RubyGems - fat_free_crm - Versions diffs - 0.18.2 → 0.19.0 - Mend

fat_free_crm 0.18.2 → 0.19.0

Potentially problematic release.

This version of fat_free_crm might be problematic. Click here for more details.

Files changed (251) hide show

checksums.yaml +4 -4
data/.rubocop_todo.yml +61 -160
data/.travis.yml +27 -11
data/CHANGELOG.md +40 -24
data/CONTRIBUTORS.md +1 -0
data/Dockerfile +45 -14
data/Gemfile +16 -10
data/Gemfile.lock +230 -222
data/Procfile +1 -1
data/README.md +2 -2
data/Rakefile +1 -1
data/app/assets/stylesheets/common.scss +1 -1
data/app/controllers/admin/application_controller.rb +1 -1
data/app/controllers/admin/field_groups_controller.rb +1 -3
data/app/controllers/admin/tags_controller.rb +1 -3
data/app/controllers/admin/users_controller.rb +5 -8
data/app/controllers/application_controller.rb +11 -45
data/app/controllers/comments_controller.rb +2 -5
data/{config/initializers/authlogic.rb → app/controllers/confirmations_controller.rb} +4 -2
data/app/controllers/emails_controller.rb +0 -2
data/app/controllers/entities/accounts_controller.rb +1 -3
data/app/controllers/entities/campaigns_controller.rb +1 -3
data/app/controllers/entities/contacts_controller.rb +4 -24
data/app/controllers/entities/leads_controller.rb +7 -10
data/app/controllers/entities/opportunities_controller.rb +4 -14
data/app/controllers/entities_controller.rb +21 -7
data/app/controllers/home_controller.rb +2 -4
data/app/controllers/passwords_controller.rb +3 -59
data/{spec/features/support/maintain_sessions.rb → app/controllers/registrations_controller.rb} +12 -5
data/{lib/development_tasks/gem.rake → app/controllers/sessions_controller.rb} +6 -6
data/app/controllers/tasks_controller.rb +8 -17
data/app/controllers/users_controller.rb +8 -29
data/app/helpers/admin/users_helper.rb +1 -1
data/app/helpers/application_helper.rb +27 -32
data/app/helpers/campaigns_helper.rb +1 -1
data/app/helpers/contacts_helper.rb +1 -3
data/app/helpers/opportunities_helper.rb +4 -12
data/app/helpers/tasks_helper.rb +1 -1
data/app/helpers/users_helper.rb +1 -3
data/{config/initializers/paper_trail.rb → app/mailers/devise_mailer.rb} +5 -1
data/app/mailers/user_mailer.rb +0 -9
data/app/models/entities/account.rb +10 -10
data/app/models/entities/campaign.rb +4 -6
data/app/models/entities/contact.rb +24 -12
data/app/models/entities/lead.rb +7 -7
data/app/models/entities/opportunity.rb +7 -9
data/app/models/fields/custom_field.rb +1 -0
data/app/models/fields/custom_field_date_pair.rb +2 -0
data/app/models/fields/field.rb +1 -3
data/app/models/list.rb +1 -1
data/app/models/observers/entity_observer.rb +3 -7
data/app/models/observers/lead_observer.rb +2 -4
data/app/models/observers/opportunity_observer.rb +2 -4
data/app/models/observers/task_observer.rb +1 -1
data/app/models/polymorphic/email.rb +2 -2
data/app/models/polymorphic/task.rb +13 -9
data/app/models/polymorphic/version.rb +3 -2
data/app/models/setting.rb +2 -0
data/app/models/users/permission.rb +3 -3
data/app/models/users/preference.rb +2 -1
data/app/models/users/user.rb +67 -42
data/app/views/accounts/_top_section.html.haml +1 -1
data/app/views/accounts/edit.js.haml +1 -1
data/app/views/accounts/update.js.haml +2 -2
data/app/views/admin/users/_user.html.haml +4 -4
data/app/views/contacts/_index_brief.html.haml +1 -1
data/app/views/contacts/_index_full.html.haml +1 -1
data/app/views/contacts/_index_long.html.haml +1 -1
data/app/views/devise/confirmations/new.html.haml +9 -0
data/app/views/devise/mailer/confirmation_instructions.html.haml +4 -0
data/app/views/devise/mailer/password_change.html.haml +3 -0
data/app/views/devise/mailer/reset_password_instructions.html.haml +6 -0
data/app/views/devise/passwords/edit.html.haml +18 -0
data/app/views/devise/passwords/new.html.haml +10 -0
data/app/views/devise/registrations/new.html.haml +21 -0
data/app/views/devise/sessions/new.html.haml +32 -0
data/app/views/layouts/_about.html.haml +5 -5
data/app/views/layouts/_header.html.haml +3 -3
data/app/views/layouts/admin/_header.html.haml +1 -1
data/app/views/shared/_address.html.haml +5 -5
data/app/views/shared/_paginate_with_per_page.html.haml +1 -0
data/app/views/users/_avatar.html.haml +1 -1
data/bin/bundle +1 -1
data/bin/rails +1 -1
data/bin/setup +38 -0
data/bin/update +33 -0
data/bin/yarn +13 -0
data/config/application.rb +8 -6
data/config/boot.rb +1 -1
data/config/brakeman.ignore +2 -2
data/config/database.postgres.docker.yml +5 -5
