pg_rails 7.6.21.pre.4 → 7.6.21.pre.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52db938b6aad2006d1815247f8b3f1c4bd297b811ca50db7e800760967942045
-  data.tar.gz: 1a095d3501f50d2b3fa9b123bb62a42e5c3472a1f679b4adf5932716f51693de
+  metadata.gz: 2f515ba243d4ef8862ebb74652329637397334f2af37b82a3984a6cab05bf2ab
+  data.tar.gz: 7f01717d0f4a9e4ff9aeca5a24286134cf4045c3554986e716c5aa33c6d5a9fd
 SHA512:
-  metadata.gz: ab9d327f91d9153cf8e2ebc1e602510db545f1f086a23fb7d1ced3f5480b234f0b231327930b3707f972a5524cff80796488d3a762df95ed5d0ad649f52dd21c
-  data.tar.gz: 2ca7ae67777a8bac52b5f63642e52d3436fd094c166a97f2c84417bdfcd3305d9f5b5e6a286e2fbd4a655035a69049ddff6ab72ec83abbc6dc5853808ad9d8a9
+  metadata.gz: dd6e02da0ef6c884fa7bacf08c3cc38ee9677ba26c26e47d97eb313accdaf14ac82781a70ad54149f40c63b37b0313adf410f14e0b169866078f2d2f3fa30d09
+  data.tar.gz: 510037412f74089b74bd7cd632cf70fb2e25d57c0e7d4463d0667f723a4add732319f89f0f7670ccaa6c10874372ee87943c2f92d96fa789badbd04ed4d4fde0

data/pg_associable/app/helpers/pg_associable/form_builder_methods.rb

@@ -49,6 +49,13 @@ module PgAssociable
       puede_crear = Pundit::PolicyFinder.new(klass).policy.new(user, klass).new_from_associable?
       collection = Pundit::PolicyFinder.new(klass).scope.new(user, klass).resolve
       collection = collection.kept if collection.respond_to?(:kept)
+
+      reflect = associacion_for(atributo)
+      fkid = object.send(reflect.foreign_key)
+      if fkid
+        collection = collection.or(klass.where(id: fkid))
+      end
+
       [collection, puede_crear]
     end
 
@@ -78,11 +85,17 @@ module PgAssociable
       association atributo, options
     end
 
-    def clase_asociacion(atributo)
+    def associacion_for(atributo)
       asociacion = object.class.reflect_on_all_associations.find { |a| a.name == atributo.to_sym }
 
       raise PgEngine::Error, "no existe la asociación para el atributo: #{atributo}" if asociacion.blank?
 
+      asociacion
+    end
+
+    def clase_asociacion(atributo)
+      asociacion = associacion_for(atributo)
+
       nombre_clase = asociacion.options[:class_name]
       nombre_clase = asociacion.name.to_s.camelize if nombre_clase.nil?
       Object.const_get(nombre_clase)

data/pg_engine/app/components/inline_edit/inline_show_component.html.slim

@@ -1,3 +1,5 @@
+/ TODO!: estaría bueno que la policy pueda discriminar permisos para cada atributo
+/ y por ejemplo no permitir el edit de un belongs_to a un modelo sobre el cual no tiene permisos
 - if Current.namespace == :tenant && \
      @model.class.inline_editable?(@unsuffixed_attribute) && helpers.policy(@model).edit?
   = helpers.turbo_frame_tag(@frame_id, class: 'inline-edit')

data/pg_engine/app/controllers/pg_engine/base_controller.rb

@@ -219,7 +219,7 @@ module PgEngine
         Request: #{request.inspect}
       STRING
 
-      render_my_component(BadUserInputComponent.new(error_msg: 'Acceso no autorizado'), :unauthorized)
+      render_my_component(BadUserInputComponent.new(error_msg: 'Operación no permitida'), :unauthorized)
     end
 
     def go_back(message = nil, type: :alert)

data/pg_engine/app/policies/pg_engine/base_policy.rb

@@ -130,7 +130,10 @@ module PgEngine
       return false if ActsAsTenant.current_tenant.blank?
 
       full_key = "#{profile_prefix}__#{key}"
-      Current.user_account_owner? || Current.active_user_profiles.include?(full_key)
+
+      scoped_by_tenant = record.class.respond_to?(:scoped_by_tenant) && record.class.scoped_by_tenant?
+      (!scoped_by_tenant || Current.account.id == record.account_id) &&
+        (Current.user_account_owner? || Current.active_user_profiles.include?(full_key))
     end
   end
 end

data/pg_layout/app/javascript/controllers/notifications_controller.js

@@ -49,7 +49,9 @@ export default class extends Controller {
           notif.classList.remove('unseen')
         }
       )
-      document.querySelector('.notifications-unseen-mark').remove()
+      document.querySelectorAll('.notifications-unseen-mark').forEach((e) => {
+        e.remove()
+      })
     } else {
       const text = await response.text
       Rollbar.error('Error marking as seen: ', text)

data/pg_layout/app/views/pg_layout/_sidebar_mobile.html.slim

@@ -5,12 +5,13 @@
   .offcanvas-body.text-end
     - if user_signed_in?
       = render partial: 'pg_layout/signed_in_links'
-    ul.list-unstyled.mt-4
-      - @navbar.sidebar.each do |entry|
-        - next if @navbar.hide_entry?(entry)
-        li
-          a href=entry[:path] class="pg--nav-button pe-4 text-light #{@navbar.active_entry?(entry, request) ? 'active' : ''} #{entry[:attributes]}"
-            = entry[:title]
+    - if @navbar.present?
+      ul.list-unstyled.mt-4
+        - @navbar.sidebar.each do |entry|
+          - next if @navbar.hide_entry?(entry)
+          li
+            a href=entry[:path] class="pg--nav-button pe-4 text-light #{@navbar.active_entry?(entry, request) ? 'active' : ''} #{entry[:attributes]}"
+              = entry[:title]
 css:
   .offcanvas a { text-decoration: none; }
   .offcanvas li { xmargin-top: 0.75em; } 

data/pg_rails/lib/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PgRails
-  VERSION = '7.6.21-4'
+  VERSION = '7.6.21-5'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pg_rails
 version: !ruby/object:Gem::Version
-  version: 7.6.21.pre.4
+  version: 7.6.21.pre.5
 platform: ruby
 authors:
 - Martín Rosso