avo 2.27.2.pre.pr1606 → 2.28.1.pre.pr1642

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 161deecc8d313c1254a3be834d954d88d6a20b5d9d9ba68f17b38eed7eb05de7
-  data.tar.gz: 9f78a084bf9129ed2789c412ed9836d940f372563d8a0ae715df52e3edce0874
+  metadata.gz: d3bb2ce2c32ddbba4f8bbeb6106e8bba29345090ccb6fb373372bd8d23afa5cf
+  data.tar.gz: 6230460ca9c90b5195b384df63d96feac645e863c3821648425eb7ee2d108c11
 SHA512:
-  metadata.gz: 3dd2b783c45b8d836c0715e8677dbcd253d94ac9f59ef3ee9f230464564915bc2730b35e77e2a60626db2fe0131fdbb9f9b467205e66528926392bc5e6376b73
-  data.tar.gz: 4cc9d8b35be4eebec0323721dce5573ba74e5a2dc2bbbbf16d0a2c0634ecc21b1b20f9ef3e272a3eaf50733694c62437905d94fdd0578cef2032df087474152f
+  metadata.gz: 0d91aceda8772221c07996c3c1538b378451a8cf0726ad93ef593394335d833070135ef5412fdc40f09024805c2c05582a70d7cca481ee0e28d03aacd350ac5d
+  data.tar.gz: 5f7a86dc730ddb524274a91d0ec6781e02b9e2a93867c02e798f70c838081305140f5a70fdab806c023fed3ec91e018759a86f74eb639b47dd7f83f74c5c9fd4