data/config/environment.rb +1 -1
data/config/environments/development.rb +1 -0
data/config/environments/test.rb +7 -0
data/config/initializers/action_mailer.rb +1 -3
data/config/initializers/application_controller_renderer.rb +9 -0
data/config/initializers/assets.rb +6 -11
data/config/initializers/backtrace_silencers.rb +0 -6
data/config/initializers/content_security_policy.rb +26 -0
data/config/initializers/cookies_serializer.rb +3 -6
data/config/initializers/devise.rb +289 -0
data/config/initializers/filter_parameter_logging.rb +0 -5
data/config/initializers/gravatar.rb +0 -1
data/config/initializers/inflections.rb +0 -6
data/config/initializers/mime_types.rb +1 -9
data/config/initializers/new_framework_defaults_5_2.rb +40 -0
data/config/initializers/relative_url_root.rb +1 -3
data/config/initializers/session_store.rb +1 -3
data/config/initializers/wrap_parameters.rb +4 -9
data/config/locales/fat_free_crm.en-GB.yml +5 -5
data/config/locales/fat_free_crm.en-US.yml +5 -5
data/config/locales/fat_free_crm.fr.yml +1 -1
data/config/locales/fat_free_crm.ru.yml +1 -0
data/config/routes.rb +20 -9
data/db/demo/users.yml +62 -81
data/db/migrate/20100928030620_remove_uuid.rb +1 -2
data/db/migrate/20120316045804_activities_to_versions.rb +1 -0
data/db/migrate/20120510025219_add_not_null_constraints_for_timestamp_columns.rb +1 -0
data/db/migrate/20180107082701_authlogic_to_devise.rb +58 -0
data/db/schema.rb +48 -43
data/docker-compose.yml +10 -0
data/fat_free_crm.gemspec +11 -13
data/lib/development_tasks/license.rake +2 -2
data/lib/fat_free_crm/callback.rb +2 -2
data/lib/fat_free_crm/comment_extensions.rb +2 -4
data/lib/fat_free_crm/core_ext/string.rb +1 -1
data/lib/fat_free_crm/engine.rb +1 -1
data/lib/fat_free_crm/errors.rb +1 -1
data/lib/fat_free_crm/export_csv.rb +1 -0
data/lib/fat_free_crm/exportable.rb +1 -1
data/lib/fat_free_crm/fields.rb +1 -1
data/lib/fat_free_crm/gem_dependencies.rb +1 -1
data/lib/fat_free_crm/gem_ext/simple_form/action_view_extensions/form_helper.rb +1 -3
data/lib/fat_free_crm/i18n.rb +2 -2
data/lib/fat_free_crm/mail_processor/base.rb +4 -10
data/lib/fat_free_crm/mail_processor/dropbox.rb +5 -15
data/lib/fat_free_crm/permissions.rb +7 -4
data/lib/fat_free_crm/sortable.rb +1 -1
data/lib/fat_free_crm/tabs.rb +2 -2
data/lib/fat_free_crm/version.rb +2 -2
data/lib/gravatar_image_tag.rb +7 -8
data/lib/missing_translation_detector.rb +1 -0
data/lib/tasks/ffcrm/missing_translations.rake +1 -0
data/lib/tasks/ffcrm/setup.rake +10 -1
data/lib/tasks/ffcrm/update_data.rake +2 -2
data/script/rails +2 -2
data/spec/controllers/admin/users_controller_spec.rb +0 -56
data/spec/controllers/comments_controller_spec.rb +6 -6
data/spec/controllers/entities/campaigns_controller_spec.rb +1 -1
data/spec/controllers/entities/contacts_controller_spec.rb +2 -1
data/spec/controllers/entities/leads_controller_spec.rb +2 -2
data/spec/controllers/entities/opportunities_controller_spec.rb +1 -1
data/spec/controllers/entities_controller_spec.rb +5 -0
data/spec/controllers/home_controller_spec.rb +5 -5
data/spec/controllers/tasks_controller_spec.rb +6 -4
data/spec/controllers/users_controller_spec.rb +28 -98
data/spec/factories/account_factories.rb +5 -5
data/spec/factories/campaign_factories.rb +3 -3
data/spec/factories/contact_factories.rb +8 -8
data/spec/factories/field_factories.rb +4 -3
data/spec/factories/lead_factories.rb +5 -5
data/spec/factories/list_factories.rb +2 -2
data/spec/factories/opportunity_factories.rb +3 -3
data/spec/factories/setting_factories.rb +2 -2
data/spec/factories/shared_factories.rb +11 -9
data/spec/factories/task_factories.rb +7 -7
data/spec/factories/user_factories.rb +16 -19
data/spec/features/admin/groups_spec.rb +1 -1
data/spec/features/admin/users_spec.rb +3 -1
data/spec/features/campaigns_spec.rb +1 -1
data/spec/features/contacts_spec.rb +1 -1
data/spec/features/dashboard_spec.rb +1 -1
data/spec/features/devise/sign_in_spec.rb +58 -0
data/spec/features/devise/sign_up_spec.rb +36 -0
data/spec/features/leads_spec.rb +1 -1
data/spec/features/opportunities_overview_spec.rb +1 -1
data/spec/features/opportunities_spec.rb +3 -3
data/spec/features/support/browser.rb +2 -1
data/spec/features/tasks_spec.rb +1 -1
data/spec/helpers/admin/field_groups_helper_spec.rb +1 -1
data/spec/helpers/users_helper_spec.rb +4 -4
data/spec/lib/comment_extensions_spec.rb +10 -4
data/spec/lib/errors_spec.rb +2 -2
