RubyGems - fat_free_crm - Versions diffs - 0.13.0 → 0.13.1 - Mend

fat_free_crm 0.13.0 → 0.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (59) hide show

checksums.yaml +4 -4
data/Capfile +1 -4
data/Gemfile.lock +0 -1
data/README.md +1 -0
data/app/assets/javascripts/lists.js.coffee +1 -2
data/app/controllers/application_controller.rb +27 -25
data/app/controllers/emails_controller.rb +1 -30
data/app/controllers/entities/contacts_controller.rb +1 -1
data/app/controllers/entities/opportunities_controller.rb +1 -1
data/app/controllers/entities_controller.rb +0 -1
data/app/controllers/home_controller.rb +0 -4
data/app/controllers/passwords_controller.rb +3 -3
data/app/controllers/tasks_controller.rb +17 -10
data/app/controllers/users_controller.rb +23 -46
data/app/helpers/application_helper.rb +0 -3
data/app/helpers/campaigns_helper.rb +0 -1
data/app/helpers/leads_helper.rb +0 -11
data/app/helpers/opportunities_helper.rb +0 -1
data/app/helpers/tags_helper.rb +0 -8
data/app/helpers/versions_helper.rb +1 -1
data/app/models/entities/account_contact.rb +1 -1
data/app/models/entities/campaign.rb +3 -3
data/app/models/entities/contact.rb +3 -3
data/app/models/entities/lead.rb +5 -5
data/app/models/entities/opportunity.rb +1 -3
data/app/models/fields/field_group.rb +1 -0
data/app/models/list.rb +2 -1
data/app/models/polymorphic/avatar.rb +1 -1
data/app/models/polymorphic/task.rb +7 -4
data/app/models/setting.rb +0 -3
data/app/models/users/ability.rb +13 -2
data/app/models/users/user.rb +4 -1
data/app/views/home/index.html.haml +0 -4
data/app/views/layouts/application.html.haml +7 -5
data/app/views/leads/_contact.html.haml +0 -3
data/app/views/lists/_personal_sidebar.html.haml +2 -2
data/app/views/lists/_sidebar.html.haml +2 -2
data/config/application.rb +2 -2
data/config/environments/development.rb +2 -0
data/config/environments/production.rb +2 -3
data/config/initializers/secret_token.rb +25 -1
data/config/locales/en-US_fat_free_crm.yml +1 -1
data/config/routes.rb +27 -32
data/config/settings.default.yml +3 -4
data/lib/development_tasks/rspec.rake +1 -5
data/lib/fat_free_crm.rb +11 -1
data/lib/fat_free_crm/fields.rb +1 -1
data/lib/fat_free_crm/gem_ext/rails/text_helper.rb +1 -2
data/lib/fat_free_crm/secret_token_generator.rb +59 -0
data/lib/fat_free_crm/version.rb +1 -1
data/spec/controllers/admin/users_controller_spec.rb +1 -3
data/spec/controllers/home_controller_spec.rb +0 -7
data/spec/controllers/passwords_controller_spec.rb +23 -5
data/spec/controllers/users_controller_spec.rb +45 -17
data/spec/lib/secret_token_generator_spec.rb +55 -0
data/spec/models/users/abilities/user_ability_spec.rb +58 -0
data/spec/routing/emails_routing_spec.rb +13 -14
data/spec/spec_helper.rb +2 -1
metadata +5 -2

data/config/locales/en-US_fat_free_crm.yml CHANGED Viewed

@@ -189,7 +189,7 @@ en-US:
   msg_account_not_approved: Your account has not been approved yet.
   msg_asset_deleted: ! '%{value} has been deleted.'
   msg_asset_not_available: This %{value} is no longer available.
-  msg_asset_not_authorized: You are not authorized to view this %{value}.
+  msg_not_authorized: You are not authorized to take this action.
   msg_assets_not_available: The %{value} are not available.
   msg_asset_rejected: ! '%{value} has been rejected.'
   msg_bad_image_file: ^Could't upload or resize the image file you specified.

