avo 2.17.1.pre.3 → 2.17.1.pre.4.issue.1342

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e373d0b7b292a05ed70462e7a20e78a2f7c559a94f7aca774cd68165e18d2c70
-  data.tar.gz: 545d0fb57feac7577871bceeb107eec82a22d3f8ea0fe50370e93083b4fa4667
+  metadata.gz: 0cb67ed800f6808830e072dfeaf5acb53a9c8960d7ca1b1fc01a5ac27ab478b4
+  data.tar.gz: 861965614539773f8c6242e211bb7e3449b8393ad2306cf3aa1bcbb030a36212
 SHA512:
-  metadata.gz: 7854ba8a53232541ed1ae751099ccf40a339bc25ab85f6cd2e3fa28b7d958f7e480e4d53acea0110acd7167e710e3fdfef91104d567a796b832360c2ce699a46
-  data.tar.gz: d00ec57468d98d63e4e594d93e1eb3bce3bc4734eb65951805124511d2e45eabab646b4b9f16e6d0f458c76732e7cf64d00bfa828154ea92173483bcad174afe
+  metadata.gz: 5a2d565a8a5839e25f23cd4bdac2308c07a5b89dacadd090b8ddcaf5180b58fa4d7f844ebafbd02c167d60d9f0f5193c6b7cd2790c61f538fc8aadfa50e6f32b
+  data.tar.gz: e1a6e356003227ff73440bd51a8aecdce3f4522be2c4cb0829fbd35a88d9916ffcb860638428f19296d66e054396f8683f759852282c22559b6f76fd415a8d81

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    avo (2.17.1.pre.3)
+    avo (2.17.1.pre.4.issue.1342)
       active_link_to
       addressable
       breadcrumbs_on_rails

data/app/components/avo/fields/date_time_field/edit_component.html.erb

@@ -8,6 +8,7 @@
       date_field_disable_mobile_value: @field.disable_mobile,
       date_field_time24_hr_value: @field.time_24hr,
       date_field_timezone_value: @field.timezone,
+      date_field_relative_value: @field.relative,
       date_field_field_type_value: "dateTime",
       date_field_picker_options_value: @field.picker_options,
   } do %>

data/app/components/avo/fields/date_time_field/index_component.html.erb

@@ -5,6 +5,7 @@
     date_field_enable_time_value: true,
     date_field_format_value: @field.format,
     date_field_timezone_value: @field.timezone,
+    date_field_relative_value: @field.relative,
     date_field_picker_format_value: @field.picker_format,
     date_field_field_type_value: "dateTime",
   } do %>

data/app/components/avo/fields/date_time_field/show_component.html.erb

@@ -5,6 +5,7 @@
     date_field_enable_time_value: true,
     date_field_format_value: @field.format,
     date_field_timezone_value: @field.timezone,
+    date_field_relative_value: @field.relative,
     date_field_picker_format_value: @field.picker_format,
     date_field_field_type_value: "dateTime",
   } do %>

data/app/components/avo/panel_component.html.erb

@@ -25,7 +25,7 @@
   <% end %>
   <% if body? %>
     <div class="flex flex-col sm:flex-row space-y-4 sm:space-y-0 sm:gap-4 w-full">
-      <div class="relative flex-1 overflow-auto <%= white_panel_classes %> <%= @body_classes %> <% if sidebar? %> w-2/3 <% end %>">
+      <div class="relative flex-1 <%= white_panel_classes %> <%= @body_classes %> <% if sidebar? %> w-2/3 overflow-auto <% else %> w-full <% end %>">
         <%= body %>
       </div>
       <% if sidebar? %>

data/app/components/avo/views/resource_index_component.html.erb

@@ -46,10 +46,8 @@
       </div>
       <% if view_type.to_sym == :table %>
         <% if @resources.present? %>
-          <div class="w-full overflow-auto flex flex-col mt-0 mac-styled-scrollbar">
-            <div class="relative flex-1 flex">
-              <%= render(Avo::Index::ResourceTableComponent.new(resources: @resources, resource: @resource, reflection: @reflection, parent_model: @parent_model, parent_resource: @parent_resource, pagy: @pagy, query: @query)) %>
-            </div>
+          <div class="w-full relative flex-1 flex mac-styled-scrollbar overflow-auto mt-0">
+            <%= render(Avo::Index::ResourceTableComponent.new(resources: @resources, resource: @resource, reflection: @reflection, parent_model: @parent_model, parent_resource: @parent_resource, pagy: @pagy, query: @query)) %>
           </div>
         <% else %>
           <%= helpers.empty_state resource_name: @resource.name.downcase.pluralize, related_name: params[:related_name], view_type: view_type, add_background: true %>

