fat_free_crm 0.21.0 → 0.22.1

data/config/cable.yml

@@ -0,0 +1,10 @@
+development:
+  adapter: async
+
+test:
+  adapter: test
+
+production:
+  adapter: redis
+  url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
+  channel_prefix: fat_free_crm_production

data/config/database.yml

@@ -0,0 +1,25 @@
+---
+development: &development
+  adapter: postgresql
+  database: fat_free_crm_development
+  username: postgres
+  password: postgres
+  host:     localhost
+  port:     5432
+  schema_search_path: public
+  min_messages: warning
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *development
+  database: fat_free_crm_test
+
+production:
+  <<: *development
+  database: fat_free_crm_production
+
+staging:
+  <<: *development
+  database: fat_free_crm_staging

data/config/environment.rb

@@ -5,8 +5,9 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
-# Load the rails application
-require_relative 'application'
 
-# Initialize the rails application
+# Load the Rails application.
+require_relative "application"
+
+# Initialize the Rails application.
 Rails.application.initialize!

data/config/environments/development.rb

@@ -7,35 +7,59 @@
 #------------------------------------------------------------------------------
 if defined?(FatFreeCRM::Application)
   FatFreeCRM::Application.configure do
-    # Settings specified here will take precedence over those in config/application.rb
-    config.eager_load = false
+    # Settings specified here will take precedence over those in config/application.rb.
 
-    # In the development environment your application's code is reloaded on
-    # every request. This slows down response time but is perfect for development
+    # In the development environment your application's code is reloaded any time
+    # it changes. This slows down response time but is perfect for development
     # since you don't have to restart the web server when you make code changes.
     config.cache_classes = false
 
-    config.assets.quiet = true
+    # Do not eager load code on boot.
+    config.eager_load = false
+
+    # Show full error reports.
+    config.consider_all_requests_local = true
+
+    # Enable server timing
+    config.server_timing = true
 
-    # Show full error reports and disable caching
-    config.consider_all_requests_local       = true
-    config.action_controller.perform_caching = false
+    # Enable/disable caching. By default caching is disabled.
+    # Run rails dev:cache to toggle caching.
+    if Rails.root.join("tmp/caching-dev.txt").exist?
+      config.action_controller.perform_caching = true
+      config.action_controller.enable_fragment_cache_logging = true
+
+      config.cache_store = :memory_store
+      config.public_file_server.headers = {
+        "Cache-Control" => "public, max-age=#{2.days.to_i}"
+      }
+    else
+      config.action_controller.perform_caching = false
+
+      config.cache_store = :null_store
+    end
+
+    # Store uploaded files on the local file system (see config/storage.yml for options).
+    config.active_storage.service = :local
 
     config.action_mailer.delivery_method = :file
     config.action_mailer.default_url_options = { host: 'localhost:3000' }
 
-    # Don't care if the mailer can't send
+    # Don't care if the mailer can't send.
     config.action_mailer.raise_delivery_errors = false
 
-    # Print deprecation notices to the Rails logger
+    # Print deprecation notices to the Rails logger.
     config.active_support.deprecation = :log
 
     # Only use best-standards-support built into browsers
     # config.action_dispatch.best_standards_support = :builtin
 
-    # Raise an error on page load if there are pending migrations
+    # Raise an error on page load if there are pending migrations.
     config.active_record.migration_error = :page_load
 
+    # Highlight code that triggered database queries in logs.
+    config.active_record.verbose_query_logs = true
+
     # Expands the lines which load the assets
     config.assets.debug = true
 
@@ -43,12 +67,21 @@ if defined?(FatFreeCRM::Application)
     # yet still be able to expire them through the digest params.
     config.assets.digest = true
 
+    # Suppress logger output for asset requests.
+    config.assets.quiet = true
+
+    # Raises error for missing translations.
+    # config.i18n.raise_on_missing_translations = true
+
+    # Annotate rendered view with file names.
+    # config.action_view.annotate_rendered_view_with_filenames = true
+
+    # Uncomment if you wish to allow Action Cable access from any origin.
+    # config.action_cable.disable_request_forgery_protection = true
+
     # Adds additional error checking when serving assets at runtime.
     # Checks for improperly declared sprockets dependencies.
     # Raises helpful error messages.
     config.assets.raise_runtime_errors = true
-
-    # Store files locally.
-    config.active_storage.service = :local
   end
 end

data/config/environments/production.rb

@@ -7,15 +7,19 @@
 #------------------------------------------------------------------------------
 if defined?(FatFreeCRM::Application)
   FatFreeCRM::Application.configure do
-    # Settings specified here will take precedence over those in config/application.rb
-    config.eager_load = true
+    # Settings specified here will take precedence over those in config/application.rb.
 
