biovision-base 0.11.180127 → 0.14.180326

data/app/assets/stylesheets/biovision/base/users.scss

@@ -126,3 +126,18 @@ article.user {
     margin-bottom: 2.4rem;
   }
 }
+
+#my-index {
+  display: flex;
+  flex-wrap: wrap;
+
+  .sidebar {
+    flex: none;
+    width: 30rem;
+  }
+
+  .content {
+    flex: 1;
+    padding: 0 1.6rem;
+  }
+}

data/app/controllers/agents_controller.rb

@@ -11,7 +11,7 @@ class AgentsController < AdminController
   def create
     @entity = Agent.new entity_parameters
     if @entity.save
-      redirect_to admin_agent_path(@entity)
+      redirect_to admin_agent_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -28,7 +28,7 @@ class AgentsController < AdminController
   # patch /agents/:id
   def update
     if @entity.update entity_parameters
-      redirect_to admin_agent_path(@entity), notice: t('agents.update.success')
+      redirect_to admin_agent_path(id: @entity.id), notice: t('agents.update.success')
     else
       render :edit, status: :bad_request
     end
@@ -57,7 +57,7 @@ class AgentsController < AdminController
 
   def restrict_editing
     if @entity.locked?
-      redirect_to admin_agent_path(@entity), alert: t('agents.edit.forbidden')
+      redirect_to admin_agent_path(id: @entity.id), alert: t('agents.edit.forbidden')
     end
   end
 

data/app/controllers/authentication_controller.rb

@@ -62,13 +62,13 @@ class AuthenticationController < ApplicationController
   end
 
   def redirect_after_success
-    return_path = cookies['return_path'].to_s
-    return_path = my_path unless return_path[0] == '/'
+    @return_path = cookies['return_path'].to_s
+    @return_path = my_path unless @return_path[0] == '/'
     cookies.delete 'return_path', domain: :all
 
     respond_to do |format|
-      format.json { render(json: { data: { url: return_path } }) }
-      format.html { redirect_to(return_path) }
+      format.json
+      format.html { redirect_to(@return_path) }
     end
   end
 end

data/app/controllers/browsers_controller.rb

@@ -11,7 +11,7 @@ class BrowsersController < AdminController
   def create
     @entity = Browser.new entity_parameters
     if @entity.save
-      redirect_to admin_browser_path(@entity)
+      redirect_to admin_browser_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -24,7 +24,7 @@ class BrowsersController < AdminController
   # patch /browsers/:id
   def update
     if @entity.update entity_parameters
-      redirect_to admin_browser_path(@entity), notice: t('browsers.update.success')
+      redirect_to admin_browser_path(id: @entity.id), notice: t('browsers.update.success')
     else
       render :edit, status: :bad_request
     end
@@ -53,7 +53,7 @@ class BrowsersController < AdminController
 
   def restrict_editing
     if @entity.locked?
-      redirect_to admin_browser_path(@entity), alert: t('browsers.edit.forbidden')
+      redirect_to admin_browser_path(id: @entity.id), alert: t('browsers.edit.forbidden')
     end
   end
 

data/app/controllers/codes_controller.rb

@@ -10,7 +10,7 @@ class CodesController < AdminController
   def create
     @entity = Code.new(creation_parameters)
     if @entity.save
-      redirect_to admin_code_path(@entity.id)
+      redirect_to admin_code_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -23,7 +23,7 @@ class CodesController < AdminController
   # patch /codes/:id
   def update
     if @entity.update(entity_parameters)
-      redirect_to admin_code_path(@entity.id), notice: t('codes.update.success')
+      redirect_to admin_code_path(id: @entity.id), notice: t('codes.update.success')
     else
       render :edit, status: :bad_request
     end

data/app/controllers/editable_pages_controller.rb

@@ -10,9 +10,9 @@ class EditablePagesController < AdminController
   def create
     @entity = EditablePage.new(creation_parameters)
     if @entity.save
-      redirect_to(admin_editable_page_path(@entity.id))
+      form_processed_ok(admin_editable_page_path(id: @entity.id))
     else
-      render :new, status: :bad_request
+      form_processed_with_error(:new)
     end
   end
 