data/spec/lib/mail_processor/dropbox_spec.rb +1 -1
data/spec/lib/mail_processor/sample_emails/dropbox.rb +8 -8
data/spec/lib/permissions_spec.rb +8 -3
data/spec/mailers/devise_mailer_spec.rb +35 -0
data/spec/mailers/user_mailer_spec.rb +0 -26
data/spec/models/entities/account_spec.rb +27 -0
data/spec/models/entities/contact_spec.rb +96 -1
data/spec/models/fields/custom_field_date_pair_spec.rb +4 -2
data/spec/models/fields/custom_field_spec.rb +4 -2
data/spec/models/observers/entity_observer_spec.rb +1 -1
data/spec/models/polymorphic/version_spec.rb +7 -7
data/spec/models/users/user_spec.rb +22 -26
data/spec/routing/users_routing_spec.rb +30 -8
data/spec/shared/controllers.rb +3 -9
data/spec/spec_helper.rb +10 -2
data/spec/support/assert_select.rb +1 -0
data/spec/support/devise_helpers.rb +28 -0
data/spec/{features/support/helpers.rb → support/feature_helpers.rb} +10 -10
data/spec/support/macros.rb +4 -1
data/spec/views/contacts/update.js.haml_spec.rb +1 -1
data/spec/views/opportunities/update.js.haml_spec.rb +1 -1
data/vendor/gems/ransack_ui-1.3.4/.gitignore +17 -0
data/vendor/gems/ransack_ui-1.3.4/Gemfile +7 -0
data/vendor/gems/ransack_ui-1.3.4/LICENSE.txt +22 -0
data/vendor/gems/ransack_ui-1.3.4/README.md +57 -0
data/vendor/gems/ransack_ui-1.3.4/Rakefile +1 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/images/ransack_ui/calendar.png +0 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/images/ransack_ui/delete.png +0 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/javascripts/ransack/predicates.js.coffee +41 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/javascripts/ransack_ui_bootstrap/button_group_select.js.coffee +26 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/javascripts/ransack_ui_bootstrap/index.js.coffee +2 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/javascripts/ransack_ui_jquery/index.js +2 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/javascripts/ransack_ui_jquery/search_form.js.coffee.erb +499 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/stylesheets/ransack_ui_bootstrap/index.css +3 -0
data/vendor/gems/ransack_ui-1.3.4/app/assets/stylesheets/ransack_ui_bootstrap/search.css.scss +41 -0
data/vendor/gems/ransack_ui-1.3.4/app/views/ransack_ui/_condition_fields.html.erb +15 -0
data/vendor/gems/ransack_ui-1.3.4/app/views/ransack_ui/_grouping_fields.html.erb +16 -0
data/vendor/gems/ransack_ui-1.3.4/app/views/ransack_ui/_search.html.erb +29 -0
data/vendor/gems/ransack_ui-1.3.4/app/views/ransack_ui/_sort_fields.html.erb +4 -0
data/vendor/gems/ransack_ui-1.3.4/config/locales/en.yml +24 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui.rb +9 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/adapters/active_record.rb +6 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/adapters/active_record/base.rb +46 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/controller_helpers.rb +18 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/rails/engine.rb +21 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/adapters/active_record/base.rb +47 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/configuration.rb +15 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/context.rb +9 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/helpers/form_builder.rb +262 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/nodes/attribute.rb +13 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/nodes/condition.rb +13 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/ransack_overrides/nodes/grouping.rb +20 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/version.rb +3 -0
data/vendor/gems/ransack_ui-1.3.4/lib/ransack_ui/view_helpers.rb +30 -0
data/vendor/gems/ransack_ui-1.3.4/ransack_ui.gemspec +23 -0
metadata +79 -67
data/app/controllers/authentications_controller.rb +0 -53
data/app/models/users/authentication.rb +0 -56
data/app/views/authentications/new.html.haml +0 -19
data/app/views/passwords/edit.html.haml +0 -15
data/app/views/passwords/new.html.haml +0 -10
data/app/views/user_mailer/password_reset_instructions.html.haml +0 -6
data/app/views/users/new.html.haml +0 -19
data/spec/controllers/authentications_controller_spec.rb +0 -150
data/spec/controllers/passwords_controller_spec.rb +0 -32
data/spec/models/users/authentication_spec.rb +0 -19
data/spec/support/auth_macros.rb +0 -49
data/spec/views/authentications/new.haml_spec.rb +0 -31

