godmin 1.3.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 472fc51b8367e7692370d5cdf7b73277474d9995
-  data.tar.gz: 808d3cbaaa03ceea6bc8678ea5ce8686e53cb4f7
+SHA256:
+  metadata.gz: 11671dfd7c0219abf4626b93f1f7273ee5769486e48a43b82889fe43601f3370
+  data.tar.gz: 0bb8078a5792d05b7fbf4543fd20d924432571e22dc87e00beafc6309a4cae08
 SHA512:
-  metadata.gz: 7b8b7888056a7e6a1382115adda0dd4ce19010b661ddfa3e8e165fa0291f3de6f17c533a62c7416d63d824672d8facf9cbf5dd8376950c13d09516aa00554100
-  data.tar.gz: ab1ebe74ff2f8764d73dd73b95f3fc7f43bef777761fd6fa4cbb2cfc70a536325f8d711c3abbfe081c965d812e6ee70d75cd7b1d644250dde9c5a1cdb3babfd5
+  metadata.gz: 7f02e2821b7bae9cd0611a97292f6cb8159e9bcaac1f871e7077ddf0f1ad553be98804e4385c434de5326ca12138310032fa52e459db0b9c6572eeac381dbc51
+  data.tar.gz: 166aef398cffb04a6b38560b177f991cdaf5e9cec4be9bf8d2025188d3b83a7c8763502b183ca891bb32b5e2ce7a4a8bc3ba90b7e464164b3be90400bd6b22b6

data/.codeclimate.yml

@@ -6,8 +6,6 @@ engines:
     enabled: true
   csslint:
     enabled: true
-  bundler-audit:
-    enabled: true
 ratings:
   paths:
   - "**.rb"

data/.gitignore

@@ -23,6 +23,7 @@ config/initializers/secret_token.rb
 /test/dummy/log/*
 /test/dummy/tmp/*
 /test/dummy/db/*.sqlite3
+/test/tmp/*
 Gemfile.lock
 .tags
 gemfiles/.bundle

data/.travis.yml

@@ -1,21 +1,20 @@
-bundler_args: --without debug
+bundler_args: "--without debug"
 cache: bundler
-script: "bundle exec rake test"
-sudo: false
-
+script: bundle exec rake test
 rvm:
-  - 2.1.0
-  - 2.3.1
-
+  - 2.6.7
+  - 2.7.3
+  - 3.0.1
 gemfile:
-  - gemfiles/rails_4.gemfile
   - gemfiles/rails_5.gemfile
+  - gemfiles/rails_6.gemfile
 
 matrix:
   exclude:
-    - rvm: 2.1.0
+    - rvm: 3.0.1
       gemfile: gemfiles/rails_5.gemfile
 
 addons:
   code_climate:
-    repo_token: 7e7ee66c976bdfe7a0d40d41958b97a1cf8a03b0462df5cba415f624c07c2071
+    repo_token:
+      secure: WBszVdtEvWM2KugFre9BpwkCduY6hjrmK7xo1GLiru4NMqr4ZoRXruQ5ijhZE79YqduR6zudKr72g9yG4R+4CK7ghYu4x5JB76IW8gFWpI9teTWrF4hdSbJgwxSH5JNkqWF4f6ic4Xr1Vgc43agzt+1KmA9imoGs2Q0EbAY3H2M=

data/Appraisals

@@ -1,7 +1,7 @@
-appraise "rails-4" do
-  gem "rails", "~> 4.0"
-end
-
 appraise "rails-5" do
   gem "rails", "~> 5.0"
 end
+
+appraise "rails-6" do
+  gem "rails", "~> 6.0"
+end

data/CHANGELOG.md

@@ -1,6 +1,63 @@
 # Changelog
 
+### 2.2.0 - 2021-05-20
+
+Other
+- Build and test against Ruby 3.0
+
+Bug fixes
+- Regression: within an Engine, always look for Pundit policies in the engine (https://github.com/varvet/godmin/pull/259)
+
+### 2.1.0 - 2021-05-10
+
+Bug fixes
+- Use symbol in path for compatibility with the latest Rails security patches (https://github.com/varvet/godmin/pull/256)
+
+Other
+- Build and test against Ruby 2.6 and 2.7
+- Stop building and testing against unsupported rubies (2.5 and older). These may still work and PRs may still be accepted.
+
+### 2.0.0 - 2019-12-06
+
+Features
+- Allow skipping authorization per action (https://github.com/varvet/godmin/pull/231)
+
+Bug fixes
+- Support namespaced models when generating resources (https://github.com/varvet/godmin/issues/181)
+
+Other
+- Drop support for Rails 4 (https://github.com/varvet/godmin/pull/239)
+- Better policy lookups for namespaced models (https://github.com/varvet/godmin/pull/180)
+- Use Pundit for authorization (https://github.com/varvet/godmin/pull/180)
+- Rails 6 support (https://github.com/varvet/godmin/pull/248) and (https://github.com/varvet/godmin/pull/250)
+
+In order to upgrade
+- Upgrade to at least Rails 5 and Ruby 2.2.2
+- If using an admin engine, create a namespaced model for every resource, inheriting from the main app model
+- Replace any `authenticate_admin_user` with `authenticate`
+- Replace any `skip_before_action :authenticate_admin_user` with `prepend_before_action :disable_authentication`
+- Replace any `rescue_from NotAuthorizedError` with `rescue_from Pundit::NotAuthorizedError`
+
+### 1.5.0 - 2017-02-17
+
+Features
+- Support for nested resources (https://github.com/varvet/godmin/pull/189)
+
+### 1.4.0 - 2017-02-15
+
+Features
+- Support group queries in scopes and filters (https://github.com/varvet/godmin/pull/208)
+- Change color of remove buttons, so they're not grabbing all the attention (https://github.com/varvet/godmin/pull/212)
+
+Bug fixes
+- Fix permitted params in sessions controller to work with models other than `AdminUser` (https://github.com/varvet/godmin/pull/210)
+
+Other
+- Remove authentication alert (https://github.com/varvet/godmin/pull/207)
+- Add table caption for tests (https://github.com/varvet/godmin/pull/187)
+
 ### 1.3.1 - 2016-09-27
+
 Bug fixes
 - Fix FileSystemResolver issue (https://github.com/varvet/godmin/pull/202)
 
@@ -8,6 +65,7 @@ Other
 - Update template for Rails 5 (https://github.com/varvet/godmin/commit/95e0a7917dd9767d77c3bfc876ebbf0a6036f347)
 
 ### 1.3.0 - 2016-07-11
+
 Features
 - Increased batch action checkbox click area (https://github.com/varvet/godmin/pull/183)
 - Adds titles to action links (https://github.com/varvet/godmin/pull/185)
@@ -23,6 +81,7 @@ Other
 - Adds caching partial overrides to increase table rendering speed (https://github.com/varvet/godmin/pull/184)
 
 ### 1.2.0 - 2016-02-02
+
 Features
 - Adds support for custom ordering of columns (https://github.com/varvet/godmin/pull/168)
 - Adds passing of options to association form helper (https://github.com/varvet/godmin/pull/172)
@@ -32,6 +91,7 @@ Bug fixes
 - Fixes an issue with the template resolver and Rails 4.2.5.1 (https://github.com/varvet/godmin/pull/175)
 
 ### 1.1.0 - 2015-12-08
+
 Features
 - Adds locale for pt-BR (Brazilian Portuguese) (https://github.com/varvet/godmin/pull/141)
 - New sandbox template with with more examples (https://github.com/varvet/godmin/pull/135)
@@ -44,22 +104,27 @@ Bug fixes
 - Fixes a namespace issue with the authentication generator (https://github.com/varvet/godmin/pull/150)
 
 ### 1.0.0 - 2015-11-13
+
 Release of 1.0.0 :tada:
 
 ### 0.12.4 - 2015-10-21
+
 Bug fixes
 - Fixes a bug which made it impossible to override the datetimepicker locale (https://github.com/varvet/godmin/issues/132)
 
 ### 0.12.3 - 2015-09-18
+
 Bug fixes
 - Adds support for plural engines (https://github.com/varvet/godmin/pull/128)
 - Remove turbolinks from application.js if present (https://github.com/varvet/godmin/issues/129)
 
 ### 0.12.2 - 2015-09-07
+
 Bug fixes
 - Fixes broken sign in page
 
 ### 0.12.1 - 2015-09-07
+
 Bug fixes
 - Fixes issue where column ordering on index table didn't work (https://github.com/varvet/godmin/issues/124)
 
@@ -67,17 +132,18 @@ Other
 - Adds integration tests
 - Removes the namespace config in `initializers/godmin.rb`
 
-In order to upgrade:
+In order to upgrade
 - Remove the `initializers/godmin.rb` file
 
 ### 0.12.0 - 2015-06-30
+
 Features
 - Adds new navigation helpers for building a custom navbar (https://github.com/varvet/godmin/issues/54)
 
 Other
 - Removes the godmin router method
 
-In order to upgrade:
+In order to upgrade
 - Remove the `godmin do` block from the `config/routes.rb` file
 - Specify a root route if there is none already
 - Create a `shared/_navigation.html.erb` partial if there is none already
@@ -86,10 +152,12 @@ Bug fixes
 - Fixes issue with authentication generator not modifying the application controller
 
 ### 0.11.2 - 2015-06-22
+
 Bug fixes
 - Fixes broken collection select helper
 
 ### 0.11.1 - 2015-05-20
+
 Features
 - Adds `destroy_resource` method to `ResourceService`
 - Adds query param to authorize
@@ -103,6 +171,7 @@ Bug fixes
 - Fixes a regression where filter labels were not translated
 
 ### 0.11.0 - 2015-04-13
+
 Other
 - Split resources into controllers and service objects (https://github.com/varvet/godmin/pull/79)
 - Renames the following modules:
@@ -111,18 +180,22 @@ Other
   - Godmin::Sessions -> Godmin::SessionsController
 
 ### 0.10.3 - 2015-02-18
+
 Bug fixes
 - Adds the possibility to pass options to the `date_field` and `datetime_field` form helpers
 
 ### 0.10.2 - 2015-02-16
+
 Bug fixes
 - Fixes standard resource params for multi-word models
 
 ### 0.10.1 - 2015-02-13
+
 Bug fixes
 - Fixes multi-select selectize issue (https://github.com/varvet/godmin/issues/71)
 
 ### 0.10.0 - 2015-02-11
+
 Features
 - Shows the number of items in each scope in the scope tab (https://github.com/varvet/godmin/issues/16)
 - Two new overridable methods for resources: `build_resource` and `find_resource`
@@ -139,21 +212,25 @@ Other
 - Restructured the locale files a bit
 
 ### 0.9.9 - 2015-01-23
+
 Features
 - Bump bootstrap to 3.3.3
 - Extracted button actions partial
 
 ### 0.9.8 - 2015-01-12
+
 Bug fixes
 - Created resources are now properly scoped by `resources_relation`
 - Fixes broken signin form
 
 ### 0.9.7 - 2015-01-07
+
 Features
 - Support for Rails 4.2
 - New form system (https://github.com/varvet/godmin/pull/50)
 
 ### 0.9.6 - 2014-12-18
+
 Features
 - Bundled [datetimepicker](https://github.com/Eonasdan/bootstrap-datetimepicker/)
 - Exposed JavaScript API
@@ -163,18 +240,22 @@ Notes
 - You can no longer use the `select-tag` class to initialize a select box
 
 ### 0.9.5 - 2014-12-15
+
 Bug fixes
 - Fixes Godmin::FormBuilder issue
 
 ### 0.9.4 - 2014-12-15
+
 Features
 - Added Godmin::FormBuilder
 
 ### 0.9.3 - 2014-12-10
+
 Bug fixes
 - Pagination offset fix
 
 ### 0.9.2 - 2014-12-09
+
 Features
 - Replaces select2 with [selectize](http://brianreavis.github.io/selectize.js/)
 - Adds flash messages (https://github.com/varvet/godmin/issues/26)
@@ -187,6 +268,7 @@ Bug fixes
 - Fixes default permitted params to work with multiword models.
 
 ### 0.9.1 - 2014-11-18
+
 Bug fixes
 - Removed rails executable from /bin folder.
 

data/Gemfile

@@ -12,5 +12,4 @@ gemspec
 
 # The dummy app loads whatever is specified in this gemfile, therefore
 # we add the admin engine used by the dummy app here
-gem "admin", path: "test/dummy/admin", group: [:test, :development]
-gem "codeclimate-test-reporter", group: :test, require: nil
+gem "admin", path: "test/dummy/admin", group: %i[test development]

data/README.md

@@ -2,10 +2,10 @@
 
 [![Gem Version](http://img.shields.io/gem/v/godmin.svg)](https://rubygems.org/gems/godmin)
 [![Build Status](https://img.shields.io/travis/varvet/godmin/master.svg)](https://travis-ci.org/varvet/godmin)
-[![Code Climate](https://img.shields.io/codeclimate/github/varvet/godmin.svg)](https://codeclimate.com/github/varvet/godmin)
-[![Test Coverage](https://codeclimate.com/github/varvet/godmin/badges/coverage.svg)](https://codeclimate.com/github/varvet/godmin/coverage)
+[![Code Climate](https://api.codeclimate.com/v1/badges/d8e5c7c54c1dba073689/maintainability)](https://codeclimate.com/github/varvet/godmin)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/d8e5c7c54c1dba073689/test_coverage)](https://codeclimate.com/github/varvet/godmin)
 
-Godmin is an admin framework for Rails 4+. Use it to build dedicated admin sections for your apps, or stand alone admin apps such as internal tools. It has support for common features such as scoping, filtering and performing batch actions on your models. Check out the [demo app](http://godmin-sandbox.herokuapp.com) and its [source code](https://github.com/varvet/godmin-sandbox) to get a feel for how it works.
+Godmin is an admin framework for Rails 5+. Use it to build dedicated admin sections for your apps, or stand alone admin apps such as internal tools. It has support for common features such as scoping, filtering and performing batch actions on your models. Check out the [demo app](http://godmin-sandbox.herokuapp.com) and its [source code](https://github.com/varvet/godmin-sandbox) to get a feel for how it works.
 
 Godmin differs from tools like [ActiveAdmin](http://activeadmin.info/) and [RailsAdmin](https://github.com/sferik/rails_admin) in how admin sections are created. Rather than being DSL-based, Godmin is a set of opt-in modules and helpers that can be applied to regular Rails apps and engines. An admin section built with Godmin is just that, a regular Rails app or Rails engine, with regular routes, controllers and views. That means there is less to learn, because you already know most of it, and fewer constraints on what you can do. After all, administrators are users too, and what better way to provide them with a tailor made experience than building them a Rails app?
 
@@ -25,6 +25,7 @@ Godmin differs from tools like [ActiveAdmin](http://activeadmin.info/) and [Rail
   - [Redirecting](#redirecting)
   - [Pagination](#pagination)
   - [Exporting](#exporting)
+  - [Nested resources](#nested-resources)
 - [Views](#views)
   - [Forms](#forms)
   - [Navigation](#navigation)
@@ -47,7 +48,7 @@ Godmin supports two common admin scenarios:
 
 If you want to set up an example app that you can play around with, run the following:
 ```sh
-rails new sandbox -m https://raw.githubusercontent.com/varvet/godmin/master/template.rb
+rails new sandbox --skip-spring -m https://raw.githubusercontent.com/varvet/godmin/master/template.rb
 ```
 
 ### Standalone installation
@@ -143,6 +144,15 @@ It inserts a `navbar_item` in the `app/views/shared/_navigation.html.erb` partia
 <%= navbar_item Article %>
 ```
 
+If Godmin was installed inside an engine, it creates a model class:
+
+```ruby
+module Admin
+  class Article < ::Article
+  end
+end
+```
+
 It creates a controller:
 
 ```ruby
@@ -511,7 +521,7 @@ If you wish to change the number of resources per page, you can override the `pe
 
 ```ruby
 class ArticlesService
-  include Godmin::Resources::Service
+  include Godmin::Resources::ResourceService
 
   def per_page
     50
@@ -525,12 +535,36 @@ The `attrs_for_export` method in the service object makes it possible to mark at
 
 ```ruby
 class ArticlesService
-  include Godmin::Resources::Service
+  include Godmin::Resources::ResourceService
 
   attrs_for_export :id, :title, :created_at, :updated_at
 end
 ```
 
+### Nested resources
+
+Nested resources can be implemented by nesting your routes:
+
+```ruby
+resources :blogs do
+  resources :blog_posts
+end
+```
+
+This will set up scoping of the nested resource as well as correct links in the breadcrumb.
+
+If you want to add a link to the nested resource from the parent's show and edit pages, you can add the following to the service object:
+
+```ruby
+class BlogService
+  include Godmin::Resources::ResourceService
+
+  has_many :blog_posts
+end
+```
+
+Otherwise, simply add links as you see fit using partial overrides.
+
 ## Views
 
 It's easy to override view templates and partials in Godmin, both globally and per resource. All you have to do is place a file with an identical name in your `app/views` directory. For instance, to override the `godmin/resource/index.html.erb` template for all resources, place a file under `app/views/resource/index.html.erb`. If you only wish to override it for articles, place it instead under `app/views/articles/index.html.erb`.
@@ -637,6 +671,14 @@ class AdminUser < ActiveRecord::Base
 end
 ```
 
+By default the user model is called `AdminUser`. If you'd like to change this, you can pass an argument to the authentication generator:
+
+```
+$ bin/rails generate godmin:authentication SuperUser
+or for an engine:
+$ admin/bin/rails generate godmin:authentication SuperUser
+```
+
 By default the model is generated with an `email` field as the login column. This can changed in the migration prior to migrating if, for instance, a `username` column is more appropriate.
 
 The following route is generated:
@@ -708,9 +750,19 @@ end
 
 The admin section is now authenticated using Devise.
 
+### Disable authentication
+
+If you want to disable authentication for a single controller or controller action, use the following `before_action`:
+
+```ruby
+class ArticlesController < ApplicationController
+  prepend_before_action :disable_authentication
+end
+```
+
 ## Authorization
 
-In order to enable authorization, authentication must first be enabled. See the previous section. The Godmin authorization system is heavily inspired by [Pundit](https://github.com/elabs/pundit) and implements the same interface.
+In order to enable authorization, authentication must first be enabled. See the previous section. The Godmin authorization system uses [Pundit](https://github.com/elabs/pundit).
 
 Add the authorization module to the application controller:
 
@@ -770,8 +822,8 @@ end
 That is, everyone can list and view articles, only editors can create them, and only unpublished articles can be updated and destroyed.
 
 ### Handle unauthorized access
-When a user is not authorized to access a resource, a `NotAuthorizedError` is raised. By default this error is rescued by Godmin and turned into a status code `403 Forbidden` response.
-If you want to change this behaviour you can rescue the error yourself in the appropriate `ApplicationController`:
+
+When a user is not authorized to access a resource, a `Pundit::NotAuthorizedError` is raised. By default this error is rescued by Godmin and turned into a status code `403 Forbidden` response. If you want to change this behaviour you can rescue the error yourself in the appropriate `ApplicationController`:
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -780,13 +832,14 @@ class ApplicationController < ActionController::Base
   include Godmin::Authorization
 
   # Renders 404 page and returns status code 404.
-  rescue_from NotAuthorizedError do
+  rescue_from Pundit::NotAuthorizedError do
     render file: "#{Rails.root}/public/404.html", status: 404, layout: false
   end
 end
 ```
 
 ### Override policy object
+
 If you wish to specify what policy to use manually, override the following method in your model. It does not have to be an ActiveRecord object, but any object will do.
 
 ```ruby
@@ -798,6 +851,7 @@ end
 ```
 
 ### Batch action authorization
+
 Batch actions must be authorized in your policy if you are using Godmin's built in authorization functionality. The policy method is called with the relation containing all records to be processed.
 
 ```ruby
@@ -808,6 +862,61 @@ class ArticlePolicy < Godmin::Authorization::Policy
 end
 ```
 
+### Disable authorization
+
+If you want to disable authorization for a single controller or controller action, use the following `before_action`:
+
+```ruby
+class ArticlesController < ApplicationController
+  prepend_before_action :disable_authorization
+end
+```
+
+### Authorization in Engines
+
+When Godmin is installed as an engine, it expects policies to be defined
+within the engine: eg. `Admin::ArticlePolicy` defined in
+`admin/app/policies/article_policy.rb`.
+
+If your admin application is itself broken up into several engines, then
+either
+
+1. the policies for those engines need to live in the main engine, or
+2. those engines need to be namespaced under the namespace of the main engine.
+
+Here is one example of a directory structure for approach 2:
+
+```
+admin
+  ├── app
+  │   └── policies
+  │       └── admin
+  │           └── article_policy.rb
+  └── engines
+      └── content
+          └── policies
+              └── admin
+                  └── content
+                      └── text_block_policy.rb
+app
+  └── models
+      └── article.rb
+engines
+  └── content
+        └── models
+            └── content
+                └── text_block.rb
+```
+```ruby
+# admin/engines/content/policies/admin/content/text_block_policy.rb
+module Admin
+  module Content
+    class TextBlockPolicy < ::Admin::ApplicationPolicy
+    end
+  end
+end
+```
+
 ## Localization
 
 Godmin supports localization out of the box. For a list of translatable strings, [look here](https://github.com/varvet/godmin/blob/master/config/locales/en.yml).