RubyGems - hot-glue - Versions diffs - 0.6.19 → 0.6.20 - Mend

hot-glue 0.6.19 → 0.6.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +307 -224
data/lib/generators/hot_glue/fields/field.rb +3 -2
data/lib/generators/hot_glue/layout/builder.rb +15 -6
data/lib/generators/hot_glue/markup_templates/erb.rb +63 -15
data/lib/generators/hot_glue/scaffold_generator.rb +46 -6
data/lib/generators/hot_glue/templates/controller.rb.erb +19 -8
data/lib/hotglue/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9e7085c942cab4dc377c75180d546b57f6ca76bdb3c96f3b2a837d1fdd887b0f
-  data.tar.gz: 04fd50131e53977f25c8817c7fd7bd33e34cb0aa784c995394c94302491b1426
+  metadata.gz: bce1267ee3ccc16a7f32068e1f4faa0aafab073d1f1af91744f02c7e63e2b40c
+  data.tar.gz: f87d7c1cecc3cd30ceff3d2176d82cc6e51ff62245ba54e02ffd8487cb214d75
 SHA512:
-  metadata.gz: fa984faeba62c9303c5ae0c64b32143e054289380ffdfecf2f0d457c7b2c2d69912b69901d78ee6fff75f1e6997ed19e86a4cc00a8c048341fbf2505e687a984
-  data.tar.gz: 052122bbbc7d15c134653efc4da2b74df8400447eccae13d395627bd5d79b2a616f612c97ac995f07b563a8589c9609406320562616f7efe637b94d7289a5e8a
+  metadata.gz: b3740aff61a08504a01237aa822ff3e92ed09afc91666d4398e400bf8cede65d74d86dddd950e664ff155de69413707fd5b5460b31c0504428df50c6c18af8d5
+  data.tar.gz: 503b69ea3a5abe6074fcc0bc987db37c1efb88e38cbbb79ecf1fb5ff8a58fda01609469b4da0554c42ded090ef1c896e9dc00c759f1fa31fc31ed34b4ccbea7d

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hot-glue (0.6.18)
+    hot-glue (0.6.19)
       ffaker (~> 2.16)
       kaminari (~> 1.2)
       rails (> 5.1)

data/README.md CHANGED Viewed

@@ -321,6 +321,166 @@ TitleCase class name of the thing you want to build a scaffolding for.
 (note: Your `Thing` object must `belong_to` an authenticated `User` or alternatively you must create a Gd controller, see below.)
+## FLAGS (Options with no values)
+These options (flags) also uses `--` syntax but do not take any values. (Notice no equal sign.) Everything is assumed (default) to be false unless specified.
+### `--stacked-downnesting`
+This puts the downnested portals on top of one another (stacked top to bottom) instead of side-by-side (left to right). This is useful if you have a lot of downnested portals and you want to keep the page from getting too wide.
+### `--god` or `--gd`
+Use this flag to create controllers with no root authentication. You can still use an auth_identifier, which can be useful for a meta-leval authentication to the controller.
+For example, FOR ADMIN CONTROLLERS ONLY, supply a auth_identifier and use `--god` flag.
+In Gd mode, the objects are loaded directly from the base class (these controllers have full access)
+```
+def load_thing
+    @thing = Thing.find(params[:id])
+end
+```
+### `--button-icons` (default is no icons)
+You can specify this either as builder flag or as a config setting (in `config/hot_glue.yml`)
+Use `font-awesome` for Font Awesome or `none` for no icons.
+### `--specs-only`
+Produces ONLY the controller spec file, nothing else.
+### `--no-specs`
+Produces all the files except the spec file.
+### `--no-paginate` (default: false)
+Omits pagination. (All list views have pagination by default.)
+### `--paginate-per-page-selector` (default: false)
+Show a small drop-down below the list to let the user choose 10, 25, or 100 results per page.
+### `--no-list`
+Omits list action. Only makes sense to use this if want to create a view where you only want the create button or to navigate to the update screen alternative ways. (The new/create still appears, as well the edit, update & destroy actions are still created even though there is no natural way to navigate to them.)
+### `--no-create`
+Omits new & create actions.
+### `--no-delete`
+Omits delete button & destroy action.
+### `--no-controller`
+Omits controller.
+### `--no-list`
+Omits list views.
+`--new-button-position` (above, below; default: above)
+Show the new button above or below the list.
+`--downnest-shows-headings` (default: false)
+Show headings above downnested portals.
+### `--big-edit`
+If you do not want inline editing of your list items but instead want to fallback to full-page style behavior for your edit views, use `--big-edit`.
+The user will be taken to a full-screen edit page instead of an edit-in-place interaction.
+When using `--big-edit`, any downnested portals will be displayed on the edit page instead of on the list page.
+Big edit makes all edit and magic button operations happen using `'data-turbo': false`, fully reloading the page and submitting HTML requests instead of TURBO_STREAM requests.
+Likewise, the controller's `update` action always redirects instead of using Turbo.
+### `--display-list-after-update`
+After an update-in-place normally only the edit view is swapped out for the show view of the record you just edited.
+Sometimes you might want to redisplay the entire list after you make an update (for example, if your action removes that record from the result set).
+To do this, use flag `--display-list-after-update`. The update will behave like delete and re-fetch all the records in the result and tell Turbo to swap out the entire list.
+### `--with-turbo-streams`
+If and only if you specify `--with-turbo-streams`, your views will contain `turbo_stream_from` directives. Whereas your views will always contain `turbo_frame_tags` (whether or not this flag is specified) and will use the Turbo stream replacement mechanism for non-idempotent actions (create & update). This flag just brings the magic of live-reload to the scaffold interfaces themselves.
+**_To test_**: Open the same interface in two separate browser windows. Make an edit in one window and watch your edit appear in the other window instantly.
+This happens using two interconnected mechanisms:
+1) by default, all Hot Glue scaffold is wrapped in `turbo_frame_tag`s. The id of these tags is your namespace + the Rails dom_id(...). That means all Hot Glue scaffold is namespaced to the namespaces you use and won't collide with other turbo_frame_tag you might be using elsewhere
+2) by appending **model callbacks**, we can automatically broadcast updates to the users who are using the Hot Glue scaffold. The model callbacks (after_update_commit and after_destroy_commit) get appended automatically to the top of your model file. Each model callback targets the scaffold being built (so just this scaffold), using its namespace, and renders the line partial (or destroys the content in the case of delete) from the scaffolding.
+please note that *creating* and *deleting* do not yet have a full & complete implementation: Your pages won't re-render the pages being viewed cross-peer (that is, between two users using the app at the same time) if the insertion or deletion causes the pagination to be off for another user.
+### `--no-list-label`
+Omits list LABEL itself above the list. (Do not confuse with the list heading which contains the field labels.)
+Note that list labels may  be automatically omitted on downnested scaffolds.
+### `--no-list-heading`
+Omits the heading of column names that appears above the 1st row of data.
