hot-glue 0.6.0.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ffc84538112521ab7f15e7c0d234de7ffc5e5231e49a6ffb3cb3fd77c4f0545
-  data.tar.gz: f9e7c8e6b171aace305d5fae08ee24d08f6304c0127e5044579e8d3c30cc6ca6
+  metadata.gz: c984f13c5f9639c6cea9837c4266cf0e4e529e9adef1dffea257551ebd80f8cd
+  data.tar.gz: ba87601c2e04556604a7900880f054fd67b95ee78c9113668664ffb591c0601f
 SHA512:
-  metadata.gz: 53da97a3e0c570c41594ae47ed50149a5519e512d1677c38dc70fb118e69893d67165b7f7de89e0e8f56325f766934225f810c52fba501c9b9a1a71943cdc365
-  data.tar.gz: f6fd036dd5abeb33724927a6a25e2fab560f553f4df23cf186438f09036e68f147aef50ce356b7c9c3858cd3fbe81c02bc9649b46076562da3a3cf43f0cf0530
+  metadata.gz: f9b1228beb6639f671f2138c0b62a891060da18089e23cb1a9f0518b77b0002e2c38018b18df49525f0dcf6b2715c6ed3c4c415bca8d203c8afad0c5113fad88
+  data.tar.gz: 34e37814fe29eb58097331279107b1b58a4e9dbb4f3f9887c0e5c6b095d484c8a893034d3dafeed2ffbd5350a3cbd7542ee7dba4ffbd0a149b04a4b6a936ab8c

data/.github/FUNDING.yml

@@ -1 +1 @@
-custom: ["https://twitter.com/HotGlueForRails",  "https://school.jasonfleetwoodboldt.com/8188?utm_source=github.com&utm_campaign=github_hot_glue_repo_funding_link"]
+custom: ["https://twitter.com/HotGlueForRails",  "https://school.jfbcodes.com/8188?utm_source=github.com&utm_campaign=github_hot_glue_repo_funding_link"]

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hot-glue (0.6.0)
+    hot-glue (0.6.1)
       ffaker (~> 2.16)
       kaminari (~> 1.2)
       rails (> 5.1)
@@ -90,7 +90,7 @@ GEM
       xpath (~> 3.2)
     concurrent-ruby (1.1.10)
     crass (1.0.6)
-    date (3.3.3)
+    date (3.3.4)
     devise (4.8.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -139,12 +139,12 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.4)
     minitest (5.16.3)
-    net-imap (0.4.4)
+    net-imap (0.4.5)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
     net-smtp (0.4.0)
       net-protocol
@@ -235,7 +235,7 @@ GEM
     stimulus-rails (1.1.1)
       railties (>= 6.0.0)
     thor (1.2.1)
-    timeout (0.4.0)
+    timeout (0.4.1)
     turbo-rails (1.3.2)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)

data/README.md

@@ -38,7 +38,7 @@ Other than the opinionated differences and additional features, Hot Glue produce
 
 # Get Hot Glue
 
-## [GET THE COURSE TODAY](https://school.jasonfleetwoodboldt.com/8188/?utm_source=github.com&utm_campaign=github_hot_glue_readme_page) **only $60 USD!**
+## [GET THE COURSE TODAY](https://school.jfbcodes.com/8188/?utm_source=github.com&utm_campaign=github_hot_glue_readme_page) **only $60 USD!**
 
 
 ---
@@ -522,7 +522,7 @@ The short form looks like this. It presumes there is a 'pets' association from `
 
 (The long form equivalent of this would be `--hawk=pet_id{current_user.pets}`)
 
-This is covered in [Example #3 in the Hot Glue Tutorial](https://school.jasonfleetwoodboldt.com/8188)
+This is covered in [Example #3 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
 
 To hawk to a scope that is not the currently authenticated user, use the long form with `{...}` 
 to specify the scope. Be sure to note to add the association name itself, like `users`: 
@@ -532,7 +532,7 @@ to specify the scope. Be sure to note to add the association name itself, like `
 This would hawk the Appointment's `user_id` key to any users who are within the scope of the 
 current_user's has_many association (so, for any other "my" family, would be `current_user.family.users`). 
 
-This is covered in [Example #4 in the Hot Glue Tutorial](https://school.jasonfleetwoodboldt.com/8188)
+This is covered in [Example #4 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
 
 
 ### `--plural=`
@@ -681,8 +681,9 @@ Notice that each modifiers can be used with specific field types.
 | (truthy label)\|(falsy label) | specify a binary switch with a pipe (\|) character if the value is truthy, it will display as "truthy label" if the value is falsy, it will display as "falsy label" | booleans, datetimes, dates, times |   |    |
 | partials                      | applies to enums only, you must have a partial whose name matches each enum type                                                                                 | enums only                        |   |   |
 | tinymce                       | applies to text fields only, be sure to setup TineMCE globally                                                                                                   | text fields only                  |    |   |
+| typeahead                     | turns a foreign key (only) into a searchable typeahead field                                                                                                     | foreign keys only                 |   |   |
 
-Except for "(truthy label)" and "(falsy label)" which represent the labels you should specify separated by the pipe character (|), use the modifier exactly as shown.
+Except for "(truthy label)" and "(falsy label)" which use the special syntax, use the modifier _exactly_ as it is named.
 
 ### `--pundit`
 If you enable Pundit, your controllers will look for a Policy that matches the name of the thing being built.
@@ -690,11 +691,14 @@ If you enable Pundit, your controllers will look for a Policy that matches the n
 **Realtime Field-level Access**
 Hot Glue gives you automatic field level access control if you create `*_able?` methods for each field you'd like to control on your Pundit policy.
 
