RubyGems - fat_free_crm - Versions diffs - 0.13.0 → 0.13.1 - Mend

fat_free_crm 0.13.0 → 0.13.1

Potentially problematic release.

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (59) hide show

checksums.yaml +4 -4
data/Capfile +1 -4
data/Gemfile.lock +0 -1
data/README.md +1 -0
data/app/assets/javascripts/lists.js.coffee +1 -2
data/app/controllers/application_controller.rb +27 -25
data/app/controllers/emails_controller.rb +1 -30
data/app/controllers/entities/contacts_controller.rb +1 -1
data/app/controllers/entities/opportunities_controller.rb +1 -1
data/app/controllers/entities_controller.rb +0 -1
data/app/controllers/home_controller.rb +0 -4
data/app/controllers/passwords_controller.rb +3 -3
data/app/controllers/tasks_controller.rb +17 -10
data/app/controllers/users_controller.rb +23 -46
data/app/helpers/application_helper.rb +0 -3
data/app/helpers/campaigns_helper.rb +0 -1
data/app/helpers/leads_helper.rb +0 -11
data/app/helpers/opportunities_helper.rb +0 -1
data/app/helpers/tags_helper.rb +0 -8
data/app/helpers/versions_helper.rb +1 -1
data/app/models/entities/account_contact.rb +1 -1
data/app/models/entities/campaign.rb +3 -3
data/app/models/entities/contact.rb +3 -3
data/app/models/entities/lead.rb +5 -5
data/app/models/entities/opportunity.rb +1 -3
data/app/models/fields/field_group.rb +1 -0
data/app/models/list.rb +2 -1
data/app/models/polymorphic/avatar.rb +1 -1
data/app/models/polymorphic/task.rb +7 -4
data/app/models/setting.rb +0 -3
data/app/models/users/ability.rb +13 -2
data/app/models/users/user.rb +4 -1
data/app/views/home/index.html.haml +0 -4
data/app/views/layouts/application.html.haml +7 -5
data/app/views/leads/_contact.html.haml +0 -3
data/app/views/lists/_personal_sidebar.html.haml +2 -2
data/app/views/lists/_sidebar.html.haml +2 -2
data/config/application.rb +2 -2
data/config/environments/development.rb +2 -0
data/config/environments/production.rb +2 -3
data/config/initializers/secret_token.rb +25 -1
data/config/locales/en-US_fat_free_crm.yml +1 -1
data/config/routes.rb +27 -32
data/config/settings.default.yml +3 -4
data/lib/development_tasks/rspec.rake +1 -5
data/lib/fat_free_crm.rb +11 -1
data/lib/fat_free_crm/fields.rb +1 -1
data/lib/fat_free_crm/gem_ext/rails/text_helper.rb +1 -2
data/lib/fat_free_crm/secret_token_generator.rb +59 -0
data/lib/fat_free_crm/version.rb +1 -1
data/spec/controllers/admin/users_controller_spec.rb +1 -3
data/spec/controllers/home_controller_spec.rb +0 -7
data/spec/controllers/passwords_controller_spec.rb +23 -5
data/spec/controllers/users_controller_spec.rb +45 -17
data/spec/lib/secret_token_generator_spec.rb +55 -0
data/spec/models/users/abilities/user_ability_spec.rb +58 -0
data/spec/routing/emails_routing_spec.rb +13 -14
data/spec/spec_helper.rb +2 -1
metadata +5 -2

data/config/locales/en-US_fat_free_crm.yml CHANGED Viewed

@@ -189,7 +189,7 @@ en-US:
   msg_account_not_approved: Your account has not been approved yet.
   msg_asset_deleted: ! '%{value} has been deleted.'
   msg_asset_not_available: This %{value} is no longer available.
-  msg_asset_not_authorized: You are not authorized to view this %{value}.
+  msg_not_authorized: You are not authorized to take this action.
   msg_assets_not_available: The %{value} are not available.
   msg_asset_rejected: ! '%{value} has been rejected.'
   msg_bad_image_file: ^Could't upload or resize the image file you specified.