data/Procfile CHANGED Viewed

	@@ -1 +1 @@
1	- web: bundle exec ~~unicorn~~ -p ~~$PORT -c ./~~config/~~unicorn~~.rb
1	+ web: bundle exec puma -C config/puma.rb

data/README.md CHANGED Viewed

@@ -84,7 +84,7 @@ This is the best way to deploy Fat Free CRM if you need to add plugins or make a
 ## Upgrading from previous versions of Fat Free CRM
-Please read the [Release Notes](https://github.com/fatfreecrm/fat_free_crm/blob/master/CHANGELOG.md) document for more detailed information on upgrading from previous versions.
+Please read the [Changelog](https://github.com/fatfreecrm/fat_free_crm/blob/master/CHANGELOG.md) document for more detailed information on upgrading from previous versions.
 ## Resources
@@ -122,7 +122,7 @@ Tests can easily be run by typing 'rake' but please note that they do take a whi
 * steveyken
-See the [contributors graph](https://github.com/fatfreecrm/fat_free_crm/graphs/contributors) and the [contributors file](https://github.com/fatfreecrm/fat_free_crm/blob/master/CONTRIBUTORS) for further details.
+See the [contributors graph](https://github.com/fatfreecrm/fat_free_crm/graphs/contributors) and the [contributors file](https://github.com/fatfreecrm/fat_free_crm/blob/master/CONTRIBUTORS.md) for further details.
 ## License

data/Rakefile CHANGED Viewed

@@ -4,7 +4,7 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-require File.expand_path('../config/application', __FILE__)
+require File.expand_path('config/application', __dir__)
 FatFreeCRM::Application.load_tasks

data/app/assets/stylesheets/common.scss CHANGED Viewed

@@ -89,7 +89,7 @@ $sidebar_width: 210px;
   -moz-box-shadow: 5px 5px 15px #bbbbbb, -5px 0px 15px #bbbbbb;
   -webkit-border-radius: 6px;
   -webkit-box-shadow: 5px 5px 15px #bbbbbb, -5px 0px 15px #bbbbbb;
-  input[type="text"], input[type="password"] {
+  input[type="text"], input[type="email"], input[type="password"] {
     font-size: 16px;
     padding: 2px;
     width: 355px; }

data/app/controllers/admin/application_controller.rb CHANGED Viewed

@@ -23,7 +23,7 @@ class Admin::ApplicationController < ApplicationController
   #----------------------------------------------------------------------------
   def require_admin_user
-    require_user
+    authenticate_user!
     unless current_user&.admin?
       flash[:notice] = t(:msg_require_admin)
       redirect_to root_path

data/app/controllers/admin/field_groups_controller.rb CHANGED Viewed

@@ -22,9 +22,7 @@ class Admin::FieldGroupsController < Admin::ApplicationController
   def edit
     @field_group = FieldGroup.find(params[:id])
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = FieldGroup.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = FieldGroup.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@field_group)
   end

data/app/controllers/admin/tags_controller.rb CHANGED Viewed

@@ -28,9 +28,7 @@ class Admin::TagsController < Admin::ApplicationController
   # GET /admin/tags/1/edit                                                AJAX
   #----------------------------------------------------------------------------
   def edit
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Tag.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Tag.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
   end
   # POST /admin/tags

data/app/controllers/admin/users_controller.rb CHANGED Viewed

@@ -35,9 +35,7 @@ class Admin::UsersController < Admin::ApplicationController
   # GET /admin/users/1/edit                                                AJAX
   #----------------------------------------------------------------------------
   def edit
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = User.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = User.find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@user)
   end
@@ -48,7 +46,7 @@ class Admin::UsersController < Admin::ApplicationController
   def create
     @user = User.new(user_params)
     @user.suspend_if_needs_approval
-    @user.save_without_session_maintenance
+    @user.save
     respond_with(@user)
   end
@@ -59,7 +57,7 @@ class Admin::UsersController < Admin::ApplicationController
   def update
     @user = User.find(params[:id])
     @user.attributes = user_params
-    @user.save_without_session_maintenance
+    @user.save
     respond_with(@user)
   end
@@ -74,9 +72,7 @@ class Admin::UsersController < Admin::ApplicationController
   # DELETE /admin/users/1.xml                                              AJAX
   #----------------------------------------------------------------------------
   def destroy
-    unless @user.destroyable?(current_user) && @user.destroy
-      flash[:warning] = t(:msg_cant_delete_user, @user.full_name)
-    end
+    flash[:warning] = t(:msg_cant_delete_user, @user.full_name) unless @user.destroyable?(current_user) && @user.destroy
     respond_with(@user)
   end
@@ -107,6 +103,7 @@ class Admin::UsersController < Admin::ApplicationController
   def user_params
     return {} unless params[:user]
     params[:user][:email].try(:strip!)
     params[:user][:password_confirmation] = nil if params[:user][:password_confirmation].blank?

