inline_forms 8.1.11 → 8.1.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e33b151ebeda5706914feaf6ac97bd11b0b379ac8b03435cf9d948c40dbdd9b
-  data.tar.gz: 975d48a428e045905e0fd29acf6b2d136ec7cc5f4a7825db9c951eb0ab3bba3d
+  metadata.gz: 58e6670831f8bce627752b9797371fb20d2f3b14f571a4bc8c879478b71f5ff6
+  data.tar.gz: 32fd5f2f3503126e9113d10a3bea9ba23468667f11cc4db8252d78078b101af8
 SHA512:
-  metadata.gz: 37d86c5be4e09df199b6d23b8ee91c2488bb98b178b352213dce075234152cc9ef03d119cd2ccd0eb41632d4e6ec5724918d6f2cfdbd70889ed5a0e4b7a959d1
-  data.tar.gz: 3b40a5c9b0de4707715d43d2186f3d1e4570b7c0cfa17f55f6aa7aa2c151b325bf91a670897ebc3379a1ba086081953f4a0d2f3806a3cd83a13c4fd6149443bb
+  metadata.gz: d9e59af7820b05e5ef046c1771a85f37ee1d7dd4ab9affbe0f8e2dfda03fe49db57d9452972406a889f699732165b8117bb56ecdee6c6a5edf9c05b0d14642f8
+  data.tar.gz: 55be4d675321e511079de4a362688b664e65dce704dd56ef5929c8db2a286f0fef034312a2572016138808155a18e4f7150472a26aa904adb65e926d762da949

data/CHANGELOG.md

@@ -4,6 +4,42 @@ All notable changes to this project are documented in this file.
 
 ## [Unreleased]
 
+## [8.1.15] - 2026-05-28
+
+### Fixed
+
+- **Post-delete undo on Apartment/Photo (and any model with `rich_text`) left `description` empty.** Undo only reified the parent row; ActionText bodies live in `action_text_rich_texts` and are removed on `destroy`, with separate PaperTrail `destroy` versions. `revert` now also reifies and saves each `ActionText::RichText` destroy snapshot that belonged to the restored parent (Apartment, nested Photo, `FormElementShowcase#description`, etc.).
+
+### Added
+
+- **Regression tests:** apartment row destroy+undo with `description` rich text; nested photo destroy+undo with `description` rich text.
+
+## [8.1.14] - 2026-05-28
+
+### Fixed
+
+- **`example_app_showcase_row_turbo_test` broke `--example` installs.** The Empty-demo undo regression parsed the undo URL as `/revert/:id`, but member routes are `/form_element_showcases/:id/revert`. The installer gate failed (`131 runs, 1 failure`) and surfaced the misleading “Rails could not create the app 'MyApp', maybe because it is a reserved word…” message even though the app was generated. The test now matches the real path and loads the destroy version from PaperTrail.
+
+## [8.1.13] - 2026-05-28
+
+### Fixed
+
+- **Post-delete undo restored the wrong PaperTrail version.** `destroy` stored `@undo_version = @object.versions.last` *before* `destroy`, so the undo link targeted the latest **update** (e.g. a `plain_text_area` edit). `revert` then reified that update — the state *before* the edit — so fields like `body_plain_area` on "Empty demo" came back blank. `@undo_version` is now taken after destroy so undo always targets the `destroy` event snapshot.
+
+### Added
+
+- **Regression test** on `FormElementShowcase` "Empty demo": edit `body_plain_area`, delete, undo, assert text and undo URL use the destroy version.
+
+## [8.1.12] - 2026-05-28
+
+### Fixed
+
+- **`InlineFormsController#revert` and CanCan `check_authorization`.** `revert` is excluded from `load_and_authorize_resource`, but `authorize!` only ran on some branches — and after `return unless @parent`, so a nil PaperTrail `item` on a destroyed row (or any path that bailed out early) left `@_authorized` unset and raised `CanCan::AuthorizationNotPerformed`. Authorization now runs once at the top of the action via `revert_authorization_subject` (reified record, `ActionText::RichText` parent, live `item`, or an id-only stub for destroyed rows). The post-delete **undo** link in `row_destroyed.html.erb` now requests `turbo_stream` like the versions-panel Restore link, matching the `format.turbo_stream` response.
+
+### Added
+
+- **Regression test** `example_app_showcase_row_turbo_test.rb`: destroy + undo revert on `FormElementShowcase`.
+
 ## [8.1.11] - 2026-05-28
 
