pg_rails 7.0.8.pre.alpha.38 → 7.0.8.pre.alpha.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/pg_associable/app/helpers/pg_associable/form_builder_methods.rb +1 -1
- data/pg_associable/spec/pg_associable/helpers_spec.rb +2 -4
- data/pg_engine/app/controllers/concerns/pg_engine/resource.rb +0 -2
- data/pg_engine/app/controllers/pg_engine/base_controller.rb +12 -4
- data/pg_engine/app/decorators/pg_engine/base_decorator.rb +5 -5
- data/pg_engine/app/helpers/pg_engine/form_helper.rb +4 -2
- data/pg_engine/app/helpers/pg_engine/pg_rails_helper.rb +0 -4
- data/pg_engine/app/helpers/pg_engine/route_helper.rb +2 -0
- data/pg_engine/app/lib/pg_engine/filtros_builder.rb +1 -1
- data/pg_engine/app/models/current.rb +12 -0
- data/pg_engine/app/models/pg_engine/base_record.rb +3 -5
- data/pg_engine/lib/pg_engine/configuracion.rb +1 -3
- data/pg_engine/lib/pg_engine/utils/pg_logger.rb +2 -2
- data/pg_engine/spec/controllers/pg_engine/base_controller_spec.rb +36 -0
- data/pg_layout/app/views/pg_layout/_navbar.html.erb +2 -2
- data/pg_layout/app/views/pg_layout/_sidebar_mobile.html.erb +2 -2
- data/pg_rails/lib/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3ea9466d068f06c41fe15e315f2d238ed0479645dfb54a3281e508761bb56891
|
|
4
|
+
data.tar.gz: 2fc50e466c3e8022c04a239faad5ce80dda256e5ee41b83d8c010a6e722416a3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0af2dd365f7a39c4d2bbba1847419a900f5484e7fde5189babaf3f4ab50b59843c88270a8a9890ae3f03617e1ac46fd1a0de80cd1a0391088edd54f597c07f13
|
|
7
|
+
data.tar.gz: 184710630962af26ee129440ba5c47814fdc5728f287be8c20e5da322fabafd91c4fb2a359bded287445b7dddebba854466a40dcca387a326635348a9167c7cb
|
|
@@ -24,7 +24,7 @@ module PgAssociable
|
|
|
24
24
|
|
|
25
25
|
def collection_pc(atributo, _options)
|
|
26
26
|
klass = clase_asociacion(atributo)
|
|
27
|
-
user =
|
|
27
|
+
user = Current.user
|
|
28
28
|
in_modal = options[:asociable].present?
|
|
29
29
|
puede_crear = !in_modal && Pundit::PolicyFinder.new(klass).policy.new(user, klass).new?
|
|
30
30
|
collection = Pundit::PolicyFinder.new(klass).scope.new(user, klass).resolve
|
|
@@ -2,16 +2,14 @@ require 'rails_helper'
|
|
|
2
2
|
|
|
3
3
|
describe PgAssociable::Helpers do
|
|
4
4
|
describe '#pg_respond_buscar' do
|
|
5
|
-
let(:user) { create :user, :developer }
|
|
6
5
|
let(:ctrl) do
|
|
7
|
-
# clazz = Class.new(Admin::CosasController)
|
|
8
|
-
# clazz.new
|
|
9
6
|
Admin::CosasController.new
|
|
10
7
|
end
|
|
11
8
|
let!(:cosa) { create :cosa }
|
|
12
9
|
|
|
13
10
|
before do
|
|
14
|
-
|
|
11
|
+
Current.user = create :user, :developer
|
|
12
|
+
allow(ctrl).to receive_messages(params: { id: 123, query: cosa.id })
|
|
15
13
|
allow(ctrl).to receive(:render)
|
|
16
14
|
ctrl.instance_variable_set(:@clase_modelo, Cosa)
|
|
17
15
|
end
|
|
@@ -230,8 +230,6 @@ module PgEngine
|
|
|
230
230
|
instancia_modelo.assign_attributes(modelo_params) if action_name.in? %w[update]
|
|
231
231
|
end
|
|
232
232
|
|
|
233
|
-
instancia_modelo.current_user = send(PgEngine.configuracion.current_user_method)
|
|
234
|
-
|
|
235
233
|
authorize instancia_modelo
|
|
236
234
|
|
|
237
235
|
# TODO: problema en create y update cuando falla la validacion
|
|
@@ -20,6 +20,10 @@ module PgEngine
|
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
before_action do
|
|
24
|
+
Current.user = current_user
|
|
25
|
+
end
|
|
26
|
+
|
|
23
27
|
protect_from_forgery with: :exception
|
|
24
28
|
|
|
25
29
|
rescue_from PrintHelper::FechaInvalidaError, with: :fecha_invalida
|
|
@@ -35,7 +39,7 @@ module PgEngine
|
|
|
35
39
|
|
|
36
40
|
helper_method :dev_user?