data/app/controllers/avo/application_controller.rb

@@ -1,11 +1,5 @@
 module Avo
   class ApplicationController < ::ActionController::Base
-    if defined?(Pundit::Authorization)
-      include Pundit::Authorization
-    else
-      include Pundit
-    end
-
     include Pagy::Backend
     include Avo::ApplicationHelper
     include Avo::UrlHelpers
@@ -24,7 +18,7 @@ module Avo
     before_action :set_view
     before_action :set_sidebar_open
 
-    rescue_from Pundit::NotAuthorizedError, with: :render_unauthorized
+    rescue_from Avo::NotAuthorizedError, with: :render_unauthorized
     rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
 
     helper_method :_current_user, :resources_path, :resource_path, :new_resource_path, :edit_resource_path, :resource_attach_path, :resource_detach_path, :related_resources_path, :turbo_frame_request?, :resource_view_path
@@ -257,18 +251,16 @@ module Avo
       instance_eval(&Avo.configuration.authenticate)
     end
 
-    def render_unauthorized(exception)
-      if !exception.is_a? Pundit::NotDefinedError
-        flash.now[:notice] = t "avo.not_authorized"
-
-        redirect_url = if request.referrer.blank? || (request.referrer == request.url)
-          root_url
-        else
-          request.referrer
-        end
+    def render_unauthorized(_exception)
+      flash.now[:notice] = t "avo.not_authorized"
 
-        redirect_to(redirect_url)
+      redirect_url = if request.referrer.blank? || (request.referrer == request.url)
+        root_url
+      else
+        request.referrer
       end
+
+      redirect_to(redirect_url)
     end
 
     def set_authorization

data/app/controllers/avo/associations_controller.rb

@@ -157,7 +157,7 @@ module Avo
     private
 
     def set_related_authorization
-      @authorization = if related_resource
+      @related_authorization = if related_resource
         related_resource.authorization(user: _current_user)
       else
         Services::AuthorizationService.new _current_user

data/app/javascript/js/controllers/fields/date_field_controller.js

@@ -60,6 +60,18 @@ export default class extends Controller {
     return this.viewValue === 'show'
   }
 
+  get fieldIsDate() {
+    return this.fieldTypeValue === 'date'
+  }
+
+  get fieldIsDateTime() {
+    return this.fieldTypeValue === 'dateTime'
+  }
+
+  get fieldIsTime() {
+    return this.fieldTypeValue === 'time'
+  }
+
   // Parse the time as if it were UTC
   get parsedValue() {
     return DateTime.fromISO(this.initialValue, { zone: 'UTC' })

data/lib/avo/concerns/has_fields.rb

@@ -10,6 +10,8 @@ module Avo
         class_attribute :tabs_tabs_holder
         class_attribute :raw_tabs
         class_attribute :tools_holder
+
+        class_attribute :backup_items_holder
       end
 
       class_methods do
@@ -103,6 +105,25 @@ module Avo
           end
         end
 
+        def with_temporary_items(&block)
+          # back-up the previous items
+          self.backup_items_holder = items_holder
+
+          self.items_holder = Avo::ItemsHolder.new
+
+          instance_eval(&block)
+        end
+
+        def restore_items_from_backup
+          self.items_holder = backup_items_holder if backup_items_holder.present?
+        end
+
+        def with_new_items(&block)
+          self.items_holder = Avo::ItemsHolder.new
+
+          instance_eval(&block)
+        end
+
         private
 
         def extract_fields_from_items(thing)
@@ -311,6 +332,10 @@ module Avo
         [main_panel, *panelfull_items]
       end
 
+      def with_new_items(&block)
+        self.class.with_new_items(&block)
+      end
+
       private
 
       def check_license

data/lib/avo/configuration.rb

@@ -37,6 +37,7 @@ module Avo
     attr_accessor :model_resource_mapping
     attr_accessor :tabs_style
     attr_accessor :resource_default_view
+    attr_accessor :authorization_client
     attr_writer :branding
 
     def initialize
@@ -85,6 +86,7 @@ module Avo
       @model_resource_mapping = {}
       @tabs_style = :tabs
       @resource_default_view = :show
+      @authorization_client = nil
     end
 
     def current_user_method(&block)

