plutonium 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b91e22fa0430a2ca94704f472ac5ae688c50140c82bec3ef8db7a0d9571418f4
-  data.tar.gz: 76c32ee40e384bdef1de3aeda5dbece07841a7898260beffb3a3841e8c0f0c27
+  metadata.gz: c8fb31a8eb4837634d28b3b0f602b06494991cdcdc02fc600888d0fecf8c497e
+  data.tar.gz: 4c62d88f641d1890785cac1f6bf483b78e334fd2646bf91b21b3a5a53bd20b2c
 SHA512:
-  metadata.gz: 5f78a1c9dd3978b92dd9e33ca8c594f24895dd6a18ac25563cd50a1a85bc222199ed830d574c55409e99c76c90a37104f9cf5daa9a024dfc86ad49ec43a3dd48
-  data.tar.gz: 7df604d36bbc6191068299d91cf141f5c08bb671513a3853146cc90646c262a56e26fb0fd73316491758a3e56e73f0e22718382dbc3d96efb4d186b45587e78e
+  metadata.gz: cdc10f0c4d1f23a8fe565968d674d41fd8f9ee0aa43b6a1007ac8bca40897d1f0ee48189230b6aa742d1df53c7055e57eee960a29f265cebeb18160d6b8b73c3
+  data.tar.gz: 745dfeb89b822d2ba1181050ad3a78de32084361a19664b2f8dc8ab3bbdbff87e4eebae40cec02ebeaed1b966654edab646d6b1570a29eb64147b557ff8d75d8

data/README.md

@@ -1,6 +1,6 @@
-# Plutonium: Nuclear Powered Rails Application Development
+# Plutonium: Take Your Rails Productivity Nuclear🚀!
 
-**Plutonium** transforms the way you build applications with Rails, offering a powerful toolkit for rapid application development.
+**Plutonium** picks up where Rails left off, introducing application level concepts and tooling, transforming the way you build applications with Rails.
 It's a culmination of lessons learned from years of developing nearly identical applications and is designed to save you from the drudgery of re-implementation.
 
 **Why Choose Plutonium?**
@@ -8,14 +8,14 @@ It's a culmination of lessons learned from years of developing nearly identical
 - **Efficiency by Design:** Plutonium is built for developers who demand efficiency without compromise. It automates 90% of your application needs while giving you the flexibility to tailor the remaining 10% to your specific requirements.
 - **Comprehensive Features:** From authentication and authorization to CRUD operations, and beyond, Plutonium covers a wide array of functionalities out of the box:
   - Authentication & Authorization
-  - Complete CRUD operations with advanced features: customizable tables, forms, pagination, actions, search, filtering, and nested resources.
+  - Complete CRUD operations with advanced features: customizable inputs, fields, tables, forms, pagination, actions, search, filtering, and nested resources.
   - Modular architecture leveraging Rails engines for improved packaging and namespacing.
   - Time-saving generators for boilerplate tasks.
 - **Omakase with a Twist:** Inspired by Rails' omakase philosophy, Plutonium delivers a convention-based approach but doesn't box you in. It's seamlessly integrated into your project, allowing you to write your application as you would with vanilla Rails but with powerful extensions.
 - **MVC and Beyond:** Plutonium adopts the MVC pattern, enhanced with modern web technologies like [hotwire](TODO), to deliver an interactive and robust user experience. It emphasizes progressive enhancement, ensuring a smooth development process and end-user experience.
 - **Rails Harmony:** A Plutonium app is a Rails app at its core. It respects and builds upon Rails' conventions, making it intuitive for Rails developers. If you know Rails, learning Plutonium requires only a few new concepts.
 - **Effortless Customization:** Plutonium is designed for easy customization to meet your unique requirements. Whether adjusting the functionality of entire resource groups or fine-tuning individual elements, our accessible low-level APIs and the familiar Rails conventions offer unparalleled flexibility. This ensures that any modifications you need to make can be implemented swiftly and smoothly, reducing complexity and enhancing your development experience.
-- **Community-Driven Dependencies:** Plutonium stands on the shoulders of giants, integrating with well-established gems known for their robustness and flexibility, including:
+- **Community-Driven Dependencies:** Plutonium stands on the shoulders of giants, integrating with well-established gems chosen for their robustness and flexibility, including:
   - [ActiveInteraction](https://github.com/AaronLasseigne/active_interaction) for business logic
   - [Pagy](https://github.com/ddnexus/pagy) for pagination
   - [Pundit](https://github.com/varvet/pundit) for authorization

data/app/views/resource/index.html.erb

@@ -4,7 +4,7 @@
     <%=
       render partial: 'toolbar_search_input', locals: {
         search_object: @collection.search_object,
-        search_field: nil
+        search_field: @collection.search_field
       }
     %>
     <%=