 ### Fixed

data/app/controllers/inline_forms_controller.rb

@@ -247,8 +247,10 @@ class InlineFormsController < ApplicationController
     @update_span = params[:update]
     @object = referenced_object
     if current_user.role? :superadmin
-      @undo_version = @object.versions.last
       @object.destroy
+      # Capture after destroy: `.last` before destroy was the latest *update*
+      # (e.g. a plain_text_area edit), so undo reified the pre-edit state.
+      @undo_version = @object.versions.last
       respond_to do |format|
         format.html { render_row_turbo_destroyed } if row_html_turbo_allowed?
       end
@@ -270,62 +272,116 @@ class InlineFormsController < ApplicationController
   #   below derive from `@parent` for both branches.
   def revert
     @update_span = params[:update]
-    if current_user.role? :superadmin
-      @version = PaperTrail::Version.find(params[:id])
-      @object = @version.reify
-      # PaperTrail::Version#reify returns nil for `create` events because
-      # there is no prior state to roll back to. The versions list view
-      # hides the Restore link for `create` rows, but guard here too in
-      # case a request was bookmarked or replayed: render close on the
-      # current parent without mutating anything.
-      if @object.nil?
-        # reify returns nil for `create` events (no prior state). For a
-        # rich_text create, reverting means "undo the creation" -> destroy
-        # the ActionText::RichText row so the parent's field reverts to
-        # empty (symmetric with reverting an update on a rich_text that
-        # was first saved empty). For a primary record we never offer
-        # Restore on `create` in the view; this branch only runs for
-        # replayed/bookmarked URLs and must remain a no-op response keyed
-        # off the parent.
-        item = @version.item
-        if defined?(ActionText::RichText) && item.is_a?(ActionText::RichText)
-          @rich_text_record = item
-          @parent = @rich_text_record.record
-          return unless @parent
-          authorize!(:revert, @parent) if cancan_enabled?
-          @rich_text_record.destroy
-          @parent.touch if @parent.respond_to?(:touch)
-        else
-          @parent = item
-          return unless @parent
-          authorize!(:revert, @parent) if cancan_enabled?
-        end
-        return unless row_html_turbo_allowed?
-        respond_to do |format|
-          format.turbo_stream { render_revert_turbo_streams }
-        end
-        return
-      end
-      if defined?(ActionText::RichText) && @object.is_a?(ActionText::RichText)
-        @rich_text_record = @object
+    @version = PaperTrail::Version.find(params[:id])
+    @parent = revert_authorization_subject(@version)
+    authorize!(:revert, @parent || @Klass) if cancan_enabled?
+    return head :forbidden unless current_user.role? :superadmin
+    return head :not_found unless @parent
+
+    @object = @version.reify(
+      has_many: true,
+      has_and_belongs_to_many: true,
+      belongs_to: true
+    )
+    # PaperTrail::Version#reify returns nil for `create` events because
+    # there is no prior state to roll back to. The versions list view
+    # hides the Restore link for `create` rows, but guard here too in
+    # case a request was bookmarked or replayed: render close on the
+    # current parent without mutating anything.
+    if @object.nil?
+      # reify returns nil for `create` events (no prior state). For a
+      # rich_text create, reverting means "undo the creation" -> destroy
+      # the ActionText::RichText row so the parent's field reverts to
+      # empty (symmetric with reverting an update on a rich_text that
+      # was first saved empty). For a primary record we never offer
+      # Restore on `create` in the view; this branch only runs for
+      # replayed/bookmarked URLs and must remain a no-op response keyed
+      # off the parent.
+      item = @version.item
+      if defined?(ActionText::RichText) && item.is_a?(ActionText::RichText)
+        @rich_text_record = item
         @parent = @rich_text_record.record
-        @rich_text_record.save!
+        return head :not_found unless @parent
+        @rich_text_record.destroy
         @parent.touch if @parent.respond_to?(:touch)
       else
-        @parent = @object
-        @parent.save!
-      end
-      authorize!(:revert, @parent) if cancan_enabled?
-      return unless row_html_turbo_allowed?
-
-      respond_to do |format|
-        format.turbo_stream { render_revert_turbo_streams }
+        @parent = item || @parent
+        return head :not_found unless @parent
       end
+      return render_revert_response if row_html_turbo_allowed?
+      return
+    end
+    if defined?(ActionText::RichText) && @object.is_a?(ActionText::RichText)
+      @rich_text_record = @object
+      @parent = @rich_text_record.record
+      return head :not_found unless @parent
+      @rich_text_record.save!
+      @parent.touch if @parent.respond_to?(:touch)
+    else
+      @parent = @object
+      @parent.save!
+      restore_rich_texts_for_reverted_parent!(@parent)
+      @parent.reload
     end
+    render_revert_response if row_html_turbo_allowed?
   end
 
   private
 
+  # Undoing a parent +destroy+ reifies the Apartment/Photo row only. ActionText
+  # bodies live in +action_text_rich_texts+ and get their own PaperTrail
+  # +destroy+ versions; those rows are gone after +parent.destroy+, so we also
+  # reify and save each matching +ActionText::RichText+ destroy snapshot.
+  def restore_rich_texts_for_reverted_parent!(parent)
+    return unless defined?(ActionText::RichText)
+
+    record_type = parent.class.base_class.name
+    record_id = parent.id
+
+    PaperTrail::Version.where(item_type: "ActionText::RichText", event: "destroy").find_each do |version|
+      attrs = version.object_deserialized
+      next unless attrs.is_a?(Hash)
+
+      type = attrs["record_type"] || attrs[:record_type]
+      rid = attrs["record_id"] || attrs[:record_id]
+      next unless type == record_type && rid.to_i == record_id
+
+      rich_text = version.reify
+      rich_text&.save!
+    end
+  end
+
+  # +revert+ is excluded from +load_and_authorize_resource+; +authorize!+ runs in the
+  # action. +check_authorization+ on ApplicationController still requires that flag.
+  def revert_authorization_subject(version)
+    reified = version.reify(
+      has_many: true,
+      has_and_belongs_to_many: true,
+      belongs_to: true
+    )
+    if defined?(ActionText::RichText) && reified.is_a?(ActionText::RichText)
+      return reified.record
+    end
+    return reified if reified
+
+    item = version.item
+    if defined?(ActionText::RichText) && item.is_a?(ActionText::RichText)
+      return item.record
+    end
+    return item if item
+
+    klass = version.item_type.safe_constantize
+    return nil unless klass && version.item_id
+
+    klass.new(id: version.item_id)
+  end
+
+  def render_revert_response
+    respond_to do |format|
+      format.turbo_stream { render_revert_turbo_streams }
+    end
+  end
+
   # Versions list lives in +<turbo-frame id="…_versions">+; POST +restore+ would otherwise
   # send +Turbo-Frame: …_versions+ while +row_close+ only returns the row frame. Stream
   # replaces both the row and the versions panel in one response.

data/app/views/inline_forms/row_destroyed.html.erb

@@ -3,7 +3,7 @@
     <div class="small-12 column">
       <%= link_to t("inline_forms.view.undo"),
             send("revert_#{@Klass.to_s.underscore}_path", @undo_version, update: @update_span),
-            inline_forms_turbo_link_data(@update_span, method: :post).merge(class: "button") %>
+            inline_forms_turbo_link_data(@update_span, method: :post, turbo_stream: true).merge(class: "button") %>
     </div>
   </div>
 </turbo-frame>

data/lib/inline_forms/version.rb

@@ -1,4 +1,4 @@
 # -*- encoding : utf-8 -*-
 module InlineForms
-  VERSION = "8.1.11"
+  VERSION = "8.1.15"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: inline_forms
 version: !ruby/object:Gem::Version
-  version: 8.1.11
+  version: 8.1.15
 platform: ruby
 authors:
 - Ace Suares