-(Although this is not what Pundit recommends for field level access control, it has been implemented this way to provide field-by-field user feedback to the user shown in red just like Rails validation errors are currently shown. This is is only hypothetical, because the interface correctly shows the field as viewable or editable anyway, making bad entry only something that could be achieved through a mistake or hacking. Nevertheless, rest assured that if there was a input mistake-- like a user having a field editable when it shouldn't be, the backend policy would guard against the disallowed input and show an error message.)
+(Although this is not what Pundit recommends for field level access control, it has been implemented this way to provide field-by-field user feedback to the user shown in red just like Rails validation errors are currently shown. A user having access to input text into a field they shouldn't have access to is *only hypothetical*, because the Hot Glue will correctly show the the user connect edit was view-only anyway, making unallowed entry only something that could be achieved through a mistake or hacking. Nevertheless, rest assured that if there was a input mistake-- like a user having a field editable when it shouldn't be, if you implement your backend policy correctly with an `update?` method guards against the disallowed input, your user will show an error message and the record will not be updated.)
+
+The `*_able?` method should return true or false depending on whether or not the field can be edited. No distinction is made between the `new` and `edit` contexts. You may check if the record is new using `new_record?`.
+
+
+**The `*_able?` method is used by Hot Glue only on the new and edit actions. You must incorporate it into the policy's `update?` method as in the example, or else no guard will check prevent the user doesn't pass a value to input it anyway.**
 
-The `*_able?` method should return true or false depending on whether or not the field can be edited. (No distinction is made between the different contexts. You may check if the record is new using `new_record?`.
 
-The `*_able?` method is used by Hot Glue only on the new and edit actions, but you should incorporate it into the policy's `update?` method as in the example, which will extend other operations since Hot Glue will use the policy to authorize the action
 Add one `*_able?` method to the policy for each field you want to allow field-level access control. 
 
 Replace `*` with the name of the field you want under access control. Remember to include `_id` for foreign keys. You do not need it for any field you don't want under access control.
@@ -851,7 +855,7 @@ This means you can be a somewhat lazy about your bang methods, but keep in mind
 
 Finally, you can raise an ActiveRecord error which will also get passed to the user in the flash alert area.
 
-For more information see Example 5 in the Tutorial
+For more information see [Example 5 in the Tutorial](https://school.jfbcodes.com/8188)
 
 
 ### `--downnest`
@@ -963,6 +967,25 @@ This happens using two interconnected mechanisms:
 please note that *creating* and *deleting* do not yet have a full & complete implementation: Your pages won't re-render the pages being viewed cross-peer (that is, between two users using the app at the same time) if the insertion or deletion causes the pagination to be off for another user.
 
 
+### `--related-sets`
+
+Used to show a checkbox set of related records. The relationship should be a `has_and_belongs_to_many` or a `has_many through:` from the object being built.
+
+Consider the classic example of three tables: users, user_roles, and roles
+
+User `has_many :user_roles`; UserRole `belongs_to :user` and `belongs_to :role`; and Role `has_many :user_roles` and `has_many :user, through: :user_roles`
+
+We'll generate a scaffold to edit the users table. A checkbox set of related roles will also appear to allow editing of roles. (In this example, the only field to be edited is the email field.)
+
+```
+rails generate hot_glue:scaffold User --related-sets=roles --include=email,roles --gd
+```
+
+Note this leaves open a privileged escalation attack (a security vulnerability).
+
+To fix this, you'll need to use Pundit with special syntax designed for this purpose. Please see [Example #17 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
+
+
 ## "Thing" Label
 
 Note that on a per model basis, you can also globally omit the label or set a unique label value using
@@ -1028,6 +1051,20 @@ Use `before` to make the labels come before or `after` to make them come after.
 Omits the heading of column names that appears above the 1st row of data.
 
 
+
+`--code-before-create`
+`--code-after-create`
+`--code-before-update`
+`--code-after-update`
+
+Insert some code into the `create` action or `update` actions.
+The **before code** is called _after authorization_ but _before saving_ (which creates the record, or fails validation).
+The **after create** code is called after the record is saved (and thus has an id in the case of the create action).
+Both should be wrapped in quotation marks when specified in the command line, and use semicolons to separate multiple lines of code.
+(Notice the funky indentation of the lines in the generated code. Adjust you input to get the indentation correct.)
+
+
+
 ## Special Features
 
 ### `--attachments`
@@ -1325,6 +1362,10 @@ Child portals have the headings omitted automatically (there is a heading identi
 - Enum - displayed as a drop-down list (defined the enum values on your model). 
   - For Rails 6 see https://jasonfleetwoodboldt.com/courses/stepping-up-rails/enumerated-types-in-rails-and-postgres/
   - You must specify the enum definition both in your model and also in your database migration for both Rails 6 + Rails 7
+  - You can modify an enum so that instead of a drop down list, it displays a partial view that you must build. See the [v0.5.23 Release notes](https://github.com/hot-glue-for-rails/hot-glue#2023-10-01---v0523) for details.
+
+
+
 
 # Note about enums
 
@@ -1369,6 +1410,8 @@ def self.status_labels
 
 Now, your labels will show up on the front-end as defined in the `_labels` ("Is currently pending", etc) instead of the database-values.
 
+You can modify an enum so that instead of a drop down list, it displays a partial view that you must build. See the [v0.5.23 Release notes](https://github.com/hot-glue-for-rails/hot-glue#2023-10-01---v0523) for details.
+
 ### Validation Magic
 
 Use ActiveRecord validations or hooks to validate your data. Hot Glue will automatically display the errors in the UI.
@@ -1406,7 +1449,7 @@ You will do these three things:
 2. When generating a scaffold you want to make a typeahead association, use `--modify='parent_id{typeahead}'` where `parent_id` is the foreign key
 `bin/rails generate hot_glue:scaffold Book --include=title,author_id --modify='author_id{typeahead}'`
 3. Within each namespace, you will generate a special typeahead controller (it exists for the associated object to be searched on
-`bin/rails generate hot_glue:typehead Author`
+`bin/rails generate hot_glue:typeahead Author`
 This will create a controller for `AuthorsTypeaheadController` that will allow text search against any *string* field on the `Author` model.
 This special generator takes flags `--namespace` as the normal generator and also `--search-by` to let you specify the list of fields you want to search by.
 
