hobo 1.1.0.pre2 → 1.1.0.pre3

data/CHANGES.txt

@@ -14,6 +14,40 @@ likely to cause conflicts, so it is highly recommended that you have
 your code backed up and in a change control system such as git or
 subversion.
 
+=== Hobo 1.1 ===
+
+The default password validation has been changed to 6 characters, one
+of which must not be lowercase.  Luckily, we also made the password
+validation easier to change.   See
+[Bug #638](https://hobo.lighthouseapp.com/projects/8324/tickets/638) for
+more information.
+
+=== Hobo 1.0.3 ===
+
+This is a security release.   All applications that use the reset
+password functionality should upgrade.
+
+To patch the vulnerability, two changes have been made.
+
+First of all, the lifecycle key hash mechanism has been changed.
+Existing lifecycle keys will become invalid after you upgrade.
+Lifecycle keys are typically short lived, so this is unlikely to be a
+problem for most applications.
+
+Secondly, lifecycle keys are now cleared on every transition to avoid
+replay vulnerabilities.  This new behaviour may be avoided by added
+the `:keep_key => true` option to a transition.
+
+More information about the vulnerability can be viewed on the [bug
+report](https://hobo.lighthouseapp.com/projects/8324/tickets/666-user-model-secure-links-have-low-security).
+
+All code changes may viewed on the [github
+log](https://github.com/tablatom/hobo/compare/v1.0.2...v1.0.3)
+
+The "include" automatic scope has been aliased to "includes" to
+increase future compatibility with Rails 3.  Future versions of Hobo
+will remove support for "include".
+
 === Hobo 1.0.2 ===
 
 This release is almost identical to 1.0.1 except that it updates the

data/doctest/scopes.rdoctest

@@ -95,6 +95,7 @@ Let's set up a few models for our testing:
          born_at :date
          code :integer
          male :boolean
+         foo :string
          timestamps
        end
 
@@ -119,19 +120,19 @@ Generate a migration and run it:
 
     >> ActiveRecord::Migration.class_eval(HoboFields::MigrationGenerator.run[0])
     >> Person.columns.*.name
-    => ["id", "name", "born_at", "code", "male", "created_at", "updated_at", "state"]
+    => ["id", "name", "born_at", "code", "male", "foo", "created_at", "updated_at", "state"]
 {.hidden}
 
 And create a couple of fixtures:
 
     >> 
      Bryan = Person.new(:name => "Bryan", :code => 17, 
-        :born_at => Date.new(1973,4,8), :male => true)
+        :born_at => Date.new(1973,4,8), :male => true, :foo => "common")
     >> Bryan.state = "active"
     >> Bryan.save!
     >> 
      Bethany = Person.new(:name => "Bethany", :code => 42, 
-        :born_at => Date.new(1975,5,13), :male => false)
+        :born_at => Date.new(1975,5,13), :male => false, :foo => "common")
     >> Bethany.state = "inactive"
     >> Bethany.save!
     >> Friendship.new(:person => Bryan, :friend => Bethany).save!
@@ -287,12 +288,16 @@ Gives the N most recent items:
     >> Person.order_by(:code).*.name
     => ["Bryan", "Bethany"]
 
-## include
+## includes
 
-Adding the include function to your query chain has the same effect as
+Adding the includes function to your query chain has the same effect as
 the `:include` option to the `find` method.  
 
-    >> Person.include(:friends).*.name
+    >> Person.search("B", :name).include(:friends).*.name  # test LH#839
+    => ["Bryan", "Bethany"]
+.hidden
+
+    >> Person.includes(:friends).*.name
     => ["Bryan", "Bethany"]
 
 ## search
@@ -397,6 +402,15 @@ Like named scopes, Hobo scopes can be chained:
     >> Bryan.inactive_friends.inactive.*.name
     => ["Bethany"]
 
