godmin 1.3.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 43049a2e50fce4f665099b88786fd13cda3d1e58
-  data.tar.gz: 4ddd3cf185bcca97a1d50d37893cf760a5d3ebf7
+SHA256:
+  metadata.gz: 9a084849cf4dd5f729b2f5ca0dabdcec727ef1172eb1cb19baf9de27ca822950
+  data.tar.gz: 8b655c6dad3b1a1fc95d88b08cf2f25e848b646266fd63808dffad77b47f767e
 SHA512:
-  metadata.gz: b8ed426f1242d6054da877458cd5dd81e25ca8a30133edd0a0e3a44e34db3a616138c01d2c332444dd3f0df716992efc15265f9285ac746581e63f0b1fd0aba4
-  data.tar.gz: 74131a43082434db552085b31fc767610545c36cb7f64f6fc39838f814349b0070bf38fde927d07fc0514f9e998acbcc04e863643f2ff3caf6d24cddd98f658d
+  metadata.gz: f0fec37368ae0548a3e3adb1b662f214aff97756f916d11da1907acbc7caa43304b920844f9a1f8ebb500a35d7f261c060fd8e605e5cb841e7fdafb9da8a744b
+  data.tar.gz: d6a218a707bafe5ac68611b13c74e6975c13702562d5a804514faad4af0100544b5bf722e252077af89653f2702deb932e36f1c5131855b2604af86247b069fe

data/.codeclimate.yml

@@ -6,8 +6,6 @@ engines:
     enabled: true
   csslint:
     enabled: true
-  bundler-audit:
-    enabled: true
 ratings:
   paths:
   - "**.rb"

data/.gitignore

@@ -23,6 +23,7 @@ config/initializers/secret_token.rb
 /test/dummy/log/*
 /test/dummy/tmp/*
 /test/dummy/db/*.sqlite3
+/test/tmp/*
 Gemfile.lock
 .tags
 gemfiles/.bundle

data/.travis.yml

@@ -1,21 +1,13 @@
-bundler_args: --without debug
+bundler_args: "--without debug"
 cache: bundler
-script: "bundle exec rake test"
-sudo: false
-
+script: bundle exec rake test
 rvm:
-  - 2.1.0
-  - 2.3.1
-
+  - 2.6.7
+  - 2.7.3
 gemfile:
-  - gemfiles/rails_4.gemfile
   - gemfiles/rails_5.gemfile
-
-matrix:
-  exclude:
-    - rvm: 2.1.0
-      gemfile: gemfiles/rails_5.gemfile
-
+  - gemfiles/rails_6.gemfile
 addons:
   code_climate:
-    repo_token: 7e7ee66c976bdfe7a0d40d41958b97a1cf8a03b0462df5cba415f624c07c2071
+    repo_token:
+      secure: WBszVdtEvWM2KugFre9BpwkCduY6hjrmK7xo1GLiru4NMqr4ZoRXruQ5ijhZE79YqduR6zudKr72g9yG4R+4CK7ghYu4x5JB76IW8gFWpI9teTWrF4hdSbJgwxSH5JNkqWF4f6ic4Xr1Vgc43agzt+1KmA9imoGs2Q0EbAY3H2M=

data/Appraisals

@@ -1,7 +1,7 @@
-appraise "rails-4" do
-  gem "rails", "~> 4.0"
-end
-
 appraise "rails-5" do
   gem "rails", "~> 5.0"
 end
+
+appraise "rails-6" do
+  gem "rails", "~> 6.0"
+end