data/lib/avo/fields/date_time_field.rb

@@ -5,6 +5,7 @@ module Avo
       attr_reader :picker_format
       attr_reader :time_24hr
       attr_reader :timezone
+      attr_reader :relative
 
       def initialize(id, **args, &block)
         super(id, **args, &block)
@@ -13,6 +14,7 @@ module Avo
         add_string_prop args, :picker_format, "Y-m-d H:i:S"
         add_string_prop args, :format, "yyyy-LL-dd TT"
         add_string_prop args, :timezone
+        add_boolean_prop args, :relative, true
       end
 
       def formatted_value

data/lib/avo/fields/time_field.rb

@@ -1,20 +1,14 @@
 module Avo
   module Fields
-    class TimeField < DateField
+    class TimeField < DateTimeField
       attr_reader :format
       attr_reader :picker_format
-      attr_reader :time_24hr
-      attr_reader :timezone
-      attr_reader :relative
 
       def initialize(id, **args, &block)
         super(id, **args, &block)
 
-        add_boolean_prop args, :time_24hr
         add_string_prop args, :picker_format, "H:i:S"
         add_string_prop args, :format, "TT"
-        add_string_prop args, :timezone
-        add_boolean_prop args, :relative, true
       end
 
       def formatted_value

data/lib/avo/services/authorization_clients/pundit_client.rb

@@ -0,0 +1,51 @@
+module Avo
+  module Services
+    module AuthorizationClients
+      class PunditClient
+        def authorize(user, record, action, policy_class: nil)
+          Pundit.authorize(user, record, action, policy_class: policy_class)
+        rescue Pundit::NotDefinedError
+          raise NoPolicyError
+        rescue Pundit::NotAuthorizedError
+          raise NotAuthorizedError
+        end
+
+        def policy(user, record)
+          Pundit.policy(user, record)
+        end
+
+        def policy!(user, record)
+          Pundit.policy!(user, record)
+        rescue Pundit::NotDefinedError
+          raise NoPolicyError
+        end
+
+        def apply_policy(user, model, policy_class: nil)
+          # Try and figure out the scope from a given policy or auto-detected one
+          scope_from_policy_class = scope_for_policy_class(policy_class)
+
+          # If we discover one use it.
+          # Else fallback to pundit.
+          if scope_from_policy_class.present?
+            scope_from_policy_class.new(user, model).resolve
+          else
+            Pundit.policy_scope!(user, model)
+          end
+        rescue Pundit::NotDefinedError => error
+          raise NoPolicyError
+        end
+
+        private
+
+        # Fetches the scope for a given policy
+        def scope_for_policy_class(policy_class = nil)
+          return if policy_class.blank?
+
+          if policy_class.present? && defined?(policy_class::Scope)
+            policy_class::Scope
+          end
+        end
+      end
+    end
+  end
+end

data/lib/avo/services/authorization_service.rb

@@ -3,29 +3,30 @@ module Avo
     class AuthorizationService
       attr_accessor :user
       attr_accessor :record
+      attr_accessor :policy_class
 
       class << self
+        def client
+          (configuration_client || default_client).new
+        end
+
         def authorize(user, record, action, policy_class: nil, **args)
           return true if skip_authorization
           return true if user.nil?
 
-          policy_class ||= Pundit.policy(user, record)&.class
-          begin
-            if policy_class&.new(user, record)
-              Pundit.authorize user, record, action, policy_class: policy_class
-            end
-
-            true
-          rescue Pundit::NotDefinedError => e
-            return false unless Avo.configuration.raise_error_on_missing_policy
-
-            raise e
-          rescue => error
-            if args[:raise_exception] == false
-              false
-            else
-              raise error
-            end
+          client.authorize user, record, action, policy_class: policy_class
+
+          true
+        rescue NoPolicyError => error
+          # By default, Avo allows anything if you don't have a policy present.
+          return true unless Avo.configuration.raise_error_on_missing_policy
+
+          raise error
+        rescue => error
+          if args[:raise_exception] == false
+            false
+          else
+            raise error
           end
         end
 
@@ -35,7 +36,7 @@ module Avo
           # If no action passed we should raise error if the user wants that.
           # If not, just allow it.
           if action.nil?
-            raise Pundit::NotDefinedError.new "Policy method is missing" if Avo.configuration.raise_error_on_missing_policy
+            raise NoPolicyError.new "Policy method is missing" if Avo.configuration.raise_error_on_missing_policy
 
             return true
           end
@@ -48,44 +49,27 @@ module Avo
         def apply_policy(user, model, policy_class: nil)
           return model if skip_authorization || user.nil?
 
