plutonium 0.42.0 → 0.43.1

data/app/views/plutonium/_resource_header.html.erb

@@ -3,39 +3,18 @@
     <%= resource_logo_tag(classname: "h-10 rounded-md") %>
   <% end %>
 
-  <% header.with_action do %>
-    <%=
-      render Plutonium::UI::NavGridMenu.new(label: "Apps", icon: Phlex::TablerIcons::Apps) do |menu|
-        menu.with_item(name: "Dashboard", icon: Phlex::TablerIcons::Dashboard, href: "#")
-        menu.with_item(name: "Settings", icon: Phlex::TablerIcons::Settings, href: "#")
-        menu.with_item(name: "Profile", icon: Phlex::TablerIcons::User, href: "#")
-      end
-    %>
-  <% end %>
-
   <% header.with_action do %>
     <%=
       render Plutonium::UI::NavUser.new(
         name: nil,
         email: current_user.try(:email) || current_user
       ) do |nav|
-        nav.with_section do |section|
-          section.with_link(label: "My profile", href: "#")
-          section.with_link(label: "Account settings", href: "#")
-        end
-
-        nav.with_section do |section|
-          section.with_link(label: "My likes", href: "#") do |link|
-            link.with_leading do
-              render Phlex::TablerIcons::Heart.new(class: "mr-2 text-gray-400 w-4 h-4")
-            end
-          end
-          section.with_link(label: "Pro version", href: "#") do |link|
-            link.with_leading do
-              render Phlex::TablerIcons::Flame.new(class: "mr-2 text-primary-600 dark:text-primary-500 w-4 h-4")
-            end
-            link.with_trailing do
-              render Phlex::TablerIcons::CaretRight.new(class: "w-3 h-3")
+        if try(:profile_url)
+          nav.with_section do |section|
+            section.with_link(label: "Profile", href: profile_url) do |link|
+              link.with_leading do
+                render Phlex::TablerIcons::User.new(class: "mr-2 text-gray-400 w-4 h-4")
+              end
             end
           end
         end

data/app/views/plutonium/_resource_sidebar.html.erb

@@ -8,8 +8,7 @@
 
         m.item "Resources", icon: Phlex::TablerIcons::GridDots do |n|
           registered_resources.each do |resource|
-            n.item resource.model_name.human.pluralize,
-              url: resource_url_for(resource, parent: nil)
+            n.item resource_label(resource), url: resource_url_for(resource, parent: nil)
           end
         end
       end

data/app/views/resource/_resource_details.rabl

@@ -1,5 +1,6 @@
-attributes :id
-attributes :created_at, :updated_at
+attributes resource_class.primary_key.to_sym
+attributes :created_at if resource_class.column_names.include?("created_at")
+attributes :updated_at if resource_class.column_names.include?("updated_at")
 
 node(:sgid) { |resource| resource.to_signed_global_id.to_s }
 

data/app/views/resource/index.rabl

@@ -1,7 +1,8 @@
 collection @resource_records, root: resource_class.to_s.demodulize.underscore.pluralize.to_sym, object_root: false
 
-attributes :id
-attributes :created_at, :updated_at
+attributes resource_class.primary_key.to_sym
+attributes :created_at if resource_class.column_names.include?("created_at")
+attributes :updated_at if resource_class.column_names.include?("updated_at")
 
 node(:sgid) { |resource| resource.to_signed_global_id.to_s }
 

data/app/views/resource/show.rabl

@@ -1,7 +1,8 @@
 object @resource_record
 
-attributes :id
-attributes :created_at, :updated_at
+attributes resource_class.primary_key.to_sym
+attributes :created_at if resource_class.column_names.include?("created_at")
+attributes :updated_at if resource_class.column_names.include?("updated_at")
 