data/brakeman.ignore

@@ -22,29 +22,6 @@
       ],
       "note": "this is tested and confirmed to be a false flag"
     },
-    {
-      "warning_type": "Mass Assignment",
-      "warning_code": 70,
-      "fingerprint": "873ee0d868e06a32e8ff387a38ddb8c6183a419813d5c20122fa9c3a887f4e54",
-      "check_name": "MassAssignment",
-      "message": "Specify exact keys allowed for mass assignment instead of using `permit!` which allows any keys",
-      "file": "lib/plutonium/reactor/resource_controller.rb",
-      "line": 58,
-      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
-      "code": "params.require(resource_param_key).permit!",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Plutonium::Reactor::ResourceController",
-        "method": "resource_params"
-      },
-      "user_input": null,
-      "confidence": "Medium",
-      "cwe_id": [
-        915
-      ],
-      "note": "we manually filter params"
-    }
   ],
   "updated": "2024-02-18 00:37:39 +0000",
   "brakeman_version": "6.1.2"

data/lib/generators/pu/core/install/templates/config/initializers/plutonium.rb

@@ -1,2 +1 @@
-# get the ball rolling
-Plutonium::Reactor::Core.achieve_criticality!
+# Configure plutonium here

data/lib/generators/pu/resource/model/templates/model.rb.tt

@@ -25,17 +25,6 @@ class <%= class_name %> < <%= [feature_package_name, "ResourceRecord"].join "::"
 <% end -%>
   # add attachments above.
 
-<% attributes.select(&:rich_text?).each do |attribute| -%>
-  has_rich_text :<%= attribute.name %>
-<% end -%>
-<% attributes.select(&:token?).each do |attribute| -%>
-  has_secure_token<% if attribute.name != "token" %> :<%= attribute.name %><% end %>
-<% end -%>
-<% if attributes.any?(&:password_digest?) -%>
-  has_secure_password
-<% end -%>
-  # add misc attribute macros above.
-
   # add scopes above.
 
 <% attributes.select(&:required?).each do |attribute| -%>
@@ -48,6 +37,17 @@ class <%= class_name %> < <%= [feature_package_name, "ResourceRecord"].join "::"
 
   # add delegations above.
 
+<% attributes.select(&:rich_text?).each do |attribute| -%>
+  has_rich_text :<%= attribute.name %>
+<% end -%>
+<% attributes.select(&:token?).each do |attribute| -%>
+  has_secure_token<% if attribute.name != "token" %> :<%= attribute.name %><% end %>
+<% end -%>
+<% if attributes.any?(&:password_digest?) -%>
+  has_secure_password
+<% end -%>
+  # add misc attribute macros above.
+
   # add methods above.
 end
 <% end -%>

data/lib/generators/pu/rodauth/templates/app/models/account.rb.tt

@@ -13,13 +13,6 @@ class <%= table_prefix.camelize %> < ApplicationRecord
 
   # add attachments above.
 
-<% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
-  enum :status, unverified: 1, verified: 2, closed: 3
-<% else -%>
-  enum status: { unverified: 1, verified: 2, closed: 3 }
-<% end -%>
-  # add misc attribute macros above.
-
   # add scopes above.
 
   validates :email, presence: true
@@ -29,6 +22,9 @@ class <%= table_prefix.camelize %> < ApplicationRecord
 
   # add delegations above.
 
+  enum :status, unverified: 1, verified: 2, closed: 3
+  # add misc attribute macros above.
+
   # add methods above.
 end
 <% else -%>

data/lib/plutonium/core/app_controller.rb

@@ -11,9 +11,9 @@ module Plutonium
 
       private
 
-      def resource_presenter(resource_class)
+      def resource_presenter(resource_class, resource_record)
         presenter_class = "#{current_package}::#{resource_class}Presenter".constantize
-        presenter_class.new resource_context
+        presenter_class.new resource_context, resource_record
       end
 
       def policy_namespace(scope)

data/lib/plutonium/core/controllers/authorizable.rb

@@ -20,8 +20,15 @@ module Plutonium
           raise NotImplementedError, "policy_namespace"
         end
 
+        def policy_context
+          Plutonium::Reactor::PolicyContext.new(
+            user: current_user,
+            resource_context: resource_context
+          )
+        end
+
         def pundit_user
-          resource_context
+          policy_context
         end
 
         def policy(scope)

data/lib/plutonium/core/controllers/crud_actions.rb

@@ -29,24 +29,12 @@ module Plutonium
           authorize resource_class
 
           @resource_record = resource_class.new
-          # set params if they have been passed
-          resource_record.attributes = params[resource_param_key].present? ? resource_params : {}
+          maybe_apply_submitted_resource_params!
           @form = build_form
 
           render :new
         end
 
-        # GET /resources/1/edit
-        def edit
-          authorize resource_record
-
-          # set params if they have been passed
-          resource_record.attributes = params[resource_param_key].present? ? resource_params : {}
-          @form = build_form
-
-          render :edit
-        end
-
         # POST /resources(.{format})
         def create
           authorize resource_class
@@ -73,6 +61,16 @@ module Plutonium
           end
         end
 