+### `--include-object-names`
+When you are "Editing X" we specify that X is a ___ (author, book, room, etc)
+e.g. "Editing author Edgar Allan Poe" vs "Editing Edgar Allan Poe"
+Can also be specified globally in `config/hot_glue.yml`
+## Nav Templates and `--no-nav-menu`
+At the namespace level, you can have a file called `_nav.html.erb` to create tabbed bootstrap nav
+To create the file for the first time (at each namespace), start by running
+```
+bin/rails generate hot_glue:nav_template --namespace=xyz
+```
+This will append the file `_nav.html.erb` to the views folder at `views/xyz`. To begin, this file contains only the following:
+```
+<ul class='nav nav-tabs'>
+</ul>
+```
+Once the file is present, any further builds in this namespace will:
+1) Append to this `_nav.html.erb` file, adding a tab for the new built scaffold
+2) On the list view of the scaffold being built, it will include a render to the _nav partial, passing the name of the currently-viewed thing as the local variable `nav` (this is how the nav template knows which tab to make active).
+```
+<%= render partial: "owner/nav", locals: {nav: "things"} %>
+```
+(In this example `owner/` is the namespace and `things` is the name of the scaffold being built)
+To suppress this behavior, add `--no-nav-menu` to the build command and the _nav template will not be touched.
 ## Options With Arguments
 All options begin with two dashes (`--`) and a followed by an `=` and a value
@@ -348,7 +508,6 @@ end
 ```
 ### `--nested=`
 This object is nested within another tree of objects, and there is a nested route in your `routes.rb` file with the specified parent controllers above this controller. When specifying the parent(s), be sure to use **singular case**.
@@ -771,8 +930,7 @@ Hot Glue gives you automatic field level access control if you create `*_able?`
 The `*_able?` method should return true or false depending on whether or not the field can be edited. No distinction is made between the `new` and `edit` contexts. You may check if the record is new using `new_record?`.
-**The `*_able?` method is used by Hot Glue only on the new and edit actions. You must incorporate it into the policy's `update?` method as in the example, or else no guard will check prevent the user doesn't pass a value to input it anyway.**
+**The `*_able?` method is used by Hot Glue only on the new and edit actions and also affects the strong parameters, so you no longer need to incorporate it into your policy's `update?` method
 Add one `*_able?` method to the policy for each field you want to allow field-level access control.
@@ -781,12 +939,8 @@ Replace `*` with the name of the field you want under access control. Remember t
 When the method returns true, the field will be displayed to the user (and allowed) for editing.
 When the method returns false, the field will be displayed as read-only (viewable) to the user.
-Important: These special fields determine *only* display behavior (new and edit), not create and update.
-For create & update field-level access control, you must also implement the `update?` method on the Policy. Notice how in the example policy below, the `update?` method uses the `name_able?` method when it is checking if the name field can be updated, tying the feature together.
 You can set Pundit to be enabled globally on the whole project for every build in `config/hot_glue.yml` (then you can leave off the `--pundit` flag from the scaffold command)
-`:pundit_default:` (all builds in that project will use Pundit)
+`:pundit:` (all builds in that project will use Pundit)
 Here's an example `ThingPolicy` that would allow **editing the name field** only if:
@@ -808,14 +962,11 @@ class ThingPolicy < ApplicationPolicy
   end
   def update?
-     if !@user.is_admin?
-       return false
-    elsif record.name_changed? && !name_able?
-      record.errors.add(:name, "cannot be changed.")
-      return false
-    else
-      return true
-    end
+    !@user.is_admin?
+  end
+  def edit?
+    !@user.is_admin?
   end
   class Scope < Scope
@@ -828,12 +979,11 @@ class ThingPolicy < ApplicationPolicy
 end
 ```
 Because Hot Glue detects the `*_able?` methods at build time, if you add them to your policy, you will have to rebuild your scaffold.
-### `--pundit-policy-override`
-if you use the flag `--pundit-policy-override` your controller operations will bypass the invisible (pundit provided) access control and use the pundit policy you specify.
+### `--pundit-policy-override=`
+if you pass a custom pundit class to `--pundit-policy-override=` your controller operations will bypass the invisible (pundit provided) access control and use the pundit policy you specify.
 example
@@ -849,6 +999,8 @@ If provided, the output code looks something like (in this example, showing the
 ```
 ### `--show-only=`
 (separate field names by COMMA)
@@ -860,7 +1012,7 @@ IMPORTANT: By default, all fields that begin with an underscore (`_`) are automa
 This is for fields you want globally non-editable by users in your app. For example, a counter cache or other field set only by a backend mechanism.
-### `--update-show-only`
+### `--update-show-only=`
 (separate field names by COMMA)
 • Make this field appear as viewable only for the edit action (and not allowed in the update action).
@@ -909,18 +1061,19 @@ Remember, if there's a corresponding `*_able?` method on the policy, it will be
 As shown in the method `name_able?` of the example ThingPolicy above, if this field on your policy returns true, the field will be editable. If it returns false, the field will be viewable (read-only).
-### `--hidden`
+### `--hidden=` (affects both create + update actions)
+### `--create-hidden=`
+### `--update-hidden=`
+TODO: RENAME ME TO INVISIBLE
 Separate list of fields.
-These fields will be hidden from the form but will exist as hidden_field, and so the update will still work.
+These fields will exist on the create or update form exist as hidden_field, and so the update will still work._
 EXAMPLE:
 ```
-bin/rails generate hot_glue:scaffold Wrapper --namespace='account_dashboard' --no-nav-menu --big-edit --smart-layout --stimmify --hidden=raw_source
+bin/rails generate hot_glue:scaffold Wrapper --namespace='account_dashboard' --no-nav-menu --big-edit --smart-layout --stimmify --invisible=raw_source
 ```
 In the `wrappers` folder, I am using a special sticky partial `_edit_within_form.html.erb`, which contains code preserved from build-to-build and included in the form:
@@ -992,7 +1145,77 @@ Notice we are also using `--stimmify` to decorate the form with a Stimulus contr
 The code above uses Code Mirror to act as a code editor, which requires pulling the value off the hidden form element (putting it into the code mirror interface) and pushing it back into the hidden form element when the Submit button is clicked.
+### `--invisible=`
+### `--create-invisible=`
+### `--update-invisible=`
+(two lists are maintained: create and update. any fields on the unnamed invisible list will be invisible on both create and update actions)
+If a field is on the invisible list, the policy will be checked for a `_able?` method.
+If this method returns true, displayed like a normal editable field.
+If the policy doesn't allow editing, this field will be made invisible: completely removed from the form.
+Like show only, these will check for `*_able?` methods on the object or Policy and will only display the field if the method returns true.
+It will also block the field from being updated on the backend, so don't use this if you want to create a hidden_field tag but still allow the controller to update it. (For that, see `--hidden=`.)
+Like show-only, note special behavior with pundit.