 node(:sgid) { |resource| resource.to_signed_global_id.to_s }
 

data/docs/guides/user-profile.md

@@ -0,0 +1,322 @@
+# User Profile
+
+Plutonium provides a Profile resource generator for user account settings. The Profile page allows users to manage their personal information and access Rodauth security features like password changes, two-factor authentication, and session management.
+
+## Overview
+
+The profile system provides:
+- **Profile Resource**: A standard Plutonium resource linked to the User model
+- **Security Section**: Automatic display of enabled Rodauth security features
+- **Customizable Fields**: Add any fields you need (bio, avatar, preferences, etc.)
+
+## Prerequisites
+
+Before installing the profile, ensure you have:
+
+1. **User Authentication**: A Rodauth user account set up
+2. **Model Markers**: The User model with marker comments
+
+The easiest way to set this up is with the SaaS generator:
+
+```bash
+rails g pu:saas:user User
+```
+
+## Installation
+
+### Step 1: Install the Profile Resource
+
+```bash
+rails generate pu:profile:install --dest=main_app
+```
+
+With custom fields:
+
+```bash
+rails g pu:profile:install \
+    bio:text \
+    avatar:attachment \
+    'timezone:string?' \
+    notifications_enabled:boolean \
+    --dest=main_app
+```
+
+### Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `--dest` | (prompts) | Target destination package or main_app |
+| `--user-model` | User | Rodauth user model name |
+
+### Step 2: Run Migrations
+
+```bash
+rails db:migrate
+```
+
+### Step 3: Connect to Portal
+
+Connect the Profile to your portal using the profile connect generator:
+
+```bash
+rails g pu:profile:conn --dest=customer_portal
+```
+
+This:
+- Registers the Profile as a singular resource (`/profile` instead of `/profiles/:id`)
+- Configures the `profile_url` helper to enable the "Profile" link in the user menu
+
+## Generated Files
+
+The generator creates a standard Plutonium resource:
+
+```
+app/models/profile.rb
+db/migrate/xxx_create_profiles.rb
+app/controllers/profiles_controller.rb
+app/policies/profile_policy.rb
+app/definitions/profile_definition.rb
+```
+
+And modifies:
+- **User model**: Adds `has_one :profile, dependent: :destroy`
+- **Definition**: Injects custom ShowPage with security links
+
+## Security Section
+
+The ShowPage automatically displays links to enabled Rodauth security features.
+
+Available features (only shown if enabled in Rodauth):
+
+| Feature | Link Label | Description |
+|---------|------------|-------------|
+| `change_password` | Change Password | Update account password |
+| `change_login` | Change Email | Update email address |
+| `otp` | Two-Factor Authentication | Set up TOTP authenticator |
+| `recovery_codes` | Recovery Codes | View or regenerate backup codes |
+| `webauthn` | Security Keys | Manage passkeys and hardware keys |
+| `active_sessions` | Active Sessions | View and revoke sessions |
+| `close_account` | Close Account | Permanently delete account |
+
+## Creating Profiles for Users
+
+Users need a profile created before they can access it. Choose one approach:
+
+### Option A: Automatic Creation on User Signup
+
+```ruby
+# app/models/user.rb
+class User < ApplicationRecord
+  has_one :profile, dependent: :destroy
+
+  after_create :create_profile!
+
+  private
+
+  def create_profile!
+    create_profile
+  end
+
+  # add has_one associations above.
+end
+```
+
+### Option B: Create on First Access
+
+In your portal's application controller:
+
+```ruby
+class ApplicationController < PlutoniumController
+  before_action :ensure_profile
+
+  private
+
+  def ensure_profile
+    return unless current_user
+    current_user.profile || current_user.create_profile
+  end
+end
+```
+
+### Option C: Find or Create in Profile Controller
+
+```ruby
+# app/controllers/profiles_controller.rb
+class ProfilesController < ResourceController
+  private
+
+  def current_resource
+    @current_resource ||= current_user.profile || current_user.create_profile
+  end
+end
+```
+
+## Customization
+
+### Adding Custom Fields
+
+Edit the generated definition to configure how fields appear:
+
+```ruby
+# app/definitions/profile_definition.rb
+class ProfileDefinition < Plutonium::Resource::Definition
+  form do |f|
+    f.field :bio, as: :text
+    f.field :avatar, as: :attachment
+    f.field :timezone, collection: ActiveSupport::TimeZone.all.map(&:name)
+    f.field :notifications_enabled
+  end
+
+  display do |d|
+    d.field :bio
+    d.field :avatar
+    d.field :timezone
+    d.field :notifications_enabled
+  end
+
+  class ShowPage < ShowPage
+    private
+
+    def render_after_content
+      render Plutonium::Profile::SecuritySection.new
+    end
+  end
+end
+```
+
+### Custom Security Section
+
+Create your own security section component:
+
+```ruby
+# app/components/custom_security_section.rb
+class CustomSecuritySection < Plutonium::UI::Component::Base
+  def view_template
+    div(class: "mt-8") do
+      h2(class: "text-lg font-semibold") { "Account Security" }
+
+      if rodauth.features.include?(:change_password)
+        a(href: rodauth.change_password_path) { "Change Password" }
+      end
+
+      # Add your custom links
+      a(href: "/settings/notifications") { "Notification Preferences" }
+    end
+  end
+end
+```
+
+Use it in your definition:
+
+```ruby
+class ProfileDefinition < Plutonium::Resource::Definition
+  class ShowPage < ShowPage
+    private
+
+    def render_after_content
+      render CustomSecuritySection.new
+    end
+  end
+end
+```
+
+### Adding Profile Actions
+
+Add custom actions to the profile:
+
+```ruby
+class ProfileDefinition < Plutonium::Resource::Definition
+  action :export_data,
+    interaction: Profile::ExportDataInteraction,
+    icon: Phlex::TablerIcons::Download
+
+  action :verify_email,
+    interaction: Profile::VerifyEmailInteraction,
+    category: :secondary
+end
+```
+
+### Profile Link in Navigation
+
+Add a profile link to your application layout or header:
+
+```ruby
+# In your header component
+if current_user && respond_to?(:profile_path)
+  a(href: profile_path) { "My Profile" }
+end
+```
+
+## Policy Configuration
+
+The generated policy controls access:
+
+```ruby
+# app/policies/profile_policy.rb
+class ProfilePolicy < Plutonium::Resource::Policy
+  # Users can only access their own profile
+  def read?
+    resource.user == user
+  end
+
+  def update?
+    resource.user == user
+  end
+
+  def destroy?
+    false # Disable deletion through the UI
+  end
+
+  # Only allow editing these attributes
+  def permitted_attributes_for_update
+    [:bio, :avatar, :timezone, :notifications_enabled]
+  end
+end
+```
+
+## Troubleshooting
+
+### "Profile not found" Error
+
+Ensure the user has a profile created. Use one of the creation strategies above.
+
+### Security Links Not Showing
+
+Security links only appear for features enabled in your Rodauth configuration:
+
+```ruby
+# app/rodauth/user_rodauth_plugin.rb
+class UserRodauthPlugin < Plutonium::Auth::RodauthPlugin
+  configure do
+    enable :change_password, :change_login, :otp, :active_sessions
+    # Only these features will show in the security section
+  end
+end
+```
+
+### Profile Routes Conflicting
+
+Ensure you use `--singular` when connecting:
+
+```bash
+rails g pu:res:conn Profile --dest=my_portal --singular
+```
+
+This creates `/profile` (singular) instead of `/profiles/:id`.
+
+### Changes Not Saving
+
+Check your policy's `permitted_attributes_for_update`:
+
+```ruby
+def permitted_attributes_for_update
+  [:bio, :avatar, :timezone, :notifications_enabled]
+end
+```
+
+## Next Steps
+
+- [Authentication](/guides/authentication) - Set up Rodauth features
+- [Custom Actions](/guides/custom-actions) - Add profile actions
+- [Views](/guides/views) - Customize the profile page
+- [Authorization](/guides/authorization) - Configure profile policies

data/docs/reference/controller/index.md

@@ -303,9 +303,46 @@ end
 
 Controllers automatically:
 - Scope all queries to the entity
-- Exclude entity field from forms
+- Exclude entity field from forms (detected by association class)
+- Inject entity value on create/update
 - Provide `current_scoped_entity` method
 
+### Association Detection
+
+Plutonium auto-detects which `belongs_to` association points to the scoped entity class. This works even when `param_key` differs from the association name:
+
+```ruby
+# Portal config
+scope_to_entity Competition::Team, param_key: :team
+
+# Model (association name differs from param_key)
+class Match < ApplicationRecord
+  belongs_to :competition_team  # Plutonium finds this by class
+end
+```
+
+### Multiple Associations to Same Class
+
+If a model has multiple associations to the scoped entity class, Plutonium raises an error:
+
+```
+Match has multiple associations to Competition::Team: home_team, away_team.
+Plutonium cannot auto-detect which one to use for entity scoping.
+Override `scoped_entity_association` in your controller to specify the association.
+```
+
+Resolve by overriding `scoped_entity_association`:
+
+```ruby
+class MatchesController < ::ResourceController
+  private
+
+  def scoped_entity_association
+    :home_team  # Return the association name as a symbol
+  end
+end
+```
+
 ## Specifying Resource Class
 
 The resource class is inferred from the controller name. Override if needed:

data/docs/reference/definition/index.md

@@ -153,6 +153,22 @@ class PostDefinition < Plutonium::Resource::Definition
 end
 ```
 
+## Form Configuration
+
+Control form behavior:
+
+```ruby
+class PostDefinition < Plutonium::Resource::Definition
+  # Controls "Save and add another" / "Update and continue editing" buttons
+  # nil (default) = auto-detect (hidden for singular resources, shown for plural)
+  # true = always show
+  # false = always hide
+  submit_and_continue false
+end
+```
+
+Singular resources (e.g., `resource :profile` routes or `has_one` nested) auto-hide the secondary submit button since creating "another" doesn't make sense.
+
 ## Custom Page Classes
 
 Override default page components:

data/docs/reference/views/forms.md

@@ -301,6 +301,21 @@ When `post_type` changes, the form re-renders via Turbo and shows/hides conditio
 
 ## Form Actions
 
+### Submit and Continue Button
+
+Forms include a secondary button ("Create and add another" for new records, "Update and continue editing" for existing). Control this in your definition:
+
+```ruby
+class PostDefinition < ResourceDefinition
+  # nil (default) = auto-detect (hidden for singular resources, shown for plural)
+  # true = always show
+  # false = always hide
+  submit_and_continue false
+end
+```
+
+Singular resources (e.g., `resource :profile` routes or `has_one` nested) auto-hide this button.
+
 ### Default Actions
 
 ```ruby

data/docs/reference/views/index.md

@@ -267,13 +267,35 @@ Available kit methods:
 | `TabList(items:)` | Tab navigation |
 | `EmptyCard(message)` | Empty state card |
 | `ActionButton(action, url:)` | Action button |
-| `DynaFrameHost()` / `DynaFrameContent()` | Turbo frame helpers |
+| `DynaFrameHost(src:, loading:)` | Lazy-loading turbo frame |
+| `DynaFrameContent(content) { \|frame\| ... }` | Frame-aware content wrapper |
 | `TableSearchBar()` | Search bar for tables |
 | `TableScopesBar()` | Scope tabs for tables |
 | `TableInfo(pagy)` | Pagination info |
 | `TablePagination(pagy)` | Pagination links |
 | `FrameNavigatorPanel(title:, src:, panel_id:)` | Frame navigation panel |
 
+## DynaFrameContent Pattern
+
+`DynaFrameContent` enables frame-aware rendering. For turbo-frame requests, only the content is rendered inside the frame. For regular requests, the full page renders with header/footer.
+
+```ruby
+# How Page::Base uses DynaFrameContent
+def view_template(&block)
+  DynaFrameContent(page_content(block)) do |frame|
+    render_header        # Skipped for frame requests
+    frame.render_content # Always rendered (wrapped in turbo-frame for frame requests)
+    render_footer        # Skipped for frame requests
+  end
+end
+```
+
+This pattern means:
+- **Regular page load**: Full page with header, content, footer
+- **Turbo-frame request**: Only `<turbo-frame id="...">` with content inside
+
+All pages automatically inherit this behavior - modals, lazy-loaded frames, and navigation all work correctly without special handling.
+
 ## Custom Components
 
 ### Creating a Phlex Component

data/gemfiles/rails_7.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.41.1)
+    plutonium (0.42.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 9.0)

data/gemfiles/rails_8.0.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.41.1)
+    plutonium (0.42.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 9.0)

data/gemfiles/rails_8.1.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    plutonium (0.41.1)
+    plutonium (0.43.0)
       action_policy (~> 0.7.0)
       listen (~> 3.8)
       pagy (~> 9.0)

data/lib/generators/pu/core/assets/assets_generator.rb

@@ -17,6 +17,7 @@ module Pu
         configure_application
         replace_build_script
         import_styles
+        fix_layout_stylesheet_tag
       rescue => e
         exception "#{self.class} failed:", e
       end
@@ -72,6 +73,17 @@ module Pu
         prepend_to_file "app/assets/stylesheets/application.tailwind.css",
           "@import \"gem:plutonium/src/css/plutonium.css\";\n\n"
       end
+
+      # Rails 8 generates layouts with `stylesheet_link_tag :app` which includes all
+      # stylesheets in the asset paths. With cssbundling-rails, this causes both the
+      # built CSS and the source CSS to be served, leading to errors when the browser
+      # tries to load the unprocessed source file containing PostCSS directives.
+      def fix_layout_stylesheet_tag
+        layout_file = "app/views/layouts/application.html.erb"
+        return unless File.exist?(layout_file)
+
+        gsub_file layout_file, /stylesheet_link_tag\s+:app\b/, 'stylesheet_link_tag "application"'
+      end
     end
   end
 end

data/lib/generators/pu/core/install/templates/app/controllers/resource_controller.rb.tt

@@ -20,4 +20,15 @@ class ResourceController < PlutoniumController
 
   helper_method :logout_url
   <%- end -%>
+  <%- if !ApplicationController.new.respond_to?(:profile_url, true) -%>
+
+  private def profile_url
+    # return a profile url to render a profile link in the user menu
+    # e.g. rodauth.change_password_path or your custom profile_path
+  end
+  helper_method :profile_url
+  <%- elsif !ApplicationController._helper_methods.include?(:profile_url) -%>
+
+  helper_method :profile_url
+  <%- end -%>
 end