data/app/controllers/application_controller.rb CHANGED Viewed

@@ -8,8 +8,9 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+  before_action :configure_devise_parameters, if: :devise_controller?
+  before_action :authenticate_user!
   before_action :set_paper_trail_whodunnit
   before_action :set_context
   before_action :clear_setting_cache
   before_action :cors_preflight_check
@@ -17,7 +18,6 @@ class ApplicationController < ActionController::Base
   after_action { hook(:app_after_filter, self) }
   after_action :cors_set_access_control_headers
-  helper_method :current_user_session, :current_user, :can_signup?
   helper_method :called_from_index_page?, :called_from_landing_page?
   helper_method :klass
@@ -73,16 +73,17 @@ class ApplicationController < ActionController::Base
   end
   #
-  # Takes { :related => 'campaigns/7' } or { :related => '5' }
+  # Takes { related: 'campaigns/7' } or { related: '5' }
   #   and returns array of object ids that should be excluded from search
   #   assumes controller_name is a method on 'related' class that returns a collection
   #----------------------------------------------------------------------------
   def auto_complete_ids_to_exclude(related)
     return [] if related.blank?
     return [related.to_i].compact unless related.index('/')
     related_class, id = related.split('/')
     obj = related_class.classify.constantize.find_by_id(id)
-    if obj && obj.respond_to?(controller_name)
+    if obj&.respond_to?(controller_name)
       obj.send(controller_name).map(&:id)
     else
       []
@@ -114,47 +115,6 @@ class ApplicationController < ActionController::Base
     @current_tab = tab
   end
-  #----------------------------------------------------------------------------
-  def current_user_session
-    @current_user_session ||= Authentication.find
-    @current_user_session = nil if @current_user_session&.record&.suspended?
-    @current_user_session
-  end
-  #----------------------------------------------------------------------------
-  def current_user
-    unless @current_user
-      @current_user = (current_user_session&.record)
-      if @current_user
-        @current_user.set_individual_locale
-        @current_user.set_single_access_token
-      end
-      User.current_user = @current_user
-    end
-    @current_user
-  end
-  #----------------------------------------------------------------------------
-  def require_user
-    unless current_user
-      store_location
-      flash[:notice] = t(:msg_login_needed) if request.fullpath != "/"
-      respond_to do |format|
-        format.html { redirect_to login_url }
-        format.js   { render plain: "window.location = '#{login_url}';" }
-      end
-    end
-  end
-  #----------------------------------------------------------------------------
-  def require_no_user
-    if current_user
-      store_location
-      flash[:notice] = t(:msg_logout_needed)
-      redirect_to profile_url
-    end
-  end
   #----------------------------------------------------------------------------
   def store_location
     session[:return_to] = request.fullpath
@@ -282,6 +242,12 @@ class ApplicationController < ActionController::Base
     end
   end
+  def configure_devise_parameters
+    devise_parameter_sanitizer.permit(:sign_up) do |user_params|
+      user_params.permit(:username, :email, :password, :password_confirmation)
+    end
+  end
   def find_class(asset)
     Rails.application.eager_load! unless Rails.application.config.cache_classes
     classes = ActiveRecord::Base.descendants.map(&:name)

data/app/controllers/comments_controller.rb CHANGED Viewed

@@ -6,8 +6,6 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 class CommentsController < ApplicationController
-  before_action :require_user
   # GET /comments
   # GET /comments.json
   # GET /comments.xml
@@ -37,9 +35,7 @@ class CommentsController < ApplicationController
     model = find_class(@comment.commentable_type)
     id = @comment.commentable_id
-    unless model.my(current_user).find_by_id(id)
-      respond_to_related_not_found(model.downcase)
-    end
+    respond_to_related_not_found(model.downcase) unless model.my(current_user).find_by_id(id)
   end
   # POST /comments
@@ -85,6 +81,7 @@ class CommentsController < ApplicationController
   def comment_params
     return {} unless params[:comment]
     params.require(:comment).permit(
       :user_id,
       :commentable_type,

data/{config/initializers/authlogic.rb → app/controllers/confirmations_controller.rb} RENAMED Viewed