+        # GET /resources/1/edit
+        def edit
+          authorize resource_record
+
+          maybe_apply_submitted_resource_params!
+          @form = build_form
+
+          render :edit
+        end
+
         # PATCH/PUT /resources/1(.{format})
         def update
           authorize resource_record

data/lib/plutonium/core/controllers/interactive_actions.rb

@@ -202,6 +202,7 @@ module Plutonium
         end
 
         def interaction_params
+          # active interaction handles filtering so no need for strong params
           (params[:interaction] || {}).except(:resource, :resources)
         end
       end

data/lib/plutonium/core/controllers/presentable.rb

@@ -10,12 +10,12 @@ module Plutonium
 
         private
 
-        def resource_presenter(resource_class)
+        def resource_presenter(resource_class, resource_record)
           raise NotImplementedError, "#{self.class}#resource_presenter"
         end
 
         def current_presenter
-          resource_presenter resource_class
+          resource_presenter resource_class, @resource_record
         end
 
         def presentable_attributes
@@ -34,7 +34,8 @@ module Plutonium
             fields: current_presenter.defined_renderers_for(presentable_attributes),
             actions: current_presenter.actions,
             pagination: @pagy,
-            search_object: @ransack
+            search_object: @ransack,
+            search_field: current_presenter.search_field
           )
         end
 

data/lib/plutonium/core/fields/inputs/attachment_input.rb

@@ -0,0 +1,24 @@
+module Plutonium
+  module Core
+    module Fields
+      module Inputs
+        class AttachmentInput < SimpleFormInput
+          attr_reader :reflection
+
+          def initialize(name, reflection:, **user_options)
+            @reflection = reflection
+            super(name, **user_options)
+          end
+
+          private
+
+          def input_options
+            options = {attachment: true} # enable the attachment component
+            options[:input_html] = {multiple: true} if reflection.macro == :has_many_attached
+            options
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/core/fields/inputs/{basic_input.rb → base.rb}

@@ -2,7 +2,7 @@ module Plutonium
   module Core
     module Fields
       module Inputs
-        class BasicInput
+        class Base
           attr_reader :name, :user_options
 
           def initialize(name, **user_options)
@@ -10,7 +10,9 @@ module Plutonium
             @user_options = user_options
           end
 
-          def render(f, record) = f.input name, **options
+          def render(f, record)
+            raise NotImplementedError, "#{self.class}#render"
+          end
 
           def collect(params)
             # Handles multi parameter attributes

data/lib/plutonium/core/fields/inputs/{belongs_to_input.rb → belongs_to_association_input.rb}

@@ -2,7 +2,7 @@ module Plutonium
   module Core
     module Fields
       module Inputs
-        class BelongsToInput < AssociationInput
+        class BelongsToAssociationInput < SimpleFormAssociationInput
           private
 
           def param

data/lib/plutonium/core/fields/inputs/factory.rb

@@ -8,40 +8,22 @@ module Plutonium
           extend ::SimpleForm::MapType
 
           map_type :has_one, to: Plutonium::Core::Fields::Inputs::NoopInput
-          map_type :belongs_to, to: Plutonium::Core::Fields::Inputs::BelongsToInput
-          map_type :has_many, to: Plutonium::Core::Fields::Inputs::HasManyInput
+          map_type :belongs_to, to: Plutonium::Core::Fields::Inputs::BelongsToAssociationInput
+          map_type :has_many, to: Plutonium::Core::Fields::Inputs::HasManyAssociationInput
+          map_type :attachment, to: Plutonium::Core::Fields::Inputs::AttachmentInput
 
           def self.build(name, type:, **)
-            mapping = mappings[type] || Plutonium::Core::Fields::Inputs::BasicInput
+            mapping = mappings[type] || Plutonium::Core::Fields::Inputs::SimpleFormInput
             mapping.new(name, **)
-
-            # type ||= :slim_select if options.key? :collection
-
-            # case type
-            # when :belongs_to
-            #   Plutonium::Core::Fields::Inputs::BelongsToInput.new(name, **)
-            # when :has_one
-            #   Plutonium::Core::Fields::Inputs::NoopInput.new
-            # when :has_many
-            #   Plutonium::Core::Fields::Inputs::HasManyInput.new(name, **)
-            # else
-            #   Plutonium::Core::Fields::Inputs::BasicInput.new(name, **)
-            # end
           end
 
           def self.for_resource_attribute(resource_class, attr_name, **options)
             type = nil
 
-            if resource_class.respond_to? :reflect_on_association
-              attachment = resource_class.reflect_on_association(:"#{attr_name}_attachment") || \
-                resource_class.reflect_on_association(:"#{attr_name}_attachments")
-              association = resource_class.reflect_on_association(attr_name)
-            end
-
-            if attachment.present?
+            if (attachment = resource_class.try(:reflect_on_attachment, attr_name))
               type = :attachment
-              options[:multiple] = (attachment.macro == :has_many) unless options.key?(:multiple)
-            elsif association.present?
+              options[:reflection] = attachment
+            elsif (association = resource_class.try(:reflect_on_association, attr_name))
               type = association.macro
               options[:reflection] = association
             elsif (column = resource_class.try(:column_for_attribute, attr_name))

data/lib/plutonium/core/fields/inputs/{has_many_input.rb → has_many_association_input.rb}

@@ -2,7 +2,7 @@ module Plutonium
   module Core
     module Fields
       module Inputs
-        class HasManyInput < AssociationInput
+        class HasManyAssociationInput < SimpleFormAssociationInput
           private
 
           def param

data/lib/plutonium/core/fields/inputs/{association_input.rb → simple_form_association_input.rb}