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    avo (2.27.2.pre.pr1606)
+    avo (2.28.1.pre.pr1642)
       actionview (>= 6.0)
       active_link_to
       activerecord (>= 6.0)
@@ -19,40 +19,40 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actioncable (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      activejob (= 6.1.7.2)
-      activerecord (= 6.1.7.2)
-      activestorage (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actionmailbox (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      activejob (= 6.1.7.3)
+      activerecord (= 6.1.7.3)
+      activestorage (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      actionview (= 6.1.7.2)
-      activejob (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actionmailer (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      actionview (= 6.1.7.3)
+      activejob (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.2)
-      actionview (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actionpack (6.1.7.3)
+      actionview (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      activerecord (= 6.1.7.2)
-      activestorage (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actiontext (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      activerecord (= 6.1.7.3)
+      activestorage (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.2)
-      activesupport (= 6.1.7.2)
+    actionview (6.1.7.3)
+      activesupport (= 6.1.7.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -62,22 +62,22 @@ GEM
       addressable
     active_median (0.3.3)
       activesupport (>= 5.2)
-    activejob (6.1.7.2)
-      activesupport (= 6.1.7.2)
+    activejob (6.1.7.3)
+      activesupport (= 6.1.7.3)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.2)
-      activesupport (= 6.1.7.2)
-    activerecord (6.1.7.2)
-      activemodel (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
-    activestorage (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      activejob (= 6.1.7.2)
-      activerecord (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    activemodel (6.1.7.3)
+      activesupport (= 6.1.7.3)
+    activerecord (6.1.7.3)
+      activemodel (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
+    activestorage (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      activejob (= 6.1.7.3)
+      activerecord (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.2)
+    activesupport (6.1.7.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -85,7 +85,7 @@ GEM
       zeitwerk (~> 2.3)
     acts-as-taggable-on (9.0.1)
       activerecord (>= 6.0, < 7.1)
-    acts_as_list (1.0.4)
+    acts_as_list (1.1.0)
       activerecord (>= 4.2)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
@@ -124,7 +124,7 @@ GEM
       parser (>= 2.4)
       smart_properties
     bindex (0.8.1)
-    bootsnap (1.15.0)
+    bootsnap (1.16.0)
       msgpack (~> 1.2)
     brakeman (5.4.0)
     builder (3.2.4)
@@ -141,7 +141,8 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     chartkick (4.2.1)
-    concurrent-ruby (1.2.0)
+    childprocess (4.1.0)
+    concurrent-ruby (1.2.2)
     countries (4.2.3)
       i18n_data (~> 0.16.0)
       sixarm_ruby_unaccent (~> 1.1)
@@ -157,7 +158,7 @@ GEM
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
     date (3.3.3)
-    devise (4.8.1)
+    devise (4.9.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -238,7 +239,7 @@ GEM
     loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.8.0.1)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
       net-pop
@@ -254,7 +255,7 @@ GEM
     mini_magick (4.12.0)
     mini_mime (1.1.2)
     mini_portile2 (2.8.1)
-    minitest (5.17.0)
+    minitest (5.18.0)
     msgpack (1.5.6)
     multi_xml (0.6.0)
     net-imap (0.3.4)
@@ -262,7 +263,7 @@ GEM
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.1.3)
+    net-protocol (0.2.1)
       timeout
     net-smtp (0.3.3)
       net-protocol
@@ -277,8 +278,8 @@ GEM
     parallel (1.22.1)
     parser (3.2.0.0)
       ast (~> 2.4.1)
-    pg (1.4.5)
-    prefixed_ids (1.3.0)
+    pg (1.4.6)
+    prefixed_ids (1.4.0)
       hashids (>= 1.0.0, < 2.0.0)
       rails (>= 6.0.0)
     public_suffix (5.0.1)
@@ -287,23 +288,23 @@ GEM
     pundit (2.2.0)
       activesupport (>= 3.0.0)
     racc (1.6.2)
-    rack (2.2.6.2)
-    rack-test (2.0.2)
+    rack (2.2.6.4)
+    rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.2)
-      actioncable (= 6.1.7.2)
-      actionmailbox (= 6.1.7.2)
-      actionmailer (= 6.1.7.2)
-      actionpack (= 6.1.7.2)
-      actiontext (= 6.1.7.2)
-      actionview (= 6.1.7.2)
-      activejob (= 6.1.7.2)
-      activemodel (= 6.1.7.2)
-      activerecord (= 6.1.7.2)
-      activestorage (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    rails (6.1.7.3)
+      actioncable (= 6.1.7.3)
+      actionmailbox (= 6.1.7.3)
+      actionmailer (= 6.1.7.3)
+      actionpack (= 6.1.7.3)
+      actiontext (= 6.1.7.3)
+      actionview (= 6.1.7.3)
+      activejob (= 6.1.7.3)
+      activemodel (= 6.1.7.3)
+      activerecord (= 6.1.7.3)
+      activestorage (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.2)
+      railties (= 6.1.7.3)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -317,9 +318,9 @@ GEM
     rails-i18n (7.0.5)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (6.1.7.2)
-      actionpack (= 6.1.7.2)
-      activesupport (= 6.1.7.2)
+    railties (6.1.7.3)
+      actionpack (= 6.1.7.3)
+      activesupport (= 6.1.7.3)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -332,7 +333,7 @@ GEM
     rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redis (4.8.0)
+    redis (4.8.1)
     regexp_parser (2.7.0)
     responders (3.0.1)
       actionpack (>= 5.0)
@@ -378,10 +379,10 @@ GEM
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     rubyzip (2.3.2)
-    selenium-webdriver (4.8.1)
+    selenium-webdriver (4.1.0)
+      childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2, < 3.0)
-      websocket (~> 1.0)
+      rubyzip (>= 1.2.2)
     simple_po_parser (1.1.6)
     simplecov (0.22.0)
       docile (~> 1.1)
@@ -411,8 +412,8 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     test-prof (1.0.10)
     thor (1.2.1)
-    timeout (0.3.0)
-    turbo-rails (1.3.3)
+    timeout (0.3.2)
+    turbo-rails (1.4.0)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)
@@ -438,13 +439,12 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    websocket (1.2.9)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.6)
+    zeitwerk (2.6.7)
 
 PLATFORMS
   ruby

data/README.md

@@ -72,19 +72,33 @@ Please read the [RELEASE.MD](./RELEASE.MD)
 
 # ✨ [Contributors](https://avohq.io/contributors)
 
-<a href="https://github.com/avo-hq/avo/graphs/contributors">
+<a href="https://avohq.io/contributors">
   <img src="https://contrib.rocks/image?repo=avo-hq/avo" />
 </a>
 <!--  https://contrib.rocks -->
 