@@ -4,5 +4,7 @@
 #
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
-#------------------------------------------------------------------------------
-require 'authlogic'
+class ConfirmationsController < Devise::ConfirmationsController
+  respond_to :html
+  append_view_path 'app/views/devise'
+end

data/app/controllers/emails_controller.rb CHANGED Viewed

@@ -6,8 +6,6 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 class EmailsController < ApplicationController
-  before_action :require_user
   # DELETE /emails/1
   # DELETE /emails/1.json
   # DELETE /emails/1.xml                                                   AJAX

data/app/controllers/entities/accounts_controller.rb CHANGED Viewed

@@ -45,9 +45,7 @@ class AccountsController < EntitiesController
   # GET /accounts/1/edit                                                   AJAX
   #----------------------------------------------------------------------------
   def edit
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Account.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Account.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@account)
   end

data/app/controllers/entities/campaigns_controller.rb CHANGED Viewed

@@ -84,9 +84,7 @@ class CampaignsController < EntitiesController
   # GET /campaigns/1/edit                                                  AJAX
   #----------------------------------------------------------------------------
   def edit
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Campaign.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Campaign.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@campaign)
   end

data/app/controllers/entities/contacts_controller.rb CHANGED Viewed

@@ -51,9 +51,7 @@ class ContactsController < EntitiesController
   #----------------------------------------------------------------------------
   def edit
     @account = @contact.account || Account.new(user: current_user)
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Contact.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Contact.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@contact)
   end
@@ -67,17 +65,7 @@ class ContactsController < EntitiesController
         @contact.add_comment_by_user(@comment_body, current_user)
         @contacts = get_contacts if called_from_index_page?
       else
-        if params[:account]
-          @account = if params[:account][:id].blank?
-                       if request.referer =~ /\/accounts\/(\d+)\z/
-                         Account.find(Regexp.last_match[1]) # related account
-                       else
-                         Account.new(user: current_user)
-                                  end
-                     else
-                       Account.find(params[:account][:id])
-                     end
-        end
+        @account = guess_related_account(params[:account][:id], request.referer, current_user) if params[:account]
         @opportunity = Opportunity.my(current_user).find(params[:opportunity]) unless params[:opportunity].blank?
       end
     end
@@ -87,13 +75,7 @@ class ContactsController < EntitiesController
   #----------------------------------------------------------------------------
   def update
     respond_with(@contact) do |_format|
-      unless @contact.update_with_account_and_permissions(params.permit!)
-        @account = if @contact.account
-                     @contact.account
-                   else
-                     Account.new(user: current_user)
-                   end
-      end
+      @account = @contact.account || Account.new(user: current_user) unless @contact.update_with_account_and_permissions(params.permit!)
     end
   end
@@ -128,9 +110,7 @@ class ContactsController < EntitiesController
     # Sorting and naming only: set the same option for Leads if the hasn't been set yet.
     if params[:sort_by]
       current_user.pref[:contacts_sort_by] = Contact.sort_by_map[params[:sort_by]]
-      if Lead.sort_by_fields.include?(params[:sort_by])
-        current_user.pref[:leads_sort_by] ||= Lead.sort_by_map[params[:sort_by]]
-      end
+      current_user.pref[:leads_sort_by] ||= Lead.sort_by_map[params[:sort_by]] if Lead.sort_by_fields.include?(params[:sort_by])
     end
     if params[:naming]
       current_user.pref[:contacts_naming] = params[:naming]

data/app/controllers/entities/leads_controller.rb CHANGED Viewed

@@ -52,9 +52,7 @@ class LeadsController < EntitiesController
   def edit
     get_campaigns
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Lead.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Lead.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@lead)
   end
@@ -110,9 +108,7 @@ class LeadsController < EntitiesController
     @accounts = Account.my(current_user).order('name')
     @opportunity = Opportunity.new(user: current_user, access: "Lead", stage: "prospecting", campaign: @lead.campaign, source: @lead.source)
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Lead.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Lead.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@lead)
   end
@@ -142,7 +138,10 @@ class LeadsController < EntitiesController
     update_sidebar
     respond_with(@lead) do |format|
-      format.html { flash[:notice] = t(:msg_asset_rejected, @lead.full_name); redirect_to leads_path }
+      format.html do
+        flash[:notice] = t(:msg_asset_rejected, @lead.full_name)
+        redirect_to leads_path
+      end
     end
   end
@@ -166,9 +165,7 @@ class LeadsController < EntitiesController
     # Sorting and naming only: set the same option for Contacts if the hasn't been set yet.
     if params[:sort_by]
       current_user.pref[:leads_sort_by] = Lead.sort_by_map[params[:sort_by]]
-      if Contact.sort_by_fields.include?(params[:sort_by])
-        current_user.pref[:contacts_sort_by] ||= Contact.sort_by_map[params[:sort_by]]
-      end
+      current_user.pref[:contacts_sort_by] ||= Contact.sort_by_map[params[:sort_by]] if Contact.sort_by_fields.include?(params[:sort_by])
     end
     if params[:naming]
       current_user.pref[:leads_naming] = params[:naming]