data/config/routes.rb CHANGED Viewed

@@ -21,10 +21,10 @@ Rails.application.routes.draw do
   match '/home/timezone', :as => :timezone
   match '/home/redraw',   :as => :redraw
-  resource  :authentication
-  resources :comments, :except => [:new, :show]
-  resources :emails
-  resources :passwords
+  resource  :authentication, :except => [:index, :edit]
+  resources :comments,       :except => [:new, :show]
+  resources :emails,         :only   => [:destroy]
+  resources :passwords,      :only   => [:new, :create, :edit, :update]
   resources :accounts, :id => /\d+/ do
     collection do
@@ -32,17 +32,17 @@ Rails.application.routes.draw do
       post :filter
       get  :options
       get  :field_group
-      match :auto_complete
+      post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :contacts
-      get :opportunities
+      get  :contacts
+      get  :opportunities
     end
   end
@@ -54,15 +54,15 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :leads
-      get :opportunities
+      get  :leads
+      get  :opportunities
     end
   end
@@ -74,14 +74,14 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :opportunities
+      get  :opportunities
     end
   end
@@ -93,7 +93,8 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
+      get  :autocomplete_account_name
     end
     member do
       get  :convert
@@ -104,8 +105,6 @@ Rails.application.routes.draw do
       put  :promote
       put  :reject
     end
-    get :autocomplete_account_name, :on => :collection
   end
   resources :opportunities, :id => /\d+/ do
@@ -123,7 +122,7 @@ Rails.application.routes.draw do
       post :discard
       post :subscribe
       post :unsubscribe
-      get :contacts
+      get  :contacts
     end
   end
@@ -133,24 +132,21 @@ Rails.application.routes.draw do
       post :auto_complete
     end
     member do
-      put :complete
+      put  :complete
     end
   end
   resources :users, :id => /\d+/, :except => [:index, :destroy] do
     member do
-      get :avatar
-      get :password
-      put :upload_avatar
-      put :change_password
+      get  :avatar
+      get  :password
+      put  :upload_avatar
+      put  :change_password
       post :redraw
     end
     collection do
-      match :auto_complete
-    end
-    collection do
-      get :opportunities_overview
+      post :auto_complete
+      get  :opportunities_overview
     end
   end
@@ -168,7 +164,7 @@ Rails.application.routes.draw do
       end
     end
-    resources :field_groups, :except => :index do
+    resources :field_groups, :except => [:index, :show] do
       collection do
         post :sort
       end
@@ -187,7 +183,7 @@ Rails.application.routes.draw do
       end
     end
-    resources :tags do
+    resources :tags, :except => [:show] do
       member do
         get :confirm
       end
@@ -196,9 +192,8 @@ Rails.application.routes.draw do
     resources :fields, :as => :custom_fields
     resources :fields, :as => :core_fields
-    resources :settings
-    resources :plugins
+    resources :settings, :only => :index
+    resources :plugins,  :only => :index
   end
-  get '/:controller/tagged/:id' => '#tagged'
 end

data/config/settings.default.yml CHANGED Viewed

@@ -63,12 +63,11 @@
 # Settings for outgoing email (SMTP)
-# - Default configuration is for GMail
 #------------------------------------------------------------------------------
 :smtp:
-  :address                    : "smtp.gmail.com"
-  :enable_starttls_auto       : true
-  :port                       : 587
+  :address                    : ""        # e.g. smtp.gmail.com
+  :enable_starttls_auto       : true      # true/false
+  :port                       : ""        # e.g. 587
   :authentication             : :plain
   :user_name                  : ""
   :password                   : ""

data/lib/development_tasks/rspec.rake CHANGED Viewed

@@ -5,7 +5,7 @@
 #------------------------------------------------------------------------------
 if defined?(RSpec)
   require 'rspec/core/rake_task'
   namespace :spec do
     desc "Preparing test env"
     task :prepare do
@@ -21,8 +21,4 @@ if defined?(RSpec)
   Rake::Task["spec"].prerequisites.clear
   Rake::Task["spec"].prerequisites.push("spec:prepare")
-  desc 'Run the acceptance specs in ./acceptance'
-  RSpec::Core::RakeTask.new(:acceptance => 'spec:prepare') do |t|
-    t.pattern = 'acceptance/**/*_spec.rb'
-  end
 end

data/lib/fat_free_crm.rb CHANGED Viewed

@@ -9,12 +9,22 @@ module FatFreeCRM
     # Return either Application or Engine,
     # depending on how Fat Free CRM has been loaded
     def application
-      defined?(FatFreeCRM::Engine) ? Engine : Application
+      engine? ? Engine : Application
     end
     def root
       application.root
     end
+    # Are we running as an engine?
+    def engine?
+      defined?(FatFreeCRM::Engine).present?
+    end
+    def application?
+      !engine?
+    end
   end
 end