-# 🥇 Business & Agency Sponsors
-
-<a href="https://equipetechnique.com/?utm_source=github&utm_medium=link&utm_campaign=avo_code_without_borders" target="_blank">
-  <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="https://avohq.io/img/sponsors/ET-dark.jpeg">
-    <img alt="Equipe Technique Busines Sponsor" src="https://avohq.io/img/sponsors/ET-light.jpeg" width="240px">
-  </picture>
-</a>
+# 🥇 Sponsors
+
+<table>
+<tr>
+  <td>
+    <a href="https://equipetechnique.com/?utm_source=github&utm_medium=link&utm_campaign=avo" target="_blank">
+      <picture>
+        <source media="(prefers-color-scheme: dark)" srcset="https://avohq.io/img/sponsors/ET-dark.jpeg">
+        <img alt="Equipe Technique Busines Sponsor" src="https://avohq.io/img/sponsors/ET-light.jpeg" width="180px">
+      </picture>
+    </a>
+  </td>
+  <td>
+    <a href="https://www.greenhats.com/?utm_source=github&utm_medium=link&utm_campaign=avo" target="_blank">
+      <picture>
+        <source media="(prefers-color-scheme: dark)" srcset="https://avohq.io/img/sponsors/greenhats-dark.png">
+        <img alt="Greenhats Start-up Sponsor" src="https://avohq.io/img/sponsors/greenhats-light.png" width="360px">
+      </picture>
+    </a>
+  </td>
+</tr>
+</table>
 
 [Become a sponsor ](https://github.com/sponsors/adrianthedev)
 

data/app/components/avo/fields/common/single_file_viewer_component.html.erb

@@ -20,7 +20,7 @@
     </div>
     <div class="flex space-x-2">
       <div class="flex">
-        <% if @resource.authorization.authorize_action(:download_attachments?, raise_exception: false) %>
+        <% if can_download_file? %>
           <%= a_link Rails.application.routes.url_helpers.rails_blob_path(file, only_path: true, disposition: :attachment),
             icon: 'heroicons/outline/download',
             color: :primary,
@@ -33,7 +33,7 @@
         <% end %>
       </div>
       <div>
-        <% if @resource.authorization.authorize_action(:delete_attachments?, raise_exception: false) %>
+        <% if can_delete_file? %>
           <%= a_link destroy_path,
             icon: 'heroicons/outline/trash',
             color: :red,

data/app/components/avo/fields/common/single_file_viewer_component.rb

@@ -2,8 +2,9 @@
 
 class Avo::Fields::Common::SingleFileViewerComponent < ViewComponent::Base
   include Avo::ApplicationHelper
+  include Avo::Fields::Concerns::FileAuthorization
 
-  def initialize(file: nil, field:, resource:)
+  def initialize(field:, resource:, file: nil)
     @file = file
     @field = field
     @resource = resource
@@ -45,7 +46,7 @@ class Avo::Fields::Common::SingleFileViewerComponent < ViewComponent::Base
     record_persisted?
   end
 
-   # If model is not persistent blob is automatically destroyed otherwise it can be "lost" on storage
+  # If model is not persistent blob is automatically destroyed otherwise it can be "lost" on storage
   def record_persisted?
     return true if @resource.model.persisted?
 

data/app/components/avo/fields/file_field/edit_component.html.erb

@@ -5,7 +5,7 @@
     </div>
   <% end %>
 
-  <% if @resource.authorization.authorize_action(:upload_attachments?, raise_exception: false) %>
+  <% if can_upload_file? %>
     <%= @form.file_field @field.id,
       accept: @field.accept,
       data: @field.get_html(:data, view: view, element: :input),
@@ -14,5 +14,7 @@
       style: @field.get_html(:style, view: view, element: :input),
       class: "w-full"
     %>
+  <% else %>
+    —
   <% end %>
 <% end %>

data/app/components/avo/fields/file_field/edit_component.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 
 class Avo::Fields::FileField::EditComponent < Avo::Fields::EditComponent
+  include Avo::Fields::Concerns::FileAuthorization
 end

data/app/components/avo/fields/files_field/edit_component.html.erb

@@ -1,7 +1,7 @@
 <%= field_wrapper **field_wrapper_args, full_width: true do %>
   <%= render Avo::Fields::Common::FilesListViewerComponent.new(field: @field, resource: @resource) if @field.value.present? %>
 