-    # Code is not reloaded between requests
+    # Code is not reloaded between requests.
     config.cache_classes = true
 
-    # Full error reports are enabled, since this is an internal application.
+    # Eager load code on boot. This eager loads most of Rails and
+    # your application in memory, allowing both threaded web servers
+    # and those relying on copy on write to perform better.
+    # Rake tasks automatically ignore this option for performance.
+    config.eager_load = true
+
+    # Full error reports are disabled and caching is turned on.
     config.consider_all_requests_local       = false
-    # Caching is turned on
     config.action_controller.perform_caching = true
 
     # Disable Rails's static asset server (Apache or nginx will already do this)
@@ -24,29 +28,27 @@ if defined?(FatFreeCRM::Application)
     # Compress JavaScripts and CSS
     config.assets.compress = true
 
-    # Don't fallback to assets pipeline if a precompiled asset is missed
+    # Do not fallback to assets pipeline if a precompiled asset is missed.
     config.assets.compile = false
 
     # Generate digests for assets URLs
     config.assets.digest = true
 
-    # Defaults to Rails.root.join("public/assets")
-    # config.assets.manifest = YOUR_PATH
-
-    # Specifies the header that your server uses for sending files
-    # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
-    # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+    # Specifies the header that your server uses for sending files.
+    # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
+    # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
     # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
     # config.force_ssl = true
 
-    # See everything in the log (default is :info)
+    # Include generic and useful information about system operation, but avoid logging too much
+    # information to avoid inadvertent exposure of personally identifiable information (PII).
     config.log_level = :info
 
     # Use a different logger for distributed setups
     # config.logger = SyslogLogger.new
 
-    # Use a different cache store in production
+    # Use a different cache store in production.
     # config.cache_store = :mem_cache_store
 
     # Enable serving of images, stylesheets, and JavaScripts from an asset server
@@ -56,7 +58,7 @@ if defined?(FatFreeCRM::Application)
     # config.assets.precompile += %w( search.js )
 
     # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-    # the I18n.default_locale when a translation can not be found)
+    # the I18n.default_locale when a translation cannot be found).
     config.i18n.fallbacks = true
 
     # Send deprecation notices to registered listeners

data/config/environments/test.rb

@@ -7,29 +7,33 @@
 #------------------------------------------------------------------------------
 if defined?(FatFreeCRM::Application)
   FatFreeCRM::Application.configure do
+    # Settings specified here will take precedence over those in config/application.rb.
+
     # The test environment is used exclusively to run your application's
     # test suite.  You never need to work with it otherwise.  Remember that
     # your test database is "scratch space" for the test suite and is wiped
     # and recreated between test runs.  Don't rely on the data there!
+    # Turn false under Spring and add config.action_view.cache_template_loading = true.
     config.cache_classes = true
 
-    # Do not eager load code on boot. This avoids loading your whole application
-    # just for the purpose of running a single test. If you are using a tool that
-    # preloads Rails for running tests, you may have to set it to true.
-    config.eager_load = false
+    # Eager loading loads your whole application. When running a single test locally,
+    # this probably isn't necessary. It's a good idea to do in a continuous integration
+    # system, or in some way before deploying your code.
+    config.eager_load = ENV["CI"].present?
 
-    # Configure static file server for tests with Cache-Control for performance.
+    # Configure public file server for tests with Cache-Control for performance.
     config.public_file_server.enabled = true
     config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
 
-    # Show full error reports and disable caching
+    # Show full error reports and disable caching.
     config.consider_all_requests_local       = true
     config.action_controller.perform_caching = false
+    config.cache_store = :null_store
 
-    # Raise exceptions instead of rendering exception templates
+    # Raise exceptions instead of rendering exception templates.
     config.action_dispatch.show_exceptions = false
 
-    # Disable request forgery protection in test environment
+    # Disable request forgery protection in test environment.
     config.action_controller.allow_forgery_protection = false
 
     # Tell Action Mailer not to deliver emails to the real world.
@@ -43,7 +47,7 @@ if defined?(FatFreeCRM::Application)
     # Randomize the order test cases are executed.
     config.active_support.test_order = :random
 