-          begin
-            # Try and figure out the scope from a given policy or auto-detected one
-            scope_from_policy_class = scope_for_policy_class(policy_class)
-
-            # If we discover one use it.
-            # Else fallback to pundit.
-            if scope_from_policy_class.present?
-              scope_from_policy_class.new(user, model).resolve
-            else
-              Pundit.policy_scope!(user, model)
-            end
-          rescue Pundit::NotDefinedError => e
-            return model unless Avo.configuration.raise_error_on_missing_policy
-
-            raise e
-          end
+          client.apply_policy(user, model, policy_class: policy_class)
+        rescue NoPolicyError => error
+          return model unless Avo.configuration.raise_error_on_missing_policy
+
+          raise error
         end
 
         def skip_authorization
           Avo::App.license.lacks_with_trial :authorization
         end
 
-        def authorized_methods(user, record)
-          [:new, :edit, :update, :show, :destroy].map do |method|
-            [method, authorize(user, record, Avo.configuration.authorization_methods[method])]
-          end.to_h
-        end
-
         def defined_methods(user, record, policy_class: nil, **args)
-          return Pundit.policy!(user, record).methods if policy_class.nil?
+          return client.policy!(user, record).methods if policy_class.nil?
 
           # I'm aware this will not raise a Pundit error.
           # Should the policy not exist, it will however raise an uninitialized constant error, which is probably what we want when specifying a custom policy
           policy_class.new(user, record).methods
-        rescue Pundit::NotDefinedError => e
+        rescue NoPolicyError => error
           return [] unless Avo.configuration.raise_error_on_missing_policy
 
-          raise e
+          raise error
         rescue => error
           if args[:raise_exception] == false
             []
@@ -94,24 +78,27 @@ module Avo
           end
         end
 
-        # Fetches the scope for a given policy
-        def scope_for_policy_class(policy_class = nil)
-          return if policy_class.blank?
+        def configuration_client
+          client = Avo.configuration.authorization_client
 
-          if policy_class.present? && defined?(policy_class::Scope)
-            policy_class::Scope
+          return if client.blank?
+
+          if client.is_a?(String)
+            client.safe_constantize
+          else
+            client
           end
         end
+
+        def default_client
+          Avo::Services::AuthorizationClients::PunditClient
+        end
       end
 
       def initialize(user = nil, record = nil, policy_class: nil)
         @user = user
         @record = record
-        @policy_class = policy_class || Pundit.policy(user, record)&.class
-      end
-
-      def authorize(action, **args)
-        self.class.authorize(user, record, action, policy_class: @policy_class, **args)
+        @policy_class = policy_class || self.class.client.policy(user, record)&.class
       end
 
       def set_record(record)
@@ -120,22 +107,16 @@ module Avo
         self
       end
 
-      def set_user(user)
-        @user = user
-
-        self
-      end
-
       def authorize_action(action, **args)
-        self.class.authorize_action(user, record, action, policy_class: @policy_class, **args)
+        self.class.authorize_action(user, record, action, policy_class: policy_class, **args)
       end
 
       def apply_policy(model)
-        self.class.apply_policy(user, model, policy_class: @policy_class)
+        self.class.apply_policy(user, model, policy_class: policy_class)
       end
 
       def defined_methods(model, **args)
-        self.class.defined_methods(user, model, policy_class: @policy_class, **args)
+        self.class.defined_methods(user, model, policy_class: policy_class, **args)
       end
 
       def has_method?(method, **args)

data/lib/avo/version.rb

@@ -1,3 +1,3 @@
 module Avo
-  VERSION = "2.17.1.pre.3" unless const_defined?(:VERSION)
+  VERSION = "2.17.1.pre.4.issue.1342" unless const_defined?(:VERSION)
 end

data/lib/avo.rb

@@ -44,6 +44,10 @@ module Avo
   class LicenseVerificationTemperedError < StandardError; end
 
   class LicenseInvalidError < StandardError; end
+
+  class NotAuthorizedError < StandardError; end
+
+  class NoPolicyError < StandardError; end
 end
 
 loader.eager_load

data/lib/generators/avo/templates/initializer/avo.tt

@@ -30,6 +30,7 @@ Avo.configure do |config|
   #   destroy: 'destroy?',
   # }
   # config.raise_error_on_missing_policy = false
+  # config.authorization_client = false
 
   ## == Localization ==
   # config.locale = 'en-US'