+    >> Person.scoped(:conditions => {:state => "active"}).scoped(:conditions => {:foo => "common"}).*.name
+    => ["Bryan"]
+
+    >> Person.with_friendship(Friendship.first).born_before(Date.new(1974)).*.name
+    => ["Bryan"]
+
+    >> Person.born_after(Date.new(1974)).with_friendship(Friendship.first).*.name
+    => []
+
 Clean up our test database:
 {.hidden}
 

data/lib/active_record/association_collection.rb

@@ -25,17 +25,6 @@ module ActiveRecord
         record
       end
 
-      # DO NOT call super here - AssociationProxy's version loads the collection, and that's bad.
-      # TODO: this really belongs in Rails; migrate it there ASAP
-      def respond_to?(*args)
-        proxy_respond_to?(*args) || Array.new.respond_to?(*args)
-      end
-
-      # TODO: send this patch into Rails. There's no reason to load the collection just to find out it acts like an array.
-      def is_a?(klass)
-        [].is_a?(klass)
-      end
-
       def member_class
         proxy_reflection.klass
       end

data/lib/hobo/authentication_support.rb

@@ -67,7 +67,7 @@ module Hobo
         accepts.xml do
           headers["Status"]           = "Unauthorized"
           headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-          render :text => ht("hobo.messages.unauthenticated", :default=>["Couldn't authenticate you"], :status => '401 Unauthorized')
+          render :text => ht("hobo.messages.unauthenticated", :default=>["Couldn't authenticate you"]), :status => '401 Unauthorized'
         end
       end
       false

data/lib/hobo/controller.rb

@@ -58,7 +58,7 @@ module Hobo
 
     def redirect_to_with_object_url(destination, *args)
       if destination.is_one_of?(String, Hash, Symbol)
-        redirect_to_without_object_url(destination)
+        redirect_to_without_object_url(destination, *args)
       else
         redirect_to_without_object_url(object_url(destination, *args))
       end
@@ -78,12 +78,12 @@ module Hobo
     end
 
 
-    def ajax_update_response(page_path, render_specs, results={})
+    def ajax_update_response(page_path, render_specs, results={}, options={})
       @template.send(:_evaluate_assigns_and_ivars)
       renderer = Dryml.page_renderer(@template, [], page_path) if page_path
 
       render :update do |page|
-        page << "var _update = typeof Hobo == 'undefined' ? Element.update : Hobo.updateElement;"
+        page << (options[:preamble] || "var _update = typeof Hobo == 'undefined' ? Element.update : Hobo.updateElement;")
         for spec in render_specs
           function = spec[:function] || "_update"
           dom_id = spec[:id]
@@ -99,6 +99,7 @@ module Hobo
           end
         end
         page << renderer.part_contexts_storage if renderer
+        page << options[:postamble] if options[:postamble]
       end
     end
 

data/lib/hobo/lifecycles/lifecycle.rb

@@ -168,7 +168,6 @@ module Hobo
       def become(state_name, validate=true)
         state_name = state_name.to_sym
         record.write_attribute self.class.state_field, state_name.to_s
-
         if state_name == :destroy
           record.destroy
           true
@@ -210,7 +209,7 @@ module Hobo
         timestamp = record.read_attribute(key_timestamp_field)
         if timestamp
           timestamp = timestamp.getutc
-          Digest::SHA1.hexdigest("#{record.id}-#{state_name}-#{timestamp}")
+          Digest::SHA1.hexdigest("#{record.id}-#{state_name}-#{timestamp}-#{ActionController::Base.session_options[:secret]}")
         end
       end
 
@@ -223,6 +222,10 @@ module Hobo
         provided_key && provided_key == key && !key_expired?
       end
 
+      def clear_key
+        record.write_attribute key_timestamp_field, nil
+      end
+
       def invariants_satisfied?
         self.class.invariants.all? { |i| record.instance_eval(&i) }
       end

data/lib/hobo/lifecycles/transition.rb

@@ -34,7 +34,8 @@ module Hobo
 
 
       def change_state(record)
-        record.lifecycle.become(get_state(record, end_state))
+        record.lifecycle.clear_key unless options[:new_key] || options[:keep_key]
+        return record.lifecycle.become(get_state(record, end_state))
       end
 