data/CHANGELOG.md

@@ -1,6 +1,63 @@
 # Changelog
 
+### 2.1.0 - 2021-05-10
+
+Bug fixes
+- Use symbol in path for compatibility with the latest Rails security patches (https://github.com/varvet/godmin/pull/256)
+
+Other
+- Build and test against Ruby 2.6 and 2.7
+- Stop building and testing against unsupported rubies (2.5 and older). These may still work and PRs may still be accepted.
+
+### 2.0.0 - 2019-12-06
+
+Features
+- Allow skipping authorization per action (https://github.com/varvet/godmin/pull/231)
+
+Bug fixes
+- Support namespaced models when generating resources (https://github.com/varvet/godmin/issues/181)
+
+Other
+- Drop support for Rails 4 (https://github.com/varvet/godmin/pull/239)
+- Better policy lookups for namespaced models (https://github.com/varvet/godmin/pull/180)
+- Use Pundit for authorization (https://github.com/varvet/godmin/pull/180)
+- Rails 6 support (https://github.com/varvet/godmin/pull/248) and (https://github.com/varvet/godmin/pull/250)
+
+In order to upgrade
+- Upgrade to at least Rails 5 and Ruby 2.2.2
+- If using an admin engine, create a namespaced model for every resource, inheriting from the main app model
+- Replace any `authenticate_admin_user` with `authenticate`
+- Replace any `skip_before_action :authenticate_admin_user` with `prepend_before_action :disable_authentication`
+- Replace any `rescue_from NotAuthorizedError` with `rescue_from Pundit::NotAuthorizedError`
+
+### 1.5.0 - 2017-02-17
+
+Features
+- Support for nested resources (https://github.com/varvet/godmin/pull/189)
+
+### 1.4.0 - 2017-02-15
+
+Features
+- Support group queries in scopes and filters (https://github.com/varvet/godmin/pull/208)
+- Change color of remove buttons, so they're not grabbing all the attention (https://github.com/varvet/godmin/pull/212)
+
+Bug fixes
+- Fix permitted params in sessions controller to work with models other than `AdminUser` (https://github.com/varvet/godmin/pull/210)
+
+Other
+- Remove authentication alert (https://github.com/varvet/godmin/pull/207)
+- Add table caption for tests (https://github.com/varvet/godmin/pull/187)
+
+### 1.3.1 - 2016-09-27
+
+Bug fixes
+- Fix FileSystemResolver issue (https://github.com/varvet/godmin/pull/202)
+
+Other
+- Update template for Rails 5 (https://github.com/varvet/godmin/commit/95e0a7917dd9767d77c3bfc876ebbf0a6036f347)
+
 ### 1.3.0 - 2016-07-11
+
 Features
 - Increased batch action checkbox click area (https://github.com/varvet/godmin/pull/183)
 - Adds titles to action links (https://github.com/varvet/godmin/pull/185)
@@ -16,6 +73,7 @@ Other
 - Adds caching partial overrides to increase table rendering speed (https://github.com/varvet/godmin/pull/184)
 
 ### 1.2.0 - 2016-02-02
+
 Features
 - Adds support for custom ordering of columns (https://github.com/varvet/godmin/pull/168)
 - Adds passing of options to association form helper (https://github.com/varvet/godmin/pull/172)
@@ -25,6 +83,7 @@ Bug fixes
 - Fixes an issue with the template resolver and Rails 4.2.5.1 (https://github.com/varvet/godmin/pull/175)
 
 ### 1.1.0 - 2015-12-08
+
 Features
 - Adds locale for pt-BR (Brazilian Portuguese) (https://github.com/varvet/godmin/pull/141)
 - New sandbox template with with more examples (https://github.com/varvet/godmin/pull/135)
@@ -37,22 +96,27 @@ Bug fixes
 - Fixes a namespace issue with the authentication generator (https://github.com/varvet/godmin/pull/150)
 
 ### 1.0.0 - 2015-11-13
+
 Release of 1.0.0 :tada:
 
 ### 0.12.4 - 2015-10-21
+
 Bug fixes
 - Fixes a bug which made it impossible to override the datetimepicker locale (https://github.com/varvet/godmin/issues/132)
 
 ### 0.12.3 - 2015-09-18
+
 Bug fixes
 - Adds support for plural engines (https://github.com/varvet/godmin/pull/128)
 - Remove turbolinks from application.js if present (https://github.com/varvet/godmin/issues/129)
 
 ### 0.12.2 - 2015-09-07
+
 Bug fixes
 - Fixes broken sign in page
 
 ### 0.12.1 - 2015-09-07
+
 Bug fixes
 - Fixes issue where column ordering on index table didn't work (https://github.com/varvet/godmin/issues/124)
 