data/lib/fat_free_crm/fields.rb CHANGED Viewed

@@ -76,7 +76,7 @@ module FatFreeCRM
       end
       def method_missing(method_id, *args, &block)
-        if method_id.to_s =~ /^cf_/
+        if method_id.to_s =~ /\Acf_/
           # Refresh columns and try again.
           self.class.reset_column_information
           # If new record, create new object from class, else reload class

data/lib/fat_free_crm/gem_ext/rails/text_helper.rb CHANGED Viewed

@@ -86,7 +86,7 @@ module ActionView
               href
             else
               # don't include trailing punctuation character as part of the URL
-              while href.sub!(/[^\w\/-]$/, '')
+              while href.sub!(/[^\w\/-]\z/, '')
                 punctuation.push $&
                 if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
                   href << punctuation.pop
@@ -127,4 +127,3 @@ module ActionView
     end
   end
 end

data/lib/fat_free_crm/secret_token_generator.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# Copyright (c) 2008-2014 Michael Dvorkin and contributors.
+#
+# Fat Free CRM is freely distributable under the terms of MIT license.
+# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
+#------------------------------------------------------------------------------
+require 'securerandom'
+module FatFreeCRM
+  class SecretTokenGenerator
+    class << self
+      #
+      # If there is no secret token defined, we generate one and save it as a setting
+      # If a token has been already been saved, we tell Rails to use it and move on.
+      def setup!
+        if token.blank?
+          Rails.logger.info("No secret key defined yet... generating and saving to Setting.secret_token")
+          generate_and_persist_token!
+        end
+        FatFreeCRM::Application.config.secret_token = token
+        raise(FAIL_MESSAGE) if FatFreeCRM::Application.config.secret_token.blank?# and !Rails.env.test?
+      end
+      private
+      FAIL_MESSAGE = ::I18n.t('secret_token_generator.fail_message', default: "There was a problem generating the secret token. Please see lib/fat_free_crm/secret_token_generator.rb")
+      #
+      # Read the current token from settings
+      def token
+        Setting.secret_token
+      end
+      #
+      # Create a new secret token and save it as a setting.
+      def generate_and_persist_token!
+        quietly do
+          Setting.secret_token = SecureRandom.hex(64)
+        end
+      end
+      #
+      # Yields to a block that executes with the logging turned off
+      # This stops the secret token from being appended to the log
+      def quietly(&block)
+        temp_logger = ActiveRecord::Base.logger
+        ActiveRecord::Base.logger = nil
+        yield
+        ActiveRecord::Base.logger = temp_logger
+      end
+    end
+  end
+end

data/lib/fat_free_crm/version.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 13
-    TINY  = 0
+    TINY  = 1
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

data/spec/controllers/admin/users_controller_spec.rb CHANGED Viewed

@@ -54,10 +54,8 @@ describe Admin::UsersController do
   #----------------------------------------------------------------------------
   describe "GET new" do
     it "assigns a new user as @user and renders [new] template" do
-      @user = User.new
       xhr :get, :new
-      assigns[:user].attributes.should == @user.attributes
+      expect(assigns[:user]).to be_new_record
       response.should render_template("admin/users/new")
     end
   end

data/spec/controllers/home_controller_spec.rb CHANGED Viewed

@@ -76,13 +76,6 @@ describe HomeController do
       assigns[:my_accounts].should == [account_1, account_4, account_3, account_2]
     end
-    it "should assign @hello and call hook" do
-      require_user
-      controller.should_receive(:hook).at_least(:once)
-      get :index
-      assigns[:hello].should == "Hello world"
-    end
   end
   # GET /home/options                                                      AJAX

data/spec/controllers/passwords_controller_spec.rb CHANGED Viewed

@@ -3,14 +3,32 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require 'spec_helper'
 describe PasswordsController do
-  #Delete this example and add some real ones
-  it "should use PasswordsController" do
-    controller.should be_an_instance_of(PasswordsController)
+  let(:user) { FactoryGirl.build(:user) }
+  describe "update" do
+    before(:each) do
+      User.stub(:find_using_perishable_token).and_return(user)
+    end
+    it "should accept non-blank passwords" do
+      password = "password"
+      user.should_receive(:update_attributes).and_return(true)
+      put :update, id: 1, user: { password: password, password_confirmation: password }
+      response.should redirect_to( profile_url )
+    end
+    it "should not accept blank passwords" do
+      password = "    "
+      user.should_not_receive(:update_attributes)
+      put :update, id: 1, user: { password: password, password_confirmation: password }
+      response.should render_template('edit')
+    end
   end
 end

data/spec/controllers/users_controller_spec.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require 'spec_helper'
 describe UsersController do
@@ -15,11 +15,9 @@ describe UsersController do
       require_user
     end
-    it "should expose the requested user as @user and render [show] template" do
-      @user = FactoryGirl.create(:user)
-      get :show, :id => @user.id
-      assigns[:user].should == @user
+    it "should render [show] template" do
+      get :show, :id => current_user.id
+      assigns[:user].should == current_user
       response.should render_template("users/show")
     end
@@ -29,16 +27,30 @@ describe UsersController do
       response.should render_template("users/show")
     end
+    it "should show user if admin user" do
+      @user = create(:user)
+      require_user(admin: true)
+      get :show, id: @user.id
+      assigns[:user].should == @user
+      response.should render_template("users/show")
+    end
+    it "should not show user if not admin user" do
+      @user = create(:user)
+      get :show, id: @user.id
+      response.should redirect_to(root_url)
+    end
     describe "with mime type of JSON" do
       before(:each) do
         request.env["HTTP_ACCEPT"] = "application/json"
       end
       it "should render the requested user as JSON" do
-        User.should_receive(:find).and_return(user = double("User"))
-        user.should_receive(:to_json).and_return("generated JSON")
+        User.should_receive(:find).and_return(current_user)
+        current_user.should_receive(:to_json).and_return("generated JSON")
-        get :show, :id => 42
+        get :show, :id => current_user.id
         response.body.should == "generated JSON"
       end
@@ -56,10 +68,10 @@ describe UsersController do
       end
       it "should render the requested user as XML" do
-        User.should_receive(:find).and_return(user = double("User"))
-        user.should_receive(:to_xml).and_return("generated XML")
+        User.should_receive(:find).and_return(current_user)
+        current_user.should_receive(:to_xml).and_return("generated XML")
-        get :show, :id => 42
+        get :show, :id => current_user.id
         response.body.should == "generated XML"
       end
@@ -79,7 +91,7 @@ describe UsersController do
     describe "if user is allowed to sign up" do
       it "should expose a new user as @user and render [new] template" do
-        @controller.should_receive(:can_signup?).and_return(true)
+        User.should_receive(:can_signup?).and_return(true)
         @user = FactoryGirl.build(:user)
         User.stub(:new).and_return(@user)
@@ -91,7 +103,7 @@ describe UsersController do
     describe "if user is not allowed to sign up" do
       it "should redirect to login_path" do
-        @controller.should_receive(:can_signup?).and_return(false)
+        User.should_receive(:can_signup?).and_return(false)
         get :new
         response.should redirect_to(login_path)
@@ -102,14 +114,27 @@ describe UsersController do
   # GET /users/1/edit                                                      AJAX
   #----------------------------------------------------------------------------
   describe "responding to GET edit" do
-    before(:each) do
+    it "should expose current user as @user and render [edit] template" do
       require_user
       @user = current_user
+      xhr :get, :edit, :id => @user.id
+      assigns[:user].should == current_user
+      response.should render_template("users/edit")
     end
-    it "should expose current user as @user and render [edit] template" do
+    it "should not allow current user to edit another user" do
+      @user = create(:user)
+      require_user
       xhr :get, :edit, :id => @user.id
-      assigns[:user].should == current_user
+      expect(response.body).to eql("window.location.reload();")
+    end
+    it "should allow admin to edit another user" do
+      require_user(admin: true)
+      @user = create(:user)
+      xhr :get, :edit, :id => @user.id
+      assigns[:user].should == @user
       response.should render_template("users/edit")
     end
@@ -130,6 +155,7 @@ describe UsersController do
       end
       it "exposes a newly created user as @user and redirect to profile page" do
+        require_user(admin: true)
         post :create, :user => { :username => @username, :email => @email, :password => @password, :password_confirmation => @password }
         assigns[:user].should == @user
         flash[:notice].should =~ /welcome/
@@ -148,6 +174,7 @@ describe UsersController do
     describe "with invalid params" do
       it "assigns a newly created but unsaved user as @user and renders [new] template" do
+        require_user(admin: true)
         @user = FactoryGirl.build(:user, :username => "", :email => "")
         User.stub(:new).and_return(@user)
@@ -292,6 +319,7 @@ describe UsersController do
   describe "responding to PUT change_password" do
     before(:each) do
       require_user
+      User.stub(:find).and_return(current_user)
       @current_user_session.stub(:unauthorized_record=).and_return(current_user)
       @current_user_session.stub(:save).and_return(current_user)
       @user = current_user