-  <% if @resource.authorization.authorize_action(:upload_attachments?, raise_exception: false) %>
+  <% if can_upload_file? %>
     <div class="mt-2">
       <%= @form.file_field @field.id,
         accept: @field.accept,
@@ -13,5 +13,7 @@
         class: "w-full"
       %>
     </div>
+  <% else %>
+    —
   <% end %>
 <% end %>

data/app/components/avo/fields/files_field/edit_component.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 
 class Avo::Fields::FilesField::EditComponent < Avo::Fields::EditComponent
+  include Avo::Fields::Concerns::FileAuthorization
 end

data/app/components/avo/views/resource_index_component.html.erb

@@ -31,7 +31,7 @@
     <% end %>
     <% c.body do %>
       <div class="flex flex-col xs:flex-row xs:justify-between space-y-2 xs:space-y-0 py-4 <%= 'hidden' if @resource.search_query.nil? && @filters.empty? && available_view_types.count <= 1 %>">
-        <% unless hide_search_input %>
+        <% if show_search_input %>
           <div class="flex items-center px-4 w-64">
             <%= render partial: 'avo/partials/resource_search', locals: {resource: @resource.route_key, via_reflection: via_reflection} %>
           </div>

data/app/components/avo/views/resource_index_component.rb

@@ -124,10 +124,19 @@ class Avo::Views::ResourceIndexComponent < Avo::ResourceComponent
     @resource.resource_description
   end
 
-  def hide_search_input
-    return true unless @resource.search_query.present?
+  def show_search_input
+    return false unless authorized_to_search?
+    return false unless @resource.search_query.present?
+    return false if field&.hide_search_input
 
-    field&.hide_search_input || false
+    true
+  end
+
+  def authorized_to_search?
+    # Hide the search if the authorization prevents it
+    return true unless @resource.authorization.has_action_method?("search")
+
+    @resource.authorization.authorize_action("search", raise_exception: false)
   end
 
   private

data/app/controllers/avo/application_controller.rb

@@ -18,8 +18,8 @@ module Avo
     before_action :init_app
     before_action :check_avo_license
     before_action :set_resource_name
-    before_action :set_authorization
     before_action :_authenticate!
+    before_action :set_authorization
     before_action :set_container_classes
     before_action :add_initial_breadcrumbs
     before_action :set_view
@@ -28,7 +28,7 @@ module Avo
     rescue_from Avo::NotAuthorizedError, with: :render_unauthorized
     rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
 
-    helper_method :_current_user, :resources_path, :resource_path, :new_resource_path, :edit_resource_path, :resource_attach_path, :resource_detach_path, :related_resources_path, :turbo_frame_request?, :resource_view_path
+    helper_method :_current_user, :resources_path, :resource_path, :new_resource_path, :edit_resource_path, :resource_attach_path, :resource_detach_path, :related_resources_path, :turbo_frame_request?, :resource_view_path, :mount_path
     add_flash_types :info, :warning, :success, :error
 
     def init_app
@@ -101,6 +101,10 @@ module Avo
       instance_eval(&Avo.configuration.context)
     end
 
+    def mount_path
+      Avo::Engine.routes.find_script_name(params.permit!.to_h.symbolize_keys)
+    end
+
     # This is coming from Turbo::Frames::FrameRequest module.
     # Exposing it as public method
     def turbo_frame_request?

data/app/controllers/avo/attachments_controller.rb

@@ -23,6 +23,8 @@ module Avo
     end
 
     def destroy
+      raise Avo::NotAuthorizedError.new unless authorized_to :delete
+
       attachment = ActiveStorage::Attachment.find(params[:attachment_id])
       path = resource_path(model: @model, resource: @resource)
 
@@ -34,5 +36,13 @@ module Avo
         redirect_back fallback_location: path, notice: t("avo.failed_to_find_attachment")
       end
     end
+
+    private
+
+    def authorized_to(action)
+      if @resource.authorization.authorize_action("#{action}_attachments?".to_sym, raise_exception: false)
+        @resource.authorization.authorize_action("#{action}_#{params[:attachment_name]}?", record: @model, raise_exception: false)
+      end
+    end
   end
 end

data/app/controllers/avo/search_controller.rb

@@ -27,7 +27,8 @@ module Avo
       resources
         .map do |resource|
           # Apply authorization
-          next unless @authorization.set_record(resource.model_class).authorize_action(:index, raise_exception: false)
+          next unless @authorization.set_record(resource.model_class).authorize_action(:search, raise_exception: false)
+
           # Filter out the models without a search_query
           next if resource.search_query.nil?
 