-    # Print deprecation notices to the stderr
+    # Print deprecation notices to the stderr.
     config.active_support.deprecation = :stderr
 
     # Store uploaded files on the local file system in a temporary directory
@@ -52,6 +56,12 @@ if defined?(FatFreeCRM::Application)
     config.action_mailer.perform_caching = false
     # Raises error for missing translations
     # config.action_view.raise_on_missing_translations = true
+
+    # Raises error for missing translations.
+    # config.i18n.raise_on_missing_translations = true
+
+    # Annotate rendered view with file names.
+    # config.action_view.annotate_rendered_view_with_filenames = true
   end
 
   # Optionally load 'awesome_print' for debugging in development mode.

data/config/initializers/action_mailer.rb

@@ -10,6 +10,7 @@
 #   ActionMailer is setup in test mode later on
 #
 unless Rails.env.test?
+  require 'setting'
 
   smtp_settings = Setting.smtp || {}
 

data/config/initializers/content_security_policy.rb

@@ -1,31 +1,26 @@
 # frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
 
-# Define an application-wide content security policy
-# For further information see the following documentation
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# Define an application-wide content security policy.
+# See the Securing Rails Applications Guide for more information:
+# https://guides.rubyonrails.org/security.html#content-security-policy-header
 
-# Rails.application.config.content_security_policy do |policy|
-#   policy.default_src :self, :https
-#   policy.font_src    :self, :https, :data
-#   policy.img_src     :self, :https, :data
-#   policy.object_src  :none
-#   policy.script_src  :self, :https
-#   policy.style_src   :self, :https
-#   # If you are using webpack-dev-server then specify webpack-dev-server host
-#   policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
-
-#   # Specify URI for violation reports
-#   # policy.report_uri "/csp-violation-report-endpoint"
+# Rails.application.configure do
+#   config.content_security_policy do |policy|
+#     policy.default_src :self, :https
+#     policy.font_src    :self, :https, :data
+#     policy.img_src     :self, :https, :data
+#     policy.object_src  :none
+#     policy.script_src  :self, :https
+#     policy.style_src   :self, :https
+#     # Specify URI for violation reports
+#     # policy.report_uri "/csp-violation-report-endpoint"
+#   end
+#
+#   # Generate session nonces for permitted importmap and inline scripts
+#   config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
+#   config.content_security_policy_nonce_directives = %w(script-src)
+#
+#   # Report violations without enforcing the policy.
+#   # config.content_security_policy_report_only = true
 # end
-
-# If you are using UJS then enable automatic nonce generation
-# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
-
-# Set the nonce only to specific directives
-# Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
-
-# Report CSP violations to a specified URI
-# For further information see the following documentation:
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
-# Rails.application.config.content_security_policy_report_only = true

data/config/initializers/custom_field_ransack_translations.rb

@@ -6,7 +6,8 @@
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
 # Load field names for custom fields, for Ransack search
-if Setting.database_and_table_exists?
+require 'setting'
+if Setting.database_and_table_exists? && ActiveRecord::Base.connection.table_exists?(:custom_fields)
   Rails.application.config.after_initialize do
     I18n.backend.load_translations
 

data/config/initializers/filter_parameter_logging.rb

@@ -2,5 +2,9 @@
 
 # Be sure to restart your server when you modify this file.
 
-# Configure sensitive parameters which will be filtered from the log file.
-Rails.application.config.filter_parameters += [:password]
+# Configure parameters to be filtered from the log file. Use this to limit dissemination of
+# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
+# notations and behaviors.
+Rails.application.config.filter_parameters += %i[
+  passw secret token _key crypt salt certificate otp ssn
+]

data/config/initializers/inflections.rb

@@ -5,13 +5,13 @@
 # are locale specific, and you may define rules for as many different
 # locales as you wish. All of these examples are active by default:
 # ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.plural /^(ox)$/i, '\1en'
-#   inflect.singular /^(ox)en/i, '\1'
-#   inflect.irregular 'person', 'people'
+#   inflect.plural /^(ox)$/i, "\\1en"
+#   inflect.singular /^(ox)en/i, "\\1"
+#   inflect.irregular "person", "people"
 #   inflect.uncountable %w( fish sheep )
 # end
 
 # These inflection rules are supported but not enabled by default:
 # ActiveSupport::Inflector.inflections(:en) do |inflect|
-#   inflect.acronym 'RESTful'
+#   inflect.acronym "RESTful"
 # end

data/config/initializers/permissions_policy.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+# Define an application-wide HTTP permissions policy. For further
+# information see https://developers.google.com/web/updates/2018/06/feature-policy
+#
+# Rails.application.config.permissions_policy do |f|
+#   f.camera      :none
+#   f.gyroscope   :none
+#   f.microphone  :none
+#   f.usb         :none
+#   f.fullscreen  :self
+#   f.payment     :self, "https://secure.example.com"
+# end

data/config/settings.default.yml

@@ -192,7 +192,8 @@
 #------------------------------------------------------------------------------
 # Specify which countries (if any) should appear at the top of country pickers
 # priority_countries:
-#  - Burkina Faso
+#  - AU
+#  - BF
 
 # Main and Admin Tabs
 #------------------------------------------------------------------------------

data/config/storage.yml

@@ -6,27 +6,27 @@ local:
   service: Disk
   root: <%= Rails.root.join("storage") %>
 
-# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
+# Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
 # amazon:
 #   service: S3
 #   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
 #   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
 #   region: us-east-1
-#   bucket: your_own_bucket
+#   bucket: your_own_bucket-<%= Rails.env %>
 
 # Remember not to checkin your GCS keyfile to a repository
 # google:
 #   service: GCS
 #   project: your_project
 #   credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
-#   bucket: your_own_bucket
+#   bucket: your_own_bucket-<%= Rails.env %>
 
-# Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
+# Use bin/rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
 # microsoft:
 #   service: AzureStorage
 #   storage_account_name: your_account_name
 #   storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
-#   container: your_container_name
+#   container: your_container_name-<%= Rails.env %>
 
 # mirror:
 #   service: Mirror

data/db/demo/field_groups.yml

@@ -10,5 +10,6 @@ field_group_<%= i %>:
   id          : <%= i %>
   klass_name  : <%= klasses[i-1] %>
   name        : "Extra"
-  position    : 1
+  position    : 1,
+  label       : "Extra"
 <% end %>

data/db/migrate/20230526212613_convert_to_active_storage.rb

@@ -15,17 +15,33 @@ class ConvertToActiveStorage < ActiveRecord::Migration[5.2]
                     'LASTVAL()'
                   end
 
-    ActiveRecord::Base.connection.raw_connection.prepare(<<-SQL)
-      INSERT INTO active_storage_blobs (
-        `key`, filename, content_type, metadata, byte_size, checksum, created_at
-      ) VALUES (?, ?, ?, '{}', ?, ?, ?)
-    SQL
-
-    ActiveRecord::Base.connection.raw_connection.prepare(<<-SQL)
-      INSERT INTO active_storage_attachments (
-        name, record_type, record_id, blob_id, created_at
-      ) VALUES (?, ?, ?, #{get_blob_id}, ?)
-    SQL
+    ActiveRecord::Base.connection.raw_connection.then do |conn|
+      if conn.is_a?(::PG::Connection)
+        conn.prepare('active_storage_blobs', <<-SQL)
+          INSERT INTO active_storage_blobs (
+            key, filename, content_type, metadata, byte_size, checksum, created_at
+          ) VALUES ($1, $2, $3, '{}', $4, $5, $6)
+        SQL
+
+        conn.prepare('active_storage_attachments', <<-SQL)
+          INSERT INTO active_storage_attachments (
+            name, record_type, record_id, blob_id, created_at
+          ) VALUES ($1, $2, $3, #{get_blob_id}, $4)
+        SQL
+      else
+        conn.raw_connection.prepare(<<-SQL)
+          INSERT INTO active_storage_blobs (
+            `key`, filename, content_type, metadata, byte_size, checksum, created_at
+          ) VALUES (?, ?, ?, '{}', ?, ?, ?)
+        SQL
+
+        conn.raw_connection.prepare(<<-SQL)
+          INSERT INTO active_storage_attachments (
+            name, record_type, record_id, blob_id, created_at
+          ) VALUES (?, ?, ?, #{get_blob_id}, ?)
+        SQL
+      end
+    end
 
     Rails.application.eager_load!
     models = ActiveRecord::Base.descendants.reject { |model| model.abstract_class? || model == ActionMailbox::InboundEmail || model == ActionText::RichText }