defined_methods(user, model, policy_class: @policy_class, **args)
       end
 
       def has_method?(method, **args)