@@ -120,10 +121,16 @@ module Avo
       models.map do |model|
         resource = avo_resource.dup.hydrate(model: model).hydrate_fields(model: model)
 
+        record_path = if resource.search_result_path.present?
+          Avo::Hosts::ResourceRecordHost.new(block: resource.search_result_path, resource: resource, record: model).handle
+        else
+          resource.record_path
+        end
+
         result = {
           _id: model.id,
           _label: resource.label,
-          _url: resource.record_path,
+          _url: record_path
         }
 
         if App.license.has_with_trial(:enhanced_search_results)

data/app/views/avo/partials/_javascript.html.erb

@@ -1,7 +1,7 @@
 <%= javascript_tag nonce: true do %>
   window.Avo = window.Avo || { configuration: {} }
   Avo.configuration.timezone = '<%= Avo.configuration.timezone %>'
-  Avo.configuration.root_path = '<%= root_path_without_url %>'
+  Avo.configuration.root_path = '<%= mount_path %>'
   Avo.configuration.search_debounce = '<%= Avo.configuration.search_debounce %>'
   Avo.configuration.cookies_key = '<%= Avo::COOKIES_KEY %>'
 <% end %>

data/lib/avo/base_resource.rb

@@ -30,6 +30,7 @@ module Avo
     class_attribute :description, default: :id
     class_attribute :search_query, default: nil
     class_attribute :search_query_help, default: ""
+    class_attribute :search_result_path
     class_attribute :includes, default: []
     class_attribute :authorization_policy
     class_attribute :translation_key

data/lib/avo/engine.rb

@@ -7,6 +7,8 @@ Gem.loaded_specs["avo"].dependencies.each do |d|
     require "action_view/railtie"
   when "activestorage"
     require "active_storage/engine"
+  when "actiontext"
+    require "action_text/engine"
   else
     require d.name
   end

data/lib/avo/fields/belongs_to_field.rb

@@ -57,6 +57,8 @@ module Avo
     # - is_disabled?
 
     class BelongsToField < BaseField
+      include Avo::Fields::Concerns::UseResource
+
       attr_accessor :target
 
       attr_reader :polymorphic_as
@@ -79,6 +81,7 @@ module Avo
         @attach_scope = args[:attach_scope]
         @polymorphic_help = args[:polymorphic_help]
         @target = args[:target]
+        @use_resource = args[:use_resource] || nil
       end
 
       def searchable
@@ -222,6 +225,8 @@ module Avo
       end
 
       def target_resource
+        return use_resource if use_resource.present?
+
         if is_polymorphic?
           if value.present?
             return App.get_resource_by_model_name(value.class)

data/lib/avo/fields/concerns/file_authorization.rb

@@ -0,0 +1,31 @@
+module Avo
+  module Fields
+    module Concerns
+      module FileAuthorization
+        extend ActiveSupport::Concern
+
+        delegate :authorization, to: :@resource
+        delegate :authorize_action, to: :authorization
+        delegate :id, :model, to: :@field
+
+        def can_upload_file?
+          authorize_file_action(:upload)
+        end
+
+        def can_delete_file?
+          authorize_file_action(:delete)
+        end
+
+        def can_download_file?
+          authorize_file_action(:download)
+        end
+
+        private
+
+        def authorize_file_action(action)
+          authorize_action("#{action}_attachments?", raise_exception: false) || authorize_action("#{action}_#{id}?", record: model, raise_exception: false)
+        end
+      end
+    end
+  end
+end

data/lib/avo/fields/concerns/use_resource.rb

@@ -0,0 +1,13 @@
+module Avo
+  module Fields
+    module Concerns
+      module UseResource
+        extend ActiveSupport::Concern
+
+        def use_resource
+          App.get_resource @use_resource
+        end
+      end
+    end
+  end
+end

data/lib/avo/fields/date_field.rb

@@ -20,13 +20,26 @@ module Avo
       def formatted_value
         return if value.blank?
 
-        value.iso8601
+        try_iso8601
       end
 
       def edit_formatted_value
-        return nil if value.nil?
+        formatted_value
+      end
+
+      private
 
-        value.iso8601
+      def try_iso8601
+        if value.respond_to?(:iso8601)
+          value.iso8601
+        elsif value.is_a?(String)
+          parsed = DateTime.parse(value.dup)
+          if parsed.present?
+            parsed
+          end
+        else
+          value
+        end
       end
     end
   end