@@ -2,7 +2,7 @@ module Plutonium
   module Core
     module Fields
       module Inputs
-        class AssociationInput < BasicInput
+        class SimpleFormAssociationInput < Base
           attr_reader :reflection
 
           def initialize(name, reflection:, **user_options)

data/lib/plutonium/core/fields/inputs/simple_form_input.rb

@@ -0,0 +1,11 @@
+module Plutonium
+  module Core
+    module Fields
+      module Inputs
+        class SimpleFormInput < Base
+          def render(f, record) = f.input name, **options
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/core/fields/inputs.rb

@@ -5,12 +5,14 @@ module Plutonium
         extend ActiveSupport::Autoload
 
         eager_autoload do
+          autoload :AttachmentInput
+          autoload :Base
+          autoload :BelongsToAssociationInput
           autoload :Factory
-          autoload :AssociationInput
-          autoload :BasicInput
-          autoload :BelongsToInput
-          autoload :HasManyInput
+          autoload :HasManyAssociationInput
           autoload :NoopInput
+          autoload :SimpleFormAssociationInput
+          autoload :SimpleFormInput
         end
       end
     end

data/lib/plutonium/core/fields/renderers/attachment_renderer.rb

@@ -0,0 +1,28 @@
+module Plutonium
+  module Core
+    module Fields
+      module Renderers
+        class AttachmentRenderer < BasicRenderer
+          attr_reader :reflection
+
+          def initialize(name, reflection:, **user_options)
+            @reflection = reflection
+            super(name, **user_options)
+          end
+
+          def render(view_context, record)
+            view_context.attachment_preview record.send(name), **options
+          end
+
+          private
+
+          def renderer_options
+            {
+              caption: true
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/core/fields/renderers/factory.rb

@@ -8,35 +8,21 @@ module Plutonium
           extend ::SimpleForm::MapType
 
           map_type :belongs_to, :has_one, :has_many, to: Plutonium::Core::Fields::Renderers::AssociationRenderer
+          map_type :attachment, to: Plutonium::Core::Fields::Renderers::AttachmentRenderer
 
           def self.build(name, type:, **)
             mapping = mappings[type] || Plutonium::Core::Fields::Renderers::BasicRenderer
             mapping.new(name, **)
-
-            # type ||= :slim_select if options.key? :collection
-
-            # case type
-            # when :belongs_to, :has_one, :has_many
-            #   Plutonium::Core::Fields::Renderers::AssociationRenderer.new(name, **)
-            # else
-            #   Plutonium::Core::Fields::Renderers::BasicRenderer.new(name, **)
-            # end
           end
 
           def self.for_resource_attribute(resource_class, attr_name, **options)
             type = nil
             options[:label] ||= resource_class.human_attribute_name(attr_name)
 
-            if resource_class.respond_to? :reflect_on_association
-              attachment = resource_class.reflect_on_association(:"#{attr_name}_attachment") || \
-                resource_class.reflect_on_association(:"#{attr_name}_attachments")
-              association = resource_class.reflect_on_association(attr_name)
-            end
-
-            if attachment.present?
+            if (attachment = resource_class.try(:reflect_on_attachment, attr_name))
               type = :attachment
-              options[:multiple] = (attachment.macro == :has_many) unless options.key?(:multiple)
-            elsif association.present?
+              options[:reflection] = attachment
+            elsif (association = resource_class.try(:reflect_on_association, attr_name))
               type = association.macro
               options[:reflection] = association
             elsif (column = resource_class.try(:column_for_attribute, attr_name))

data/lib/plutonium/core/fields/renderers.rb

@@ -5,9 +5,10 @@ module Plutonium
         extend ActiveSupport::Autoload
 
         eager_autoload do
-          autoload :Factory
-          autoload :BasicRenderer
           autoload :AssociationRenderer
+          autoload :AttachmentRenderer
+          autoload :BasicRenderer
+          autoload :Factory
         end
       end
     end

data/lib/plutonium/core/ui/collection.rb

@@ -1,10 +1,10 @@
 module Plutonium
   module Core
     module UI
-      Collection = Data.define :resource_class, :records, :fields, :actions, :pagination, :search_object do
+      Collection = Data.define :resource_class, :records, :fields, :actions, :pagination, :search_object, :search_field do
         def initialize(
           resource_class:, records: [], fields: {}, actions: Plutonium::Core::Actions::Collection.new,
-          pagination: nil, search_object: nil
+          pagination: nil, search_object: nil, search_field: nil
         )
           super
         end

data/lib/plutonium/helpers/attachment_helper.rb

@@ -6,23 +6,23 @@ module Plutonium
           tag.div class: [options[:identity_class], "attachment-preview-container d-flex flex-wrap gap-1 my-1"],
             data: {controller: "attachment-preview-container"} do
             Array(attachments).each do |attachment|
-              next unless attachment.file.present?
+              next unless attachment.url.present?
 
