fat_free_crm 0.18.2 → 0.19.0

data/app/controllers/home_controller.rb

@@ -6,7 +6,7 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 class HomeController < ApplicationController
-  before_action :require_user, except: %i[timezone]
+  skip_before_action :authenticate_user!, only: %i[timezone]
   before_action :set_current_tab, only: :index
 
   #----------------------------------------------------------------------------
@@ -160,9 +160,7 @@ class HomeController < ApplicationController
     duration = current_user.pref[:activity_duration]
     if duration
       words = duration.split("_") # "two_weeks" => 2.weeks
-      if %w[one two].include?(words.first) && %w[hour day days week weeks month].include?(words.last)
-        %w[zero one two].index(words.first).send(words.last)
-      end
+      %w[zero one two].index(words.first).send(words.last) if %w[one two].include?(words.first) && %w[hour day days week weeks month].include?(words.last)
     end
   end
 end

data/app/controllers/passwords_controller.rb

@@ -5,63 +5,7 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-class PasswordsController < ApplicationController
-  before_action :load_user_using_perishable_token, only: %i[edit update]
-  before_action :require_no_user
-
-  #----------------------------------------------------------------------------
-  def new
-    # <-- render new.html.haml
-  end
-
-  #----------------------------------------------------------------------------
-  def create
-    @user = User.find_by_email(params[:email])
-    if @user
-      @user.deliver_password_reset_instructions!
-      flash[:notice] = t(:msg_pwd_instructions_sent)
-      redirect_to root_url
-    else
-      flash[:notice] = t(:msg_email_not_found)
-      redirect_to action: :new
-    end
-  end
-
-  #----------------------------------------------------------------------------
-  def edit
-    # <-- render edit.html.haml
-  end
-
-  #----------------------------------------------------------------------------
-  def update
-    if empty_password?
-      flash[:notice] = t(:msg_enter_new_password)
-      render :edit
-    elsif @user.update_attributes(params.require(:user).permit(:password, :password_confirmation))
-      flash[:notice] = t(:msg_password_updated)
-      redirect_to profile_url
-    else
-      render :edit
-    end
-  end
-
-  private
-
-  #----------------------------------------------------------------------------
-  def load_user_using_perishable_token
-    @user = User.find_using_perishable_token(params[:id])
-    unless @user
-      flash[:notice] = <<-EOS
-        Sorry, we could not locate your user profile. Try to copy and paste the URL
-        from your email into your browser or restart the reset password process.
-      EOS
-      redirect_to root_url
-    end
-  end
-
-  #----------------------------------------------------------------------------
-  def empty_password?
-    (params[:user][:password] == params[:user][:password_confirmation]) &&
-      params[:user][:password].blank? # "   ".blank? == true
-  end
+class PasswordsController < Devise::PasswordsController
+  respond_to :html
+  append_view_path 'app/views/devise'
 end

data/{spec/features/support/maintain_sessions.rb → app/controllers/registrations_controller.rb}

@@ -5,8 +5,15 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-#
-# Workaround for ActionDispatch::ClosedError
-# https://github.com/binarylogic/authlogic/issues/262#issuecomment-1804988
-#
-User.acts_as_authentic_config[:maintain_sessions] = false
+class RegistrationsController < Devise::RegistrationsController
+  respond_to :html
+  append_view_path 'app/views/devise'
+
+  def edit
+    redirect_to profile_path
+  end
+
+  def after_inactive_sign_up_path_for(*)
+    new_user_session_path
+  end
+end

data/{lib/development_tasks/gem.rake → app/controllers/sessions_controller.rb}

@@ -5,11 +5,11 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-require 'rubygems/package_task'
+class SessionsController < Devise::SessionsController
+  respond_to :html
+  append_view_path 'app/views/devise'
 
-Bundler::GemHelper.install_tasks
-
-gemspec = eval(File.read('fat_free_crm.gemspec'))
-Gem::PackageTask.new(gemspec) do |p|
-  p.gem_spec = gemspec
+  def after_sign_out_path_for(*)
+    new_user_session_path
+  end
 end

data/app/controllers/tasks_controller.rb

@@ -6,7 +6,6 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 class TasksController < ApplicationController
-  before_action :require_user
   before_action :set_current_tab, only: %i[index show]
   before_action :update_sidebar, only: :index
 
@@ -59,9 +58,7 @@ class TasksController < ApplicationController
     @category = Setting.unroll(:task_category)
     @asset = @task.asset if @task.asset_id?
 