@@ -60,17 +124,18 @@ Other
 - Adds integration tests
 - Removes the namespace config in `initializers/godmin.rb`
 
-In order to upgrade:
+In order to upgrade
 - Remove the `initializers/godmin.rb` file
 
 ### 0.12.0 - 2015-06-30
+
 Features
 - Adds new navigation helpers for building a custom navbar (https://github.com/varvet/godmin/issues/54)
 
 Other
 - Removes the godmin router method
 
-In order to upgrade:
+In order to upgrade
 - Remove the `godmin do` block from the `config/routes.rb` file
 - Specify a root route if there is none already
 - Create a `shared/_navigation.html.erb` partial if there is none already
@@ -79,10 +144,12 @@ Bug fixes
 - Fixes issue with authentication generator not modifying the application controller
 
 ### 0.11.2 - 2015-06-22
+
 Bug fixes
 - Fixes broken collection select helper
 
 ### 0.11.1 - 2015-05-20
+
 Features
 - Adds `destroy_resource` method to `ResourceService`
 - Adds query param to authorize
@@ -96,6 +163,7 @@ Bug fixes
 - Fixes a regression where filter labels were not translated
 
 ### 0.11.0 - 2015-04-13
+
 Other
 - Split resources into controllers and service objects (https://github.com/varvet/godmin/pull/79)
 - Renames the following modules:
@@ -104,18 +172,22 @@ Other
   - Godmin::Sessions -> Godmin::SessionsController
 
 ### 0.10.3 - 2015-02-18
+
 Bug fixes
 - Adds the possibility to pass options to the `date_field` and `datetime_field` form helpers
 
 ### 0.10.2 - 2015-02-16
+
 Bug fixes
 - Fixes standard resource params for multi-word models
 
 ### 0.10.1 - 2015-02-13
+
 Bug fixes
 - Fixes multi-select selectize issue (https://github.com/varvet/godmin/issues/71)
 
 ### 0.10.0 - 2015-02-11
+
 Features
 - Shows the number of items in each scope in the scope tab (https://github.com/varvet/godmin/issues/16)
 - Two new overridable methods for resources: `build_resource` and `find_resource`
@@ -132,21 +204,25 @@ Other
 - Restructured the locale files a bit
 
 ### 0.9.9 - 2015-01-23
+
 Features
 - Bump bootstrap to 3.3.3
 - Extracted button actions partial
 
 ### 0.9.8 - 2015-01-12
+
 Bug fixes
 - Created resources are now properly scoped by `resources_relation`
 - Fixes broken signin form
 
 ### 0.9.7 - 2015-01-07
+
 Features
 - Support for Rails 4.2
 - New form system (https://github.com/varvet/godmin/pull/50)
 
 ### 0.9.6 - 2014-12-18
+
 Features
 - Bundled [datetimepicker](https://github.com/Eonasdan/bootstrap-datetimepicker/)
 - Exposed JavaScript API
@@ -156,18 +232,22 @@ Notes
 - You can no longer use the `select-tag` class to initialize a select box
 
 ### 0.9.5 - 2014-12-15
+
 Bug fixes
 - Fixes Godmin::FormBuilder issue
 
 ### 0.9.4 - 2014-12-15
+
 Features
 - Added Godmin::FormBuilder
 
 ### 0.9.3 - 2014-12-10
+
 Bug fixes
 - Pagination offset fix
 
 ### 0.9.2 - 2014-12-09
+
 Features
 - Replaces select2 with [selectize](http://brianreavis.github.io/selectize.js/)
 - Adds flash messages (https://github.com/varvet/godmin/issues/26)
@@ -180,6 +260,7 @@ Bug fixes
 - Fixes default permitted params to work with multiword models.
 