@@ -1471,8 +1514,82 @@ For example, to display the field `my_story` on the object `Thing`, you'd genera
 bin/rails generate Thing --include=my_story --modify='my_story{tinymce}'
 ```
 
+### Pickup Partial Includes for `_edit` and `_new` Screens
+
+If you have a partial already in the view folder called `_edit_within_form.html.erb`, it with get included within the edit form.
+If you have a partial already in the view folder called `_new_within_form.html.erb`, it with get included within the new form.
+For these, you can use any of the objects by local variable name or the special `f` local variable to access the form itself.
+
+These partials are good for including extra functionality in the form, like interactive widgets or hidden fields.
+If you have a partial already in the view folder called `_edit_after_form.html.erb`, it with get included **_after_** the edit form.
+If you have a partial already in the view folder called `_new_after_form.html.erb`, it with get included **_after_** the new form.
+You can use any of the objects by local variable name (but you cannot use the form object `f` because it is not in scope.)
+
+The `within` partials should do operations within the form (like hidden fields), and the `after` partials should do entirely unrelated operations, like a different form entirely.
+
+These automatic pickups for partials are detected at buildtime. This means that if you add these partials later, you must rebuild your scaffold.
+
+
+
+
+
 # VERSION HISTORY
 
+#### 2023-12-02 - v0.6.2
+
+• Fixes to typeahead when using Pundit.
+
+• New Code Hooks: Add Custom Code Before/After the Update or Create Actions
+
+`--code-before-create`
+`--code-after-create`
+`--code-before-update`
+`--code-after-update`
+
+
+Insert some code into the `create` action or `update` actions.
+
+The **before code** is called _after authorization_ but _before saving_ (which creates the record, or fails validation). 
+
+The **after create** code is called after the record is saved (and thus has an id in the case of the create action). 
+
+Both should be wrapped in quotation marks when specified in the command line, and use semicolons to separate multiple lines of code.
+(Notice the funky indentation of the lines in the generated code. Adjust you input to get the indentation correct.)
+
+• New Automatic Pickup Partial Includes for `_edit` and `_new` Screens
+
+See "Pickup Partial Includes for `_edit` and `_new` Screens" above
+
+
+
+#### 2023-11-21 - v0.6.1 - `--related-sets`
+
+Used to show a checkbox set of related records. The relationship should be a `has_and_belongs_to_many` or a `has_many through:` from the object being built.
+
+Consider the classic example of three tables: users, user_roles, and roles
+
+User `has_many :user_roles`; UserRole `belongs_to :user` and `belongs_to :role`; and Role `has_many :user_roles` and `has_many :user, through: :user_roles`
+
+We'll generate a scaffold to edit the users table. A checkbox set of related roles will also appear to allow editing of roles. (In this example, the only field to be edited is the email field.)
+
+```
+rails generate hot_glue:scaffold User --related-sets=roles --include=email,roles --gd
+```
+
+Note that when making a scaffold like this, you may leave open a privileged escalation attack (a security vulnerability).
+
+To fix this, you'll need to use Pundit with special syntax designed for this purpose. 
+
+For a complete solution, please see Example 17 in the [Hot Glue Tutorial](https://school.jfbcodes.com/8188).
+
+Without Pundit, due to a quirk in how this code works with ActiveRecord, all update operates to the related sets table are permitted (and go through), even if the update operation otherwise fails validation for the fields on the object. (ActiveRecord doesn't seem to have a way to validate the related sets directly.)
+
+In this case, your update actions may update the relate sets table but fail to update the current object.
+
+Using this feature with Pundit will fix this problem, and it is achieved with a (hacky) implementation that performs a pre-check for each related set against the Pundit policy. 
+
+#### v0.6.0.1 - small tweaks to typeahead
+
 #### 2023-11-03 - v0.6.0
 
 Typeahead Associations
@@ -1862,8 +1979,8 @@ License check has been removed (Hot Glue is now free to use for hobbyists and in
 #### 2022-03-23 - v0.5.2 - Hawked Foreign Keys
 
  - You can now protect your foreign keys from malicious input and also restrict the scope of drop downs to show only records with the specified access control restriction.
- - [Example #3](https://school.jasonfleetwoodboldt.com/8188) in the Hot Glue Tutorial shows you how to use the hawk to limit the scope to the logged in user.
- - [Example #4](https://school.jasonfleetwoodboldt.com/8188) in the Hot Glue Tutorial shows how to hawk to a non-usual scope, the inverse of the current user's belongs_to (that is, hawk the scope to X where current_user `belongs_to :x`)
+ - [Example #3](https://school.jfbcodes.com/8188) in the Hot Glue Tutorial shows you how to use the hawk to limit the scope to the logged in user.
+ - [Example #4](https://school.jfbcodes.com/8188) in the Hot Glue Tutorial shows how to hawk to a non-usual scope, the inverse of the current user's belongs_to (that is, hawk the scope to X where current_user `belongs_to :x`)
  
 
 #### 2022-03-12  - v0.5.1 - Inline List Labels

data/lib/generators/hot_glue/field_factory.rb

@@ -10,6 +10,8 @@ require_relative "fields/text_field"
 require_relative "fields/time_field"
 require_relative "fields/uuid_field"
 require_relative "fields/attachment_field"
+require_relative "fields/related_set_field"
+
 
 
 class FieldFactory
@@ -42,8 +44,11 @@ class FieldFactory
               EnumField
             when :attachment
               AttachmentField
+            when :related_set
+              RelatedSetField
             end
     @class_name = class_name
+
     @field = field_class.new(name: name,
                              layout_strategy: generator.layout_strategy,
                              form_placeholder_labels: generator.form_placeholder_labels,
@@ -60,6 +65,7 @@ class FieldFactory
                              modify_as: generator.modify_as[name.to_sym] || nil,
                              display_as: generator.display_as[name.to_sym] || nil,
                              default_boolean_display: generator.default_boolean_display,
-                             namespace: generator.namespace_value)
+                             namespace: generator.namespace_value,