@@ -22,10 +22,11 @@ class EditablePagesController < AdminController
 
   # patch /editable_pages/:id
   def update
-    if @entity.update entity_parameters
-      redirect_to admin_editable_page_path(@entity), notice: t('editable_pages.update.success')
+    if @entity.update(entity_parameters)
+      flash[:notice] = t('editable_pages.update.success')
+      form_processed_ok(admin_editable_page_path(id: @entity.id))
     else
-      render :edit, status: :bad_request
+      form_processed_with_error(:edit)
     end
   end
 

data/app/controllers/index_controller.rb

@@ -1,6 +1,6 @@
 class IndexController < ApplicationController
   # get /
   def index
-    @editable_page = EditablePage.find_by(slug: 'index')
+    @editable_page = EditablePage.find_localized('index', locale)
   end
 end

data/app/controllers/media_files_controller.rb

@@ -15,7 +15,7 @@ class MediaFilesController < ApplicationController
   def create
     @entity = MediaFile.new(creation_parameters)
     if @entity.save
-      next_page = admin_media_file_path(@entity.id)
+      next_page = admin_media_file_path(id: @entity.id)
       respond_to do |format|
         format.html { redirect_to(next_page) }
         format.json { render json: { links: { self: next_page } } }
@@ -33,7 +33,7 @@ class MediaFilesController < ApplicationController
   # patch /media_files/:id
   def update
     if @entity.update entity_parameters
-      next_page = admin_media_file_path(@entity)
+      next_page = admin_media_file_path(id: @entity.id)
       respond_to do |format|
         format.html { redirect_to(next_page, notice: t('media_files.update.success')) }
         format.json { render json: { links: { self: next_page } } }
@@ -77,7 +77,7 @@ class MediaFilesController < ApplicationController
 
   def restrict_editing
     unless @entity.editable_by?(current_user)
-      redirect_to admin_media_file_path(@entity.id), alert: t('media_files.edit.forbidden')
+      redirect_to admin_media_file_path(id: @entity.id), alert: t('media_files.edit.forbidden')
     end
   end
 

data/app/controllers/media_folders_controller.rb

@@ -12,7 +12,7 @@ class MediaFoldersController < AdminController
   def create
     @entity = MediaFolder.new(creation_parameters)
     if @entity.save
-      next_page = admin_media_folder_path(@entity.id)
+      next_page = admin_media_folder_path(id: @entity.id)
       respond_to do |format|
         format.html { redirect_to next_page }
         format.json { render json: { links: { self: next_page } } }
@@ -30,7 +30,7 @@ class MediaFoldersController < AdminController
   # patch /media_folders/:id
   def update
     if @entity.update(entity_parameters)
-      next_page = admin_media_folder_path(@entity.id)
+      next_page = admin_media_folder_path(id: @entity.id)
       respond_to do |format|
         format.html { redirect_to next_page }
         format.json { render json: { links: { self: next_page } } }
@@ -54,7 +54,7 @@ class MediaFoldersController < AdminController
   def set_entity
     @entity = MediaFolder.find_by(id: params[:id])
     if @entity.nil?
-      handle_http_404('Cannot find post')
+      handle_http_404('Cannot find media_folder')
     end
   end
 

data/app/controllers/metrics_controller.rb

@@ -8,7 +8,7 @@ class MetricsController < AdminController
   # patch /metrics/:id
   def update
     if @entity.update entity_parameters
-      redirect_to admin_metric_path(@entity.id), notice: t('metrics.update.success')
+      redirect_to admin_metric_path(id: @entity.id), notice: t('metrics.update.success')
     else
       render :edit, status: :bad_request
     end

data/app/controllers/my/index_controller.rb

@@ -1,6 +1,8 @@
 class My::IndexController < ApplicationController
   before_action :restrict_anonymous_access
 
+  # layout 'profile'
+
   # get /my
   def index
   end

data/app/controllers/my/profiles_controller.rb

@@ -29,10 +29,10 @@ class My::ProfilesController < ApplicationController
   # patch /my/profile
   def update
     if current_user.update(user_parameters)
-      current_user.user_profile.update(profile_parameters)
-      redirect_to my_profile_path, notice: t('my.profiles.update.success')
+      flash[:notice] = t('my.profiles.update.success')
+      form_processed_ok(my_profile_path)
     else
-      render :edit, status: :bad_request
+      form_processed_with_error(:edit)
     end
   end
 