 

data/lib/hobo/model.rb

@@ -32,13 +32,17 @@ module Hobo
 
         alias_method_chain :has_one, :new_method
 
-        def inherited(klass)
-          super
-          fields(false) do
-            Hobo.register_model(klass)
-            field(klass.inheritance_column, :string)
+        # eval avoids the ruby 1.9.2 "super from singleton method ..." error
+        # see LH#840
+        eval %(
+          def inherited(klass)
+            super
+            fields(false) do
+              Hobo.register_model(klass)
+              field(klass.inheritance_column, :string)
+            end
           end
-        end
+        )
       end
 
       # https://hobo.lighthouseapp.com/projects/8324/tickets/762-hobo_model-outside-a-full-rails-env-can-lead-to-stack-level-too-deep
@@ -121,8 +125,12 @@ module Hobo
 
       ActiveRecord::Base.class_eval do
         def self.hobo_model
-          include Hobo::Model
-          fields(false) # force hobofields to load
+          if self.ancestors.include?(Hobo::Model)
+            Rails.logger.error "#{self}: Do not call hobo_model in derived classes."
+          else
+            include Hobo::Model
+            fields(false) # force hobofields to load
+          end
         end
         def self.hobo_user_model
           include Hobo::Model

data/lib/hobo/model_controller.rb

@@ -455,6 +455,7 @@ module Hobo
 
       if do_pagination
         options.reverse_merge!(:page => params[:page] || 1)
+        options[:order] = :created_at if options[:order] == :default
         finder.paginate(options)
       else
         finder.all(options.except(*WILL_PAGINATE_OPTIONS))
@@ -521,7 +522,7 @@ module Hobo
         this.user_update_attributes(current_user, attributes)
       else
         self.this = new_for_create(attributes)
-        this.save
+        this.user_save(current_user)
       end
       create_response(:new, options, &b)
     end
@@ -590,10 +591,11 @@ module Hobo
 
       self.this ||= args.first || find_instance
       changes = options[:attributes] || attribute_parameters or raise RuntimeError, ht(:"hobo.messages.update.no_attribute_error", :default=>["No update specified in params"])
-      this.user_update_attributes(current_user, changes)
-
-      # Ensure current_user isn't out of date
-      @current_user = @this if @this == current_user
+      
+      if this.user_update_attributes(current_user, changes)        
+        # Ensure current_user isn't out of date
+        @current_user = @this if @this == current_user
+      end
 
       in_place_edit_field = changes.keys.first if changes.size == 1 && params[:render]
       update_response(in_place_edit_field, options, &b)

data/lib/hobo/scopes/automatic_scopes.rb

@@ -267,7 +267,30 @@ module Hobo
               field, asc = args
               type = klass.attr_type(field)
               if type.nil? #a virtual attribute from an SQL alias, e.g., 'total' from 'COUNT(*) AS total'
-                colspec = "#{field}" # don't prepend the table name 
+                # can also be has_many association, let's check it out
+                _, assoc, count = *field._?.match(/^([a-z_]+)(?:\.([a-z_]+))?/)
+                refl = klass.attr_type(assoc)
+
+                if refl.respond_to?(:primary_key_name) && refl.macro == :has_many && count._?.upcase == 'COUNT'
+                  owner_primary_key = "#{klass.quoted_table_name}.#{klass.primary_key}"
+                  # now we have :has_many association in refl, is this a through association?
+                  if (through = refl.through_reflection) && (source = refl.source_reflection)
+                    # has_many through association was found and now we have a few variants:
+                    # 1) owner.has_many -> through.belongs_to <- source.has_many (many to many, source.macro == :belongs_to )
+                    # 2) owner.has_many -> through.has_many -> source.belongs_to (many to one through table, source.macro == :has_many)
+                    colspec = "(SELECT COUNT(*) AS count_all FROM #{refl.quoted_table_name} INNER JOIN #{through.quoted_table_name}" +
+                      " ON #{source.quoted_table_name}.#{source.macro == :belongs_to ? source.klass.primary_key : through.association_foreign_key}" +
+                      " = #{through.quoted_table_name}.#{source.macro == :belongs_to ? source.association_foreign_key : through.klass.primary_key}" +
+                      " WHERE #{through.quoted_table_name}.#{through.primary_key_name} = #{owner_primary_key} )"
+                  else
+                    # simple many to one (has_many -> belongs_to) association
+                    colspec = "(SELECT COUNT(*) as count_all FROM #{refl.quoted_table_name}" +
+                      " WHERE #{refl.quoted_table_name}.#{refl.primary_key_name} = #{owner_primary_key})"
+                  end
+
+                else
+                  colspec = "#{field}" # don't prepend the table name
+                end
               elsif type.respond_to?(:name_attribute) && (name = type.name_attribute)
                 include = field
                 colspec = "#{type.table_name}.#{name}"
@@ -283,6 +306,11 @@ module Hobo
               { :include => inclusions }
             end
 