+A field can be marked invisible and show-only, in which case the invisible rule take prescedence when the access control is denied (field removed from form) but th show-only rule takes prescedance when the access control is granted,
+Hidden can be used with invisible. In this case, the access control will be applied to the field. When editable, the hidden field output will be used.
+Must be used with Pundit. Without pundit, see other alternatives: hidden fields, show only fields, or just removing the field completely by using the exclude list or leaving it off the include list.
+|                                        |                                                                                                                                                                                                                                                          | Pundit                                                                                                                                                                                                                                                          |   |   |
+|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---|---|
+| fields not on any of these other lists | Included as editable on both the create + update actions or as viewable if Policy access control returns false                                                                                                                                           | Without pundit, everything is editable. With pundit, the Policy is checked for an `_able?` method for each field at build time. When this method returns false, the field is viewable.                                                                          |   |   |
+| Show only                              | Viewable only (non-editable) on both create + edit/update overriding whatever Policy returns.                                                                                                                                                            | Without pundit, this field is viewable only. Overrides whatever policy returns.                                                                                                                                                                                 |   |   |
+| Update Show only                       | Viewable only on the update screen or if Pundit doesn't allow editing                                                                                                                                                                                    | Same as above but apply only to the update screen.                                                                                                                                                                                                              |   |   |
+| Invisible                              | Displayed in the HTML output and received by the controller for create or update action but shown as a hidden_field on the HTML, invisible to the user. You should use this if you want to construct your own form input or set the value via Javascript | Cannot be used without Pundit. With pundit, fields editable via the policy are editable on the screen (unless they are also show-only, in which case they are visible) and non-editable via the policy are made invisible (completely removed) from the screen. |   |   |
+| Hidden                                 | Not displayed or updatable if the field respond false to _able? or the Policy doesn't allow.                                                                                                                                                             | Unrelated to pundit Policy                                                                                                                                                                                                                                      |   |   |
+|                                        |                                                                                                                                                                                                                                                          |                                                                                                                                                                                                                                                                 |   |   |
+Pundit calls the policy for every action, including the index action. In these cases it passes an association instead of a single record.
+Normally, field level access control that applies for show only and invisible is affects each record, in the list view, new page, or edit page.
+For that reason, your `_able?` methods may check the individual records, except in the case of the `index` action for which the pundit policy has no individual record.
+For these special cases, you might want to hide the entire column itself when the `_able?` return false on the association call (not in the context any of any record).
+You'd want to do this for a global switch, unrelated to the record, to show or hide the column itself. When using invisible fields, the column headings are check against the policy's `_able?` fields, too, but since this called on the list, the entire set of objects being returned by the list is passed to the policy. (For example `policy(@things)`)
+This makes it impossible to make your access control depend solely on the record itself, so can be used only for context-based access control that is applied to the column headings.
+In a case like this, you'll want the `_able?` method on the policy to know if the object is a record or many records.
+```
+class ThingPolicy  < ApplicationPolicy
+  attr_reader :user, :thing
+  def initialize(user, thing)
+    @user = user
+    @thing = thing
+  end
+  def ccc_able?
+    if thing.is_a?(Thing) # a thing is not a Thing when it is an active relation of many things
+      !!thing.bbb # show or hide ccc based on whether or not bbb is true
+    else
+      current_user.is_admin? # show or hide the column heading for ccc based on whether or not the current user is an admin
+    end
+  end
+  # more policy method here ...
+end
+```
+Here, for all CRUD actions, the object is a thing, and so the editablility of ccc is dependent on bbb being true.
+If thing is not a Thing, then it is active relation (so this applies to the column headings) and we show it only to admins.
+Remember, since the `_able?` methods are not otherwise called during Pundit's index cycle, this applies only to the list column headings and has no bearing on create, update, read, delete for which the access control can be anything you want that is available to the Poilcy.
@@ -1014,7 +1237,7 @@ and also fix any Rails apps created since October 2021 by fixing the Gemfile. De
 https://stackoverflow.com/questions/70671324/new-rails-7-turbo-app-doesnt-show-the-data-turbo-confirm-alert-messages-dont-f
-### `--magic-buttons`
+### `--magic-buttons=`
 If you pass a list of magic buttons (separated by commas), they will appear in the button area on your list.
 It will be assumed there will be corresponding bang methods on your models.
@@ -1035,8 +1258,13 @@ Finally, you can raise an ActiveRecord error which will also get passed to the u
 For more information see [Example 6 in the Tutorial](https://school.jfbcodes.com/8188)
+You can also define methods on your model that have the same name as the button with `_able?` at the end.
+(Prior to v0.6.20, these methods expected names with `able?` but no underscore.)
+The button will be display as disabled if the method returns false.
-### `--downnest`
+### `--downnest=`
 Automatically create subviews down your object tree. This should be the name of a has_many relationship based from the current object.
 You will need to build scaffolding with the same name for the related object as well. On the list view, the object you are currently building will be built with a sub-view list of the objects related from the given line.
@@ -1048,11 +1276,6 @@ Can now be created with more space (wider) by adding a `+` to the end of the dow
 The 'Abcs' portal will display as 5 bootstrap columns instead of the typical 4. (You may use multiple ++ to keep making it wider but the inverse with minus is not supported
-### `--stacked-downnesting`
-This puts the downnested portals on top of one another (stacked top to bottom) instead of side-by-side (left to right). This is useful if you have a lot of downnested portals and you want to keep the page from getting too wide.
 ### `--record-scope=`
@@ -1071,113 +1294,9 @@ scope :is_open, -> {where(state == 'open')}
 Now all records displayed through the generated controller
-## FLAGS (Options with no values)
-These options (flags) also uses `--` syntax but do not take any values. Everything is assumed (default) to be false unless specified.
-### `--god` or `--gd`
-Use this flag to create controllers with no root authentication. You can still use an auth_identifier, which can be useful for a meta-leval authentication to the controller.
-For example, FOR ADMIN CONTROLLERS ONLY, supply a auth_identifier and use `--god` flag.
-In Gd mode, the objects are loaded directly from the base class (these controllers have full access)
-```
-def load_thing
-    @thing = Thing.find(params[:id])
-end
-```
-### `--button-icons` (default is no icons)
-You can specify this either as builder flag or as a config setting (in `config/hot_glue.yml`)
-Use `font-awesome` for Font Awesome or `none` for no icons.
-### `--specs-only`
-Produces ONLY the controller spec file, nothing else.
-### `--no-specs`
-Produces all the files except the spec file.
-### `--no-paginate` (default: false)
-Omits pagination. (All list views have pagination by default.)
-### `--paginate-per-page-selector` (default: false)
-Show a small drop-down below the list to let the user choose 10, 25, or 100 results per page.
-### `--no-list`
-Omits list action. Only makes sense to use this if want to create a view where you only want the create button or to navigate to the update screen alternative ways. (The new/create still appears, as well the edit, update & destroy actions are still created even though there is no natural way to navigate to them.)