data/config/routes.rb CHANGED Viewed

@@ -21,10 +21,10 @@ Rails.application.routes.draw do
   match '/home/timezone', :as => :timezone
   match '/home/redraw',   :as => :redraw
-  resource  :authentication
-  resources :comments, :except => [:new, :show]
-  resources :emails
-  resources :passwords
+  resource  :authentication, :except => [:index, :edit]
+  resources :comments,       :except => [:new, :show]
+  resources :emails,         :only   => [:destroy]
+  resources :passwords,      :only   => [:new, :create, :edit, :update]
   resources :accounts, :id => /\d+/ do
     collection do
@@ -32,17 +32,17 @@ Rails.application.routes.draw do
       post :filter
       get  :options
       get  :field_group
-      match :auto_complete
+      post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :contacts
-      get :opportunities
+      get  :contacts
+      get  :opportunities
     end
   end
@@ -54,15 +54,15 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :leads
-      get :opportunities
+      get  :leads
+      get  :opportunities
     end
   end
@@ -74,14 +74,14 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
     end
     member do
       put  :attach
       post :discard
       post :subscribe
       post :unsubscribe
-      get :opportunities
+      get  :opportunities
     end
   end
@@ -93,7 +93,8 @@ Rails.application.routes.draw do
       get  :field_group
       post :auto_complete
       post :redraw
-      get :versions
+      get  :versions
+      get  :autocomplete_account_name
     end
     member do
       get  :convert
@@ -104,8 +105,6 @@ Rails.application.routes.draw do
       put  :promote
       put  :reject
     end
-    get :autocomplete_account_name, :on => :collection
   end
   resources :opportunities, :id => /\d+/ do
@@ -123,7 +122,7 @@ Rails.application.routes.draw do
       post :discard
       post :subscribe
       post :unsubscribe
-      get :contacts
+      get  :contacts
     end
   end
@@ -133,24 +132,21 @@ Rails.application.routes.draw do
       post :auto_complete
     end
     member do
-      put :complete
+      put  :complete
     end
   end
   resources :users, :id => /\d+/, :except => [:index, :destroy] do
     member do
-      get :avatar
-      get :password
-      put :upload_avatar
-      put :change_password
+      get  :avatar
+      get  :password
+      put  :upload_avatar
+      put  :change_password
       post :redraw
     end
     collection do
-      match :auto_complete
-    end
-    collection do
-      get :opportunities_overview
+      post :auto_complete
+      get  :opportunities_overview
     end
   end
@@ -168,7 +164,7 @@ Rails.application.routes.draw do
       end
     end
-    resources :field_groups, :except => :index do
+    resources :field_groups, :except => [:index, :show] do
       collection do
         post :sort
       end
@@ -187,7 +183,7 @@ Rails.application.routes.draw do
       end
     end
-    resources :tags do
+    resources :tags, :except => [:show] do
       member do
         get :confirm
       end
@@ -196,9 +192,8 @@ Rails.application.routes.draw do
     resources :fields, :as => :custom_fields
     resources :fields, :as => :core_fields
-    resources :settings
-    resources :plugins
+    resources :settings, :only => :index
+    resources :plugins,  :only => :index
   end
-  get '/:controller/tagged/:id' => '#tagged'
 end

data/config/settings.default.yml CHANGED Viewed

@@ -63,12 +63,11 @@
 # Settings for outgoing email (SMTP)
-# - Default configuration is for GMail
 #------------------------------------------------------------------------------
 :smtp:
-  :address                    : "smtp.gmail.com"
-  :enable_starttls_auto       : true
-  :port                       : 587
+  :address                    : ""        # e.g. smtp.gmail.com
+  :enable_starttls_auto       : true      # true/false
+  :port                       : ""        # e.g. 587
   :authentication             : :plain
   :user_name                  : ""
   :password                   : ""

data/lib/development_tasks/rspec.rake CHANGED Viewed

@@ -5,7 +5,7 @@
 #------------------------------------------------------------------------------
 if defined?(RSpec)
   require 'rspec/core/rake_task'
   namespace :spec do
     desc "Preparing test env"
     task :prepare do
@@ -21,8 +21,4 @@ if defined?(RSpec)
   Rake::Task["spec"].prerequisites.clear
   Rake::Task["spec"].prerequisites.push("spec:prepare")
-  desc 'Run the acceptance specs in ./acceptance'
-  RSpec::Core::RakeTask.new(:acceptance => 'spec:prepare') do |t|
-    t.pattern = 'acceptance/**/*_spec.rb'
-  end
 end

data/lib/fat_free_crm.rb CHANGED Viewed

@@ -9,12 +9,22 @@ module FatFreeCRM
     # Return either Application or Engine,
     # depending on how Fat Free CRM has been loaded
     def application
-      defined?(FatFreeCRM::Engine) ? Engine : Application
+      engine? ? Engine : Application
     end
     def root
       application.root
     end
+    # Are we running as an engine?
+    def engine?
+      defined?(FatFreeCRM::Engine).present?
+    end
+    def application?
+      !engine?
+    end
   end
 end