+          when "includes"
+            def_scope do |inclusions|
+              { :include => inclusions }
+            end
+
           when "search"
             def_scope do |query, *fields|
               match_keyword = ::ActiveRecord::Base.connection.adapter_name == "PostgreSQL" ? "ILIKE" : "LIKE"

data/lib/hobo/scopes/named_scope_extensions.rb

@@ -1,27 +1,39 @@
 module ActiveRecord
   module NamedScope
-    class Scope
-
-      delegate :member_class, :to => :proxy_found
-
-      include Hobo::Scopes::ApplyScopes
+    
+    class Scope      
+      delegate :member_class, :to => :proxy_found      
+      include Hobo::Scopes::ApplyScopes      
+    end
 
-      def respond_to?(method, include_private=false)
-        super || scopes.include?(method) || proxy_scope.respond_to?(method, include_private)
+    module ClassMethods
+      def scopes
+        hash = read_inheritable_attribute(:scopes)
+        if hash.nil?
+          if respond_to?(:create_automatic_scope)
+            write_inheritable_attribute(:scopes, new_automatic_scoping_hash(self))
+          else
+            # add a default_proc to optimize the next condition
+            write_inheritable_attribute(:scopes, Hash.new { |hash, key| nil })
+          end
+        elsif hash.default_proc.nil? && respond_to?(:create_automatic_scope)
+          write_inheritable_attribute(:scopes, new_automatic_scoping_hash(self).merge!(hash))
+        else
+          hash
+        end
       end
       
       private
       
-      def method_missing(method, *args, &block)
-        if scopes.include?(method)
-          scopes[method].call(self, *args)
-        else
-          with_scope :find => proxy_options do
-            proxy_scope.send(method, *args, &block)
+      def new_automatic_scoping_hash(o)
+        hash = Hash.new { |hash, key| o.create_automatic_scope(key) && hash[key] }
+        hash.meta_eval do
+          define_method :include? do |key, *args|
+            super(key, *args) || o.create_automatic_scope(key)
           end
         end
+        hash
       end
-
     end
   end
 end

data/lib/hobo/user.rb

@@ -32,7 +32,7 @@ module Hobo
         end
 
         validates_confirmation_of :password,              :if => :new_password_required?
-        password_validations
+        validate :validate_password
         validate :validate_current_password_when_changing_password
 
         # Virtual attributes for setting and changing the password
@@ -56,11 +56,6 @@ module Hobo
     # Additional classmethods for authentication
     module ClassMethods
 
-      # Validation of the plaintext password
-      def password_validations
-        validates_length_of :password, :within => 4..40, :if => :new_password_required?
-      end
-
       def login_attribute=(attr, validate=true)
         @login_attribute = attr = attr.to_sym
         unless attr == :login
@@ -177,6 +172,11 @@ module Hobo
       changing_password? && !authenticated?(current_password) and errors.add :current_password, Hobo::Translations.ht("hobo.messages.current_password_is_not_correct", :default => "is not correct")
     end
 
+    # Validation of the plaintext password.   Override this function
+    # to change your validation.
+    def validate_password
+      errors.add(:password, Hobo::Translations.ht("hobo.messages.validate_password", :default => "must be at least 6 characters long and must not consist solely of lowercase letters.")) if new_password_required? && (password.nil? || password.length<6 || /^[[:lower:]]*$/.match(password))
+    end
   end
 
 end

data/lib/hobo.rb

@@ -22,7 +22,7 @@ class HoboError < RuntimeError; end
 
 module Hobo
 
-  VERSION = "1.1.0.pre2"
+  VERSION = "1.1.0.pre3"
   
   class PermissionDeniedError < RuntimeError; end
 

data/rails_generators/hobo_rapid/templates/hobo-rapid.js

@@ -691,7 +691,7 @@ HoboInputMany = {
       Event.stop(ev);
       var ul = el.up('ul.input-many'), li = el.up('li.input-many-li');
 