-### `--no-create`
-Omits new & create actions.
-### `--no-delete`
-Omits delete button & destroy action.
-### `--no-controller`
-Omits controller.
-### `--no-list`
-Omits list views.
-`--new-button-position` (above, below; default: above)
-Show the new button above or below the list.
-`--downnest-shows-headings` (default: false)
-Show headings above downnested portals.
-### `--big-edit`
-If you do not want inline editing of your list items but instead want to fallback to full-page style behavior for your edit views, use `--big-edit`.
-The user will be taken to a full-screen edit page instead of an edit-in-place interaction.
-When using `--big-edit`, any downnested portals will be displayed on the edit page instead of on the list page.
-Big edit makes all edit and magic button operations happen using `'data-turbo': false`, fully reloading the page and submitting HTML requests instead of TURBO_STREAM requests.
-Likewise, the controller's `update` action always redirects instead of using Turbo.
-### `--display-list-after-update`
-After an update-in-place normally only the edit view is swapped out for the show view of the record you just edited.
-Sometimes you might want to redisplay the entire list after you make an update (for example, if your action removes that record from the result set).
-To do this, use flag `--display-list-after-update`. The update will behave like delete and re-fetch all the records in the result and tell Turbo to swap out the entire list.
-### `--with-turbo-streams`
-If and only if you specify `--with-turbo-streams`, your views will contain `turbo_stream_from` directives. Whereas your views will always contain `turbo_frame_tags` (whether or not this flag is specified) and will use the Turbo stream replacement mechanism for non-idempotent actions (create & update). This flag just brings the magic of live-reload to the scaffold interfaces themselves.
-**_To test_**: Open the same interface in two separate browser windows. Make an edit in one window and watch your edit appear in the other window instantly.
-This happens using two interconnected mechanisms:
-1) by default, all Hot Glue scaffold is wrapped in `turbo_frame_tag`s. The id of these tags is your namespace + the Rails dom_id(...). That means all Hot Glue scaffold is namespaced to the namespaces you use and won't collide with other turbo_frame_tag you might be using elsewhere
-2) by appending **model callbacks**, we can automatically broadcast updates to the users who are using the Hot Glue scaffold. The model callbacks (after_update_commit and after_destroy_commit) get appended automatically to the top of your model file. Each model callback targets the scaffold being built (so just this scaffold), using its namespace, and renders the line partial (or destroys the content in the case of delete) from the scaffolding.
-please note that *creating* and *deleting* do not yet have a full & complete implementation: Your pages won't re-render the pages being viewed cross-peer (that is, between two users using the app at the same time) if the insertion or deletion causes the pagination to be off for another user.
-### `--related-sets`
+### `--related-sets=`
 Used to show a checkbox set of related records. The relationship should be a `has_and_belongs_to_many` or a `has_many through:` from the object being built.
@@ -1196,58 +1315,43 @@ Note this leaves open a privileged escalation attack (a security vulnerability).
 To fix this, you'll need to use Pundit with special syntax designed for this purpose. Please see [Example #17 in the Hot Glue Tutorial](https://school.jfbcodes.com/8188)
-## "Thing" Label
-Note that on a per model basis, you can also globally omit the label or set a unique label value using
-`@@table_label_singular` and `@@table_label_plural` on your model objects.
-You have three options to specify labels explicitly with a string, and 1 option to specify a global name for which the words "Delete ___" and "New ___" will be added.
-If no `--label` is specified, it will be inferred to be the Capitalized version of the name of the thing you are building, with spaces for two or more words.
-### `--label`
+### `--label=`
 The general name of the thing, will be applied as "New ___" for the new button & form. Will be *pluralized* for list label heading, so if the word has a non-standard pluralization, be sure to specify it in `config/inflictions.rb`
 If you specify anything explicitly, it will be used.
 If not, a specification that exists as `@@tabel_label_singular` from the Model will be used.
-If this does not exist, the Titleized (capitalized) version of the model name.
+If this does not exist, the Titleized (capitalized) version of the model name.
-### `--list-label-heading`
+### `--list-label-heading=`
 The plural of the list of things at the top of the list.
 If not, a specification that exists as `@@tabel_label_plural` from the Model will be used.
 If this does not exist, the UPCASE (all-uppercase) version of the model name.
-### `--new-button-label`
-The button on the list that the user clicks onto to create a new record.
-(Follows same rules described in the `--label` option but with the word "New" prepended.)
+### `--new-button-label=`
+Overrides the button on the list that the user clicks onto to create a new record.
+(Default is to follow the same rules described in the `--label` option but with the word "New" prepended.)
-### `--new-form-heading`
+### `--new-form-heading=`
 The text at the top of the new form that appears when the new input entry is displayed.
-(Follows same rules described in the `--label` option but with the word "New" prepended.)
-### `--no-list-label`
-Omits list LABEL itself above the list. (Do not confuse with the list heading which contains the field labels.)
-Note that list labels may  be automatically omitted on downnested scaffolds.
+(Default follows the same rules described in the `--label` option but with the word "New" prepended.)
 ## Field Labels
-### `--form-labels-position` (default: `after`; options are **before**, **after**, and **omit**)
+### `--form-labels-position=` (default: `after`; options are **before**, **after**, and **omit**)
 By default form labels appear after the form inputs. To make them appear before or omit them, use this flag.
 See also `--form-placeholder-labels` to use placeolder labels.
-### `--form-placeholder-labels` (default: false)
+### `--form-placeholder-labels=` (default: false)
 When set to true, fields, numbers, and text areas will have placeholder labels.
 Will not apply to dates, times, datetimes, dropdowns (enums + foreign keys), or booleans.
 See also setting `--form-labels-position` to control position or omit normal labels.
-### `--inline-list-labels` (before, after, omit; default: omit)
+### `--inline-list-labels=` (before, after, omit; default: omit)
 Determines if field label will appear on the LIST VIEW. Note that because Hot Glue has no separate show route or page, this affects the `_show` template which is rendered as a partial from the LIST view.
@@ -1256,25 +1360,12 @@ Because the labels are already in the heading, this is `omit` by default. (Use w
 Use `before` to make the labels come before or `after` to make them come after. See Version 0.5.1 release notes for an example.
-### `--no-list-heading`
-Omits the heading of column names that appears above the 1st row of data.
-### `--include-object-names`
-When you are "Editing X" we specify that X is a ___ (author, book, room, etc)
-e.g. "Editing author Edgar Allan Poe" vs "Editing Edgar Allan Poe"
-Can also be specified globally in `config/hot_glue.yml`
 ### Code insertions
-`--code-before-create`
-`--code-after-create`
-`--code-before-update`
-`--code-after-update`
+### `--code-before-create=`
+### `--code-after-create=`
+### `--code-before-update=`
+### `--code-after-update=`
 Insert some code into the `create` action or `update` actions.
 The **before code** is called _after authorization_ but _before saving_ (which creates the record, or fails validation).