-    if params[:previous].to_s =~ /(\d+)\z/
-      @previous = Task.tracked_by(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i
-    end
+    @previous = Task.tracked_by(current_user).find_by_id(Regexp.last_match[1]) || Regexp.last_match[1].to_i if params[:previous].to_s =~ /(\d+)\z/
 
     respond_with(@task)
   end
@@ -96,9 +93,7 @@ class TasksController < ApplicationController
       if @task.update_attributes(task_params)
         @task.bucket = @task.computed_bucket
         if called_from_index_page?
-          if Task.bucket_empty?(@task_before_update.bucket, current_user, @view)
-            @empty_bucket = @task_before_update.bucket
-          end
+          @empty_bucket = @task_before_update.bucket if Task.bucket_empty?(@task_before_update.bucket, current_user, @view)
           update_sidebar
         end
       end
@@ -113,9 +108,7 @@ class TasksController < ApplicationController
     @task.destroy
 
     # Make sure bucket's div gets hidden if we're deleting last task in the bucket.
-    if Task.bucket_empty?(params[:bucket], current_user, @view)
-      @empty_bucket = params[:bucket]
-    end
+    @empty_bucket = params[:bucket] if Task.bucket_empty?(params[:bucket], current_user, @view)
 
     update_sidebar if called_from_index_page?
     respond_with(@task)
@@ -128,9 +121,7 @@ class TasksController < ApplicationController
     @task&.update_attributes(completed_at: Time.now, completed_by: current_user.id)
 
     # Make sure bucket's div gets hidden if it's the last completed task in the bucket.
-    if Task.bucket_empty?(params[:bucket], current_user)
-      @empty_bucket = params[:bucket]
-    end
+    @empty_bucket = params[:bucket] if Task.bucket_empty?(params[:bucket], current_user)
 
     update_sidebar unless params[:bucket].blank?
     respond_with(@task)
@@ -143,9 +134,7 @@ class TasksController < ApplicationController
     @task&.update_attributes(completed_at: nil, completed_by: nil)
 
     # Make sure bucket's div gets hidden if we're deleting last task in the bucket.
-    if Task.bucket_empty?(params[:bucket], current_user, @view)
-      @empty_bucket = params[:bucket]
-    end
+    @empty_bucket = params[:bucket] if Task.bucket_empty?(params[:bucket], current_user, @view)
 
     update_sidebar
     respond_with(@task)
@@ -173,6 +162,7 @@ class TasksController < ApplicationController
 
   def task_params
     return {} unless params[:task]
+
     params.require(:task).permit(
       :user_id,
       :assigned_to,
@@ -186,7 +176,8 @@ class TasksController < ApplicationController
       :due_at,
       :completed_at,
       :deleted_at,
-      :background_info
+      :background_info,
+      :calendar
     )
   end
 

data/app/controllers/users_controller.rb

@@ -9,6 +9,7 @@ class UsersController < ApplicationController
   before_action :set_current_tab, only: %i[show opportunities_overview] # Don't hightlight any tabs.
 
   check_authorization
+
   load_and_authorize_resource # handles all security
 
   respond_to :html, only: %i[show new]
@@ -21,30 +22,6 @@ class UsersController < ApplicationController
     respond_with(@user)
   end
 
-  # GET /users/new
-  # GET /users/new.js
-  #----------------------------------------------------------------------------
-  def new
-    respond_with(@user)
-  end
-
-  # POST /users
-  # POST /users.js
-  #----------------------------------------------------------------------------
-  def create
-    if @user.save
-      if Setting.user_signup == :needs_approval
-        flash[:notice] = t(:msg_account_created)
-        redirect_to login_url
-      else
-        flash[:notice] = t(:msg_successful_signup)
-        redirect_back_or_default profile_url
-      end
-    else
-      render :new
-    end
-  end
-
   # GET /users/1/edit.js
   #----------------------------------------------------------------------------
   def edit
@@ -77,9 +54,9 @@ class UsersController < ApplicationController
       render
     else
       if params[:avatar]
-        avatar = Avatar.create(avatar_params)
-        if avatar.valid?
-          @user.avatar = avatar
+        @avatar = Avatar.create(avatar_params)
+        if @avatar.valid?
+          @user.avatar = @avatar
         else
           @user.avatar.errors.clear
           @user.avatar.errors.add(:image, t(:msg_bad_image_file))
@@ -104,7 +81,7 @@ class UsersController < ApplicationController
   # PUT /users/1/change_password.js
   #----------------------------------------------------------------------------
   def change_password
-    if @user.valid_password?(params[:current_password], true) || @user.password_hash.blank?
+    if @user.valid_password?(params[:current_password])
       if params[:user][:password].blank?
         flash[:notice] = t(:msg_password_not_changed)
       else
@@ -138,6 +115,7 @@ class UsersController < ApplicationController
 
   def user_params
     return {} unless params[:user]
+
     params[:user][:email].try(:strip!)
     params[:user].permit(
       :username,
@@ -158,8 +136,9 @@ class UsersController < ApplicationController
 
