hot-glue 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98f341b6907ade21c64956cab48b59503280aefaf9836b718d33e26ed854d32a
-  data.tar.gz: ada2f154b32372c90c107c7507cb57d65850e761017bd17c04e6d5afc7302097
+  metadata.gz: c984f13c5f9639c6cea9837c4266cf0e4e529e9adef1dffea257551ebd80f8cd
+  data.tar.gz: ba87601c2e04556604a7900880f054fd67b95ee78c9113668664ffb591c0601f
 SHA512:
-  metadata.gz: 7f38775a9cd7743c6dfb39fe4c4bed6e8b27e6987dd455b460205db6b0e13f8ea5c25e7bd24d59992ead7ca8d689f31fc71c73c5f40ea7578aaace49c41dfaca
-  data.tar.gz: ce1fa03301507fdc462d8a43d6d0253a4bbf8d1c2184d1a582683d56ff67d5d5b9eb21b60902a8d4dfe390d41e4b3ade485e255db659ab7683e34558d838388a
+  metadata.gz: f9b1228beb6639f671f2138c0b62a891060da18089e23cb1a9f0518b77b0002e2c38018b18df49525f0dcf6b2715c6ed3c4c415bca8d203c8afad0c5113fad88
+  data.tar.gz: 34e37814fe29eb58097331279107b1b58a4e9dbb4f3f9887c0e5c6b095d484c8a893034d3dafeed2ffbd5350a3cbd7542ee7dba4ffbd0a149b04a4b6a936ab8c

data/.github/FUNDING.yml

@@ -1 +1 @@
-custom: ["https://twitter.com/HotGlueForRails",  "https://school.jasonfleetwoodboldt.com/8188?utm_source=github.com&utm_campaign=github_hot_glue_repo_funding_link"]
+custom: ["https://twitter.com/HotGlueForRails",  "https://school.jfbcodes.com/8188?utm_source=github.com&utm_campaign=github_hot_glue_repo_funding_link"]

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hot-glue (0.6.0.1)
+    hot-glue (0.6.1)
       ffaker (~> 2.16)
       kaminari (~> 1.2)
       rails (> 5.1)
@@ -139,7 +139,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.4)
     minitest (5.16.3)
-    net-imap (0.4.4)
+    net-imap (0.4.5)
       date
       net-protocol
     net-pop (0.1.2)

data/README.md

@@ -38,7 +38,7 @@ Other than the opinionated differences and additional features, Hot Glue produce
 
 # Get Hot Glue
 
-## [GET THE COURSE TODAY](https://school.jasonfleetwoodboldt.com/8188/?utm_source=github.com&utm_campaign=github_hot_glue_readme_page) **only $60 USD!**
+## [GET THE COURSE TODAY](https://school.jfbcodes.com/8188/?utm_source=github.com&utm_campaign=github_hot_glue_readme_page) **only $60 USD!**
 
 
 ---
@@ -522,7 +522,7 @@ The short form looks like this. It presumes there is a 'pets' association from `
 
 (The long form equivalent of this would be `--hawk=pet_id{current_user.pets}`)
 
-This is covered in [Example #3 in the Hot Glue Tutorial](https://school.jasonfleetwoodboldt.com/8188)
+This is covered in [Example #3 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
 
 To hawk to a scope that is not the currently authenticated user, use the long form with `{...}` 
 to specify the scope. Be sure to note to add the association name itself, like `users`: 
@@ -532,7 +532,7 @@ to specify the scope. Be sure to note to add the association name itself, like `
 This would hawk the Appointment's `user_id` key to any users who are within the scope of the 
 current_user's has_many association (so, for any other "my" family, would be `current_user.family.users`). 
 
-This is covered in [Example #4 in the Hot Glue Tutorial](https://school.jasonfleetwoodboldt.com/8188)
+This is covered in [Example #4 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
 
 
 ### `--plural=`
@@ -691,11 +691,14 @@ If you enable Pundit, your controllers will look for a Policy that matches the n
 **Realtime Field-level Access**
 Hot Glue gives you automatic field level access control if you create `*_able?` methods for each field you'd like to control on your Pundit policy.
 
-(Although this is not what Pundit recommends for field level access control, it has been implemented this way to provide field-by-field user feedback to the user shown in red just like Rails validation errors are currently shown. This is is only hypothetical, because the interface correctly shows the field as viewable or editable anyway, making bad entry only something that could be achieved through a mistake or hacking. Nevertheless, rest assured that if there was a input mistake-- like a user having a field editable when it shouldn't be, the backend policy would guard against the disallowed input and show an error message.)
+(Although this is not what Pundit recommends for field level access control, it has been implemented this way to provide field-by-field user feedback to the user shown in red just like Rails validation errors are currently shown. A user having access to input text into a field they shouldn't have access to is *only hypothetical*, because the Hot Glue will correctly show the the user connect edit was view-only anyway, making unallowed entry only something that could be achieved through a mistake or hacking. Nevertheless, rest assured that if there was a input mistake-- like a user having a field editable when it shouldn't be, if you implement your backend policy correctly with an `update?` method guards against the disallowed input, your user will show an error message and the record will not be updated.)
+
+The `*_able?` method should return true or false depending on whether or not the field can be edited. No distinction is made between the `new` and `edit` contexts. You may check if the record is new using `new_record?`.
+
+
+**The `*_able?` method is used by Hot Glue only on the new and edit actions. You must incorporate it into the policy's `update?` method as in the example, or else no guard will check prevent the user doesn't pass a value to input it anyway.**
 
-The `*_able?` method should return true or false depending on whether or not the field can be edited. (No distinction is made between the different contexts. You may check if the record is new using `new_record?`.
 
-The `*_able?` method is used by Hot Glue only on the new and edit actions, but you should incorporate it into the policy's `update?` method as in the example, which will extend other operations since Hot Glue will use the policy to authorize the action
 Add one `*_able?` method to the policy for each field you want to allow field-level access control. 
 
 Replace `*` with the name of the field you want under access control. Remember to include `_id` for foreign keys. You do not need it for any field you don't want under access control.
@@ -852,7 +855,7 @@ This means you can be a somewhat lazy about your bang methods, but keep in mind
 
 Finally, you can raise an ActiveRecord error which will also get passed to the user in the flash alert area.
 
-For more information see Example 5 in the Tutorial
+For more information see [Example 5 in the Tutorial](https://school.jfbcodes.com/8188)
 
 
 ### `--downnest`
@@ -980,7 +983,7 @@ rails generate hot_glue:scaffold User --related-sets=roles --include=email,roles
 
 Note this leaves open a privileged escalation attack (a security vulnerability).
 
-To fix this, you'll need to use Pundit with special syntax designed for this purpose. Please see Example #16 in the [https://school.jfbcodes.com/8188](Hot Glue Tutorial).
+To fix this, you'll need to use Pundit with special syntax designed for this purpose. Please see [Example #17 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
 
 
 ## "Thing" Label
@@ -1048,6 +1051,20 @@ Use `before` to make the labels come before or `after` to make them come after.
 Omits the heading of column names that appears above the 1st row of data.
 
 
+
+`--code-before-create`
+`--code-after-create`
+`--code-before-update`
+`--code-after-update`
+
+Insert some code into the `create` action or `update` actions.
+The **before code** is called _after authorization_ but _before saving_ (which creates the record, or fails validation).
+The **after create** code is called after the record is saved (and thus has an id in the case of the create action).
+Both should be wrapped in quotation marks when specified in the command line, and use semicolons to separate multiple lines of code.
+(Notice the funky indentation of the lines in the generated code. Adjust you input to get the indentation correct.)
+
+
+
 ## Special Features
 
 ### `--attachments`
@@ -1345,6 +1362,10 @@ Child portals have the headings omitted automatically (there is a heading identi
 - Enum - displayed as a drop-down list (defined the enum values on your model). 
   - For Rails 6 see https://jasonfleetwoodboldt.com/courses/stepping-up-rails/enumerated-types-in-rails-and-postgres/
   - You must specify the enum definition both in your model and also in your database migration for both Rails 6 + Rails 7
+  - You can modify an enum so that instead of a drop down list, it displays a partial view that you must build. See the [v0.5.23 Release notes](https://github.com/hot-glue-for-rails/hot-glue#2023-10-01---v0523) for details.
+
+
+
 
 # Note about enums
 
@@ -1389,6 +1410,8 @@ def self.status_labels
 
 Now, your labels will show up on the front-end as defined in the `_labels` ("Is currently pending", etc) instead of the database-values.
 
+You can modify an enum so that instead of a drop down list, it displays a partial view that you must build. See the [v0.5.23 Release notes](https://github.com/hot-glue-for-rails/hot-glue#2023-10-01---v0523) for details.
+
 ### Validation Magic
 
 Use ActiveRecord validations or hooks to validate your data. Hot Glue will automatically display the errors in the UI.
@@ -1491,9 +1514,55 @@ For example, to display the field `my_story` on the object `Thing`, you'd genera
 bin/rails generate Thing --include=my_story --modify='my_story{tinymce}'
 ```
 
+### Pickup Partial Includes for `_edit` and `_new` Screens
+
+If you have a partial already in the view folder called `_edit_within_form.html.erb`, it with get included within the edit form.
+If you have a partial already in the view folder called `_new_within_form.html.erb`, it with get included within the new form.
+For these, you can use any of the objects by local variable name or the special `f` local variable to access the form itself.
+
+These partials are good for including extra functionality in the form, like interactive widgets or hidden fields.
+If you have a partial already in the view folder called `_edit_after_form.html.erb`, it with get included **_after_** the edit form.
+If you have a partial already in the view folder called `_new_after_form.html.erb`, it with get included **_after_** the new form.
+You can use any of the objects by local variable name (but you cannot use the form object `f` because it is not in scope.)
+
+The `within` partials should do operations within the form (like hidden fields), and the `after` partials should do entirely unrelated operations, like a different form entirely.
+
+These automatic pickups for partials are detected at buildtime. This means that if you add these partials later, you must rebuild your scaffold.
+
+
+
+
+
 # VERSION HISTORY
 
-#### v0.6.1 - `--related-sets`
+#### 2023-12-02 - v0.6.2
+
+• Fixes to typeahead when using Pundit.
+
+• New Code Hooks: Add Custom Code Before/After the Update or Create Actions
+
+`--code-before-create`
+`--code-after-create`
+`--code-before-update`
+`--code-after-update`
+
+
+Insert some code into the `create` action or `update` actions.
+
+The **before code** is called _after authorization_ but _before saving_ (which creates the record, or fails validation). 
+
+The **after create** code is called after the record is saved (and thus has an id in the case of the create action). 
+
+Both should be wrapped in quotation marks when specified in the command line, and use semicolons to separate multiple lines of code.
+(Notice the funky indentation of the lines in the generated code. Adjust you input to get the indentation correct.)
+
+• New Automatic Pickup Partial Includes for `_edit` and `_new` Screens
+
+See "Pickup Partial Includes for `_edit` and `_new` Screens" above
+
+
+
+#### 2023-11-21 - v0.6.1 - `--related-sets`
 
 Used to show a checkbox set of related records. The relationship should be a `has_and_belongs_to_many` or a `has_many through:` from the object being built.
 
@@ -1511,7 +1580,7 @@ Note that when making a scaffold like this, you may leave open a privileged esca
 
 To fix this, you'll need to use Pundit with special syntax designed for this purpose. 
 
-For a complete solution, please see Example #16 in the [https://school.jfbcodes.com/8188](Hot Glue Tutorial).
+For a complete solution, please see Example 17 in the [Hot Glue Tutorial](https://school.jfbcodes.com/8188).
 
 Without Pundit, due to a quirk in how this code works with ActiveRecord, all update operates to the related sets table are permitted (and go through), even if the update operation otherwise fails validation for the fields on the object. (ActiveRecord doesn't seem to have a way to validate the related sets directly.)
 
@@ -1910,8 +1979,8 @@ License check has been removed (Hot Glue is now free to use for hobbyists and in
 #### 2022-03-23 - v0.5.2 - Hawked Foreign Keys
 
  - You can now protect your foreign keys from malicious input and also restrict the scope of drop downs to show only records with the specified access control restriction.
- - [Example #3](https://school.jasonfleetwoodboldt.com/8188) in the Hot Glue Tutorial shows you how to use the hawk to limit the scope to the logged in user.
- - [Example #4](https://school.jasonfleetwoodboldt.com/8188) in the Hot Glue Tutorial shows how to hawk to a non-usual scope, the inverse of the current user's belongs_to (that is, hawk the scope to X where current_user `belongs_to :x`)
+ - [Example #3](https://school.jfbcodes.com/8188) in the Hot Glue Tutorial shows you how to use the hawk to limit the scope to the logged in user.
+ - [Example #4](https://school.jfbcodes.com/8188) in the Hot Glue Tutorial shows how to hawk to a non-usual scope, the inverse of the current user's belongs_to (that is, hawk the scope to X where current_user `belongs_to :x`)
  
 
 #### 2022-03-12  - v0.5.1 - Inline List Labels

data/lib/generators/hot_glue/fields/association_field.rb

@@ -78,9 +78,8 @@ class AssociationField < Field
   def form_field_output
     assoc_name = name.to_s.gsub("_id","")
     assoc = eval("#{class_name}.reflect_on_association(:#{assoc_name})")
-
     if modify_as && modify_as[:typeahead]
-      search_url  = "#{namespace ? namespace + "_" : ""}#{assoc.plural_name}_typeahead_index_url"
+      search_url  = "#{namespace ? namespace + "_" : ""}#{assoc.class_name.downcase.pluralize}_typeahead_index_url"
       "<div class='typeahead typeahead--#{assoc.name}_id'
       data-controller='typeahead'
       data-typeahead-url-value='<%= #{search_url} %>'

data/lib/generators/hot_glue/scaffold_generator.rb

@@ -90,6 +90,10 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   class_option :display_as, default: {}
   class_option :pundit, default: nil
   class_option :related_sets, default: ''
+  class_option :code_before_create, default: nil
+  class_option :code_after_create, default: nil
+  class_option :code_before_update, default: nil
+  class_option :code_after_update, default: nil
 
   def initialize(*meta_args)
     super
@@ -426,6 +430,11 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       @no_field_form = true
     end
 
+    @code_before_create = options['code_before_create']
+    @code_after_create = options['code_after_create']
+    @code_before_update = options['code_before_update']
+    @code_after_update = options['code_after_update']
+
     buttons_width = ((!@no_edit && 1) || 0) + ((!@no_delete && 1) || 0) + @magic_buttons.count
 
 
@@ -724,8 +733,17 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
     if @factory_creation == ''
       "@#{singular } = #{ class_name }.new(modified_params)"
     else
-      "#{@factory_creation}\n" +
-        "    @#{singular } = factory.#{singular}"
+      res = +"begin
+      #{@factory_creation}
+      "
+      res << "\n" + "@#{singular} = factory.#{singular}" unless res.include?("@#{singular} = factory.#{singular}")
+      res << "flash[:notice] = \"Successfully created \#{@#{singular}.name}\" unless @#{singular}.new_record?
+    rescue ActiveRecord::RecordInvalid
+      @#{singular} = factory.#{singular}
+      flash[:alert] = \"Oops, your #{singular} could not be created. #{@hawk_alarm}\"
+      @action = 'new'
+    end"
+      res
     end
   end
 
@@ -743,6 +761,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
   def copy_controller_and_spec_files
     @default_colspan = @columns.size
+
     unless @specs_only || @no_controller
       template "controller.rb.erb", File.join("#{filepath_prefix}app/controllers#{namespace_with_dash}", "#{@controller_build_folder}_controller.rb")
       if @namespace
@@ -1086,6 +1105,10 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
 
   def copy_view_files
     return if @specs_only
+    @edit_within_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_edit_within_form.html.#{@markup}")
+    @edit_after_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_edit_within_form.html.#{@markup}")
+    @new_within_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_new_within_form.html.#{@markup}")
+    @new_after_form_partial = File.exist?("#{filepath_prefix}app/views#{namespace_with_dash}/#{@controller_build_folder}/_new_within_form.html.#{@markup}")
 
     if @no_controller
       File.write("#{Rails.root}/app/views/#{namespace_with_trailing_dash}/#{plural}/REGENERATE.md", regenerate_me_code)

data/lib/generators/hot_glue/templates/controller.rb.erb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class <%= controller_class_name %> < <%= controller_descends_from %>
   # regenerate this controller with
   <% if defined?(RuboCop) %># rubocop:disable Layout/LineLength
@@ -20,7 +22,7 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
 
      nest_chain << arg %>
   before_action :<%= arg[:singular] %><%= ", if: -> { params.include?(:#{arg[:singular]}_id) }" if arg[:optional] %><% } %><% end %>
-  before_action :load_<%= singular_name %>, only: [:show, :edit, :update, :destroy]
+  before_action :load_<%= singular_name %>, only: %i[show edit update destroy]
   after_action -> { flash.discard }, if: -> { request.format.symbol == :turbo_stream }
   <% if @nested_set.any? %>def <%= @nested_set[0][:singular] %><% if @god
        next_object = nil
@@ -83,18 +85,18 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     load_all_<%= plural %><% if @pundit %><% if @pundit %>
     authorize @<%= plural_name %><% end %>
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "You are not authorized to perform this action."
-    render "layouts/error"<% end %>
+    flash[:alert] = 'You are not authorized to perform this action.'
+    render 'layouts/error'<% end %>
   end
 
 <% if create_action %>  def new<% if @object_owner_sym %>
-    @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name %><% if @pundit %>)<% end %>.new(<%  if eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %><%= @object_owner_sym %>: <%= @object_owner_eval %><% end %>)<% elsif @object_owner_optional && any_nested? %>
+    @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name %><% if @pundit %>)<% end %>.new<% if eval("#{class_name}.reflect_on_association(:#{@object_owner_sym})").class == ActiveRecord::Reflection::BelongsToReflection  %>(<%= @object_owner_sym %>: <%= @object_owner_eval %>)<% end %><% elsif @object_owner_optional && any_nested? %>
     @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name  %><% if @pundit %>)<% end %>.new({}.merge(<%= @nested_set.last[:singular] %> ? {<%= @object_owner_sym %>: <%= @object_owner_eval %>} : {}))<% else %>
     @<%= singular_name %> = <% if @pundit %>policy_scope(<% end %><%= class_name  %><% if @pundit %>)<% end %>.new(<% if any_nested? %><%= @object_owner_sym %>: <%= @object_owner_eval %><% end %>)<% end %>
     <% if @pundit %>authorize @<%= singular_name %><% end %><% if @pundit %>
-    @action = "new"
+    @action = 'new'
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "You are not authorized to perform this action."
+    flash[:alert] = 'You are not authorized to perform this action.'
     load_all_users
     render :index<% end %>
   end
@@ -112,36 +114,39 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     <% if @pundit %><% @related_sets.each do |key, related_set| %>
     check_<%= related_set[:association_ids_method].to_s %>_permissions(modified_params, :create)<% end %><% end %>
     <% if @pundit %>authorize @<%= singular %><% end %>
-
-    if @<%= singular_name %>.save
+    <%= @code_before_create ? "\n    " + @code_before_create.gsub(";", "\n") : "" %>
+    if @<%= singular_name %>.save<%= @code_after_create ? ("\n      " + @code_after_create.gsub(";", "\n"))  : ""%>
       flash[:notice] = "Successfully created #{@<%= singular %>.<%= display_class %>}"
       <%= post_action_parental_updates %>
       load_all_<%= plural %>
       render :create
     else
       flash[:alert] = "Oops, your <%= singular_name %> could not be created. #{@hawk_alarm}"
-      @action = "new"
+      @action = 'new'
       render :create, status: :unprocessable_entity
     end<% if @pundit %>
   rescue Pundit::NotAuthorizedError
-    flash[:alert] = "Creating <%= singular %> not authorized. #{@<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")} #{flash[:notice]} "
+    flash[:alert] << 'Creating organization not authorized. '
+    flash[:alert] << @<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")
+    flash[:alert] << flash[:notice]
     render :index <% end %>
   end
 
 <% end %>
 <% unless @no_edit %>
   def show
+    <% if @pundit %>authorize @<%= singular %><% end %>
     redirect_to <%=   HotGlue.optionalized_ternary(namespace: @namespace,
                                  target:  @singular,
                                  nested_set: @nested_set,
-                                 modifier: "edit_",
+                                 modifier: 'edit_',
                                  with_params: true,
                                  put_form: true).gsub("(#{singular}", "(@#{singular}") %>
   end
 
   def edit<% if @pundit  %>
     authorize @<%= singular_name %><% end %>
-    @action = "edit"
+    @action = 'edit'
     render :edit<% if @pundit %>
   rescue Pundit::NotAuthorizedError
     flash[:alert] = "Editing #{@<%= singular %>.<%= display_class %>} not authorized."
@@ -166,21 +171,24 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     check_<%= related_set[:association_ids_method].to_s %>_permissions(modified_params, :update)<% end %><% end %>
 
     <% if @hawk_keys.any? %>    modified_params = hawk_params({<%= hawk_to_ruby %>}, modified_params)<% end %>
-      <%= controller_attachment_orig_filename_pickup_syntax %>
+    <%= controller_attachment_orig_filename_pickup_syntax %>
     <% if @pundit %>
     if @<%= singular_name %>.attributes = modified_params
       authorize @<%= singular_name %>
+      <%= @code_before_update ? "\n    " + @code_before_update.gsub(";", "\n") : "" %>
       @<%= singular_name %>.save
     <% else %>
+    <%= @code_before_update ? "\n    " + @code_before_update.gsub(";", "\n") : "" %>
     if @<%= singular_name %>.update(modified_params)
     <% end %>
+      <%= @code_after_update ? "\n    " + @code_after_update.gsub(";", "\n") : "" %>
       <% if @display_list_after_update %>    load_all_<%= plural %><% end %>
       flash[:notice] << "Saved #{@<%= singular %>.<%= display_class %>}"
       flash[:alert] = @hawk_alarm if @hawk_alarm
       render :update
     else
       flash[:alert] = "<%= singular_name.titlecase %> could not be saved. #{@hawk_alarm}"
-      @action = "edit"
+      @action = 'edit'
       render :update, status: :unprocessable_entity
     end<% if @pundit %>
   rescue Pundit::NotAuthorizedError
@@ -204,9 +212,13 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
 
 <% if @pundit %><% @related_sets.each do |key, rs| %>
   def check_<%= rs[:association_ids_method] %>_permissions(modified_params, action)
-    if modified_params[:<%= rs[:association_ids_method] %>].present? && modified_params[:<%= rs[:association_ids_method] %>] != @<%= singular %>.<%= rs[:association_ids_method] %>
-      # authorize the <%= rs[:association_ids_method] %> change using special modified_relations: {<%= rs[:association_ids_method] %>: modified_params[:<%= rs[:association_ids_method] %>>]} syntax for Pundit
-      if ! <%= singular_class %>Policy.new(current_user, @<%= singular %>, modified_relations: {role_ids: modified_params[:<%= rs[:association_ids_method] %>]}).method("#{action}?".to_sym).call
+    if modified_params[:<%= rs[:association_ids_method] %>].present? &&
+      modified_params[:<%= rs[:association_ids_method] %>] != @<%= singular %>.<%= rs[:association_ids_method] %>
+      # authorize the <%= rs[:association_ids_method] %> change using special modified_relations: {
+      # <%= rs[:association_ids_method] %>: modified_params[:<%= rs[:association_ids_method] %>>]} syntax for Pundit
+      if ! <%= singular_class %>Policy.new(current_user, @<%= singular %>,
+          modified_relations: {role_ids: modified_params[:<%= rs[:association_ids_method] %>]
+        }).method("#{action}?".to_sym).call
         authorize @<%= singular %>, "#{action}?".to_sym
         raise Pundit::NotAuthorizedError, message: @<%= singular %>.errors.collect{|k| "#{k.attribute} #{k.message}"}.join(" ")
       end

data/lib/generators/hot_glue/templates/erb/_edit.erb

@@ -5,7 +5,9 @@
   <\% end %>
   <h2>Editing <\%= <%= singular %>.<%= display_class %> %></h2>
   <\%= form_with model: <%= singular %>, url: <%= form_path_edit_helper %> do |f| %>
-  <\%=  render partial: "<%= namespace_with_trailing_dash + @controller_build_folder + "/" %>form",  locals: {:<%=  singular  %> => <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> \%>
+    <\%=  render partial: "<%= namespace_with_trailing_dash + @controller_build_folder + "/" %>form", locals: {:<%=  singular  %> => <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> \%>
+  <% if @edit_within_form_partial %><\%= render partial: "edit_within_form", locals: {f: f, <%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
   <\% end %>
+  <% if @edit_within_form_partial %><\%= render partial: "edit_after_form", locals: {<%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
 </div>
 <\% end %>

data/lib/generators/hot_glue/templates/erb/_new_form.erb

@@ -5,5 +5,8 @@
   <\%= form_with model:  <%= singular %>, url: <%= form_path_new_helper %>, method: :post do  |f| \%>
     <\%=  render partial: "<%= namespace_with_slash +  @controller_build_folder %>/form",
 locals: { <%=  singular %>: <%= singular %>, f: f}<%= @nested_set.collect{|arg| ".merge(defined?(#{arg[:singular]}) ? {#{arg[:singular]}: #{arg[:singular]}}: {})" }.join %> \%>
- <\% end %>
+
+<% if @new_within_form_partial %><\%= render partial: "new_within_form", locals: {f: f, <%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
+<\% end %>
+<% if @new_after_form_partial %><\%= render partial: "new_after_form", locals: {<%=  singular  %>: <%= singular %>}<%= @nested_set.collect{|arg| ".merge(#{arg[:singular]} ? {#{arg[:singular]}: #{arg[:singular]}} : {})" }.join %> %><% end %>
 <\% end %>

data/lib/generators/hot_glue/templates/typeahead_controller.rb.erb

@@ -5,6 +5,7 @@ class <%= ((@namespace.titleize.gsub(" ", "") + "::" if @namespace) || "") + @pl
   # rubocop:enable Layout/LineLength <% end %>
 
   def index
+    <% if @pundit %>authorize <%= @class_name %>, :typeahead? <% end %>
     query = params[:query]
     @typeahead_identifier = params[:typeahead_identifier]
     @<%= @plural %> = <%= @singular.titleize.gsub(" ", "") %>.where("<%= @search_by.collect{|search| "LOWER(#{search}) LIKE ?" }.join(" OR ") %>", <%= @search_by.collect{|search|  "\"%\#{query.downcase}%\"" }.join(", ") %>).limit(10)

data/lib/generators/hot_glue/typeahead_generator.rb

@@ -1,9 +1,12 @@
+require_relative './default_config_loader'
+
 module HotGlue
   class TypeaheadGenerator < Rails::Generators::Base
     source_root File.expand_path('templates', __dir__)
     class_option :namespace, type: :string, default: nil
     class_option :search_by, type: :string, default: nil
 
+    include DefaultConfigLoader
     def filepath_prefix
       # todo: inject the context
       'spec/dummy/' if $INTERNAL_SPECS
@@ -19,9 +22,10 @@ module HotGlue
         puts message
         raise(HotGlue::Error, message)
       end
+      @pundit = get_default_from_config(key: :pundit_default)
 
       @singular = args.first.tableize.singularize
-
+      @class_name = args.first
       @plural = args.first.tableize.pluralize
       @namespace = options['namespace']
 

data/lib/hotglue/version.rb

@@ -1,5 +1,5 @@
 module HotGlue
   class Version
-    CURRENT = '0.6.1'
+    CURRENT = '0.6.2'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hot-glue
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - Jason Fleetwood-Boldt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-21 00:00:00.000000000 Z
+date: 2023-12-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -54,7 +54,7 @@ dependencies:
         version: '2.16'
 description: Simple, plug & play Rails scaffold building companion for Turbo-Rails
   and Hotwire
-email: code@jasonfb.net
+email: hello@jfbcodes.com
 executables: []
 extensions: []
 extra_rdoc_files: []