@@ -1283,9 +1374,8 @@ Both should be wrapped in quotation marks when specified in the command line, an
 (Notice the funky indentation of the lines in the generated code. Adjust you input to get the indentation correct.)
-## Searching
-### `--search` (options: simple, set, false predicate, default: false)
+### `--search=` (options: simple, set, false predicate, default: false)
 #### Set Search
@@ -1336,24 +1426,12 @@ Here's how you would add a search interface to Example #1 in the [Hot Glue Tutor
 bin/rails generate Book --include=name,author_id --search=set --search-fields=name,author_id
 ```
-#### Predicate
+#### Predicate Search
 NOT IMPLEMENTED YET
 TODO: implement me
-## Special Features
-### `--attachments`
+### `--attachments=`
 #### ActiveStorage Quick Setup
 (For complete docs, refer to https://guides.rubyonrails.org/active_storage_overview.html)
@@ -1397,7 +1475,7 @@ If it finds one, it will render thumbnails from the attachment variant `thumb`.
 If using the shortform syntax and Hot Glue does **not find a variant** called `thumb` at the code generation time, it will build scaffolding without thumbnails.
-#### `--attachments` Long form syntax with 1 parameter
+#### `--attachments=` Long form syntax with 1 parameter
 **--attachments='_attachment name_{_variant name_}'**
@@ -1417,7 +1495,7 @@ end
 If using the long-form syntax with 1 parameter and Hot Glue does not find the specified variant declared in your attachment, it will stop and raise an error.
-#### `--attachments` Long form syntax with 1st and 2nd parameters
+#### `--attachments=` Long form syntax with 1st and 2nd parameters
 **--attachments='_attachment name_{_variant name_|_field for saving original filename_}'**
@@ -1431,7 +1509,7 @@ Note that the `orig_filename` is not part of the inputted parameters,  it simply
 Note: The 1st and 2nd parameters may be left empty (use `||`) but the 3rd and 4th parameters must either be specified or the parameter must be left off.
-#### `--attachments` Long form syntax with 1st, 2nd, and 3rd parameters
+#### `--attachments=` Long form syntax with 1st, 2nd, and 3rd parameters
 An optional 3rd parameter to the long-form syntax allows you to specify direct upload using the word "direct", which will add direct_upload: true to your f.file_field tags.
@@ -1443,7 +1521,7 @@ If you leave the 2nd parameter blank when using the 3rd parameter, it will defau
 `--attachments='avatar{thumbnail||direct}'`
-#### `--attachments` Long form syntax with 4 parameters
+#### `--attachments=` Long form syntax with 4 parameters
 The final (4th) parameter should be `dropzone` to enable dropzone support for this attachment.
@@ -1647,32 +1725,18 @@ Always:
 Don't include this last line in your factory code.
-## Nav Templates and `--no-nav-menu`
-At the namespace level, you can have a file called `_nav.html.erb` to create tabbed bootstrap nav
-To create the file for the first time (at each namespace), start by running
-```
-bin/rails generate hot_glue:nav_template --namespace=xyz
-```
-This will append the file `_nav.html.erb` to the views folder at `views/xyz`. To begin, this file contains only the following:
+# SPECIAL FEATURES
-```
-<ul class='nav nav-tabs'>
-</ul>
-```
-Once the file is present, any further builds in this namespace will:
+## "Thing" Label
-1) Append to this `_nav.html.erb` file, adding a tab for the new built scaffold
-2) On the list view of the scaffold being built, it will include a render to the _nav partial, passing the name of the currently-viewed thing as the local variable `nav` (this is how the nav template knows which tab to make active).
-```
-<%= render partial: "owner/nav", locals: {nav: "things"} %>
-```
-(In this example `owner/` is the namespace and `things` is the name of the scaffold being built)
+Note that on a per model basis, you can also globally omit the label or set a unique label value using
+`@@table_label_singular` and `@@table_label_plural` on your model objects.
-To suppress this behavior, add `--no-nav-menu` to the build command and the _nav template will not be touched.
+You have three options to specify labels explicitly with a string, and 1 option to specify a global name for which the words "Delete ___" and "New ___" will be added.
+If no `--label` is specified, it will be inferred to be the Capitalized version of the name of the thing you are building, with spaces for two or more words.
 ## Automatic Base Controller
@@ -1715,7 +1779,7 @@ Child portals have the headings omitted automatically (there is a heading identi
-# Note about enums
+## Note about enums
 The Rails 7 enum implementation for Postgres is very slick but has a counter-intuitive facet.
@@ -1760,7 +1824,7 @@ Now, your labels will show up on the front-end as defined in the `_labels` ("Is
 You can modify an enum so that instead of a drop down list, it displays a partial view that you must build. See the [v0.5.23 Release notes](https://github.com/hot-glue-for-rails/hot-glue#2023-10-01---v0523) for details.
-### Validation Magic
+## Validation Magic
 Use ActiveRecord validations or hooks to validate your data. Hot Glue will automatically display the errors in the UI.
@@ -1778,7 +1842,7 @@ end
 ```
-### Typeahead Foreign Keys
+## Typeahead Foreign Keys
 Let's go back to the first Books & Authors example.
 assuming you have created
@@ -1876,7 +1940,7 @@ This means that to find users within the search, the essential piece of informat
 --
-### TinyMCE
+## TinyMCE
 1. `bundle add tinymce-rails` to add it to your Gemfile
 2. Add this inside of your `<head>` tag (at the bottom is fine)
@@ -1954,6 +2018,25 @@ These automatic pickups for partials are detected at build time. This means that
 # VERSION HISTORY
+#### 2025-06-13 v0.6.20
+Breaking changes:
+• the setting in your hot_glue.yml file for `:pundit_default:` has been renamed just `:pundit:`.
+If you fail to rename it in your config file, hot glue will not build if it finds the old config setting.
+• previously magic methods had a ability method that was the name of the magic method + `able?` as one word.
+this has been renamed to `_able?` and you must fix your cooresponding magic method ability methods by adding the underscore
+New Features
+• adds new invisibilty feature with  `--invisible`, `--create-invisible`, and `--update-invisible` see docs above
+• changes previous `--hidden` into `--hidden`, `--create-hidden`, and `--update-hidden`. use hidden to apply to both fields
+• restores functionality of layout builder to magically distribute bootstrap 12 columns
+(4 columns use rows of 3 col widths; 2 columns use 6, 3 uses 4, etc). WHen using specified grouping mode, you
+probably want about 3 or 4 columns. When you have more than 5 it's difficult to build layouts that look good.
 #### 2025-06-10 v0.6.19
 • Fixes magic button output behavior to correctly show the string returned by the bang menthod

data/lib/generators/hot_glue/fields/field.rb CHANGED Viewed

@@ -6,7 +6,7 @@ class Field
                 :self_auth,
                 :singular_class,  :singular, :sql_type, :ownership_field,
                 :update_show_only, :namespace, :pundit, :plural,
-                :stimmify, :hidden, :attachment_data, :god
+                :stimmify, :hidden_create, :hidden_update, :attachment_data, :god
   def initialize(
@@ -33,7 +33,8 @@ class Field
     @default_boolean_display = scaffold.default_boolean_display
     @namespace = scaffold.namespace_value
     @stimmify = scaffold.stimmify
-    @hidden = scaffold.hidden
+    @hidden_create = scaffold.hidden_create
+    @hidden_update = scaffold.hidden_update
     @attachment_data = scaffold.attachments[name.to_sym]
     @god = scaffold.god

data/lib/generators/hot_glue/layout/builder.rb CHANGED Viewed

@@ -127,15 +127,24 @@ module HotGlue
           # if user_layout_columns.size > available_columns
           #   raise "Your include statement #{@include_setting } has #{user_layout_columns.size} columns, but I can only construct up to #{available_columns}"
           # end
+          columns_to_work_with =  (12 - @buttons_width)
+          if columns_to_work_with < user_layout_columns.size
+            raise "Your include statement #{@include_setting } has #{user_layout_columns.size} columns, but I can only construct up to #{columns_to_work_with}"
+          end
+          target_col_size = columns_to_work_with / user_layout_columns.size
+          extra_columns = columns_to_work_with % user_layout_columns.size
           user_layout_columns.each_with_index  do |column,i|
             layout_object[:columns][:container][i] = column.split(",").collect(&:to_sym)
-            default_col_width = 1
-            if extra_columns > 0
-              default_col_width += 1
-              extra_columns -= 1
+            layout_object[:columns][:bootstrap_column_width][i] = target_col_size
+            if i < extra_columns
+              layout_object[:columns][:bootstrap_column_width][i] += 1
             end
-            layout_object[:columns][:bootstrap_column_width][i] = default_col_width
           end
           if user_layout_columns.size < layout_object[:columns][:container].size

data/lib/generators/hot_glue/markup_templates/erb.rb CHANGED Viewed

@@ -11,7 +11,8 @@ module  HotGlue
                   :attachments, :show_only, :columns_map, :pundit, :related_sets,
                   :search, :search_fields, :search_query_fields, :search_position,
                   :form_path, :layout_object, :search_clear_button, :search_autosearch,
-                  :stimmify, :stimmify_camel, :hidden
+                  :stimmify, :stimmify_camel, :hidden_create, :hidden_update, :invisible_create,
+                  :invisible_update, :plural
     def initialize(singular:, singular_class: ,
@@ -23,7 +24,8 @@ module  HotGlue
                  update_show_only:, attachments: , columns_map:, pundit:, related_sets:,
                  search:, search_fields:, search_query_fields: , search_position:,
                  search_clear_button:, search_autosearch:, layout_object:,
-                 form_path: , stimmify: , stimmify_camel:, hidden: )
+                 form_path: , stimmify: , stimmify_camel:, hidden_create:, hidden_update: ,
+                 invisible_create:, invisible_update: , plural: )
       @form_path = form_path
@@ -34,7 +36,11 @@ module  HotGlue
       @layout_object = layout_object
       @stimmify = stimmify
       @stimmify_camel = stimmify_camel
-      @hidden = hidden
+      @hidden_create = hidden_create
+      @hidden_update = hidden_update
+      @invisible_create = invisible_create
+      @invisible_update = invisible_update
+      @plural = plural
       @singular = singular
       @singular_class = singular_class
@@ -75,7 +81,7 @@ module  HotGlue
           (big_edit ? ", \"turbo\": false" : "") +
            "}} do |f| %>" +
           "<%= f.hidden_field :__#{button_name}, value: \"__#{button_name}\" %>" +
-          "<%= f.submit '#{button_name.titleize}'.html_safe, disabled: (#{singular}.respond_to?(:#{button_name}able?) && ! #{singular}.#{button_name}able? ), class: '#{singular}-button #{@layout_strategy.button_applied_classes} #{@layout_strategy.magic_button_classes}' %>" +
+          "<%= f.submit '#{button_name.titleize}'.html_safe, disabled: (#{singular}.respond_to?(:#{button_name}_able?) && ! #{singular}.#{button_name}_able? ), class: '#{singular}-button #{@layout_strategy.button_applied_classes} #{@layout_strategy.magic_button_classes}' %>" +
         "<% end %>"
       }.join("\n")
     end
@@ -88,7 +94,18 @@ module  HotGlue
         size = layout_object[:columns][:bootstrap_column_width][i]
         "<div class='#{layout_strategy.column_classes_for_column_headings(size)} hg-heading-row heading--#{singular}--#{column.join("-")}' " + col_style + ">" +
-          column.map(&:to_s).map{|col_name| "#{col_name.humanize}"}.join("<br />")  + "</div>"
+          column.map(&:to_s).map{|col_name|
+            the_output = "#{col_name.humanize}"
+            if invisible_update.include?(col_name.to_sym)
+              if_statements = []
+              if_statements << "false" if invisible_update.include?(col_name.to_sym)
+              # if_statements << "@action == 'new'" if invisible_create.include?(col_name.to_sym)
+              the_output = "<% if ( " +  if_statements.join(" || ") + " || policy(#{@plural}).#{col_name}_able? ) %>" +
+                +  the_output + "<% end %>"
+            end
+            the_output
+          }.join("<br />")  + "</div>"
       }.join("\n")
       return result
     end
@@ -160,7 +177,6 @@ module  HotGlue
                 "<% if @action == 'edit' %>" + columns_map[col].form_show_only_output + "<% else %>" + columns_map[col].form_field_output + "<% end %>"
               elsif update_show_only.include?(col) && @pundit && eval("defined? #{singular_class}Policy") && eval("#{singular_class}Policy").instance_methods.include?("#{col}_able?".to_sym)
                 "<% if @action == 'new' && policy(@#{singular}).#{col}_able? %>" + columns_map[col].form_field_output + "<% else %>" + columns_map[col].form_show_only_output + "<% end %>"
                  # show only on the update action overrides any pundit policy
               elsif @pundit && eval("defined? #{singular_class}Policy") && eval("#{singular_class}Policy").instance_methods.include?("#{col}_able?".to_sym)
                 "<% if policy(@#{singular}).#{col}_able? %>" + columns_map[col].form_field_output + "<% else %>" + columns_map[col].form_show_only_output  + "<% end %>"
@@ -178,17 +194,35 @@ module  HotGlue
               data_attr = " data-#{@stimmify}-target='#{col_target}Wrapper'"
             end
-            unless hidden.include?(col.to_sym)
-              add_spaces_each_line( "\n  <span #{@tinymce_stimulus_controller}class='<%= \"alert alert-danger\" if #{singular}.errors.details.keys.include?(:#{field_error_name}) %>' #{data_attr} >\n" +
-                                      add_spaces_each_line( (form_labels_position == 'before' ? (the_label || "") + "<br />\n"  : "") +
-                                                              +  field_result +
-                                                              (form_labels_position == 'after' ? (  columns_map[col].newline_after_field? ? "<br />\n" : "") + (the_label || "") : "")  , 4) +
-                                      "\n  </span>\n ", 2)
-            else
-              columns_map[col].hidden_output
+            the_output =   add_spaces_each_line( "\n  <span #{@tinymce_stimulus_controller}class='<%= \"alert alert-danger\" if #{singular}.errors.details.keys.include?(:#{field_error_name}) %>' #{data_attr} >\n" +
+                                                             add_spaces_each_line( (form_labels_position == 'before' ? (the_label || "") + "<br />\n"  : "") +
+                                                                                     +  field_result +
+                                                                                     (form_labels_position == 'after' ? (  columns_map[col].newline_after_field? ? "<br />\n" : "") + (the_label || "") : "")  , 4) +
+                                                             "\n  </span>\n ", 2)
+            if hidden_create.include?(col.to_sym) || hidden_update.include?(col.to_sym)
+              if_statements = []
+              if_statements << "@action == 'edit'" if hidden_update.include?(col.to_sym)
+              if_statements << "@action == 'new'" if hidden_create.include?(col.to_sym)
+              the_output = "<% if " + if_statements.join(" || ") + " %>" +
+                columns_map[col].hidden_output + "<% else %>" +  the_output + "<% end %>"
             end
+            if invisible_create.include?(col) || invisible_update.include?(col)
+              if_statements = []
+              if_statements << "@action == 'edit'" if invisible_update.include?(col.to_sym)
+              if_statements << "@action == 'new'" if invisible_create.include?(col.to_sym)
+              the_output = "<% if !(" + if_statements.join(" || ") + ") || policy(@#{singular}).#{col}_able? %>" +
+                +  the_output + "<% end %>"
+            end
+            the_output
           }.join("") + "\n  </div>"
       }.join("\n")
       return result
@@ -233,7 +267,21 @@ module  HotGlue
           label = "<label class='small form-text text-muted'>#{col.to_s.humanize}</label>"
-          "#{inline_list_labels == 'before' ? label + "<br/>" : ''}#{field_output}#{inline_list_labels == 'after' ? "<br/>" + label : ''}"
+          the_output = "#{inline_list_labels == 'before' ? label + "<br/>" : ''}#{field_output}#{inline_list_labels == 'after' ? "<br/>" + label : ''}"
+          if invisible_create.include?(col) || invisible_update.include?(col)
+            if_statements = []
+            if invisible_update.include?(col.to_sym) && invisible_create.include?(col.to_sym)
+            # elsif invisible_create.include?(col.to_sym)
+            #   if_statements << "!(@action == 'new')"
+            else
+              if_statements << "@action == 'edit'"
+            end
+            if_statements << " policy(#{singular}).#{col}_able?"
+            the_output = "<% if  " +  if_statements.join(" || ") + " %>" +
+              +  the_output + "<% end %>"
+          end
+          the_output
         }.join(  "<br />") + "</div>"
       }.join("\n")
       return result

data/lib/generators/hot_glue/scaffold_generator.rb CHANGED Viewed

@@ -29,7 +29,8 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
                 :form_labels_position, :no_nav_menu, :pundit,
                 :self_auth, :namespace_value, :record_scope, :related_sets,
                 :search_clear_button, :search_autosearch, :include_object_names,
-                :stimmify, :stimmify_camel, :hidden
+                :stimmify, :stimmify_camel, :hidden_create, :hidden_update,
+                :invisible_create, :invisible_update
   # important: using an attr_accessor called :namespace indirectly causes a conflict with Rails class_name method
   # so we use namespace_value instead
@@ -58,6 +59,12 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
   class_option :show_only, type: :string, default: ""
   class_option :update_show_only, type: :string, default: ""
   class_option :hidden, type: :string, default: ""
+  class_option :hidden_create, type: :string, default: ""
+  class_option :hidden_update, type: :string, default: ""
+  class_option :invisible, type: :string, default: ""
+  class_option :invisible_create, type: :string, default: ""
+  class_option :invisible_update, type: :string, default: ""
   class_option :ujs_syntax, type: :boolean, default: nil
   class_option :downnest, type: :string, default: nil
   class_option :magic_buttons, type: :string, default: nil
@@ -231,11 +238,29 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
       puts "show only field #{@show_only}}"
     end
-    @hidden = options['hidden'].split(",").collect(&:to_sym)
-    if @hidden.any?
-      puts "hidden fields #{@hidden}}"
+    @hidden_all = options['hidden'].split(",").collect(&:to_sym)
+    @hidden_create = options['hidden_create'].split(",").collect(&:to_sym)
+    @hidden_update = options['hidden_update'].split(",").collect(&:to_sym)
+    @hidden_update.concat(@hidden_all) if @hidden_all.any?
+    @hidden_create.concat(@hidden_all) if @hidden_all.any?
+    @hidden_create.uniq!
+    @hidden_update.uniq!
+    if @hidden_create.any? || @hidden_update.any? || @hidden_all.any?
+      puts "hidden update fields #{@hidden_update}}"
+      puts "hidden create fields #{@hidden_create}}"
     end
+    @invisible_all = options['invisible'].split(",").collect(&:to_sym)
+    @invisible_create = options['invisible_create'].split(",").collect(&:to_sym)
+    @invisible_update = options['invisible_update'].split(",").collect(&:to_sym)
+    @invisible_update.concat(@invisible_all) if @invisible_all.any?
+    @invisible_update.uniq!
+    @invisible_create.concat(@invisible_all) if @invisible_all.any?
+    @invisible_create.uniq!
     @modify_as = {}
     if !options['modify'].empty?
       modify_input = options['modify'].split(",")
@@ -302,6 +327,9 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
     @new_button_label = options['new_button_label'] || (eval("#{class_name}.class_variable_defined?(:@@table_label_singular)") ? "New " + eval("#{class_name}.class_variable_get(:@@table_label_singular)") : "New " + singular.gsub("_", " ").titleize)
     @new_form_heading = options['new_form_heading'] || "New #{@label}"
+    # @table_display_name_singular = (eval("#{class_name}.class_variable_defined?(:@@table_label_singular)") ? eval("#{class_name}.class_variable_get(:@@table_label_singular)") : singular.gsub("_", " ").titleize)
+    @table_display_name_plural = (eval("#{class_name}.class_variable_defined?(:@@table_label_plural)") ? eval("#{class_name}.class_variable_get(:@@table_label_plural)") : plural.gsub("_", " ").titleize)
     setup_hawk_keys
     @form_placeholder_labels = options['form_placeholder_labels'] # true or false
     @inline_list_labels = options['inline_list_labels'] || get_default_from_config(key: :inline_list_labels) || 'omit' # 'before','after','omit'
@@ -358,11 +386,19 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
     @no_nav_menu = options['no_nav_menu']
+    if get_default_from_config(key: :pundit_default)
+      raise "please note the config setting `pundit_default` has been renamed `pundit`. please update your hot_glue.yml file"
+    end
     if @pundit.nil?