               concat begin
                 tag.div class: [options[:identity_class], "attachment-preview d-inline-block text-center"],
-                  title: attachment.file.original_filename,
+                  title: attachment.filename,
                   data: {
                     controller: "attachment-preview",
-                    attachment_preview_mime_type_value: attachment.file.mime_type,
-                    attachment_preview_thumbnail_url_value: attachment.thumbnail_url
+                    attachment_preview_mime_type_value: attachment.content_type,
+                    attachment_preview_thumbnail_url_value: _attachment_thumbnail_url(attachment)
                   } do
                   tag.figure class: "figure my-1", style: "width: 160px;" do
                     concat attachment_preview_thumnail(attachment)
                     concat begin
                       tag.figcaption class: "figure-caption text-truncate" do
                         if options[:caption]
-                          caption = options[:caption].is_a?(String) ? options[:caption] : attachment.file.original_filename
-                          concat link_to(caption, attachment.file_url, class: "text-decoration-none", target: :blank)
+                          caption = options[:caption].is_a?(String) ? options[:caption] : attachment.filename
+                          concat link_to(caption, attachment.url, class: "text-decoration-none", target: :blank)
                         end
 
                         if block_given?
@@ -40,23 +40,34 @@ module Plutonium
       end
 
       def attachment_preview_thumnail(attachment)
-        return unless attachment.file.present?
+        return unless attachment.url.present?
 
         # Any changes made here must be reflected in attachment_input_controller#buildPreviewTemplate
 
         tag.div class: "d-inline-block img-thumbnail", data: {attachment_preview_target: "thumbnail"} do
-          link_body = if attachment.representable?
-            image_tag attachment.thumbnail_url, style: "width:100%; height:100%; object-fit: contain;"
+          thumbnail_url = _attachment_thumbnail_url(attachment)
+          link_body = if thumbnail_url
+            image_tag thumbnail_url, style: "width:100%; height:100%; object-fit: contain;"
           else
-            attachment.file.extension.to_s
+            _attachment_extension(attachment)
           end
 
-          link_to link_body, attachment.file_url, style: "width:150px; height:150px; line-height: 150px;",
+          link_to link_body, attachment.url, style: "width:150px; height:150px; line-height: 150px;",
             class: "d-block text-decoration-none user-select-none fs-5 font-monospace text-body-secondary",
             target: :blank,
             data: {attachment_preview_target: "thumbnailLink"}
         end
       end
+
+      private
+
+      def _attachment_thumbnail_url(attachment)
+        attachment.url if attachment.representable?
+      end
+
+      def _attachment_extension(attachment)
+        attachment.try(:extension) || File.extname(attachment.filename.to_s)
+      end
     end
   end
 end

data/lib/plutonium/helpers/form_helper.rb

@@ -3,10 +3,6 @@ module Plutonium
     module FormHelper
       include ActionView::Helpers::FormHelper
 
-      #
-      # Override the original form_for helper to disable turbo forms by default if not
-      # explicitly opted into
-      #
       def resource_form_for(record, options = {}, &block)
         turbo_frame = options.key?(:turbo_frame) ? options[:turbo_frame] : "_top"
         options = {
@@ -17,6 +13,8 @@ module Plutonium
           }
         }.deep_merge! options
 
+        # record = adapt_route_args(record) unless record.is_a?(Array) || options.key?(:url)
+
         simple_form_for(record, options, &block)
       end
     end

data/lib/plutonium/policy/scope.rb

@@ -6,11 +6,11 @@ module Plutonium
       include Plutonium::Policy::Initializer
 
       def resolve
-        scope = context.resource_class.all
-        if @context.parent.present?
-          scope = scope.associated_with(@context.parent)
-        elsif @context.scope.present?
-          scope = scope.associated_with(@context.scope)
+        scope = context.resource_context.resource_class.all
+        if @context.resource_context.parent.present?
+          scope = scope.associated_with(@context.resource_context.parent)
+        elsif @context.resource_context.scope.present?
+          scope = scope.associated_with(@context.resource_context.scope)
         end
         scope
       end

data/lib/plutonium/railtie.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Plutonium
+  class Railtie < Rails::Railtie
+    # add railties here
+
+    initializer "plutonium.achieve_criticality" do
+      # get the ball rolling
+      Plutonium::Reactor::Core.achieve_criticality!
+    end
+  end
+end

data/lib/plutonium/reactor/core.rb

@@ -50,6 +50,8 @@ module Plutonium
               else
                 load file
               end
+            rescue => e
+              Rails.logger.error "\npu.hotreloader: failed to reload #{file}\n\n#{e}\n"
             end
           end
           listener.start

data/lib/plutonium/reactor/policy_context.rb

@@ -0,0 +1,5 @@
+module Plutonium
+  module Reactor
+    PolicyContext = Data.define :user, :resource_context
+  end
+end

data/lib/plutonium/reactor/resource_context.rb

@@ -1,15 +1,5 @@
 module Plutonium
   module Reactor
-    class ResourceContext
-      attr_reader :user, :resource_record, :resource_class, :parent, :scope
-
-      def initialize(user:, resource_record:, resource_class:, parent: nil, scope: nil)
-        @user = user
-        @resource_record = resource_record
-        @resource_class = resource_class || resource_record&.class
-        @parent = parent
-        @scope = scope
-      end
-    end
+    ResourceContext = Data.define :resource_class, :parent, :scope
   end
 end

data/lib/plutonium/reactor/resource_controller.rb

@@ -36,6 +36,12 @@ module Plutonium
       before_action :set_page_title
       before_action :set_sidebar_menu
 