data/lib/fat_free_crm/fields.rb CHANGED Viewed

@@ -76,7 +76,7 @@ module FatFreeCRM
       end
       def method_missing(method_id, *args, &block)
-        if method_id.to_s =~ /^cf_/
+        if method_id.to_s =~ /\Acf_/
           # Refresh columns and try again.
           self.class.reset_column_information
           # If new record, create new object from class, else reload class

data/lib/fat_free_crm/gem_ext/rails/text_helper.rb CHANGED Viewed

@@ -86,7 +86,7 @@ module ActionView
               href
             else
               # don't include trailing punctuation character as part of the URL
-              while href.sub!(/[^\w\/-]$/, '')
+              while href.sub!(/[^\w\/-]\z/, '')
                 punctuation.push $&
                 if opening = BRACKETS[punctuation.last] and href.scan(opening).size > href.scan(punctuation.last).size
                   href << punctuation.pop
@@ -127,4 +127,3 @@ module ActionView
     end
   end
 end

data/lib/fat_free_crm/secret_token_generator.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# Copyright (c) 2008-2014 Michael Dvorkin and contributors.
+#
+# Fat Free CRM is freely distributable under the terms of MIT license.
+# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
+#------------------------------------------------------------------------------
+require 'securerandom'
+module FatFreeCRM
+  class SecretTokenGenerator
+    class << self
+      #
+      # If there is no secret token defined, we generate one and save it as a setting
+      # If a token has been already been saved, we tell Rails to use it and move on.
+      def setup!
+        if token.blank?
+          Rails.logger.info("No secret key defined yet... generating and saving to Setting.secret_token")
+          generate_and_persist_token!
+        end
+        FatFreeCRM::Application.config.secret_token = token
+        raise(FAIL_MESSAGE) if FatFreeCRM::Application.config.secret_token.blank?# and !Rails.env.test?
+      end
+      private
+      FAIL_MESSAGE = ::I18n.t('secret_token_generator.fail_message', default: "There was a problem generating the secret token. Please see lib/fat_free_crm/secret_token_generator.rb")
+      #
+      # Read the current token from settings
+      def token
+        Setting.secret_token
+      end
+      #
+      # Create a new secret token and save it as a setting.
+      def generate_and_persist_token!
+        quietly do
+          Setting.secret_token = SecureRandom.hex(64)
+        end
+      end
+      #
+      # Yields to a block that executes with the logging turned off
+      # This stops the secret token from being appended to the log
+      def quietly(&block)
+        temp_logger = ActiveRecord::Base.logger
+        ActiveRecord::Base.logger = nil
+        yield
+        ActiveRecord::Base.logger = temp_logger
+      end
+    end
+  end
+end

data/lib/fat_free_crm/version.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module FatFreeCRM
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 13
-    TINY  = 0
+    TINY  = 1
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

data/spec/controllers/admin/users_controller_spec.rb CHANGED Viewed

@@ -54,10 +54,8 @@ describe Admin::UsersController do
   #----------------------------------------------------------------------------
   describe "GET new" do
     it "assigns a new user as @user and renders [new] template" do
-      @user = User.new
       xhr :get, :new
-      assigns[:user].attributes.should == @user.attributes
+      expect(assigns[:user]).to be_new_record
       response.should render_template("admin/users/new")
     end
   end

data/spec/controllers/home_controller_spec.rb CHANGED Viewed

@@ -76,13 +76,6 @@ describe HomeController do
       assigns[:my_accounts].should == [account_1, account_4, account_3, account_2]
     end
-    it "should assign @hello and call hook" do
-      require_user
-      controller.should_receive(:hook).at_least(:once)
-      get :index
-      assigns[:hello].should == "Hello world"
-    end
   end
   # GET /home/options                                                      AJAX

data/spec/controllers/passwords_controller_spec.rb CHANGED Viewed

@@ -3,14 +3,32 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require 'spec_helper'
 describe PasswordsController do
-  #Delete this example and add some real ones
-  it "should use PasswordsController" do
-    controller.should be_an_instance_of(PasswordsController)
+  let(:user) { FactoryGirl.build(:user) }
+  describe "update" do
+    before(:each) do
+      User.stub(:find_using_perishable_token).and_return(user)
+    end
+    it "should accept non-blank passwords" do
+      password = "password"
+      user.should_receive(:update_attributes).and_return(true)
+      put :update, id: 1, user: { password: password, password_confirmation: password }
+      response.should redirect_to( profile_url )
+    end
+    it "should not accept blank passwords" do
+      password = "    "
+      user.should_not_receive(:update_attributes)
+      put :update, id: 1, user: { password: password, password_confirmation: password }
+      response.should render_template('edit')
+    end
   end
 end