-      if(li.id.search(/_-1$/ && ul.immediateDescendants().length>2)>=0) {
+      if(li.id.search(/_-1$/)>=0 && ul.immediateDescendants().length>2) {
           /* if(console) console.log("IE7 messed up again (bug 605)"); */
           return;
       }

data/rapid_generators/rapid/pages.dryml.erb

@@ -140,7 +140,7 @@ end
             <a:<%= back_link %> param="parent-link">&laquo; <ht key="<%= model_key %>.actions.back" to="<%= back_link %>"><name/></ht></a:<%= back_link %>>
 <% end -%>
             <h2 param="heading">
-              <ht key="<%= model_key %>.show.heading" name="&this.respond_to?(:name) ? this.name : ''">
+              <ht key="<%= model_key %>.show.heading" name="&this.respond_to?(:to_s) ? this.to_s : ''">
                 <name/>
               </ht>
             </h2>
@@ -175,7 +175,7 @@ end
 <% if collection -%>
             <section param="collection-section">
               <h3 param="collection-heading">
-                <ht key="<%= model_key %>.collection.heading.<%= (is_user_model ? 'your':'other') %>" >
+                <ht key="<%= collection.to_s.tableize %>.collection.heading.<%= (is_user_model ? 'your':'other') %>" >
                   <%= '<Your/>' if is_user_model %><%= collection.to_s.titleize %>
                 </ht>
               </h3>

data/taglibs/rapid_core.dryml

@@ -466,14 +466,14 @@ Assuming the context is a blog post...
 <!-- Renders a comma separated list of links (`<a>`), or "(none)" if the list is empty -->
 <def tag="links-for-collection"><%= this.empty? ? "(none)" : context_map { a }.join(", ") %></def>
 
-<!-- Renders `this.to_s(:long)`, or `this.strftime(format)` if the `format` attribute is given -->
-<def tag="view" for="Date" attrs="format"><%= this && (format ? this.strftime(format) : this.to_s(:long)) %></def>
+<!-- Renders `I18n.l(this, :format => :long)`, or `I18n.l(this, :format => format)` if the `format` attribute is given -->
+<def tag="view" for="Date" attrs="format"><%= this && (format ? I18n.l(this, :format => format) : I18n.l(this, :format => :long)) %></def>
 
-<!-- Renders `this.to_s(:long)`, or `this.strftime(format)` if the `format` attribute is given -->
-<def tag="view" for="Time" attrs="format"><%= this && (format ? this.strftime(format) : this.to_s(:long)) %></def>
+<!-- Renders `I18n.l(this, :format => :long)`, or `I18n.l(this, :format => format)` if the `format` attribute is given -->
+<def tag="view" for="Time" attrs="format"><%= this && (format ? I18n.l(this, :format => format) : I18n.l(this, :format => :long)) %></def>
 
-<!-- Renders `this.to_s(:long)`, or `this.strftime(format)` if the `format` attribute is given -->
-<def tag="view" for="ActiveSupport::TimeWithZone" attrs="format"><%= this && (format ? this.strftime(format) : this.to_s(:long)) %></def>
+<!-- Renders `I18n.l(this, :format => :long)`, or `I18n.l(this, :format => format)` if the `format` attribute is given -->
+<def tag="view" for="ActiveSupport::TimeWithZone" attrs="format"><%= this && (format ? I18n.l(this, :format => format) : I18n.l(this, :format => :long)) %></def>
 
 <!-- Renders `this.to_s`, or `format % this` if the `format` attribute is given -->
 <def tag="view" for="Numeric" attrs="format"><%= format ? format % this : this.to_s %></def>
@@ -487,12 +487,19 @@ Assuming the context is a blog post...
   end
 %></def>
 
