pg_rails 7.0.8.pre.alpha.38 → 7.0.8.pre.alpha.39
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/pg_associable/app/helpers/pg_associable/form_builder_methods.rb +1 -1
- data/pg_associable/spec/pg_associable/helpers_spec.rb +2 -4
- data/pg_engine/app/controllers/concerns/pg_engine/resource.rb +0 -2
- data/pg_engine/app/controllers/pg_engine/base_controller.rb +12 -4
- data/pg_engine/app/decorators/pg_engine/base_decorator.rb +5 -5
- data/pg_engine/app/helpers/pg_engine/form_helper.rb +4 -2
- data/pg_engine/app/helpers/pg_engine/pg_rails_helper.rb +0 -4
- data/pg_engine/app/helpers/pg_engine/route_helper.rb +2 -0
- data/pg_engine/app/lib/pg_engine/filtros_builder.rb +1 -1
- data/pg_engine/app/models/current.rb +12 -0
- data/pg_engine/app/models/pg_engine/base_record.rb +3 -5
- data/pg_engine/lib/pg_engine/configuracion.rb +1 -3
- data/pg_engine/lib/pg_engine/utils/pg_logger.rb +2 -2
- data/pg_engine/spec/controllers/pg_engine/base_controller_spec.rb +36 -0
- data/pg_layout/app/views/pg_layout/_navbar.html.erb +2 -2
- data/pg_layout/app/views/pg_layout/_sidebar_mobile.html.erb +2 -2
- data/pg_rails/lib/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ea9466d068f06c41fe15e315f2d238ed0479645dfb54a3281e508761bb56891
|
|
4
|
+
data.tar.gz: 2fc50e466c3e8022c04a239faad5ce80dda256e5ee41b83d8c010a6e722416a3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0af2dd365f7a39c4d2bbba1847419a900f5484e7fde5189babaf3f4ab50b59843c88270a8a9890ae3f03617e1ac46fd1a0de80cd1a0391088edd54f597c07f13
|
|
7
|
+
data.tar.gz: 184710630962af26ee129440ba5c47814fdc5728f287be8c20e5da322fabafd91c4fb2a359bded287445b7dddebba854466a40dcca387a326635348a9167c7cb
|
|
@@ -24,7 +24,7 @@ module PgAssociable
|
|
|
24
24
|
|
|
25
25
|
def collection_pc(atributo, _options)
|
|
26
26
|
klass = clase_asociacion(atributo)
|
|
27
|
-
user =
|
|
27
|
+
user = Current.user
|
|
28
28
|
in_modal = options[:asociable].present?
|
|
29
29
|
puede_crear = !in_modal && Pundit::PolicyFinder.new(klass).policy.new(user, klass).new?
|
|
30
30
|
collection = Pundit::PolicyFinder.new(klass).scope.new(user, klass).resolve
|
|
@@ -2,16 +2,14 @@ require 'rails_helper'
|
|
|
2
2
|
|
|
3
3
|
describe PgAssociable::Helpers do
|
|
4
4
|
describe '#pg_respond_buscar' do
|
|
5
|
-
let(:user) { create :user, :developer }
|
|
6
5
|
let(:ctrl) do
|
|
7
|
-
# clazz = Class.new(Admin::CosasController)
|
|
8
|
-
# clazz.new
|
|
9
6
|
Admin::CosasController.new
|
|
10
7
|
end
|
|
11
8
|
let!(:cosa) { create :cosa }
|
|
12
9
|
|
|
13
10
|
before do
|
|
14
|
-
|
|
11
|
+
Current.user = create :user, :developer
|
|
12
|
+
allow(ctrl).to receive_messages(params: { id: 123, query: cosa.id })
|
|
15
13
|
allow(ctrl).to receive(:render)
|
|
16
14
|
ctrl.instance_variable_set(:@clase_modelo, Cosa)
|
|
17
15
|
end
|
|
@@ -230,8 +230,6 @@ module PgEngine
|
|
|
230
230
|
instancia_modelo.assign_attributes(modelo_params) if action_name.in? %w[update]
|
|
231
231
|
end
|
|
232
232
|
|
|
233
|
-
instancia_modelo.current_user = send(PgEngine.configuracion.current_user_method)
|
|
234
|
-
|
|
235
233
|
authorize instancia_modelo
|
|
236
234
|
|
|
237
235
|
# TODO: problema en create y update cuando falla la validacion
|
|
@@ -20,6 +20,10 @@ module PgEngine
|
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
before_action do
|
|
24
|
+
Current.user = current_user
|
|
25
|
+
end
|
|
26
|
+
|
|
23
27
|
protect_from_forgery with: :exception
|
|
24
28
|
|
|
25
29
|
rescue_from PrintHelper::FechaInvalidaError, with: :fecha_invalida
|
|
@@ -35,7 +39,7 @@ module PgEngine
|
|
|
35
39
|
|
|
36
40
|
helper_method :dev_user?
|
|
37
41
|
def dev_user?
|
|
38
|
-
|
|
42
|
+
Current.user&.developer?
|
|
39
43
|
end
|
|
40
44
|
|
|
41
45
|
helper_method :mobile_device?
|
|
@@ -47,7 +51,7 @@ module PgEngine
|
|
|
47
51
|
add_flash_types :warning, :success
|
|
48
52
|
|
|
49
53
|
before_action do
|
|
50
|
-
console if params[:show_web_console]
|
|
54
|
+
console if dev_user_or_env? && (params[:show_web_console] || params[:wc])
|
|
51
55
|
end
|
|
52
56
|
|
|
53
57
|
before_action do
|
|
@@ -57,7 +61,7 @@ module PgEngine
|
|
|
57
61
|
else
|
|
58
62
|
'opened'
|
|
59
63
|
end
|
|
60
|
-
@navbar = Navbar.new(
|
|
64
|
+
@navbar = Navbar.new(Current.user)
|
|
61
65
|
|
|
62
66
|
if Rollbar.configuration.enabled && Rails.application.credentials.rollbar.present?
|
|
63
67
|
@rollbar_token = Rails.application.credentials.rollbar.access_token_client
|
|
@@ -68,6 +72,10 @@ module PgEngine
|
|
|
68
72
|
request.user_agent =~ /Mobile|webOS/
|
|
69
73
|
end
|
|
70
74
|
|
|
75
|
+
def pundit_user
|
|
76
|
+
Current.user
|
|
77
|
+
end
|
|
78
|
+
|
|
71
79
|
protected
|
|
72
80
|
|
|
73
81
|
# TODO: ver qué pasa en producción
|
|
@@ -99,7 +107,7 @@ module PgEngine
|
|
|
99
107
|
format.html do
|
|
100
108
|
if request.path == root_path
|
|
101
109
|
# TODO!: renderear un 500.html y pg_err
|
|
102
|
-
sign_out(
|
|
110
|
+
sign_out(Current.user) if Current.user.present?
|
|
103
111
|
render plain: 'Not authorized'
|
|
104
112
|
else
|
|
105
113
|
go_back('Not authorized')
|
|
@@ -32,7 +32,7 @@ module PgEngine
|
|
|
32
32
|
# rubocop:enable Style/MissingRespondToMissing
|
|
33
33
|
|
|
34
34
|
def destroy_link(confirm_text: '¿Estás seguro?', klass: 'btn-light')
|
|
35
|
-
return unless Pundit.policy!(
|
|
35
|
+
return unless Pundit.policy!(Current.user, object).destroy?
|
|
36
36
|
|
|
37
37
|
helpers.content_tag :span, rel: :tooltip, title: 'Eliminar' do
|
|
38
38
|
helpers.link_to object_url, data: { 'turbo-confirm': confirm_text, 'turbo-method': :delete },
|
|
@@ -43,7 +43,7 @@ module PgEngine
|
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def edit_link(text: '', klass: 'btn-light')
|
|
46
|
-
return unless Pundit.policy!(
|
|
46
|
+
return unless Pundit.policy!(Current.user, object).edit?
|
|
47
47
|
|
|
48
48
|
helpers.content_tag :span, rel: :tooltip, title: 'Editar' do
|
|
49
49
|
helpers.link_to edit_object_url, data: { turbo_frame: :main },
|
|
@@ -54,7 +54,7 @@ module PgEngine
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def show_link(text: '', klass: 'btn-light')
|
|
57
|
-
return unless Pundit.policy!(
|
|
57
|
+
return unless Pundit.policy!(Current.user, object).show?
|
|
58
58
|
|
|
59
59
|
helpers.content_tag :span, rel: :tooltip, title: 'Ver' do
|
|
60
60
|
helpers.link_to object_url, data: { turbo_frame: :main },
|
|
@@ -65,7 +65,7 @@ module PgEngine
|
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
def export_link(url, text: '', klass: 'btn-info')
|
|
68
|
-
return unless Pundit.policy!(
|
|
68
|
+
return unless Pundit.policy!(Current.user, object).export?
|
|
69
69
|
|
|
70
70
|
helpers.content_tag :span, rel: :tooltip, title: 'Exportar en excel' do
|
|
71
71
|
helpers.content_tag :a, target: '_blank',
|
|
@@ -76,7 +76,7 @@ module PgEngine
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def new_link(remote: nil, klass: 'btn-warning')
|
|
79
|
-
return unless Pundit.policy!(
|
|
79
|
+
return unless Pundit.policy!(Current.user, object).new?
|
|
80
80
|
|
|
81
81
|
helpers.content_tag :span, rel: :tooltip, title: submit_default_value do
|
|
82
82
|
helpers.link_to(new_object_url, class: "btn btn-sm #{klass}",
|
|
@@ -38,7 +38,9 @@ module PgEngine
|
|
|
38
38
|
|
|
39
39
|
# This method creates a link with `data-id` `data-fields` attributes.
|
|
40
40
|
# These attributes are used to create new instances of the nested fields through Javascript.
|
|
41
|
-
def link_to_add_fields(name, form, association, required: false)
|
|
41
|
+
def link_to_add_fields(name, form, association, required: false, view_path: nil)
|
|
42
|
+
# view_path is required when rendering outside a controller flow
|
|
43
|
+
|
|
42
44
|
# Takes an object (@person) and creates a new instance of its associated model (:addresses)
|
|
43
45
|
# To better understand, run the following in your terminal:
|
|
44
46
|
# rails c --sandbox
|
|
@@ -65,7 +67,7 @@ module PgEngine
|
|
|
65
67
|
# The render function will then look for `views/people/_address_fields.html.erb`
|
|
66
68
|
# The render function also needs to be passed the value of 'builder', because
|
|
67
69
|
# `views/people/_address_fields.html.erb` needs this to render the form tags.
|
|
68
|
-
render("#{association.to_s.singularize}_fields", f: builder)
|
|
70
|
+
render(view_path || "#{association.to_s.singularize}_fields", f: builder)
|
|
69
71
|
end
|
|
70
72
|
|
|
71
73
|
# This renders a simple link, but passes information into `data` attributes.
|
|
@@ -1,9 +1,5 @@
|
|
|
1
1
|
module PgEngine
|
|
2
2
|
module PgRailsHelper
|
|
3
|
-
def current_account
|
|
4
|
-
current_user&.current_account
|
|
5
|
-
end
|
|
6
|
-
|
|
7
3
|
def img_placeholder(src: nil, width: '100%', height: '100%', fade_in: false, **img_opts)
|
|
8
4
|
if fade_in || src.nil?
|
|
9
5
|
img_opts = img_opts.merge(style: [img_opts[:style], 'display:none'].compact.join(';'))
|
|
@@ -17,6 +17,8 @@ module PgEngine
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def self.namespace(context)
|
|
20
|
+
return Current.namespace if Current.namespace.present?
|
|
21
|
+
|
|
20
22
|
req = request(context)
|
|
21
23
|
route = Rails.application.routes.recognize_path(req.path, method: req.env['REQUEST_METHOD'])
|
|
22
24
|
parts = route[:controller].split('/')
|
|
@@ -233,7 +233,7 @@ module PgEngine
|
|
|
233
233
|
nombre_clase = asociacion.options[:class_name]
|
|
234
234
|
nombre_clase = asociacion.name.to_s.camelize if nombre_clase.nil?
|
|
235
235
|
clase_asociacion = Object.const_get(nombre_clase)
|
|
236
|
-
scope = Pundit.policy_scope!(
|
|
236
|
+
scope = Pundit.policy_scope!(Current.user, clase_asociacion)
|
|
237
237
|
|
|
238
238
|
# Filtro soft deleted, y sea con paranoia o con discard
|
|
239
239
|
scope = scope.without_deleted if scope.respond_to?(:without_deleted)
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
class Current < ActiveSupport::CurrentAttributes
|
|
2
|
+
attribute :account, :user, :namespace
|
|
3
|
+
# attribute :request_id, :user_agent, :ip_address
|
|
4
|
+
|
|
5
|
+
# resets { Time.zone = nil }
|
|
6
|
+
|
|
7
|
+
def user=(user)
|
|
8
|
+
super
|
|
9
|
+
self.account = user&.current_account
|
|
10
|
+
# Time.zone = user.time_zone
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -10,8 +10,6 @@ module PgEngine
|
|
|
10
10
|
|
|
11
11
|
self.abstract_class = true
|
|
12
12
|
|
|
13
|
-
attr_accessor :current_user
|
|
14
|
-
|
|
15
13
|
before_create :setear_creado_y_actualizado_por
|
|
16
14
|
before_update :setear_actualizado_por
|
|
17
15
|
|
|
@@ -59,12 +57,12 @@ module PgEngine
|
|
|
59
57
|
private
|
|
60
58
|
|
|
61
59
|
def setear_creado_y_actualizado_por
|
|
62
|
-
setear_si_existe :creado_por,
|
|
63
|
-
setear_si_existe :actualizado_por,
|
|
60
|
+
setear_si_existe :creado_por, Current.user
|
|
61
|
+
setear_si_existe :actualizado_por, Current.user
|
|
64
62
|
end
|
|
65
63
|
|
|
66
64
|
def setear_actualizado_por
|
|
67
|
-
setear_si_existe :actualizado_por,
|
|
65
|
+
setear_si_existe :actualizado_por, Current.user
|
|
68
66
|
end
|
|
69
67
|
|
|
70
68
|
def setear_si_existe(campo, valor)
|
|
@@ -5,8 +5,7 @@
|
|
|
5
5
|
module PgEngine
|
|
6
6
|
class Configuracion
|
|
7
7
|
attr_accessor :sistema_iconos, :clase_botones_chicos, :boton_destroy, :boton_edit,
|
|
8
|
-
:boton_show, :boton_light, :icono_destroy, :icono_edit, :icono_show, :boton_export, :bootstrap_version
|
|
9
|
-
:current_user_method
|
|
8
|
+
:boton_show, :boton_light, :icono_destroy, :icono_edit, :icono_show, :boton_export, :bootstrap_version
|
|
10
9
|
|
|
11
10
|
def initialize
|
|
12
11
|
@sistema_iconos = 'bi'
|
|
@@ -20,7 +19,6 @@ module PgEngine
|
|
|
20
19
|
@icono_edit = 'pencil'
|
|
21
20
|
@icono_show = 'eye-fill'
|
|
22
21
|
@bootstrap_version = 5
|
|
23
|
-
@current_user_method = :current_user
|
|
24
22
|
end
|
|
25
23
|
end
|
|
26
24
|
end
|
|
@@ -18,9 +18,9 @@ end
|
|
|
18
18
|
|
|
19
19
|
module PgEngine
|
|
20
20
|
class PgLogger
|
|
21
|
-
# Generalmente en
|
|
21
|
+
# Generalmente en test queremos que se lancen los errores, salvo
|
|
22
22
|
# cuando estamos testeando casos de error puntuales.
|
|
23
|
-
@raise_errors = Rails.env.
|
|
23
|
+
@raise_errors = Rails.env.test?
|
|
24
24
|
|
|
25
25
|
class << self
|
|
26
26
|
attr_accessor :raise_errors
|
|
@@ -5,6 +5,10 @@ class DummyBaseController < PgEngine::BaseController
|
|
|
5
5
|
raise PgEngine::BaseController::Redirect, '/some_path'
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
def test_not_authorized
|
|
9
|
+
raise Pundit::NotAuthorizedError
|
|
10
|
+
end
|
|
11
|
+
|
|
8
12
|
def check_dev_user
|
|
9
13
|
@dev_user_or_env = dev_user_or_env?
|
|
10
14
|
@dev_user = dev_user?
|
|
@@ -24,6 +28,38 @@ describe DummyBaseController do
|
|
|
24
28
|
end
|
|
25
29
|
end
|
|
26
30
|
|
|
31
|
+
describe 'not_authorized' do
|
|
32
|
+
subject do
|
|
33
|
+
get :test_not_authorized
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
let(:user) { create :user }
|
|
37
|
+
|
|
38
|
+
before do
|
|
39
|
+
sign_in user
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it do
|
|
43
|
+
subject
|
|
44
|
+
expect(response).to redirect_to root_path
|
|
45
|
+
expect(flash[:alert]).to eq 'Not authorized'
|
|
46
|
+
expect(controller).to be_user_signed_in
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
context 'cuando ocurre en el root_path' do
|
|
50
|
+
before do
|
|
51
|
+
allow_any_instance_of(ActionController::TestRequest).to receive(:path).and_return(root_path)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
it do
|
|
55
|
+
subject
|
|
56
|
+
expect(response).to have_http_status(:ok)
|
|
57
|
+
expect(response.body).to eq 'Not authorized'
|
|
58
|
+
expect(controller).not_to be_user_signed_in
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
27
63
|
describe '#dev_user_or_env?' do
|
|
28
64
|
let(:user) { create :user, :developer }
|
|
29
65
|
|
|
@@ -27,10 +27,10 @@
|
|
|
27
27
|
<% if user_signed_in? %>
|
|
28
28
|
<li class="nav-item dropdown">
|
|
29
29
|
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
|
|
30
|
-
<%=
|
|
30
|
+
<%= Current.user %>
|
|
31
31
|
</a>
|
|
32
32
|
<ul class="dropdown-menu">
|
|
33
|
-
<% if policy(
|
|
33
|
+
<% if policy(Current.user).edit? %>
|
|
34
34
|
<li>
|
|
35
35
|
<%= link_to "Mi perfil", edit_user_registration_path, class: 'dropdown-item' %>
|
|
36
36
|
</li>
|
|
@@ -15,10 +15,10 @@
|
|
|
15
15
|
<% if user_signed_in? %>
|
|
16
16
|
<li class="nav-item dropdown">
|
|
17
17
|
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
|
|
18
|
-
<%=
|
|
18
|
+
<%= Current.user %>
|
|
19
19
|
</a>
|
|
20
20
|
<ul class="dropdown-menu">
|
|
21
|
-
<% if policy(
|
|
21
|
+
<% if policy(Current.user).edit? %>
|
|
22
22
|
<li>
|
|
23
23
|
<%= link_to "Mi perfil", edit_user_registration_path, class: 'dropdown-item' %>
|
|
24
24
|
</li>
|
data/pg_rails/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pg_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.8.pre.alpha.
|
|
4
|
+
version: 7.0.8.pre.alpha.39
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martín Rosso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -877,6 +877,7 @@ files:
|
|
|
877
877
|
- pg_engine/app/lib/pg_engine/filtros_builder.rb
|
|
878
878
|
- pg_engine/app/lib/pg_form_builder.rb
|
|
879
879
|
- pg_engine/app/models/account.rb
|
|
880
|
+
- pg_engine/app/models/current.rb
|
|
880
881
|
- pg_engine/app/models/pg_engine/base_record.rb
|
|
881
882
|
- pg_engine/app/models/user.rb
|
|
882
883
|
- pg_engine/app/models/user_account.rb
|