data/app/controllers/entities/opportunities_controller.rb CHANGED Viewed

@@ -34,8 +34,8 @@ class OpportunitiesController < EntitiesController
   #----------------------------------------------------------------------------
   def new
     @opportunity.attributes = { user: current_user, stage: Opportunity.default_stage, access: Setting.default_access, assigned_to: nil }
-    @account     = Account.new(user: current_user, access: Setting.default_access)
-    @accounts    = Account.my(current_user).order('name')
+    @account = Account.new(user: current_user, access: Setting.default_access)
+    @accounts = Account.my(current_user).order('name')
     if params[:related]
       model, id = params[:related].split('_')
@@ -57,9 +57,7 @@ class OpportunitiesController < EntitiesController
     @account  = @opportunity.account || Account.new(user: current_user)
     @accounts = Account.my(current_user).order('name')
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Opportunity.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Opportunity.my(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
     respond_with(@opportunity)
   end
@@ -81,15 +79,7 @@ class OpportunitiesController < EntitiesController
         end
       else
         @accounts = Account.my(current_user).order('name')
-        @account = if params[:account][:id].blank?
-                     if request.referer =~ /\/accounts\/(\d+)\z/
-                       Account.find(Regexp.last_match[1]) # related account
-                     else
-                       Account.new(user: current_user)
-                     end
-                   else
-                     Account.find(params[:account][:id])
-                   end
+        @account = guess_related_account(params[:account][:id], request.referer, current_user)
         @contact = Contact.find(params[:contact]) unless params[:contact].blank?
         @campaign = Campaign.find(params[:campaign]) unless params[:campaign].blank?
       end

data/app/controllers/entities_controller.rb CHANGED Viewed

@@ -6,7 +6,6 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 class EntitiesController < ApplicationController
-  before_action :require_user
   before_action :set_current_tab, only: %i[index show]
   before_action :set_view, only: %i[index show redraw]
@@ -185,7 +184,7 @@ class EntitiesController < ApplicationController
   #----------------------------------------------------------------------------
   def update_recently_viewed
-    entity.versions.create(event: :view, whodunnit: PaperTrail.whodunnit)
+    entity.versions.create(event: :view, whodunnit: PaperTrail.request.whodunnit)
   end
   # Somewhat simplistic parser that extracts query and hash-prefixed tags from
@@ -195,13 +194,18 @@ class EntitiesController < ApplicationController
   #----------------------------------------------------------------------------
   def parse_query_and_tags(search_string)
     return ['', ''] if search_string.blank?
     query = []
     tags = []
-    search_string.strip.split(/\s+/).each do |token|
-      if token.starts_with?("#")
-        tags << token[1..-1]
-      else
-        query << token
+    if search_string.start_with?("#") && search_string.end_with?("#")
+      tags << search_string[1..-2]
+    else
+      search_string.strip.split(/\s+/).each do |token|
+        if token.starts_with?("#")
+          tags << token[1..-1]
+        else
+          query << token
+        end
       end
     end
     [query.join(" "), tags.join(", ")]
@@ -231,4 +235,14 @@ class EntitiesController < ApplicationController
     page = params[:page]&.to_i
     [0, page].max if page
   end
+  def guess_related_account(id, url, user)
+    return Account.find(id) unless id.blank?
+    if url =~ %r{/accounts/(\d+)\z}
+      Account.find(Regexp.last_match[1]) # related account
+    else
+      Account.new(user: user)
+    end
+  end
 end