   def avatar_params
     return {} unless params[:avatar]
+
     params[:avatar]
       .permit(:image)
-      .merge(entity: @user)
+      .merge(entity: @user, user_id: @user.id)
   end
 end

data/app/helpers/admin/users_helper.rb

@@ -27,7 +27,7 @@ module Admin::UsersHelper
     summary = []
     title_and_company = user_summary_title_and_company(user)
     summary << title_and_company unless title_and_company.blank?
-    summary << t('pluralize.login', user.login_count) if user.current_login_at && user.login_count > 0
+    summary << t('pluralize.login', user.sign_in_count) if user.last_sign_in_at && user.sign_in_count.positive?
     summary << user.email
     summary << "#{t :phone_small}: #{user.phone}" unless user.phone.blank?
     summary << "#{t :mobile_small}: #{user.mobile}" unless user.mobile.blank?

data/app/helpers/application_helper.rb

@@ -18,7 +18,7 @@ module ApplicationHelper
 
   #----------------------------------------------------------------------------
   def tabless_layout?
-    %w[authentications passwords].include?(controller.controller_name) ||
+    %w[sessions passwords registrations confirmations].include?(controller.controller_name) ||
       ((controller.controller_name == "users") && %w[create new].include?(controller.action_name))
   end
 
@@ -27,6 +27,7 @@ module ApplicationHelper
   def show_flash(options = { sticky: false })
     %i[error warning info notice alert].each do |type|
       next unless flash[type]
+
       html = content_tag(:div, h(flash[type]), id: "flash")
       flash[type] = nil
       return html << content_tag(:script, "crm.flash('#{type}', #{options[:sticky]})".html_safe, type: "text/javascript")
@@ -34,20 +35,23 @@ module ApplicationHelper
     content_tag(:p, nil, id: "flash", style: "display:none;")
   end
 
+  def subtitle_link(id, text, hidden)
+    link_to("<small>#{hidden ? '&#9658;' : '&#9660;'}</small> #{sanitize text}".html_safe,
+            url_for(controller: :home, action: :toggle, id: id),
+            remote: true,
+            onclick: "crm.flip_subtitle(this)")
+  end
+
   #----------------------------------------------------------------------------
   def subtitle(id, hidden = true, text = id.to_s.split("_").last.capitalize)
-    content_tag("div",
-                link_to("<small>#{hidden ? '&#9658;' : '&#9660;'}</small> #{sanitize text}".html_safe,
-                        url_for(controller: :home, action: :toggle, id: id),
-                        remote: true,
-                        onclick: "crm.flip_subtitle(this)"), class: "subtitle")
+    content_tag("div", subtitle_link(id, text, hidden), class: "subtitle")
   end
 
   #----------------------------------------------------------------------------
   def section(related, assets)
     asset = assets.to_s.singularize
-    create_id  = "create_#{asset}"
-    select_id  = "select_#{asset}"
+    create_id = "create_#{asset}"
+    select_id = "select_#{asset}"
     create_url = controller.send(:"new_#{asset}_path")
 
     html = tag(:br)
@@ -76,7 +80,7 @@ module ApplicationHelper
   #----------------------------------------------------------------------------
   def rating_select(name, options = {})
     stars = Hash[(1..5).map { |star| [star, "&#9733;" * star] }].sort
-    options_for_select = %(<option value="0"#{options[:selected].to_i == 0 ? ' selected="selected"' : ''}>#{t :select_none}</option>)
+    options_for_select = %(<option value="0"#{options[:selected].to_i.zero? ? ' selected="selected"' : ''}>#{t :select_none}</option>)
     options_for_select += stars.map { |star| %(<option value="#{star.first}"#{options[:selected] == star.first ? ' selected="selected"' : ''}>#{star.last}</option>) }.join
     select_tag name, options_for_select.html_safe, options
   end
@@ -112,7 +116,6 @@ module ApplicationHelper
 
   #----------------------------------------------------------------------------
   def link_to_delete(record, options = {})
-    object = record.is_a?(Array) ? record.last : record
     confirm = options[:confirm] || nil
 
     link_to(t(:delete) + "!",
@@ -254,7 +257,7 @@ module ApplicationHelper
       if site == :skype
         url = "callto:" + url
       else
-        url = "http://" + url unless url.match?(/^https?:\/\//)
+        url = "http://" + url unless url.match?(%r{^https?://})
       end
       link_to(image_tag("#{site}.gif", size: "15x15"), h(url), "data-popup": true, title: t(:open_in_window, h(url)))
     end.compact.join("\n").html_safe
@@ -296,14 +299,12 @@ module ApplicationHelper
   # Ajax helper to pass browser timezone offset to the server.
   #----------------------------------------------------------------------------
   def get_browser_timezone_offset
-    unless session[:timezone_offset]
-      raw "$.get('#{timezone_path}', {offset: (new Date()).getTimezoneOffset()});"
-    end
+    raw "$.get('#{timezone_path}', {offset: (new Date()).getTimezoneOffset()});" unless session[:timezone_offset]
   end
 