-      @pundit = get_default_from_config(key: :pundit_default)
+      @pundit = get_default_from_config(key: :pundit)
     end
+    if (@invisible_create + @invisible_update).any? && !@pundit
+      raise "you specified invisible fields without using Pundit. please remove the invisible fields or use --pundit"
+    end
     if options['include'].include?(":") && @smart_layout
       raise HotGlue::Error, "You specified both --smart-layout and also specified grouping mode (there is a : character in your field include list); you must remove the colon(s) from your --include tag or remove the --smart-layout option"
     end
@@ -653,6 +689,7 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
         update_show_only: @update_show_only,
         singular_class: singular_class,
         singular: singular,
+        plural: @plural,
         hawk_keys: @hawk_keys,
         ownership_field: @ownership_field,
         form_labels_position: @form_labels_position,
@@ -670,7 +707,10 @@ class HotGlue::ScaffoldGenerator < Erb::Generators::ScaffoldGenerator
         form_path: form_path_new_helper,
         stimmify: @stimmify,
         stimmify_camel: @stimmify_camel,
-        hidden: @hidden
+        hidden_create: @hidden_create,
+        hidden_update: @hidden_update,
+        invisible_create: @invisible_create,
+        invisible_update: @invisible_update,
       )
     elsif @markup == "slim"
       raise(HotGlue::Error, "SLIM IS NOT IMPLEMENTED")

data/lib/generators/hot_glue/templates/controller.rb.erb CHANGED Viewed

@@ -98,8 +98,8 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     <% if @pundit && !@pundit_policy_override %>
     authorize @<%= singular %><% elsif @pundit && @pundit_policy_override %>
     skip_authorization
-    raise Pundit::NotAuthorizedError if ! <%= @pundit_policy_override %>.new?<% end %><% if @pundit %>
-    @action = 'new'
+    raise Pundit::NotAuthorizedError if ! <%= @pundit_policy_override %>.new?<% end %>
+    @action = 'new' <% if @pundit %>
   rescue Pundit::NotAuthorizedError
     flash[:alert] = 'You are not authorized to perform this action.'
     load_all_<%= plural %>
@@ -135,7 +135,7 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
                                  instance_last_item: true,
                                  put_form: true).gsub("(#{singular}", "(@#{singular}") %><% end %>
     else
-      flash[:alert] = "Oops, your <%= singular_name %> could not be created. #{@hawk_alarm}"
+      flash[:alert] = "Oops, your <%= @label %> could not be created. #{@hawk_alarm}"
       @action = 'new'
       <% unless @display_edit_after_create %>render :create, status: :unprocessable_entity<% else %>render :new , status: :unprocessable_entity<% end %>
     end<% if @pundit %>
@@ -238,7 +238,7 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
       redirect_to <%= path_helper_plural(false) %>
      <% end %>
     else
-      flash[:alert] = "<%= singular_name.titlecase %> could not be saved. #{@hawk_alarm}"
+      flash[:alert] = "<%= @label %> could not be saved. #{@hawk_alarm}"
       <%= @alt_lookups.collect{ |k,v|
       assoc = k.gsub("_id","")
       "@#{singular }.#{k} = #{class_name}.find(@#{singular }.id).person.id if @#{singular }.errors.include?(:#{assoc})"
@@ -260,9 +260,9 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
     raise Pundit::NotAuthorizedError if ! <%= @pundit_policy_override %>.destroy?<% end %>
     begin
       @<%=singular_name%>.destroy!
-      flash[:notice] = '<%= singular_name.titlecase %> successfully deleted'
+      flash[:notice] = '<%= @label %> successfully deleted'
     rescue ActiveRecord::RecordNotDestroyed => e
-      flash[:alert] = '<%= singular_name.titlecase %> could not be deleted'
+      flash[:alert] = '<%= @label %> could not be deleted'
     end
     <%= post_action_parental_updates.join("\n    ") %>
     load_all_<%= plural %><% if @pundit %>
@@ -284,12 +284,23 @@ class <%= controller_class_name %> < <%= controller_descends_from %>
   end<% end %><% end %>
   def <%=singular_name%>_params
-    params.require(:<%= testing_name %>).permit(<%= ((fields_filtered_for_strong_params - @show_only ) + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %><%= ", " +  @alt_lookups.collect{|k,v|  ":__lookup_#{v[:assoc].downcase}_#{v[:lookup_as]}"  }.join(", ") if @alt_lookups.any? %>)
+    fields = <%= ((fields_filtered_for_strong_params - @show_only) + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %><%= ", " +  @alt_lookups.collect{|k,v|  ":__lookup_#{v[:assoc].downcase}_#{v[:lookup_as]}"  }.join(", ") if @alt_lookups.any? %>
+    params.require(:<%= testing_name %>).permit(fields)
   end<% if @update_show_only %>
   <% unless @no_edit %>
   def update_<%=singular_name%>_params
-    params.require(:<%= testing_name %>).permit(<%= ((fields_filtered_for_strong_params - @update_show_only)  + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %><%=  ", " + @alt_lookups.collect{|k,v|  ":__lookup_#{v[:assoc].downcase}_#{v[:lookup_as]}"  }.join(", ") if @alt_lookups.any?  %>)
+    fields = <%= ((fields_filtered_for_strong_params - @update_show_only)  + @magic_buttons.collect{|x| "__#{x}"}).collect{|sym| ":#{sym}"}.join(", ") %><%= ", " + @related_sets.collect{|key, rs| "#{rs[:association_ids_method]}: []"}.join(", ") if @related_sets.any? %><%=  ", " + @alt_lookups.collect{|k,v|  ":__lookup_#{v[:assoc].downcase}_#{v[:lookup_as]}"  }.join(", ") if @alt_lookups.any?  %>
+    <%= (fields_filtered_for_strong_params - @update_show_only).collect{|col|
+    # TODO : fields not on show only also not invisible should be checked here
+    # for _able? methods and added only when able
+    if (@invisible_create.include?(col) || eval("defined? #{singular_class}Policy") && eval("#{singular_class}Policy").instance_methods.include?("#{col}_able?".to_sym))
+        "fields.delete :#{col} if !policy(@#{singular}).#{col}_able?"
+    else
+      nil
+    end
+    }.compact.join("\n    ") %>
+    params.require(:<%= testing_name %>).permit(fields)
   end<% end %>
   <% end %>

data/lib/hotglue/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module HotGlue
   class Version
-    CURRENT = '0.6.19'
+    CURRENT = '0.6.20'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hot-glue
 version: !ruby/object:Gem::Version
-  version: 0.6.19
+  version: 0.6.20
 platform: ruby
 authors:
 - Jason Fleetwood-Boldt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-10 00:00:00.000000000 Z
+date: 2025-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails