pg_rails 7.6.21.pre.4 → 7.6.21.pre.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52db938b6aad2006d1815247f8b3f1c4bd297b811ca50db7e800760967942045
-  data.tar.gz: 1a095d3501f50d2b3fa9b123bb62a42e5c3472a1f679b4adf5932716f51693de
+  metadata.gz: 17cf95fadec564d2e113988fb4fd1c87aa80d47704b931cb757086191a003edf
+  data.tar.gz: 5b1927d80bc193f337834f899c80ec39cf672a860ff41de4c969bc98d40ce732
 SHA512:
-  metadata.gz: ab9d327f91d9153cf8e2ebc1e602510db545f1f086a23fb7d1ced3f5480b234f0b231327930b3707f972a5524cff80796488d3a762df95ed5d0ad649f52dd21c
-  data.tar.gz: 2ca7ae67777a8bac52b5f63642e52d3436fd094c166a97f2c84417bdfcd3305d9f5b5e6a286e2fbd4a655035a69049ddff6ab72ec83abbc6dc5853808ad9d8a9
+  metadata.gz: d0154a248f228e5a488c1f220e328a2ead8c12d07a76dccc54ce4c483ea8fccfe04d868c30a43c7e0f28806d1562e0d819cb7a475d5e929a196b0289c935685a
+  data.tar.gz: 6aae31da7a86b10ae921b5787f4dd6b18125b29f170401ae3b841f49755d938e08b1e4d36158a1ee967146fa9cfa16c9991188c6cfba8c8b01747c63a585efd1

data/pg_associable/app/helpers/pg_associable/form_builder_methods.rb

@@ -49,6 +49,13 @@ module PgAssociable
       puede_crear = Pundit::PolicyFinder.new(klass).policy.new(user, klass).new_from_associable?
       collection = Pundit::PolicyFinder.new(klass).scope.new(user, klass).resolve
       collection = collection.kept if collection.respond_to?(:kept)
+
+      reflect = associacion_for(atributo)
+      fkid = object.send(reflect.foreign_key)
+      if fkid
+        collection = collection.or(klass.where(id: fkid))
+      end
+
       [collection, puede_crear]
     end
 
@@ -78,11 +85,17 @@ module PgAssociable
       association atributo, options
     end
 
-    def clase_asociacion(atributo)
+    def associacion_for(atributo)
       asociacion = object.class.reflect_on_all_associations.find { |a| a.name == atributo.to_sym }
 
       raise PgEngine::Error, "no existe la asociación para el atributo: #{atributo}" if asociacion.blank?
 
+      asociacion
+    end
+
+    def clase_asociacion(atributo)
+      asociacion = associacion_for(atributo)
+
       nombre_clase = asociacion.options[:class_name]
       nombre_clase = asociacion.name.to_s.camelize if nombre_clase.nil?
       Object.const_get(nombre_clase)

data/pg_engine/app/components/inline_edit/inline_show_component.html.slim

@@ -1,3 +1,5 @@
+/ TODO!: estaría bueno que la policy pueda discriminar permisos para cada atributo
+/ y por ejemplo no permitir el edit de un belongs_to a un modelo sobre el cual no tiene permisos
 - if Current.namespace == :tenant && \
      @model.class.inline_editable?(@unsuffixed_attribute) && helpers.policy(@model).edit?
   = helpers.turbo_frame_tag(@frame_id, class: 'inline-edit')

data/pg_engine/app/controllers/pg_engine/base_controller.rb

@@ -219,7 +219,7 @@ module PgEngine
         Request: #{request.inspect}
       STRING
 
-      render_my_component(BadUserInputComponent.new(error_msg: 'Acceso no autorizado'), :unauthorized)
+      render_my_component(BadUserInputComponent.new(error_msg: 'Operación no permitida'), :unauthorized)
     end
 
     def go_back(message = nil, type: :alert)

data/pg_engine/app/policies/pg_engine/base_policy.rb

@@ -130,7 +130,10 @@ module PgEngine
       return false if ActsAsTenant.current_tenant.blank?
 
       full_key = "#{profile_prefix}__#{key}"
-      Current.user_account_owner? || Current.active_user_profiles.include?(full_key)
+
+      scoped_by_tenant = record.class.respond_to?(:scoped_by_tenant?) && record.class.scoped_by_tenant?
+      (!scoped_by_tenant || Current.account.id == record.account_id) &&
+        (Current.user_account_owner? || Current.active_user_profiles.include?(full_key))
     end
   end
 end

data/pg_layout/app/javascript/controllers/notifications_controller.js

@@ -49,7 +49,9 @@ export default class extends Controller {
           notif.classList.remove('unseen')
         }
       )
-      document.querySelector('.notifications-unseen-mark').remove()
+      document.querySelectorAll('.notifications-unseen-mark').forEach((e) => {
+        e.remove()
+      })
     } else {
       const text = await response.text
       Rollbar.error('Error marking as seen: ', text)

data/pg_layout/app/views/pg_layout/_sidebar_mobile.html.slim

@@ -5,12 +5,13 @@
   .offcanvas-body.text-end
     - if user_signed_in?
       = render partial: 'pg_layout/signed_in_links'
-    ul.list-unstyled.mt-4
-      - @navbar.sidebar.each do |entry|
-        - next if @navbar.hide_entry?(entry)
-        li
-          a href=entry[:path] class="pg--nav-button pe-4 text-light #{@navbar.active_entry?(entry, request) ? 'active' : ''} #{entry[:attributes]}"
-            = entry[:title]
+    - if @navbar.present?
+      ul.list-unstyled.mt-4
+        - @navbar.sidebar.each do |entry|
+          - next if @navbar.hide_entry?(entry)
+          li
+            a href=entry[:path] class="pg--nav-button pe-4 text-light #{@navbar.active_entry?(entry, request) ? 'active' : ''} #{entry[:attributes]}"
+              = entry[:title]
 css:
   .offcanvas a { text-decoration: none; }
   .offcanvas li { xmargin-top: 0.75em; } 

data/pg_rails/lib/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PgRails
-  VERSION = '7.6.21-4'
+  VERSION = '7.6.21-6'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pg_rails
 version: !ruby/object:Gem::Version
-  version: 7.6.21.pre.4
+  version: 7.6.21.pre.6
 platform: ruby
 authors:
 - Martín Rosso