   # Entities can have associated avatars or gravatars. Only calls Gravatar
   # in production env. Gravatar won't serve default images if they are not
-  # publically available: http://en.gravatar.com/site/implement/images
+  # publically available: https://en.gravatar.com/site/implement/images
   #----------------------------------------------------------------------------
   def avatar_for(model, args = {})
     args = { class: 'gravatar', size: :large }.merge(args)
@@ -327,17 +328,12 @@ module ApplicationHelper
 
   # Render a text field that is part of compound address.
   #----------------------------------------------------------------------------
-  def address_field(form, object, attribute, extra_styles)
+  def address_field(form, attribute, extra_styles)
     hint = "#{t(attribute)}..."
-    if object.send(attribute).blank?
-      form.text_field(attribute,
-                      style:   "margin-top: 6px; #{extra_styles}",
-                      placeholder: hint)
-    else
-      form.text_field(attribute,
-                      style:   "margin-top: 6px; #{extra_styles}",
-                      placeholder: hint)
-    end
+
+    form.text_field(attribute,
+                    style:   "margin-top: 6px; #{extra_styles}",
+                    placeholder: hint)
   end
 
   # Return true if:
@@ -353,7 +349,7 @@ module ApplicationHelper
   # Helper to display links to supported data export formats.
   #----------------------------------------------------------------------------
   def links_to_export(action = :index)
-    token = current_user.single_access_token
+    token = current_user.authentication_token
     url_params = { action: action }
     url_params[:id] = params[:id] unless params[:id].blank?
     url_params[:query] = params[:query] unless params[:query].blank?
@@ -389,7 +385,7 @@ module ApplicationHelper
   end
 
   def entity_filter_checkbox(name, value, count)
-    checked = (session["#{controller_name}_filter"].present? ? session["#{controller_name}_filter"].split(",").include?(value.to_s) : count.to_i > 0)
+    checked = (session["#{controller_name}_filter"].present? ? session["#{controller_name}_filter"].split(",").include?(value.to_s) : count.to_i.positive?)
     url = url_for(action: :filter)
     onclick = %{
       var query = $('#query').val(),
@@ -421,7 +417,7 @@ module ApplicationHelper
       fmt_value = if email
                     link_to_email(fmt_value)
                   else
-                    fmt_value.gsub(/((http|ftp|https):\/\/[\w\-_]+(\.[\w\-_]+)+([\w\-\.,@?^=%&amp;:\/\+#]*[\w\-\@?^=%&amp;\/\+#])?)/, "<a href=\"\\1\">\\1</a>")
+                    fmt_value.gsub(%r{((http|ftp|https)://[\w\-_]+(\.[\w\-_]+)+([\w\-\.,@?^=%&amp;:/\+#]*[\w\-\@?^=%&amp;/\+#])?)}, "<a href=\"\\1\">\\1</a>")
       end
       out << content_tag(:td, fmt_value, class: last_class)
     end
@@ -433,10 +429,7 @@ module ApplicationHelper
   def section_title(id, hidden = true, text = nil, info_text = nil)
     text = id.to_s.split("_").last.capitalize if text.nil?
     content_tag("div", class: "subtitle show_attributes") do
-      content = link_to("<small>#{hidden ? '&#9658;' : '&#9660;'}</small> #{sanitize text}".html_safe,
-                        url_for(controller: :home, action: :toggle, id: id),
-                        remote:  true,
-                        onclick: "crm.flip_subtitle(this)")
+      content = subtitle_link(id, text, hidden)
       content << content_tag("small", info_text.to_s, class: "subtitle_inline_info", id: "#{id}_intro", style: hidden ? "" : "display:none;")
     end
   end
@@ -455,6 +448,7 @@ module ApplicationHelper
     views = FatFreeCRM::ViewFactory.views_for(controller: controller.controller_name,
                                               action: show_or_index_action)
     return nil unless views.size > 1
+
     lis = ''.html_safe
     content_tag :ul, class: 'format-buttons' do
       views.collect do |view|
@@ -480,6 +474,7 @@ module ApplicationHelper
   # <span class="timeago" datetime="2008-07-17T09:24:17Z">July 17, 2008</span>
   def timeago(time, options = {})
     return unless time
+
     options[:class] ||= "timeago"
     options[:title] = time.getutc.iso8601
     content_tag(:span, I18n.l(time), options)