+                             pundit: generator.pundit )
   end
 end

data/lib/generators/hot_glue/fields/association_field.rb

@@ -10,7 +10,7 @@ class AssociationField < Field
                  update_show_only: ,
                  hawk_keys: , auth: , sample_file_path:,  ownership_field: ,
                  attachment_data: nil , layout_strategy: , form_placeholder_labels: nil,
-                 form_labels_position:, modify_as: , self_auth: , namespace: )
+                 form_labels_position:, modify_as: , self_auth: , namespace:, pundit:  )
     super
 
     @assoc_model = eval("#{class_name}.reflect_on_association(:#{assoc})")
@@ -78,9 +78,8 @@ class AssociationField < Field
   def form_field_output
     assoc_name = name.to_s.gsub("_id","")
     assoc = eval("#{class_name}.reflect_on_association(:#{assoc_name})")
-
     if modify_as && modify_as[:typeahead]
-      search_url  = "#{namespace ? namespace + "_" : ""}#{assoc.plural_name}_typeahead_index_url"
+      search_url  = "#{namespace ? namespace + "_" : ""}#{assoc.class_name.downcase.pluralize}_typeahead_index_url"
       "<div class='typeahead typeahead--#{assoc.name}_id'
       data-controller='typeahead'
       data-typeahead-url-value='<%= #{search_url} %>'

data/lib/generators/hot_glue/fields/attachment_field.rb

@@ -1,10 +1,9 @@
 class AttachmentField < Field
   attr_accessor :attachment_data
   def initialize(name:, class_name:, default_boolean_display: ,
-                 display_as:,
-                 singular:, update_show_only:, hawk_keys:, auth:,
+                 display_as:, singular:, update_show_only:, hawk_keys:, auth:,
                  sample_file_path: nil, attachment_data:, ownership_field:, layout_strategy: ,
-                 form_placeholder_labels: , form_labels_position:, modify_as:, self_auth: , namespace:  )
+                 form_placeholder_labels: , form_labels_position:, modify_as:, self_auth: , namespace:, pundit:   )
     super
 
     @attachment_data = attachment_data

data/lib/generators/hot_glue/fields/field.rb

@@ -5,7 +5,7 @@ class Field
                 :hawk_keys,   :layout_strategy, :limit, :modify_as, :name, :object, :sample_file_path,
                 :self_auth,
                 :singular_class,  :singular, :sql_type, :ownership_field,
-                :update_show_only, :namespace
+                :update_show_only, :namespace, :pundit
 
   def initialize(
     auth: ,
@@ -24,7 +24,8 @@ class Field
     singular: ,
     update_show_only:,
     self_auth:,
-    namespace:
+    namespace:,
+    pundit:
   )
     @name = name
     @layout_strategy = layout_strategy
@@ -40,13 +41,14 @@ class Field
     @form_labels_position = form_labels_position
     @modify_as = modify_as
     @display_as = display_as
+    @pundit = pundit
 
     @self_auth = self_auth
     @default_boolean_display = default_boolean_display
     @namespace = namespace
 
     # TODO: remove knowledge of subclasses from Field
-    unless self.class == AttachmentField
+    unless self.class == AttachmentField || self.class == RelatedSetField
       @sql_type = eval("#{class_name}.columns_hash['#{name}']").sql_type
       @limit = eval("#{class_name}.columns_hash['#{name}']").limit
     end
@@ -56,6 +58,10 @@ class Field
     @name
   end
 
+  def form_field_output
+    raise "superclass must implement"
+  end
+
   def field_error_name
     name
   end

data/lib/generators/hot_glue/fields/related_set_field.rb

@@ -0,0 +1,60 @@
+class RelatedSetField < Field
+
+  attr_accessor :assoc_name, :assoc_class, :assoc
+
+  def initialize( class_name: , default_boolean_display:, display_as: ,
+                  name: , singular: ,
+                  update_show_only: ,
+                  hawk_keys: , auth: , sample_file_path:,  ownership_field: ,
+                  attachment_data: nil , layout_strategy: , form_placeholder_labels: nil,
+                  form_labels_position:, modify_as: , self_auth: , namespace:, pundit:)
+    super
+
+    @related_set_model = eval("#{class_name}.reflect_on_association(:#{name})")
+
+    if @related_set_model.nil?
+          raise "You specified a related set #{name} but there is no association on #{singular_class} for #{name}; please add a `has_and_belongs_to_many :#{name}` OR a `has_many :#{name}, through: ...` to the #{singular_class} model"
+
+      # exit_message = "*** Oops: The model #{class_name} is missing an association for :#{assoc_name} or the model #{assoc_name.titlecase} doesn't exist. TODO: Please implement a model for #{assoc_name.titlecase}; or add to #{class_name} `belongs_to :#{assoc_name}`.  To make a controller that can read all records, specify with --god."
+      puts exit_message
+      raise(HotGlue::Error, exit_message)
+    end
+
+    @assoc_class = eval(@related_set_model.try(:class_name))
+
+    name_list = [:name, :to_label, :full_name, :display_name, :email]
+
+    if assoc_class && name_list.collect{ |field|
+      assoc_class.respond_to?(field.to_s) || assoc_class.instance_methods.include?(field)
+    }.none?
+      exit_message = "Oops: Missing a label for `#{assoc_class}`. Can't find any column to use as the display label for the #{@assoc_name} association on the #{class_name} model. TODO: Please implement just one of: 1) name, 2) to_label, 3) full_name, 4) display_name 5) email. You can implement any of these directly on your`#{assoc_class}` model (can be database fields or model methods) or alias them to field you want to use as your display label. Then RERUN THIS GENERATOR. (Field used will be chosen based on rank here.)"
+      raise(HotGlue::Error, exit_message)
+    end
+
+  end
+
+
+  def form_field_output
+    disabled_syntax = +""
+    if pundit
+      disabled_syntax << ", {disabled: ! #{class_name}Policy.new(#{auth}, @#{singular}).role_ids_able?}"
+    end
+    " <%= f.collection_check_boxes :#{association_ids_method}, #{association_class_name}.all, :id, :label, {}#{disabled_syntax} do |m| %>
+      <%= m.check_box %> <%= m.label %><br />
+    <% end %>"
+  end
+
+  def association_ids_method
+    eval("#{class_name}.reflect_on_association(:#{name})").class_name.underscore + "_ids"
+  end
+
+  def association_class_name
+    eval("#{class_name}.reflect_on_association(:#{name})").class_name
+  end
+
+  def viewable_output
+    "<%= #{singular}.#{name}.collect(&:label).join(\", \") %>"
+  end
+end
+
+

data/lib/generators/hot_glue/markup_templates/erb.rb

@@ -8,7 +8,7 @@ module  HotGlue
                   :inline_list_labels, :layout_object,
                   :columns,  :col_identifier, :singular,
                   :form_placeholder_labels, :hawk_keys, :update_show_only,
-                  :attachments, :show_only, :columns_map, :pundit
+                  :attachments, :show_only, :columns_map, :pundit, :related_sets
 
 
       def initialize(singular:, singular_class: ,
@@ -17,7 +17,7 @@ module  HotGlue
                    ownership_field: , form_labels_position: ,
                    inline_list_labels: ,
                    form_placeholder_labels:, hawk_keys: ,
-                   update_show_only:, attachments: , columns_map:, pundit: )
+                   update_show_only:, attachments: , columns_map:, pundit:, related_sets:  )
 
       @singular = singular
       @singular_class = singular_class
@@ -39,6 +39,7 @@ module  HotGlue
       @hawk_keys = hawk_keys
       @update_show_only = update_show_only
       @attachments = attachments
+      @related_sets = related_sets
     end
 
     def add_spaces_each_line(text, num_spaces)
@@ -150,7 +151,7 @@ module  HotGlue
 
         "<div class='#{col_identifier} #{singular}--#{column.join("-")}'#{style_with_flex_basis}> " +
         column.map { |col|
-          if eval("#{singular_class}.columns_hash['#{col}']").nil? && !attachments.keys.include?(col)
+          if eval("#{singular_class}.columns_hash['#{col}']").nil? && !attachments.keys.include?(col) && !related_sets.include?(col)
             raise "Can't find column '#{col}' on #{singular_class}, are you sure that is the column name?"
           end
           field_output = columns_map[col].line_field_output

data/lib/generators/hot_glue/scaffold_generator.rb

@@ -23,7 +23,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
                 :nest_with, :path, :plural, :sample_file_path, :show_only_data, :singular,
                 :singular_class, :smart_layout, :stacked_downnesting, :update_show_only, :ownership_field,
                 :layout_strategy, :form_placeholder_labels, :form_labels_position, :pundit,
-                :self_auth, :namespace_value
+                :self_auth, :namespace_value, :related_sets
   # important: using an attr_accessor called :namespace indirectly causes a conflict with Rails class_name method
   # so we use namespace_value instead
 
@@ -89,6 +89,11 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   class_option :modify, default: {}
   class_option :display_as, default: {}
   class_option :pundit, default: nil
+  class_option :related_sets, default: ''
+  class_option :code_before_create, default: nil
+  class_option :code_after_create, default: nil
+  class_option :code_before_update, default: nil
+  class_option :code_after_update, default: nil
 
   def initialize(*meta_args)
     super
@@ -320,7 +325,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
     end
 
     if @god
-      @auth = nil
+      # @auth = nil
     end
     # when in self auth, the object is the same as the authenticated object
 
@@ -370,6 +375,24 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       puts "NESTING: #{@nested_set}"
     end
 
+    # related_sets
+    related_set_input = options['related_sets'].split(",")
+    @related_sets = {}
+    related_set_input.each do |setting|
+      name = setting.to_sym
+      association_ids_method = eval("#{singular_class}.reflect_on_association(:#{setting.to_sym})").class_name.underscore + "_ids"
+      class_name = eval("#{singular_class}.reflect_on_association(:#{setting.to_sym})").class_name
+
+      @related_sets[setting.to_sym] =   { name: setting.to_sym,
+                          association_ids_method: association_ids_method,
+                          class_name: class_name }
+    end
+
+    if @related_sets.any?
+      puts "RELATED SETS: #{@related_sets}"
+
+    end
+
     # OBJECT OWNERSHIP & NESTING
     @reference_name = HotGlue.derrive_reference_name(singular_class)
     if @auth && @self_auth
@@ -407,15 +430,23 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       @no_field_form = true
     end
 
+    @code_before_create = options['code_before_create']
+    @code_after_create = options['code_after_create']
+    @code_before_update = options['code_before_update']
+    @code_after_update = options['code_after_update']
+
     buttons_width = ((!@no_edit && 1) || 0) + ((!@no_delete && 1) || 0) + @magic_buttons.count
 
+
+
+
     # build a new polymorphic object
     @associations = []
     @columns_map = {}
     @columns.each do |col|
-      if !(@the_object.columns_hash.keys.include?(col.to_s) || @attachments.keys.include?(col))
-        raise "couldn't find #{col} in either field list or attachments list"
-      end
+      # if !(@the_object.columns_hash.keys.include?(col.to_s) || @attachments.keys.include?(col))
+      #   raise "couldn't find #{col} in either field list or attachments list"
+      # end
 
       if col.to_s.starts_with?("_")
         @show_only << col
@@ -425,6 +456,10 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
         type = @the_object.columns_hash[col.to_s].type
       elsif @attachments.keys.include?(col)
         type = :attachment
+      elsif @related_sets.keys.include?(col)
+        type = :related_set
+      else
+        raise "couldn't find #{col} in either field list, attachments, or related sets"
       end
       this_column_object = FieldFactory.new(name: col.to_s,
                                             generator: self,
@@ -440,7 +475,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       if field.is_a?(AssociationField)
         if @modify_as && @modify_as[key] && @modify_as[key][:typeahead]
           assoc_name = field.assoc_name
-          file_path = "app/controllers/#{namespace ? namspace + "/" : ""}#{assoc_name.pluralize}_typeahead_controller.rb"
+          file_path = "app/controllers/#{@namespace ? @namespace + "/" : ""}#{assoc_name.pluralize}_typeahead_controller.rb"
 
           if ! File.exist?(file_path)
 
@@ -455,6 +490,8 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       end
     end
 
+
+
     # create the template object
     if @markup == "erb"
       @template_builder = HotGlue::ErbTemplate.new(
@@ -473,6 +510,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
         attachments: @attachments,
         columns_map: @columns_map,
         pundit: @pundit,
+        related_sets: @related_sets
       )
     elsif @markup == "slim"
       raise(HotGlue::Error, "SLIM IS NOT IMPLEMENTED")
@@ -607,6 +645,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   end
 
   def identify_object_owner
+    return if @god
     auth_assoc = @auth && @auth.gsub("current_", "")
 
     if @object_owner_sym && !@self_auth
@@ -657,6 +696,16 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
       check_if_sample_file_is_present
     end
+
+    if @related_sets.any?
+      if !@pundit
+        puts "********************\nWARNING: You are using --related-sets without using Pundit. This makes the set fully accessible. Use Pundit to prevent a privileged escalation vulnerability\n********************\n"
+      end
+      @related_sets.each do |key, related_set|
+        @columns << related_set[:name] if !@columns.include?(related_set[:name])
+        puts "Adding related set :#{related_set[:name]} as-a-column"
+      end
+    end
   end
 
   def check_if_sample_file_is_present
@@ -676,16 +725,25 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
     puts ""
   end
 
-  def fields_filtered_for_email_lookups
-    @columns
+  def fields_filtered_for_strong_params
+    @columns - @related_sets.collect{|key, set| set[:name]}
   end
 
   def creation_syntax
     if @factory_creation == ''
-      "@#{singular } = #{ class_name }.create(modified_params)"
+      "@#{singular } = #{ class_name }.new(modified_params)"
     else
-      "#{@factory_creation}\n" +
-        "    @#{singular } = factory.#{singular}"
+      res = +"begin
+      #{@factory_creation}
+      "
+      res << "\n" + "@#{singular} = factory.#{singular}" unless res.include?("@#{singular} = factory.#{singular}")
+      res << "flash[:notice] = \"Successfully created \#{@#{singular}.name}\" unless @#{singular}.new_record?
+    rescue ActiveRecord::RecordInvalid
+      @#{singular} = factory.#{singular}
+      flash[:alert] = \"Oops, your #{singular} could not be created. #{@hawk_alarm}\"
+      @action = 'new'
+    end"
+      res
     end
   end
 
@@ -703,6 +761,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
   def copy_controller_and_spec_files
     @default_colspan = @columns.size
+
     unless @specs_only || @no_controller
       template "controller.rb.erb", File.join("#{filepath_prefix}app/controllers#{namespace_with_dash}", "#{@controller_build_folder}_controller.rb")
       if @namespace
@@ -969,7 +1028,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   end
 
   def object_scope
-    if @auth
+    if @auth && !@god
       if @nested_set.none?
         @auth + ".#{plural}"
       else
@@ -1046,6 +1105,10 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
   def copy_view_files
     return if @specs_only
+    @edit_within_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_edit_within_form.html.#{@markup}")
+    @edit_after_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_edit_within_form.html.#{@markup}")
+    @new_within_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_new_within_form.html.#{@markup}")
+    @new_after_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_new_within_form.html.#{@markup}")
 
     if @no_controller
       File.write("#{Rails.root}/app/views/#{namespace_with_trailing_dash}/#{plural}/REGENERATE.md", regenerate_me_code)
@@ -1296,7 +1359,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
   def n_plus_one_includes
     if @associations.any? || @attachments.any?
-      ".includes(" + (@associations.map { |x| x } + @attachments.collect { |k, v| "#{k}_attachment" }).map { |x| ":#{x.to_s}" }.join(", ") + ")"
+      ".includes(" + (@associations.map { |x| x } + @attachments.collect { |k, v| "#{k}_attachment" } ).map { |x| ":#{x.to_s}" }.join(", ") + ")"
     else
       ""
     end
@@ -1342,7 +1405,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   end
 
   def any_datetime_fields?
-    (@columns - @attachments.keys.collect(&:to_sym)).collect { |col| eval("#{singular_class}.columns_hash['#{col}']").type }.include?(:datetime)
+    (@columns - @attachments.keys.collect(&:to_sym) - @related_sets.keys ).collect { |col| eval("#{singular_class}.columns_hash['#{col}']").type }.include?(:datetime)
   end
 
   def post_action_parental_updates

data/lib/generators/hot_glue/templates/controller.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class <%= controller_class_name %> < <%= controller_descends_from %>
   # regenerate this controller with
   <% if defined?(RuboCop) %># rubocop:disable Layout/LineLength
@@ -20,7 +22,7 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
 
      nest_chain << arg %>
   before_action :<%= arg[:singular] %><%= ", if: -> { params.include?(:#{arg[:singular]}_id) }" if arg[:optional] %><% } %><% end %>
-  before_action :load_<%= singular_name %>, only: [:show, :edit, :update, :destroy]
+  before_action :load_<%= singular_name %>, only: %i[show edit update destroy]
   after_action -> { flash.discard }, if: -> { request.format.symbol == :turbo_stream }
   <% if @nested_set.any? %>def <%= @nested_set[0][:singular] %><% if @god
        next_object = nil
@@ -72,7 +74,7 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
 
   <% end %>def load_all_<%= plural %><% if @pundit %>
     @<%= plural_name %> =  policy_scope(<%= object_scope %>).page(params[:page])<%= n_plus_one_includes %><%= ".per(per)" if @paginate_per_page_selector %>
-    authorize @<%= plural_name %>.all<% else %> <% if !@self_auth %>
+    <% else %> <% if !@self_auth %>
     @<%= plural_name %> = <%= object_scope.gsub("@",'') %><%= n_plus_one_includes %>.page(params[:page])<%= ".per(per)" if @paginate_per_page_selector %><%= " if params.include?(:#{ @nested_set.last[:singular]}_id)" if @nested_set.any? && @nested_set[0] &&  @nested_set[0][:optional] %><% if @nested_set[0] &&  @nested_set[0][:optional] %>
     @<%= plural_name %> = <%= class_name %>.all<% end %><% else %>
     @<%= plural_name %> = <%= class_name %>.where(id: <%= auth_object.gsub("@",'') %>.id)<%= n_plus_one_includes %>.page(params[:page])<%= ".per(per)" if @paginate_per_page_selector %><% end %>
@@ -80,63 +82,71 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
   end
 
   def index
-    load_all_<%= plural %><% if @pundit %>
+    load_all_<%= plural %><% if @pundit %><% if @pundit %>
+    authorize @<%= plural_name %><% end %>
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "You are not authorized to perform this action."
-    render "layouts/error"<% end %>
+    flash[:alert] = 'You are not authorized to perform this action.'
+    render 'layouts/error'<% end %>
   end
 
 <% if create_action %>  def new<% if @object_owner_sym %>
-    @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name %><% if @pundit %>)<% end %>.new(<%  if eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %><%= @object_owner_sym %>: <%= @object_owner_eval %><% end %>)<% elsif @object_owner_optional && any_nested? %>
+    @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name %><% if @pundit %>)<% end %>.new<% if eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %>(<%= @object_owner_sym %>: <%= @object_owner_eval %>)<% end %><% elsif @object_owner_optional && any_nested? %>
     @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name  %><% if @pundit %>)<% end %>.new({}.merge(<%= @nested_set.last[:singular] %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}))<% else %>
     @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name  %><% if @pundit %>)<% end %>.new(<% if any_nested? %><%= @object_owner_sym %>: <%= @object_owner_eval %><% end %>)<% end %>
     <% if @pundit %>authorize @<%= singular_name %><% end %><% if @pundit %>
-    @action = "new"
+    @action = 'new'
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "You are not authorized to perform this action."
+    flash[:alert] = 'You are not authorized to perform this action.'
+    load_all_users
     render :index<% end %>
   end
 
   def create
     modified_params = modify_date_inputs_on_params(<%= singular_name %>_params.dup, <%= current_user_object %>, <%= datetime_fields_list %>) <% if @object_owner_sym &&  eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %>
     modified_params = modified_params.merge(<%= @object_owner_sym %>: <%= @object_owner_eval %>) <% elsif @object_owner_optional && any_nested? %>
-    modified_params = modified_params.merge(<%= @object_owner_name %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}) <% elsif !@object_owner_eval.empty? %>
+    modified_params = modified_params.merge(<%= @object_owner_name %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}) <% elsif !@object_owner_eval.empty? && !@god %>
     modified_params = modified_params.merge(<%= @object_owner_eval %>) <% end %>
 
       <% if @hawk_keys.any? %>
     modified_params = hawk_params({<%= hawk_to_ruby %>}, modified_params)<% end %>
-      <%= controller_attachment_orig_filename_pickup_syntax %>
+    <%= controller_attachment_orig_filename_pickup_syntax %>
     <%= creation_syntax %>
-
-    if @<%= singular_name %>.save
+    <% if @pundit %><% @related_sets.each do |key, related_set| %>
+    check_<%= related_set[:association_ids_method].to_s %>_permissions(modified_params, :create)<% end %><% end %>
+    <% if @pundit %>authorize @<%= singular %><% end %>
+    <%= @code_before_create ? "\n    " + @code_before_create.gsub(";", "\n") : "" %>
+    if @<%= singular_name %>.save<%= @code_after_create ? ("\n      " + @code_after_create.gsub(";", "\n"))  : ""%>
       flash[:notice] = "Successfully created #{@<%= singular %>.<%= display_class %>}"
       <%= post_action_parental_updates %>
       load_all_<%= plural %>
       render :create
     else
       flash[:alert] = "Oops, your <%= singular_name %> could not be created. #{@hawk_alarm}"
-      @action = "new"
+      @action = 'new'
       render :create, status: :unprocessable_entity
     end<% if @pundit %>
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "Creating <%= singular %> not authorized. #{@<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")} #{flash[:notice]} "
+    flash[:alert] << 'Creating organization not authorized. '
+    flash[:alert] << @<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")
+    flash[:alert] << flash[:notice]
     render :index <% end %>
   end
 
 <% end %>
 <% unless @no_edit %>
   def show
+    <% if @pundit %>authorize @<%= singular %><% end %>
     redirect_to <%=   HotGlue.optionalized_ternary(namespace: @namespace,
                                  target:  @singular,
                                  nested_set: @nested_set,
-                                 modifier: "edit_",
+                                 modifier: 'edit_',
                                  with_params: true,
                                  put_form: true).gsub("(#{singular}", "(@#{singular}") %>
   end
 
   def edit<% if @pundit  %>
     authorize @<%= singular_name %><% end %>
-    @action = "edit"
+    @action = 'edit'
     render :edit<% if @pundit %>
   rescue Pundit::NotAuthorizedError
     flash[:alert] = "Editing #{@<%= singular %>.<%= display_class %>} not authorized."
@@ -152,27 +162,33 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
       flash[:notice] << "<% singular %> <%= button.titlecase %>."
     end
     <% end %>
+
     modified_params = modify_date_inputs_on_params(<% if @update_show_only %>update_<% end %><%= singular_name %>_params.dup<%= controller_update_params_tap_away_magic_buttons  %>, <%= current_user_object %>, <%= datetime_fields_list %>) <% if @object_owner_sym &&  eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %>
     modified_params = modified_params.merge(<%= @object_owner_sym %>: <%= @object_owner_eval %>) <% elsif @object_owner_optional && any_nested? %>
-    modified_params = modified_params.merge(<%= @object_owner_name %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}) <% elsif ! @object_owner_eval.empty?  && !@self_auth%>
+    modified_params = modified_params.merge(<%= @object_owner_name %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}) <% elsif ! @object_owner_eval.empty?  && !@self_auth && ! @god%>
     modified_params = modified_params.merge(<%= @object_owner_eval %>) <% end %>
+    <% if @pundit %><% @related_sets.each do |key, related_set| %>
+    check_<%= related_set[:association_ids_method].to_s %>_permissions(modified_params, :update)<% end %><% end %>
 
     <% if @hawk_keys.any? %>    modified_params = hawk_params({<%= hawk_to_ruby %>}, modified_params)<% end %>
-      <%= controller_attachment_orig_filename_pickup_syntax %>
+    <%= controller_attachment_orig_filename_pickup_syntax %>
     <% if @pundit %>
     if @<%= singular_name %>.attributes = modified_params
-        authorize @<%= singular_name %>
-        @<%= singular_name %>.save
+      authorize @<%= singular_name %>
+      <%= @code_before_update ? "\n    " + @code_before_update.gsub(";", "\n") : "" %>
+      @<%= singular_name %>.save
     <% else %>
+    <%= @code_before_update ? "\n    " + @code_before_update.gsub(";", "\n") : "" %>
     if @<%= singular_name %>.update(modified_params)
     <% end %>
+      <%= @code_after_update ? "\n    " + @code_after_update.gsub(";", "\n") : "" %>
       <% if @display_list_after_update %>    load_all_<%= plural %><% end %>
       flash[:notice] << "Saved #{@<%= singular %>.<%= display_class %>}"
       flash[:alert] = @hawk_alarm if @hawk_alarm
       render :update
     else
       flash[:alert] = "<%= singular_name.titlecase %> could not be saved. #{@hawk_alarm}"
-      @action = "edit"
+      @action = 'edit'
       render :update, status: :unprocessable_entity
     end<% if @pundit %>
   rescue Pundit::NotAuthorizedError
@@ -194,12 +210,27 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     render :update<% end %>
   end<% end %>
 
+<% if @pundit %><% @related_sets.each do |key, rs| %>
+  def check_<%= rs[:association_ids_method] %>_permissions(modified_params, action)
+    if modified_params[:<%= rs[:association_ids_method] %>].present? &&
+      modified_params[:<%= rs[:association_ids_method] %>] != @<%= singular %>.<%= rs[:association_ids_method] %>
+      # authorize the <%= rs[:association_ids_method] %> change using special modified_relations: {
+      # <%= rs[:association_ids_method] %>: modified_params[:<%= rs[:association_ids_method] %>>]} syntax for Pundit
+      if ! <%= singular_class %>Policy.new(current_user, @<%= singular %>,
+          modified_relations: {role_ids: modified_params[:<%= rs[:association_ids_method] %>]
+        }).method("#{action}?".to_sym).call
+        authorize @<%= singular %>, "#{action}?".to_sym
+        raise Pundit::NotAuthorizedError, message: @<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")
+      end
+    end
+  end<% end %><% end %>
+
   def <%=singular_name%>_params
-    params.require(:<%= testing_name %>).permit(<%= (fields_filtered_for_email_lookups - @show_only ) + @magic_buttons.collect{|x| "__#{x}".to_sym }%>)
+    params.require(:<%= testing_name %>).permit(<%= ((fields_filtered_for_strong_params - @show_only ) + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %>)
   end<% if @update_show_only %>
 
   def update_<%=singular_name%>_params
-    params.require(:<%= testing_name %>).permit(<%= (fields_filtered_for_email_lookups - @update_show_only) + @magic_buttons.collect{|x| "__#{x}".to_sym }%>)
+    params.require(:<%= testing_name %>).permit(<%= ((fields_filtered_for_strong_params - @update_show_only)  + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %>)
   end<% end %>
 
   def namespace

data/lib/generators/hot_glue/templates/erb/_edit.erb

@@ -5,7 +5,9 @@
   <\% end %>
   <h2>Editing <\%= <%= singular %>.<%= display_class %> %></h2>
   <\%= form_with model: <%= singular %>, url: <%= form_path_edit_helper %> do |f| %>
-  <\%=  render partial: "<%= namespace_with_trailing_dash + @controller_build_folder + "/" %>form",  locals: {:<%=  singular  %> => <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> \%>
+    <\%=  render partial: "<%= namespace_with_trailing_dash + @controller_build_folder + "/" %>form", locals: {:<%=  singular  %> => <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> \%>
+  <% if @edit_within_form_partial %><\%= render partial: "edit_within_form", locals: {f: f, <%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
   <\% end %>
+  <% if @edit_within_form_partial %><\%= render partial: "edit_after_form", locals: {<%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
 </div>
 <\% end %>

data/lib/generators/hot_glue/templates/erb/_new_form.erb

@@ -5,5 +5,8 @@
   <\%= form_with model:  <%= singular %>, url: <%= form_path_new_helper %>, method: :post do  |f| \%>
     <\%=  render partial: "<%= namespace_with_slash +  @controller_build_folder %>/form",
 locals: { <%=  singular %>: <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(defined?(#{arg[:singular]}) ? {#{arg[:singular]}: #{arg[:singular]}}: {})" }.join %> \%>
- <\% end %>
+
+<% if @new_within_form_partial %><\%= render partial: "new_within_form", locals: {f: f, <%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
+<\% end %>
+<% if @new_after_form_partial %><\%= render partial: "new_after_form", locals: {<%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
 <\% end %>

data/lib/generators/hot_glue/templates/typeahead_controller.rb.erb

@@ -5,6 +5,7 @@ class <%= ((@namespace.titleize.gsub(" ", "") + "::" if @namespace) || "") + @pl
   # rubocop:enable Layout/LineLength <% end %>
 
   def index
+    <% if @pundit %>authorize <%= @class_name %>, :typeahead? <% end %>
     query = params[:query]
     @typeahead_identifier = params[:typeahead_identifier]
     @<%= @plural %> = <%= @singular.titleize.gsub(" ", "") %>.where("<%= @search_by.collect{|search| "LOWER(#{search}) LIKE ?" }.join(" OR ") %>", <%= @search_by.collect{|search|  "\"%\#{query.downcase}%\"" }.join(", ") %>).limit(10)

data/lib/generators/hot_glue/typeahead_generator.rb

@@ -1,9 +1,12 @@
+require_relative './default_config_loader'
+
 module HotGlue
   class TypeaheadGenerator < Rails::Generators::Base
     source_root File.expand_path('templates', __dir__)
     class_option :namespace, type: :string, default: nil
     class_option :search_by, type: :string, default: nil
 
+    include DefaultConfigLoader
     def filepath_prefix
       # todo: inject the context
       'spec/dummy/' if $INTERNAL_SPECS
@@ -19,9 +22,10 @@ module HotGlue
         puts message
         raise(HotGlue::Error, message)
       end
+      @pundit = get_default_from_config(key: :pundit_default)
 
       @singular = args.first.tableize.singularize
-
+      @class_name = args.first
       @plural = args.first.tableize.pluralize
       @namespace = options['namespace']
 

data/lib/hotglue/version.rb

@@ -1,5 +1,5 @@
 module HotGlue
   class Version
-    CURRENT = '0.6.0.1'
+    CURRENT = '0.6.2'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hot-glue
 version: !ruby/object:Gem::Version
-  version: 0.6.0.1
+  version: 0.6.2
 platform: ruby
 authors:
 - Jason Fleetwood-Boldt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-11 00:00:00.000000000 Z
+date: 2023-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -54,7 +54,7 @@ dependencies:
         version: '2.16'
 description: Simple, plug & play Rails scaffold building companion for Turbo-Rails
   and Hotwire
-email: code@jasonfb.net
+email: hello@jfbcodes.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -90,6 +90,7 @@ files:
 - lib/generators/hot_glue/fields/field.rb
 - lib/generators/hot_glue/fields/float_field.rb
 - lib/generators/hot_glue/fields/integer_field.rb
+- lib/generators/hot_glue/fields/related_set_field.rb
 - lib/generators/hot_glue/fields/string_field.rb
 - lib/generators/hot_glue/fields/text_field.rb
 - lib/generators/hot_glue/fields/time_field.rb
@@ -174,5 +175,5 @@ requirements: []
 rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
-summary: A gem to build Tubro Rails scaffolding.
+summary: A gem to build Turbo Rails scaffolding.
 test_files: []