data/spec/controllers/users_controller_spec.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require 'spec_helper'
 describe UsersController do
@@ -15,11 +15,9 @@ describe UsersController do
       require_user
     end
-    it "should expose the requested user as @user and render [show] template" do
-      @user = FactoryGirl.create(:user)
-      get :show, :id => @user.id
-      assigns[:user].should == @user
+    it "should render [show] template" do
+      get :show, :id => current_user.id
+      assigns[:user].should == current_user
       response.should render_template("users/show")
     end
@@ -29,16 +27,30 @@ describe UsersController do
       response.should render_template("users/show")
     end
+    it "should show user if admin user" do
+      @user = create(:user)
+      require_user(admin: true)
+      get :show, id: @user.id
+      assigns[:user].should == @user
+      response.should render_template("users/show")
+    end
+    it "should not show user if not admin user" do
+      @user = create(:user)
+      get :show, id: @user.id
+      response.should redirect_to(root_url)
+    end
     describe "with mime type of JSON" do
       before(:each) do
         request.env["HTTP_ACCEPT"] = "application/json"
       end
       it "should render the requested user as JSON" do
-        User.should_receive(:find).and_return(user = double("User"))
-        user.should_receive(:to_json).and_return("generated JSON")
+        User.should_receive(:find).and_return(current_user)
+        current_user.should_receive(:to_json).and_return("generated JSON")
-        get :show, :id => 42
+        get :show, :id => current_user.id
         response.body.should == "generated JSON"
       end
@@ -56,10 +68,10 @@ describe UsersController do
       end
       it "should render the requested user as XML" do
-        User.should_receive(:find).and_return(user = double("User"))
-        user.should_receive(:to_xml).and_return("generated XML")
+        User.should_receive(:find).and_return(current_user)
+        current_user.should_receive(:to_xml).and_return("generated XML")
-        get :show, :id => 42
+        get :show, :id => current_user.id
         response.body.should == "generated XML"
       end
@@ -79,7 +91,7 @@ describe UsersController do
     describe "if user is allowed to sign up" do
       it "should expose a new user as @user and render [new] template" do
-        @controller.should_receive(:can_signup?).and_return(true)
+        User.should_receive(:can_signup?).and_return(true)
         @user = FactoryGirl.build(:user)
         User.stub(:new).and_return(@user)
@@ -91,7 +103,7 @@ describe UsersController do
     describe "if user is not allowed to sign up" do
       it "should redirect to login_path" do
-        @controller.should_receive(:can_signup?).and_return(false)
+        User.should_receive(:can_signup?).and_return(false)
         get :new
         response.should redirect_to(login_path)
@@ -102,14 +114,27 @@ describe UsersController do
   # GET /users/1/edit                                                      AJAX
   #----------------------------------------------------------------------------
   describe "responding to GET edit" do
-    before(:each) do
+    it "should expose current user as @user and render [edit] template" do
       require_user
       @user = current_user
+      xhr :get, :edit, :id => @user.id
+      assigns[:user].should == current_user
+      response.should render_template("users/edit")
     end
-    it "should expose current user as @user and render [edit] template" do
+    it "should not allow current user to edit another user" do
+      @user = create(:user)
+      require_user
       xhr :get, :edit, :id => @user.id
-      assigns[:user].should == current_user
+      expect(response.body).to eql("window.location.reload();")
+    end
+    it "should allow admin to edit another user" do
+      require_user(admin: true)
+      @user = create(:user)
+      xhr :get, :edit, :id => @user.id
+      assigns[:user].should == @user
       response.should render_template("users/edit")
     end
@@ -130,6 +155,7 @@ describe UsersController do
       end
       it "exposes a newly created user as @user and redirect to profile page" do
+        require_user(admin: true)
         post :create, :user => { :username => @username, :email => @email, :password => @password, :password_confirmation => @password }
         assigns[:user].should == @user
         flash[:notice].should =~ /welcome/
@@ -148,6 +174,7 @@ describe UsersController do
     describe "with invalid params" do
       it "assigns a newly created but unsaved user as @user and renders [new] template" do
+        require_user(admin: true)
         @user = FactoryGirl.build(:user, :username => "", :email => "")
         User.stub(:new).and_return(@user)
@@ -292,6 +319,7 @@ describe UsersController do
   describe "responding to PUT change_password" do
     before(:each) do
       require_user
+      User.stub(:find).and_return(current_user)
       @current_user_session.stub(:unauthorized_record=).and_return(current_user)
       @current_user_session.stub(:save).and_return(current_user)
       @user = current_user