-<!-- Renders 'Yes' for true and 'No' for false -->
-<def tag="view" for="boolean"><%= this ? 'Yes' : 'No' %></def>
+<!-- Renders 'Yes' for true and 'No' for false with localization support -->
+<def tag="view" for="boolean"><%= this ? ht('hobo.boolean_yes', {:default => 'Yes'}) : ht('hobo.boolean_no', {:default => 'No'}) %></def>
 
 <!-- Renders a link (`<a>`) to `this` -->
 <def tag="view" for="ActiveRecord::Base"><a merge-attrs/></def>
 
+<!-- Renders `this.to_s` with localization support -->
+<def tag="view" for="HoboFields::LifecycleState">
+    <span class='#{this.class.parent.name.downcase}-states #{this.class.parent.name.downcase}-state-#{this.to_s.downcase} state-#{this.to_s.downcase}'>
+        <ht key='#{this.class.parent.name.tableize}.lifecycle_states.#{this.to_s.downcase}'><%= this.to_s %></ht>
+    </span>
+</def>
+
 
 <!--
 A convenience tag used to output a count and a correctly pluralised label. Works with any kind of collection such as an `ActiveRecord` association or an array.

data/taglibs/rapid_forms.dryml

@@ -51,7 +51,8 @@ executed at various points in the ajax request cycle:
             hiddens = case fields
                       when '*', nil
                         # TODO: Need a better (i.e. extensible) way to eleminate certain fields
-                        this.class.column_names - ['type', 'created_at', 'updated_at']
+                        # marking a field as attr_protected is one way to eliminate a field
+                        this.class.column_names - [this.class.inheritance_column, 'created_at', 'updated_at']
                       else
                         comma_split(fields)
                       end
@@ -574,7 +575,7 @@ All the standard ajax attributes *except the callbacks* are supported (see the m
                                   else
                                     { :type => "button" }
                                   end)
-    label ||= ht("hobo.actions.remove", :default=>"Remove") 
+    label ||= ht("#{this.class.name.tableize}.actions.remove", :default=>"Remove") 
     confirm = ht("hobo.messages.confirm", :default=>"Are you sure?") if confirm.nil?
     
     add_classes!(attributes,
@@ -588,7 +589,7 @@ All the standard ajax attributes *except the callbacks* are supported (see the m
       else
         fade = true if fade.nil?
         attributes[:value] = label
-        attributes[:onclick] = "Hobo.removeButton(this, '#{url}', #{js_updates(update)}, {fade:#{fade}, confirm: #{confirm.inspect}})"
+        attributes[:onclick] = "Hobo.removeButton(this, '#{url}', #{js_updates(update)}, {fade:#{fade}, confirm: '#{confirm}'})"
         element(:input, attributes, nil, true, true)
       end
     end
@@ -622,7 +623,7 @@ All of the standard ajax attributes are supported (see the main taglib documenti
   new = class_or_assoc.new(fields)
   new.set_creator(current_user)
   if can_create?(new)
-    label ||= ht("#{new.class.name.pluralize.underscore}.actions.new", :default=>"New #{new.class.name.titleize}")  
+    label ||= ht("#{new.class.name.tableize}.actions.new", :default=>"New #{new.class.name.titleize}")  
     ajax_attributes = { :message => message }
     class_name = new.class.name.underscore
     ajax_attributes[:params] = { class_name => fields } unless fields.empty?
@@ -653,7 +654,7 @@ For situations where there are too many target records to practically include in
 <def tag="select-one" attrs="include-none, blank-message, options, sort, limit, text-method"><%
   raise Hobo::PermissionDeniedError.new("Not allowed to edit #{this_field}") if !attributes[:disabled] && !can_edit? 
 