 ### 0.9.1 - 2014-11-18
+
 Bug fixes
 - Removed rails executable from /bin folder.
 

data/Gemfile

@@ -12,5 +12,4 @@ gemspec
 
 # The dummy app loads whatever is specified in this gemfile, therefore
 # we add the admin engine used by the dummy app here
-gem "admin", path: "test/dummy/admin", group: [:test, :development]
-gem "codeclimate-test-reporter", group: :test, require: nil
+gem "admin", path: "test/dummy/admin", group: %i[test development]

data/README.md

@@ -3,9 +3,10 @@
 [![Gem Version](http://img.shields.io/gem/v/godmin.svg)](https://rubygems.org/gems/godmin)
 [![Build Status](https://img.shields.io/travis/varvet/godmin/master.svg)](https://travis-ci.org/varvet/godmin)
 [![Code Climate](https://img.shields.io/codeclimate/github/varvet/godmin.svg)](https://codeclimate.com/github/varvet/godmin)
-[![Test Coverage](https://codeclimate.com/github/varvet/godmin/badges/coverage.svg)](https://codeclimate.com/github/varvet/godmin/coverage)
 
-Godmin is an admin framework for Rails 4+. Use it to build dedicated admin sections for your apps, or stand alone admin apps such as internal tools. It has support for common features such as scoping, filtering and performing batch actions on your models. Check out the [demo app](http://godmin-sandbox.herokuapp.com) and its [source code](https://github.com/varvet/godmin-sandbox) to get a feel for how it works.
+**If you are looking for the current stable version, which is Rails 4+ compatible, see the [v1.5](https://github.com/varvet/godmin/tree/v1.5) branch**
+
+Godmin is an admin framework for Rails 5+. Use it to build dedicated admin sections for your apps, or stand alone admin apps such as internal tools. It has support for common features such as scoping, filtering and performing batch actions on your models. Check out the [demo app](http://godmin-sandbox.herokuapp.com) and its [source code](https://github.com/varvet/godmin-sandbox) to get a feel for how it works.
 
 Godmin differs from tools like [ActiveAdmin](http://activeadmin.info/) and [RailsAdmin](https://github.com/sferik/rails_admin) in how admin sections are created. Rather than being DSL-based, Godmin is a set of opt-in modules and helpers that can be applied to regular Rails apps and engines. An admin section built with Godmin is just that, a regular Rails app or Rails engine, with regular routes, controllers and views. That means there is less to learn, because you already know most of it, and fewer constraints on what you can do. After all, administrators are users too, and what better way to provide them with a tailor made experience than building them a Rails app?
 
@@ -25,6 +26,7 @@ Godmin differs from tools like [ActiveAdmin](http://activeadmin.info/) and [Rail
   - [Redirecting](#redirecting)
   - [Pagination](#pagination)
   - [Exporting](#exporting)
+  - [Nested resources](#nested-resources)
 - [Views](#views)
   - [Forms](#forms)
   - [Navigation](#navigation)
@@ -47,7 +49,7 @@ Godmin supports two common admin scenarios:
 
 If you want to set up an example app that you can play around with, run the following:
 ```sh
-rails new sandbox -m https://raw.githubusercontent.com/varvet/godmin/master/template.rb
+rails new sandbox --skip-spring -m https://raw.githubusercontent.com/varvet/godmin/master/template.rb
 ```
 
 ### Standalone installation
@@ -143,6 +145,15 @@ It inserts a `navbar_item` in the `app/views/shared/_navigation.html.erb` partia
 <%= navbar_item Article %>
 ```
 
+If Godmin was installed inside an engine, it creates a model class:
+
+```ruby
+module Admin
+  class Article < ::Article
+  end
+end
+```
+
 It creates a controller:
 
 ```ruby
@@ -511,7 +522,7 @@ If you wish to change the number of resources per page, you can override the `pe
 
 ```ruby
 class ArticlesService
-  include Godmin::Resources::Service
+  include Godmin::Resources::ResourceService
 
   def per_page
     50
@@ -525,12 +536,36 @@ The `attrs_for_export` method in the service object makes it possible to mark at
 
 ```ruby
 class ArticlesService
-  include Godmin::Resources::Service
+  include Godmin::Resources::ResourceService
 
   attrs_for_export :id, :title, :created_at, :updated_at
 end
 ```
 
+### Nested resources
+
+Nested resources can be implemented by nesting your routes:
+
+```ruby
+resources :blogs do
+  resources :blog_posts
+end
+```
+
+This will set up scoping of the nested resource as well as correct links in the breadcrumb.
+
+If you want to add a link to the nested resource from the parent's show and edit pages, you can add the following to the service object:
+
+```ruby
+class BlogService
+  include Godmin::Resources::ResourceService
+
+  has_many :blog_posts
+end
+```
+
+Otherwise, simply add links as you see fit using partial overrides.
+
 ## Views
 
 It's easy to override view templates and partials in Godmin, both globally and per resource. All you have to do is place a file with an identical name in your `app/views` directory. For instance, to override the `godmin/resource/index.html.erb` template for all resources, place a file under `app/views/resource/index.html.erb`. If you only wish to override it for articles, place it instead under `app/views/articles/index.html.erb`.
@@ -637,6 +672,14 @@ class AdminUser < ActiveRecord::Base
 end
 ```
 
+By default the user model is called `AdminUser`. If you'd like to change this, you can pass an argument to the authentication generator:
+
+```
+$ bin/rails generate godmin:authentication SuperUser
+or for an engine:
+$ admin/bin/rails generate godmin:authentication SuperUser
+```
+
 By default the model is generated with an `email` field as the login column. This can changed in the migration prior to migrating if, for instance, a `username` column is more appropriate.
 
 The following route is generated:
@@ -708,9 +751,19 @@ end
 
 The admin section is now authenticated using Devise.
 
+### Disable authentication
+
+If you want to disable authentication for a single controller or controller action, use the following `before_action`:
+
+```ruby
+class ArticlesController < ApplicationController
+  prepend_before_action :disable_authentication
+end
+```
+
 ## Authorization
 
-In order to enable authorization, authentication must first be enabled. See the previous section. The Godmin authorization system is heavily inspired by [Pundit](https://github.com/elabs/pundit) and implements the same interface.
+In order to enable authorization, authentication must first be enabled. See the previous section. The Godmin authorization system uses [Pundit](https://github.com/elabs/pundit).
 
 Add the authorization module to the application controller:
 
@@ -770,8 +823,8 @@ end
 That is, everyone can list and view articles, only editors can create them, and only unpublished articles can be updated and destroyed.
 
 ### Handle unauthorized access
-When a user is not authorized to access a resource, a `NotAuthorizedError` is raised. By default this error is rescued by Godmin and turned into a status code `403 Forbidden` response.
-If you want to change this behaviour you can rescue the error yourself in the appropriate `ApplicationController`:
+
+When a user is not authorized to access a resource, a `Pundit::NotAuthorizedError` is raised. By default this error is rescued by Godmin and turned into a status code `403 Forbidden` response. If you want to change this behaviour you can rescue the error yourself in the appropriate `ApplicationController`:
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -780,13 +833,14 @@ class ApplicationController < ActionController::Base
   include Godmin::Authorization
 
   # Renders 404 page and returns status code 404.
-  rescue_from NotAuthorizedError do
+  rescue_from Pundit::NotAuthorizedError do
     render file: "#{Rails.root}/public/404.html", status: 404, layout: false
   end
 end
 ```
 
 ### Override policy object
+
 If you wish to specify what policy to use manually, override the following method in your model. It does not have to be an ActiveRecord object, but any object will do.
 
 ```ruby
@@ -798,6 +852,7 @@ end
 ```
 
 ### Batch action authorization
+
 Batch actions must be authorized in your policy if you are using Godmin's built in authorization functionality. The policy method is called with the relation containing all records to be processed.
 
 ```ruby
@@ -808,6 +863,16 @@ class ArticlePolicy < Godmin::Authorization::Policy
 end
 ```
 
+### Disable authorization
+
+If you want to disable authorization for a single controller or controller action, use the following `before_action`:
+
+```ruby
+class ArticlesController < ApplicationController
+  prepend_before_action :disable_authorization
+end
+```
+
 ## Localization
 
 Godmin supports localization out of the box. For a list of translatable strings, [look here](https://github.com/varvet/godmin/blob/master/config/locales/en.yml).