@@ -49,20 +49,20 @@ class My::ProfilesController < ApplicationController
       create_token_for_user(@user)
       redirect_after_creation
     else
-      render :new, status: :bad_request
+      form_processed_with_error(:new)
     end
   end
 
   def creation_parameters
     parameters = params.require(:user).permit(User.new_profile_parameters)
-    parameters.merge(tracking_for_entity)
+    parameters.merge(tracking_for_entity).merge({ super_user: User.count < 1 })
   end
 
   def user_parameters
     sensitive  = sensitive_parameters
     editable   = User.profile_parameters + sensitive
     parameters = params.require(:user).permit(editable)
-    filter_parameters parameters, sensitive
+    filter_parameters parameters.merge(profile_parameters), sensitive
   end
 
   def sensitive_parameters
@@ -74,9 +74,13 @@ class My::ProfilesController < ApplicationController
   end
 
   def profile_parameters
-    params.require(:user_profile).permit(UserProfile.entity_parameters)
+    permitted = UserProfileHandler.allowed_parameters
+    dirty     = params.require(:user_profile).permit(permitted)
+    { profile_data: UserProfileHandler.clean_parameters(dirty) }
   end
 
+  # @param [Hash] parameters
+  # @param [Hash] sensitive
   def filter_parameters(parameters, sensitive)
     sensitive.each { |parameter| parameters.except! parameter if parameter.blank? }
     parameters[:email_confirmed] = false if parameters[:email] && parameters[:email] != current_user.email
@@ -88,7 +92,9 @@ class My::ProfilesController < ApplicationController
     return_path = cookies['return_path'].to_s
     return_path = my_profile_path unless return_path[0] == '/'
     cookies.delete 'return_path', domain: :all
-    
-    redirect_to return_path, notice: t('my.profiles.create.success')
+
+    flash[:notice] = t('my.profiles.create.success')
+
+    form_processed_ok(return_path)
   end
 end

data/app/controllers/privilege_groups_controller.rb

@@ -11,7 +11,7 @@ class PrivilegeGroupsController < AdminController
   def create
     @entity = PrivilegeGroup.new entity_parameters
     if @entity.save
-      redirect_to admin_privilege_group_path(@entity)
+      redirect_to admin_privilege_group_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -24,7 +24,7 @@ class PrivilegeGroupsController < AdminController
   # patch /privilege_groups/:id
   def update
     if @entity.update entity_parameters
-      redirect_to admin_privilege_group_path(@entity), notice: t('privilege_groups.update.success')
+      redirect_to admin_privilege_group_path(id: @entity.id), notice: t('privilege_groups.update.success')
     else
       render :edit, status: :bad_request
     end

data/app/controllers/privileges_controller.rb

@@ -8,7 +8,7 @@ class PrivilegesController < AdminController
     @entity = Privilege.new(creation_parameters)
     if @entity.save
       cache_relatives
-      redirect_to admin_privilege_path(@entity)
+      redirect_to admin_privilege_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -22,7 +22,7 @@ class PrivilegesController < AdminController
   def update
     if @entity.update(entity_parameters)
       cache_relatives
-      redirect_to admin_privilege_path(@entity), notice: t('privileges.update.success')
+      redirect_to admin_privilege_path(id: @entity.id), notice: t('privileges.update.success')
     else
       render :edit, status: :bad_request
     end
@@ -51,7 +51,7 @@ class PrivilegesController < AdminController
 
   def restrict_editing
     if @entity.locked?
-      redirect_to admin_privilege_path(@entity), alert: t('privileges.edit.forbidden')
+      redirect_to admin_privilege_path(id: @entity.id), alert: t('privileges.edit.forbidden')
     end
   end
 

data/app/controllers/stored_values_controller.rb

@@ -10,7 +10,7 @@ class StoredValuesController < AdminController
   def create
     @entity = StoredValue.new(entity_parameters)
     if @entity.save
-      redirect_to admin_stored_value_path(@entity.id)
+      redirect_to admin_stored_value_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -23,7 +23,7 @@ class StoredValuesController < AdminController
   # patch /stored_values/:id
   def update
     if @entity.update(entity_parameters)
-      redirect_to admin_stored_value_path(@entity.id), notice: t('stored_values.update.success')
+      redirect_to admin_stored_value_path(id: @entity.id), notice: t('stored_values.update.success')
     else
       render :edit, status: :bad_request
     end

data/app/controllers/tokens_controller.rb

@@ -10,7 +10,7 @@ class TokensController < AdminController
   def create
     @entity = Token.new(creation_parameters)
     if @entity.save
-      redirect_to admin_token_path(@entity)
+      redirect_to admin_token_path(id: @entity.id)
     else
       render :new, status: :bad_request
     end
@@ -23,7 +23,7 @@ class TokensController < AdminController
   # patch /tokens/:id
   def update
     if @entity.update(entity_parameters)
-      redirect_to admin_token_path(@entity), notice: t('tokens.update.success')
+      redirect_to admin_token_path(id: @entity.id), notice: t('tokens.update.success')
     else
       render :edit, status: :bad_request
     end

data/app/controllers/users_controller.rb

@@ -1,6 +1,14 @@
-class UsersController < AdminController
+class UsersController < ApplicationController
+  before_action :restrict_access, except: [:check]
   before_action :set_entity, only: [:edit, :update, :destroy]
 
+  layout 'admin', except: :check
+
+  # post /users/check
+  def check
+    @entity = User.new(creation_parameters)
+  end
+
   # get /users/new
   def new
     @entity = User.new
@@ -10,10 +18,9 @@ class UsersController < AdminController
   def create
     @entity = User.new(creation_parameters)
     if @entity.save
-      @entity.user_profile.update(profile_parameters)
-      redirect_to admin_user_path(@entity.id), notice: t('users.create.success')
+      form_processed_ok(admin_user_path(id: @entity.id))
     else
-      render :new, status: :bad_request
+      form_processed_with_error(:new)
     end
   end
 
@@ -24,10 +31,9 @@ class UsersController < AdminController
   # patch /users/:id
   def update
     if @entity.update(entity_parameters)
-      @entity.user_profile.update(profile_parameters)
-      redirect_to admin_user_path(@entity.id), notice: t('users.update.success')
+      form_processed_ok(admin_user_path(id: @entity.id))
     else
-      render :edit, status: :bad_request
+      form_processed_with_error(:edit)
     end
   end
 
@@ -47,17 +53,27 @@ class UsersController < AdminController
 
   def set_entity
     @entity = User.find_by(id: params[:id])
+    if @entity.nil?
+      handle_http_404('Cannot find user')
+    end
   end
 
   def entity_parameters
-    params.require(:user).permit(User.entity_parameters)
+    parameters = params.require(:user).permit(User.entity_parameters)
+    parameters.merge(profile_parameters)
   end
 
   def creation_parameters
-    params.require(:user).permit(User.entity_parameters).merge(tracking_for_entity)
+    entity_parameters.merge(tracking_for_entity)
   end
 
   def profile_parameters
-    params.require(:user_profile).permit(UserProfile.entity_parameters)
+    if params.key?(:user_profile)
+      permitted = UserProfileHandler.allowed_parameters
+      dirty     = params.require(:user_profile).permit(permitted)
+      { profile_data: UserProfileHandler.clean_parameters(dirty) }
+    else
+      {}
+    end
   end
 end

data/app/helpers/biovision_helper.rb

@@ -59,12 +59,23 @@ module BiovisionHelper
   # @param [Hash] options
   def destroy_icon(entity, title = t(:delete), options = {})
     default = {
-        method: :delete,
-        data: { confirm: t(:are_you_sure), tootik: title, tootik_conf: 'danger' }
+      method: :delete,
+      data:   { confirm: t(:are_you_sure), tootik: title, tootik_conf: 'danger' }
     }
     icon_with_link('biovision/base/icons/destroy.svg', entity, title, default.merge(options))
   end
 
+  # @param [String] path
+  # @param [String] title
+  # @param [Hash] options
+  def destroy_path_icon(path, title = t(:delete), options = {})
+    default = {
+      method: :delete,
+      data:   { confirm: t(:are_you_sure), tootik: title, tootik_conf: 'danger' }
+    }
+    icon_with_link('biovision/base/icons/destroy.svg', path, title, default.merge(options))
+  end
+
   # @param [String|ApplicationRecord] path
   # @param [String] title
   # @param [Hash] options