+      before_action do
+        return unless defined?(ActiveStorage)
+
+        ActiveStorage::Current.url_options = {protocol: request.protocol, host: request.host, port: request.port}
+      end
+
       # https://github.com/ddnexus/pagy/blob/master/docs/extras/headers.md#headers
       after_action { pagy_headers_merge(@pagy) if @pagy }
 
@@ -52,10 +58,15 @@ module Plutonium
       end
       helper_method :resource_record
 
+      def submitted_resource_params
+        @submitted_resource_params ||= begin
+          strong_parameters = resource_class.strong_parameters_for(*permitted_attributes)
+          params.require(resource_param_key).permit(*strong_parameters).nilify.to_h
+        end
+      end
+
       def resource_params
-        # Example of documenting an ignore in the source code
-        # NOTE: Brakeman warning ignored for MassAssignment because inputs are filtered manually
-        input_params = params.require(resource_param_key).permit!.nilify.to_h
+        input_params = submitted_resource_params.dup
 
         # Override any entity scoping params
         input_params[scoped_entity_param_key] = current_scoped_entity if scoped_to_entity?
@@ -64,6 +75,7 @@ module Plutonium
         input_params[parent_input_param] = current_parent if current_parent.present?
         input_params[:"#{parent_input_param}_id"] = current_parent.id if current_parent.present?
 
+        # additionally filter our input_params through our inputs
         current_presenter.defined_inputs_for(permitted_attributes)
           .values.map { |input| input.collect input_params }
           .reduce(:merge)
@@ -74,6 +86,19 @@ module Plutonium
       end
       helper_method :resource_param_key
 
+      # sets params on submitted_resource_params if they have been passed
+      def maybe_apply_submitted_resource_params!
+        # this is useful in dynamic forms as we can read the resource record to determine how to define our inputs
+        # we need to ensure that this is being called from get because
+        # it is potentially unsafe since we don't apply the input filter. see #resource_params
+        # would have been nice to be able to, but we can't until we have the presenter, and the presenter
+        # requires the resource_record for our dynamic forms
+        # is this perfect? no. but it works.
+        raise "🚨🚨🚨 this should be called from actions that are not persisting this data" unless request.method == "GET"
+
+        resource_record.attributes = submitted_resource_params if params[resource_param_key].present?
+      end
+
       # Layout
 
       def set_page_title
@@ -90,9 +115,7 @@ module Plutonium
 
       def resource_context
         Plutonium::Reactor::ResourceContext.new(
-          user: current_user,
           resource_class:,
-          resource_record: @resource_record,
           parent: current_parent,
           scope: scoped_to_entity? ? current_scoped_entity : nil
         )

data/lib/plutonium/reactor/resource_policy.rb

@@ -83,7 +83,7 @@ module Plutonium
       def autodetect_fields_for(method_name)
         maybe_warn_autodetect_usage method_name
 
-        context.resource_class.resource_field_names
+        context.resource_context.resource_class.resource_field_names
       end
 
       def maybe_warn_autodetect_usage(method)
@@ -95,7 +95,7 @@ module Plutonium
           Resource field auto-detection: #{self.class}##{method}
 
           Auto-detected resource fields result in security holes and will fail outside of development.
-          Override #{context.resource_class}Policy or #{self.class} with your own ##{method} method.
+          Override #{context.resource_context.resource_class}Policy or #{self.class} with your own ##{method} method.
 
           🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
         )

data/lib/plutonium/reactor/resource_presenter.rb

@@ -4,17 +4,22 @@ module Plutonium
       include Plutonium::Core::Definers::FieldDefiner
       include Plutonium::Core::Definers::ActionDefiner
 
-      def initialize(context)
+      def initialize(context, resource_record)
         @context = context
+        @resource_record = resource_record
 
         define_standard_actions
         define_actions
         define_fields
       end
 
+      def search_field
+        nil
+      end
+
       private
 
-      attr_reader :context
+      attr_reader :context, :resource_record
 
       def define_fields
         # override this in child presenters for custom field definitions

data/lib/plutonium/reactor/resource_record.rb

@@ -10,21 +10,23 @@ module Plutonium
           named_scope = :"associated_with_#{record.model_name.singular}"
           return send(named_scope, record) if respond_to?(named_scope)
 
+          # TOD: add suppport for polymorphic associations
+
           # TODO: add logging
           if (own_association = reflect_on_all_associations.find { |assoc| assoc.klass == record.class })
             case own_association.macro
             when :has_one
               joins(own_association.name).where({
-                own_association.name.to_sym => {
+                own_association.name => {
                   record.class.primary_key => record.id
                 }
               })
             when :belongs_to
               where(own_association.name => record)
             when :has_many
-              joins(own_association.name).where(own_association.klass.table_name.to_sym => record)
+              joins(own_association.name).where(own_association.klass.table_name => record)
             else
-              raise Net::HTTPNotImplemented, "associated_with->##{own_association.macro}"
+              raise NotImplementedError, "associated_with->##{own_association.macro}"
             end
           elsif (record_association = record.class.reflect_on_all_associations.find { |assoc| assoc.klass == klass })
             # TODO: add a warning here about a potentially poor performing query
@@ -33,37 +35,66 @@ module Plutonium
             raise "Could not resolve the association between '#{klass.name}' and '#{record.class.name}'\n\n" \
                   "Define\n" \
                   " 1. the associations between the models\n" \
-                  " 2. a named scope e.g.\n\n" \
+                  " 2. a named scope on #{klass.name} e.g.\n\n" \
                   "scope :#{named_scope}, ->(#{record.model_name.singular}) { do_something_here }"
           end
         end
       end
 
       module ClassMethods
-        # Path parameters
+        def resource_field_names
+          @resource_field_names ||= belongs_to_association_field_names +
+            has_one_attached_field_names + has_one_association_field_names +
+            has_many_attached_field_names + has_many_association_field_names +
+            content_column_field_names
+        end
 
-        def path_parameter(param_name)
-          param_name = param_name.to_sym
+        def belongs_to_association_field_names
+          @belongs_to_association_field_names ||= reflect_on_all_associations(:belongs_to).map(&:name)
+        end
 
-          scope :from_path_param, ->(param) { where(param_name => param) }
+        def has_one_association_field_names
+          @has_one_association_field_names ||= reflect_on_all_associations(:has_one)
+            .map { |assoc| /_attachment$|_blob$/.match?(assoc.name) ? nil : assoc.name }
+            .compact
+        end
 
-          define_method :to_param do
-            return nil unless persisted?
+        def has_many_association_field_names
+          @has_many_association_field_names ||= reflect_on_all_associations(:has_many)
+            .map { |assoc| /_attachments$|_blobs$/.match?(assoc.name) ? nil : assoc.name }
+            .compact
+        end
 
-            send param_name
-          end
+        def has_one_attached_field_names
+          @has_one_attached_field_names ||= reflect_on_all_attachments
+            .map { |a| (a.macro == :has_one_attached) ? a.name : nil }
+            .compact
         end
 
-        def dynamic_path_parameter(param_name)
-          param_name = param_name.to_sym
+        def has_many_attached_field_names
+          @has_many_attached_field_names ||= reflect_on_all_attachments
+            .map { |a| (a.macro == :has_many_attached) ? a.name : nil }
+            .compact
+        end
 
-          scope :from_path_param, ->(param) { where(id: param.split("-").first) }
+        def content_column_field_names
+          @content_column_field_names ||= content_columns.map { |col| col.name.to_sym }
+        end
 
-          define_method :to_param do
-            return nil unless persisted?
+        def has_many_association_routes
+          @has_many_association_routes ||= reflect_on_all_associations(:has_many).map { |assoc| assoc.klass.model_name.plural }
+        end
 
-            "#{id}-#{send(param_name)}".parameterize
-          end
+        #
+        # Returns the strong parameters definition for the given attribute names
+        #
+        # @param [Array] *attributes Attribute names
+        #
+        # @return [Array] A strong parameters compatible array e.g.
+        #   [:title, :body, {:images=>[]}, {:docs=>[]}]
+        #
+        def strong_parameters_for(*attributes)
+          strong_parameters_definition.slice(*attributes).map { |key, value| value.nil? ? key : {key => value} }
         end
 
         # Ransack
@@ -84,29 +115,60 @@ module Plutonium
           []
         end
 
-        def resource_field_names
-          @resource_field_names ||= belongs_to_association_field_names + has_one_association_field_names +
-            has_many_association_field_names + content_column_field_names
-        end
+        private
 
-        def belongs_to_association_field_names
-          @belongs_to_association_field_names ||= reflect_on_all_associations(:belongs_to).map { |assoc| assoc.name.to_sym }
-        end
+        def strong_parameters_definition
+          # @strong_parameters ||= begin
+          @strong_parameters = begin
+            content_column_parameters = content_column_field_names.map do |name|
+              column = columns_hash[name.to_s]
 
-        def has_one_association_field_names
-          @has_one_association_field_names ||= reflect_on_all_associations(:has_one).map { |assoc| assoc.name.to_sym }
-        end
+              type = nil
+              type = [] if column&.try(:array?)
+              type = {} if [:json, :jsonb].include?(column&.type)
 
-        def has_many_association_field_names
-          @has_many_association_field_names ||= reflect_on_all_associations(:has_many).map { |assoc| assoc.name.to_sym }
+              [name, type]
+            end
+            parameters = content_column_parameters.to_h
+
+            # TODO: add nested support
+
+            parameters.merge! belongs_to_association_field_names.map { |name| [name, nil] }.to_h
+            parameters.merge! has_one_association_field_names.map { |name| [name, nil] }.to_h
+            parameters.merge! has_one_attached_field_names.map { |name| [name, nil] }.to_h
+
+            parameters.merge! has_many_association_field_names.map { |name| [name, []] }.to_h
+            parameters.merge! has_many_attached_field_names.map { |name| [name, []] }.to_h
+
+            # e.g. {:title=>nil, :body=>nil, :state=>nil, :created_at=>nil, :updated_at=>nil, :image=>nil, :images=>[]}
+            parameters
+          end
         end
 
-        def content_column_field_names
-          @content_column_field_names ||= content_columns.map { |col| col.name.to_sym }
+        # Path parameters
+
+        def path_parameter(param_name)
+          param_name = param_name.to_sym
+
+          scope :from_path_param, ->(param) { where(param_name => param) }
+
+          define_method :to_param do
+            return nil unless persisted?
+
+            send param_name
+          end
         end
 
-        def has_many_association_routes
-          @has_many_association_routes ||= reflect_on_all_associations(:has_many).map { |assoc| assoc.klass.model_name.plural }
+        def dynamic_path_parameter(param_name)
+          param_name = param_name.to_sym
+
+          scope :from_path_param, ->(param) { where(id: param.split("-").first) }
+
+          define_method :to_param do
+            return nil unless persisted?
+
+            "#{id}-#{send(param_name)}".parameterize
+          end
         end
       end
 

data/lib/plutonium/reactor.rb

@@ -3,6 +3,7 @@ module Plutonium
     extend ActiveSupport::Autoload
 
     autoload :Core
+    autoload :PolicyContext
     autoload :ResourceContext
     autoload :ResourceController
     autoload :ResourceInteraction

data/lib/plutonium/simple_form_components/attachment_component.rb

@@ -14,7 +14,7 @@ module Plutonium
           next if value.nil?
 
           template.concat begin
-            template.display_attachment_value value, identity_class: input_class, caption: true do |attachment|
+            template.display_attachment_value value, identity_class: input_class, caption: caption? do |attachment|
               [
                 # These hidden fields allow us to preserve the already uploaded files.
                 # For has_one_attached, it overrides the hidden field previously added
@@ -25,7 +25,8 @@ module Plutonium
                 @builder.hidden_field(attribute_name, multiple: multiple?, value: attachment.signed_id),
 
                 # By removing this component, the hidden field is gone, which allows us to remove the files from active storage
-                template.content_tag(:p, class: "text-danger m-0", role: :button, data: {action: "click->attachment-preview#remove"}) do
+                template.content_tag(:p, class: "text-danger m-0", role: :button,
+                  data: {action: "click->attachment-preview#remove"}) do
                   template.content_tag :span, " Delete", class: "bi bi-trash"
                 end
               ]
@@ -41,7 +42,11 @@ module Plutonium
       end
 
       def multiple?
-        options[:multiple]
+        options[:input_html] && options[:input_html][:multiple]
+      end
+
+      def caption?
+        options.key?(:caption) ? options[:caption] : true
       end
 
       def maybe_setup_direct_uploads
@@ -74,4 +79,5 @@ module Plutonium
     end
   end
 end
+# Register with simple_form
 SimpleForm.include_component(Plutonium::SimpleForm::AttachmentComponent)

data/lib/plutonium/simple_form_components/input_group_component.rb

@@ -11,4 +11,5 @@ module Plutonium
     end
   end
 end
+# Register with simple_form
 SimpleForm.include_component(Plutonium::SimpleForm::InputGroupComponent)

data/lib/plutonium/version.rb

@@ -1,3 +1,3 @@
 module Plutonium
-  VERSION = "0.5.0"
+  VERSION = "0.6.0"
 end

data/lib/plutonium.rb

@@ -1,5 +1,6 @@
 require "active_support"
 require_relative "plutonium/version"
+require_relative "plutonium/railtie"
 
 module Plutonium
   # require_relative "active_model/validations/array_validator"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: plutonium
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Stefan Froelich
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-02-18 00:00:00.000000000 Z
+date: 2024-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -428,14 +428,17 @@ files:
 - lib/plutonium/core/definers/renderer_definer.rb
 - lib/plutonium/core/fields.rb
 - lib/plutonium/core/fields/inputs.rb
-- lib/plutonium/core/fields/inputs/association_input.rb
-- lib/plutonium/core/fields/inputs/basic_input.rb
-- lib/plutonium/core/fields/inputs/belongs_to_input.rb
+- lib/plutonium/core/fields/inputs/attachment_input.rb
+- lib/plutonium/core/fields/inputs/base.rb
+- lib/plutonium/core/fields/inputs/belongs_to_association_input.rb
 - lib/plutonium/core/fields/inputs/factory.rb
-- lib/plutonium/core/fields/inputs/has_many_input.rb
+- lib/plutonium/core/fields/inputs/has_many_association_input.rb
 - lib/plutonium/core/fields/inputs/noop_input.rb
+- lib/plutonium/core/fields/inputs/simple_form_association_input.rb
+- lib/plutonium/core/fields/inputs/simple_form_input.rb
 - lib/plutonium/core/fields/renderers.rb
 - lib/plutonium/core/fields/renderers/association_renderer.rb
+- lib/plutonium/core/fields/renderers/attachment_renderer.rb
 - lib/plutonium/core/fields/renderers/basic_renderer.rb
 - lib/plutonium/core/fields/renderers/factory.rb
 - lib/plutonium/core/ui.rb
@@ -469,8 +472,10 @@ files:
 - lib/plutonium/policy/scope.rb
 - lib/plutonium/preserved__/field.rb
 - lib/plutonium/preserved__/input.rb
+- lib/plutonium/railtie.rb
 - lib/plutonium/reactor.rb
 - lib/plutonium/reactor/core.rb
+- lib/plutonium/reactor/policy_context.rb
 - lib/plutonium/reactor/resource_context.rb
 - lib/plutonium/reactor/resource_controller.rb
 - lib/plutonium/reactor/resource_interaction.rb