|
|
37
41
|
def dev_user?
|
|
38
|
-
|
|
42
|
+
Current.user&.developer?
|
|
39
43
|
end
|
|
40
44
|
|
|
41
45
|
helper_method :mobile_device?
|
|
@@ -47,7 +51,7 @@ module PgEngine
|
|
|
47
51
|
add_flash_types :warning, :success
|
|
48
52
|
|
|
49
53
|
before_action do
|
|
50
|
-
console if params[:show_web_console]
|
|
54
|
+
console if dev_user_or_env? && (params[:show_web_console] || params[:wc])
|
|
51
55
|
end
|
|
52
56
|
|
|
53
57
|
before_action do
|
|
@@ -57,7 +61,7 @@ module PgEngine
|
|
|
57
61
|
else
|
|
58
62
|
'opened'
|
|
59
63
|
end
|
|
60
|
-
@navbar = Navbar.new(
|
|
64
|
+
@navbar = Navbar.new(Current.user)
|
|
61
65
|
|
|
62
66
|
if Rollbar.configuration.enabled && Rails.application.credentials.rollbar.present?
|
|
63
67
|
@rollbar_token = Rails.application.credentials.rollbar.access_token_client
|
|
@@ -68,6 +72,10 @@ module PgEngine
|
|
|
68
72
|
request.user_agent =~ /Mobile|webOS/
|
|
69
73
|
end
|
|
70
74
|
|
|
75
|
+
def pundit_user
|
|
76
|
+
Current.user
|
|
77
|
+
end
|
|
78
|
+
|
|
71
79
|
protected
|
|
72
80
|
|
|
73
81
|
# TODO: ver qué pasa en producción
|
|
@@ -99,7 +107,7 @@ module PgEngine
|
|
|
99
107
|
format.html do
|
|
100
108
|
if request.path == root_path
|
|
101
109
|
# TODO!: renderear un 500.html y pg_err
|
|
102
|
-
sign_out(
|
|
110
|
+
sign_out(Current.user) if Current.user.present?
|
|
103
111
|
render plain: 'Not authorized'
|
|
104
112
|
else
|
|
105
113
|
go_back('Not authorized')
|
|
@@ -32,7 +32,7 @@ module PgEngine
|
|
|
32
32
|
# rubocop:enable Style/MissingRespondToMissing
|
|
33
33
|
|
|
34
34
|
def destroy_link(confirm_text: '¿Estás seguro?', klass: 'btn-light')
|
|
35
|
-
return unless Pundit.policy!(
|
|
35
|
+
return unless Pundit.policy!(Current.user, object).destroy?
|
|
36
36
|
|
|
37
37
|
helpers.content_tag :span, rel: :tooltip, title: 'Eliminar' do
|
|
38
38
|
helpers.link_to object_url, data: { 'turbo-confirm': confirm_text, 'turbo-method': :delete },
|
|
@@ -43,7 +43,7 @@ module PgEngine
|
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def edit_link(text: '', klass: 'btn-light')
|
|
46
|
-
return unless Pundit.policy!(
|
|
46
|
+
return unless Pundit.policy!(Current.user, object).edit?
|
|
47
47
|
|
|
48
48
|
helpers.content_tag :span, rel: :tooltip, title: 'Editar' do
|
|
49
49
|
helpers.link_to edit_object_url, data: { turbo_frame: :main },
|
|
@@ -54,7 +54,7 @@ module PgEngine
|
|
|
54
54
|
end
|
|
55
55
|
|
|
56
56
|
def show_link(text: '', klass: 'btn-light')
|
|
57
|
-
return unless Pundit.policy!(
|
|
57
|
+
return unless Pundit.policy!(Current.user, object).show?
|
|
58
58
|
|
|
59
59
|
helpers.content_tag :span, rel: :tooltip, title: 'Ver' do
|
|
60
60
|
helpers.link_to object_url, data: { turbo_frame: :main },
|
|
@@ -65,7 +65,7 @@ module PgEngine
|
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
def export_link(url, text: '', klass: 'btn-info')
|
|
68
|
-
return unless Pundit.policy!(
|
|
68
|
+
return unless Pundit.policy!(Current.user, object).export?
|
|
69
69
|
|
|
70
70
|
helpers.content_tag :span, rel: :tooltip, title: 'Exportar en excel' do
|
|
71
71
|
helpers.content_tag :a, target: '_blank',
|
|
@@ -76,7 +76,7 @@ module PgEngine
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def new_link(remote: nil, klass: 'btn-warning')
|
|
79
|
-
return unless Pundit.policy!(
|
|
79
|
+
return unless Pundit.policy!(Current.user, object).new?
|
|
80
80
|
|
|
81
81
|
helpers.content_tag :span, rel: :tooltip, title: submit_default_value do
|
|
82
82
|
helpers.link_to(new_object_url, class: "btn btn-sm #{klass}",
|
|
@@ -38,7 +38,9 @@ module PgEngine
|
|
|
38
38
|
|
|
39
39
|
# This method creates a link with `data-id` `data-fields` attributes.
|
|
40
40
|
# These attributes are used to create new instances of the nested fields through Javascript.
|
|
41
|
-
def link_to_add_fields(name, form, association, required: false)
|
|
41
|
+
def link_to_add_fields(name, form, association, required: false, view_path: nil)
|
|
42
|
+
# view_path is required when rendering outside a controller flow
|
|
43
|
+
|
|
42
44
|
# Takes an object (@person) and creates a new instance of its associated model (:addresses)
|
|
43
45
|
# To better understand, run the following in your terminal:
|
|
44
46
|
# rails c --sandbox
|
|
@@ -65,7 +67,7 @@ module PgEngine
|
|
|
65
67
|
# The render function will then look for `views/people/_address_fields.html.erb`
|
|
66
68
|
# The render function also needs to be passed the value of 'builder', because
|
|
67
69
|
# `views/people/_address_fields.html.erb` needs this to render the form tags.
|
|
68
|
-
render("#{association.to_s.singularize}_fields", f: builder)
|
|
70
|
+
render(view_path || "#{association.to_s.singularize}_fields", f: builder)
|
|
69
71
|
end
|
|
70
72
|
|
|
71
73
|
# This renders a simple link, but passes information into `data` attributes.
|
|
@@ -1,9 +1,5 @@
|
|
|
1
1
|
module PgEngine
|
|
2
2
|
module PgRailsHelper
|
|
3
|
-
def current_account
|
|
4
|
-
current_user&.current_account
|
|
5
|
-
end
|
|
6
|
-
|
|
7
3
|
def img_placeholder(src: nil, width: '100%', height: '100%', fade_in: false, **img_opts)
|
|
8
4
|
if fade_in || src.nil?
|
|
9
5
|
img_opts = img_opts.merge(style: [img_opts[:style], 'display:none'].compact.join(';'))
|
|
@@ -17,6 +17,8 @@ module PgEngine
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def self.namespace(context)
|
|
20
|
+
return Current.namespace if Current.namespace.present?
|
|
21
|
+
|
|
20
22
|
req = request(context)
|
|
21
23
|
route = Rails.application.routes.recognize_path(req.path, method: req.env['REQUEST_METHOD'])
|
|
22
24
|
parts = route[:controller].split('/')
|
|
@@ -233,7 +233,7 @@ module PgEngine
|
|
|
233
233
|
nombre_clase = asociacion.options[:class_name]
|
|
234
234
|
nombre_clase = asociacion.name.to_s.camelize if nombre_clase.nil?
|
|
235
235
|
clase_asociacion = Object.const_get(nombre_clase)
|
|
236
|
-
scope = Pundit.policy_scope!(
|
|
236
|
+
scope = Pundit.policy_scope!(Current.user, clase_asociacion)
|
|
237
237
|
|
|
238
238
|
# Filtro soft deleted, y sea con paranoia o con discard
|
|
239
239
|
scope = scope.without_deleted if scope.respond_to?(:without_deleted)
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
class Current < ActiveSupport::CurrentAttributes
|
|
2
|
+
attribute :account, :user, :namespace
|
|
3
|
+
# attribute :request_id, :user_agent, :ip_address
|
|
4
|
+
|
|
5
|
+
# resets { Time.zone = nil }
|
|
6
|
+
|
|
7
|
+
def user=(user)
|
|
8
|
+
super
|
|
9
|
+
self.account = user&.current_account
|
|
10
|
+
# Time.zone = user.time_zone
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -10,8 +10,6 @@ module PgEngine
|
|
|
10
10
|
|
|
11
11
|
self.abstract_class = true
|
|
12
12
|
|
|
13
|
-
attr_accessor :current_user
|
|
14
|
-
|
|
15
13
|
before_create :setear_creado_y_actualizado_por
|
|
16
14
|
before_update :setear_actualizado_por
|
|
17
15
|
|
|
@@ -59,12 +57,12 @@ module PgEngine
|
|
|
59
57
|
private
|
|
60
58
|
|
|
61
59
|
def setear_creado_y_actualizado_por
|
|
62
|
-
setear_si_existe :creado_por,
|
|
63
|
-
setear_si_existe :actualizado_por,
|
|
60
|
+
setear_si_existe :creado_por, Current.user
|
|
61
|
+
setear_si_existe :actualizado_por, Current.user
|
|
64
62
|
end
|
|
65
63
|
|
|
66
64
|
def setear_actualizado_por
|
|
67
|
-
setear_si_existe :actualizado_por,
|
|
65
|
+
setear_si_existe :actualizado_por, Current.user
|
|
68
66
|
end
|
|
69
67
|
|
|
70
68
|
def setear_si_existe(campo, valor)
|
|
@@ -5,8 +5,7 @@
|
|
|
5
5
|
module PgEngine
|
|
6
6
|
class Configuracion
|
|
7
7
|
attr_accessor :sistema_iconos, :clase_botones_chicos, :boton_destroy, :boton_edit,
|
|
8
|
-
:boton_show, :boton_light, :icono_destroy, :icono_edit, :icono_show, :boton_export, :bootstrap_version
|
|
9
|
-
:current_user_method
|
|
8
|
+
:boton_show, :boton_light, :icono_destroy, :icono_edit, :icono_show, :boton_export, :bootstrap_version
|
|
10
9
|
|
|
11
10
|
def initialize
|
|
12
11
|
@sistema_iconos = 'bi'
|
|
@@ -20,7 +19,6 @@ module PgEngine
|
|
|
20
19
|
@icono_edit = 'pencil'
|
|
21
20
|
@icono_show = 'eye-fill'
|
|
22
21
|
@bootstrap_version = 5
|
|
23
|
-
@current_user_method = :current_user
|
|
24
22
|
end
|
|
25
23
|
end
|
|
26
24
|
end
|
|
@@ -18,9 +18,9 @@ end
|
|
|
18
18
|
|
|
19
19
|
module PgEngine
|
|
20
20
|
class PgLogger
|
|
21
|
-
# Generalmente en
|
|
21
|
+
# Generalmente en test queremos que se lancen los errores, salvo
|
|
22
22
|
# cuando estamos testeando casos de error puntuales.
|
|
23
|
-
@raise_errors = Rails.env.
|
|
23
|
+
@raise_errors = Rails.env.test?
|
|
24
24
|
|
|
25
25
|
class << self
|
|
26
26
|
attr_accessor :raise_errors
|
|
@@ -5,6 +5,10 @@ class DummyBaseController < PgEngine::BaseController
|
|
|
5
5
|
raise PgEngine::BaseController::Redirect, '/some_path'
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
def test_not_authorized
|
|
9
|
+
raise Pundit::NotAuthorizedError
|
|
10
|
+
end
|
|
11
|
+
|
|
8
12
|
def check_dev_user
|
|
9
13
|
@dev_user_or_env = dev_user_or_env?
|
|
10
14
|
@dev_user = dev_user?
|
|
@@ -24,6 +28,38 @@ describe DummyBaseController do
|
|
|
24
28
|
end
|
|
25
29
|
end
|
|
26
30
|
|
|
31
|
+
describe 'not_authorized' do
|
|
32
|
+
subject do
|
|
33
|
+
get :test_not_authorized
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
let(:user) { create :user }
|
|
37
|
+
|
|
38
|
+
before do
|
|
39
|
+
sign_in user
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it do
|
|
43
|
+
subject
|
|
44
|
+
expect(response).to redirect_to root_path
|
|
45
|
+
expect(flash[:alert]).to eq 'Not authorized'
|
|
46
|
+
expect(controller).to be_user_signed_in
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
context 'cuando ocurre en el root_path' do
|
|
50
|
+
before do
|
|
51
|
+
allow_any_instance_of(ActionController::TestRequest).to receive(:path).and_return(root_path)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
it do
|
|
55
|
+
subject
|
|
56
|
+
expect(response).to have_http_status(:ok)
|
|
57
|
+
expect(response.body).to eq 'Not authorized'
|
|
58
|
+
expect(controller).not_to be_user_signed_in
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
27
63
|
describe '#dev_user_or_env?' do
|
|
28
64
|
let(:user) { create :user, :developer }
|
|
29
65
|
|
|
@@ -27,10 +27,10 @@
|
|
|
27
27
|
<% if user_signed_in? %>
|
|
28
28
|
<li class="nav-item dropdown">
|
|
29
29
|
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
|
|
30
|
-
<%=
|
|
30
|
+
<%= Current.user %>
|
|
31
31
|
</a>
|
|
32
32
|
<ul class="dropdown-menu">
|
|
33
|
-
<% if policy(
|
|
33
|
+
<% if policy(Current.user).edit? %>
|
|
34
34
|
<li>
|
|
35
35
|
<%= link_to "Mi perfil", edit_user_registration_path, class: 'dropdown-item' %>
|
|
36
36
|
</li>
|
|
@@ -15,10 +15,10 @@
|
|
|
15
15
|
<% if user_signed_in? %>
|
|
16
16
|
<li class="nav-item dropdown">
|
|
17
17
|
<a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false">
|
|
18
|
-
<%=
|
|
18
|
+
<%= Current.user %>
|
|
19
19
|
</a>
|
|
20
20
|
<ul class="dropdown-menu">
|
|
21
|
-
<% if policy(
|
|
21
|
+
<% if policy(Current.user).edit? %>
|
|
22
22
|
<li>
|
|
23
23
|
<%= link_to "Mi perfil", edit_user_registration_path, class: 'dropdown-item' %>
|
|
24
24
|
</li>
|
data/pg_rails/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pg_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.8.pre.alpha.
|
|
4
|
+
version: 7.0.8.pre.alpha.39
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martín Rosso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -877,6 +877,7 @@ files:
|
|
|
877
877
|
- pg_engine/app/lib/pg_engine/filtros_builder.rb
|
|
878
878
|
- pg_engine/app/lib/pg_form_builder.rb
|
|
879
879
|
- pg_engine/app/models/account.rb
|
|
880
|
+
- pg_engine/app/models/current.rb
|
|
880
881
|
- pg_engine/app/models/pg_engine/base_record.rb
|
|
881
882
|
- pg_engine/app/models/user.rb
|
|
882
883
|
- pg_engine/app/models/user_account.rb
|