-  blank_message ||= ht("#{this_type.name.underscore}.message.no", :default=>"(No #{this_type.view_hints.model_name})")
+  blank_message ||= ht("#{this_type.name.tableize}.message.none", :default=>"(No #{this_type.view_hints.model_name})")
   limit ||= 100
    
   options ||= begin
@@ -780,10 +781,10 @@ If you wish to set `min-chars` to 0, you will require this [patch to controls.js
   -->
 <def tag="error-messages">
   <section class="error-messages" merge-attrs if="&this.errors.length > 0">
-    <h2 param="heading">To proceed please correct the following:</h2>
+      <h2 param="heading"><ht key="hobo.messages.error_correct_following">To proceed please correct the following:</ht></h2>
     <ul param>
       <% this.errors.each do |attr, message|; next if message == "..." -%>
-        <li param><%= this.class.human_attribute_name(attr) unless attr.to_s == 'base' %> <%= message %></li>
+        <li param><%= this.class.view_hints.field_name(attr) unless attr.to_s == 'base' %> <%= message %></li>
       <% end -%>
     </ul>
   </section>
@@ -796,12 +797,12 @@ An input for `has_many :through` associations that lets the user chose the items
 To use this tag, the model of the items the user is chosing *must* have unique names, and the 
 -->
 <def tag="select-many" attrs="options, targets, remove-label, prompt, disabled, name"><%
-  prompt ||= "Add #{this_field.titleize.singularize}"
+  prompt ||= ht("#{this.name.tableize}.message.none", :default=>"Add #{this.view_hints.model_name}")
   options ||= this_field_reflection.klass.all(:conditions =>this.conditions).select {|x| can_view?(x)}
   name ||= param_name_for_this
                 
   values = this
-  remove_label ||= ht("hobo.actions.remove", :default=>'Remove')
+  remove_label ||= ht("#{this.name.tableize}.actions.remove", :default=>'Remove')
   -%>
   <div class="input select-many" merge-attrs>
     <div style="display:none" class="item-proto">

data/taglibs/rapid_plus.dryml

@@ -172,7 +172,7 @@ See [Filtering stories by status](/tutorials/agility#filtering_stories_by_status
   <% no_filter ||= "All" %>
   <form action="&request.request_uri" method="get" class="filter-menu" merge-attrs="id">
     <div>
-      <% selected = options.detect {|o| o.to_s==params[param_name.gsub('-', '_')] } %>
+      <% selected = options.detect {|o| o.is_a?(Array) ? o[1].to_s==params[param_name.gsub('-', '_')] : o.to_s==params[param_name.gsub('-', '_')] } %>
       <select-menu name="&param_name" options="&options" selected="&selected"
                    first-option="&no_filter" merge-params/>
     </div>

data/taglibs/rapid_user_pages.dryml

@@ -165,8 +165,8 @@ if a given email is associated with an account or not. -->
         <error-messages param/>
         <form class="change-password" param>
           <field-list fields="email_address, current_password, password, password_confirmation" param>
-            <password-label:>New Password</password-label:>
-            <password-confirmation-label:>Confirm New Password</password-confirmation-label:>
+              <password-label:><ht key="users.new_password">"New Password</ht></password-label:>
+              <password-confirmation-label:><ht key="users.confirm_new_password">Confirm New Password</ht></password-confirmation-label:>
           </field-list>
 
           <div class="actions" param="actions">

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: hobo
 version: !ruby/object:Gem::Version 
-  hash: -1876988167
+  hash: -1876988186
   prerelease: true
   segments: 
   - 1
   - 1
   - 0
-  - pre2
-  version: 1.1.0.pre2
+  - pre3
+  version: 1.1.0.pre3
 platform: ruby
 authors: 
 - Tom Locke
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-12 00:00:00 -05:00
+date: 2011-01-16 00:00:00 -05:00
 default_executable: hobo
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -73,13 +73,13 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: -1876988167
+        hash: -1876988186
         segments: 
         - 1
         - 1
         - 0
-        - pre2
-        version: 1.1.0.pre2
+        - pre3
+        version: 1.1.0.pre3
   type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
@@ -90,13 +90,13 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: -1876988167
+        hash: -1876988186
         segments: 
         - 1
         - 1
         - 0
-        - pre2
-        version: 1.1.0.pre2
+        - pre3
+        version: 1.1.0.pre3
   type: :runtime
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
@@ -107,13 +107,13 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: -1876988167
+        hash: -1876988186
         segments: 
         - 1
         - 1
         - 0
-        - pre2
-        version: 1.1.0.pre2
+        - pre3
+        version: 1.1.0.pre3
   type: :runtime
   version_requirements: *id005
 description: