plutonium 0.50.0 → 0.51.0

data/lib/plutonium/routing/mapper_extensions.rb

@@ -41,6 +41,7 @@ module Plutonium
         concern :interactive_resource_actions do
           define_member_interactive_actions
           define_collection_interactive_actions
+          define_collection_typeahead_actions
         end
       end
 
@@ -161,6 +162,20 @@ module Plutonium
             as: :commit_interactive_resource_action
         end
       end
+
+      # Defines collection-level typeahead actions for resource form inputs
+      # and index filter inputs. Auto-mounted alongside record_actions and
+      # bulk_actions on every Plutonium resource.
+      #
+      # @return [void]
+      def define_collection_typeahead_actions
+        collection do
+          get "typeahead/input/:name", action: :typeahead_input,
+            as: :typeahead_input
+          get "typeahead/filter/:name", action: :typeahead_filter,
+            as: :typeahead_filter
+        end
+      end
     end
   end
 end

data/lib/plutonium/ui/component/methods.rb

@@ -40,10 +40,14 @@ module Plutonium
           :current_user,
           :current_parent,
           :current_definition,
+          :resource_definition,
           :current_query_object,
           :raw_resource_query_params,
           :current_policy,
           :current_turbo_frame,
+          :in_frame?,
+          :in_modal?,
+          :in_secondary_modal?,
           :current_interactive_action,
           :current_engine,
           :policy_for,

data/lib/plutonium/ui/form/base.rb

@@ -66,6 +66,10 @@ module Plutonium
             create_component(Components::KeyValueStore, :key_value_store, **, &)
           end
 
+          def json_input_tag(**, &)
+            create_component(Components::Json, :json, **, &)
+          end
+
           def resource_select_tag(**attributes, &)
             attributes[:data_controller] = tokens(attributes[:data_controller], "slim-select")
             # class!: "" clears the underlying <select>'s themed classes
@@ -107,8 +111,8 @@ module Plutonium
           alias_method :date_tag, :flatpickr_tag
           alias_method :time_tag, :flatpickr_tag
           alias_method :rich_text_tag, :markdown_tag
-          alias_method :json_tag, :textarea_tag
-          alias_method :jsonb_tag, :textarea_tag
+          alias_method :json_tag, :json_input_tag
+          alias_method :jsonb_tag, :json_input_tag
           alias_method :hstore_tag, :key_value_store_tag
           alias_method :key_value_tag, :key_value_store_tag
           alias_method :association_tag, :secure_association_tag

data/lib/plutonium/ui/form/components/json.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Plutonium
+  module UI
+    module Form
+      module Components
+        # Textarea-based input for `json` / `jsonb` columns.
+        #
+        # On render, serializes Hash/Array values to pretty JSON so users see
+        # valid JSON instead of Ruby `Hash#to_s` output (e.g. `{:k=>"v"}`).
+        # Strings are pretty-formatted if parseable, passed through verbatim
+        # otherwise — preserves an in-progress edit on form re-render.
+        #
+        # On submit, accepts either a JSON string (typed input) or a raw
+        # Hash/Array (e.g. a JSON-bodied API request that Rails has already
+        # parsed into params). Unparseable strings are passed through so model
+        # validation can surface the error, rather than being silently dropped.
+        class Json < Phlexi::Form::Components::Textarea
+          def view_template
+            textarea(**attributes) { serialized_value }
+          end
+
+          protected
+
+          def serialized_value
+            case (raw = field.value)
+            when nil then ""
+            when String then format_string(raw)
+            else JSON.pretty_generate(raw)
+            end
+          end
+
+          def format_string(str)
+            JSON.pretty_generate(JSON.parse(str))
+          rescue JSON::ParserError
+            str
+          end
+
+          def normalize_input(input_value)
+            case input_value
+            when nil then nil
+            when Hash, Array then input_value
+            when "" then nil
+            else
+              begin
+                JSON.parse(input_value)
+              rescue JSON::ParserError
+                input_value
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/ui/form/components/resource_select.rb

@@ -7,6 +7,7 @@ module Plutonium
         # Select for choosing a resource record
         class ResourceSelect < Phlexi::Form::Components::Select
           include Plutonium::UI::Component::Methods
+          include Plutonium::UI::Form::Concerns::TypeaheadAttributes
 
           # Cap on the number of records the dropdown materialises. Keeps
           # very large association tables from rendering thousands of
@@ -23,18 +24,23 @@ module Plutonium
               elsif @association_class.nil?
                 []
               else
-                relation = @association_class.all
-                relation = relation.limit(@choice_limit) if relation.respond_to?(:limit) && @choice_limit
-                if @skip_authorization
-                  relation
-                else
-                  authorized_resource_scope(@association_class, relation: relation)
-                end
+                authorized_relation(limit: @choice_limit)
               end
               build_choice_mapper(collection)
             end
           end
 
+          # Builds the authorized relation for the association class, optionally
+          # capped at `limit`. Shared by `choices` (with the limit) and
+          # `normalize_simple_input` (without — so typeahead picks beyond the
+          # rendered subset still validate).
+          def authorized_relation(limit: nil)
+            relation = @association_class.all
+            relation = relation.limit(limit) if limit && relation.respond_to?(:limit)
+            return relation if @skip_authorization
+            authorized_resource_scope(@association_class, relation: relation)
+          end
+
           def build_attributes
             # Defaults must land BEFORE super — AcceptsChoices.build_attributes
             # consumes :value_method / :label_method off `attributes` into
@@ -48,6 +54,17 @@ module Plutonium
             @skip_authorization = attributes.delete(:skip_authorization)
             @choice_limit = attributes.fetch(:choice_limit) { DEFAULT_CHOICE_LIMIT }
             attributes.delete(:choice_limit)
+            # Stash the typeahead option; the URL helper needs view_context
+            # which only exists once we're rendering.
+            @typeahead_option = attributes.delete(:typeahead)
+          end
+
+          # Phlex hook fires right before view_template runs and view_context
+          # is available, so this is where we can resolve the typeahead URL
+          # and inject the data attr.
+          def before_template
+            super
+            configure_typeahead_attributes!(@typeahead_option)
           end
 
           # SGIDs include a timestamp + signature, so the SGID in the URL
@@ -69,9 +86,22 @@ module Plutonium
           # string-equals a freshly generated option SGID for the same
           # record, so the value gets silently dropped — no WHERE clause
           # is built and the filter behaves as if it weren't applied.
-          # Match by decoded model id so the input survives.
+          #
+          # For SGID values backed by an association class, validate against
+          # the unbounded authorized relation rather than the rendered
+          # `choices` (which is capped at `choice_limit` and may not include
+          # records reachable via typeahead). For raw values / explicit
+          # `@raw_choices`, fall back to record-equality against the rendered
+          # options.
           def normalize_simple_input(input_value)
             return nil if input_value.blank?
+
+            sgid = SignedGlobalID.parse(input_value)
+            if sgid && @association_class && !@raw_choices
+              return nil unless sgid.model_class <= @association_class
+              return authorized_relation.exists?(id: sgid.model_id) ? input_value : nil
+            end
+
             choices.values.find { |opt| same_record?(input_value, opt) } && input_value
           end
 
@@ -102,6 +132,30 @@ module Plutonium
           def blank_option_text
             @include_blank.is_a?(String) ? @include_blank : super
           end
+
+          private
+
+          def typeahead_target_class
+            @association_class
+          end
+
+          def typeahead_kind_and_name(_typeahead_option)
+            detect_typeahead_kind_and_name
+          end
+
+          # Plutonium::UI::Form::Query roots its form with `as: :q`, so
+          # any field whose ancestry includes a node keyed :q is a filter
+          # input. The filter name is the immediate child of that root.
+          # Form inputs (new/edit) fall through to :input + the field key.
+          def detect_typeahead_kind_and_name
+            lineage = field.dom.lineage
+            q_index = lineage.find_index { |node| node.key == :q }
+            if q_index && (filter_node = lineage[q_index + 1])
+              [:filter, filter_node.key]
+            else
+              [:input, field.key]
+            end
+          end
         end
       end
     end

data/lib/plutonium/ui/form/components/secure_association.rb

@@ -6,6 +6,7 @@ module Plutonium
       module Components
         class SecureAssociation < Phlexi::Form::Components::AssociationBase
           include Plutonium::UI::Component::Methods
+          include Plutonium::UI::Form::Concerns::TypeaheadAttributes
 
           DEFAULT_CHOICE_LIMIT = Plutonium::UI::Form::Components::ResourceSelect::DEFAULT_CHOICE_LIMIT
 
@@ -21,46 +22,95 @@ module Plutonium
           delegate :association_reflection, to: :field
 
           def render_add_button
-            return if @add_action == false || add_url.nil?
+            return if @add_action == false
+
+            url, turbo_frame = add_url_and_frame
+            return unless url
+
+            # When the parent form is already inside a modal, route the
+            # "+" to the secondary frame so the stacked dialog opens on
+            # top of the original form rather than replacing it. The
+            # crud controller mirrors this on success — closing the
+            # secondary modal and reloading the primary so the
+            # association select picks up the new record.
+            if turbo_frame == Plutonium::REMOTE_MODAL_FRAME && in_modal?
+              turbo_frame = Plutonium::REMOTE_MODAL_SECONDARY_FRAME
+            end
 
-            a(
-              href: add_url,
+            attrs = {
+              href: url,
               class: "inline-flex items-center justify-center w-9 h-9 shrink-0 bg-[var(--pu-surface-alt)] hover:bg-[var(--pu-border)] border border-[var(--pu-border)] rounded-[var(--pu-radius-md)] focus:ring-2 focus:ring-[var(--pu-border)] focus:outline-none text-[var(--pu-text-muted)] hover:text-[var(--pu-text)] transition-colors"
-            ) do
+            }
+            attrs[:data] = {turbo_frame: turbo_frame} if turbo_frame
+
+            a(**attrs) do
               render Phlex::TablerIcons::Plus.new(class: "w-4 h-4")
             end
           end
 
-          def add_url
-            @add_url ||= begin
-              return unless @skip_authorization || allowed_to?(:create?, association_reflection.klass)
+          # Resolves the destination for the inline "+" button alongside
+          # the association select. We go through the target resource's
+          # `:new` action (rather than building a URL by hand) so the
+          # button inherits whatever modal/slideover frame the target
+          # resource is configured for — same path table/grid use for
+          # their own "New" button. A custom string `add_action:` skips
+          # the frame lookup since we can't infer the target's modal
+          # mode from an arbitrary URL.
+          def add_url_and_frame
+            klass = association_reflection.klass
+
+            if @add_action.is_a?(String)
+              return [with_return_to(@add_action), nil] if @skip_authorization || allowed_to?(:create?, klass)
+              return
+            end
 
-              url = @add_action || (registered_resources.include?(association_reflection.klass) && resource_url_for(association_reflection.klass, action: :new, parent: nil))
-              return unless url
+            return unless registered_resources.include?(klass)
+            action = resource_definition(klass).defined_actions[:new]
+            return unless action
+            return unless @skip_authorization || action.permitted_by?(policy_for(record: klass))
 
-              uri = URI(url)
-              uri.query = URI.encode_www_form({return_to: request.original_url})
-              uri.to_s
-            end
+            url = route_options_to_url(action.route_options, klass)
+            [with_return_to(url), action.turbo_frame]
+          end
+
+          def with_return_to(url)
+            uri = URI(url)
+            params = Rack::Utils.parse_nested_query(uri.query)
+            params["return_to"] = request.original_url
+            uri.query = params.to_query
+            uri.to_s
           end
 
           def choices
             @choices ||= begin
-              collection = if @raw_choices
-                @raw_choices
-              elsif @skip_authorization
-                choices_from_association(association_reflection.klass)
-              else
-                authorized_resource_scope(association_reflection.klass, relation: choices_from_association(association_reflection.klass))
-              end
+              collection = @raw_choices || authorized_relation
               collection = collection.limit(@choice_limit) if @choice_limit && collection.respond_to?(:limit)
               build_choice_mapper(collection)
             end
           end
 
+          # Builds the authorized association relation. Shared by `choices`
+          # (which then applies `choice_limit`) and `normalize_simple_input`
+          # (which validates against the full set so typeahead picks beyond
+          # the rendered subset still survive submit).
+          def authorized_relation
+            klass = association_reflection.klass
+            relation = choices_from_association(klass)
+            return relation if @skip_authorization
+            authorized_resource_scope(klass, relation: relation)
+          end
+
           def build_attributes
             build_association_attributes
             super
+            # Stash; the URL helper needs view_context which only exists
+            # once we're rendering.
+            @typeahead_option = attributes.delete(:typeahead)
+          end
+
+          def before_template
+            super
+            configure_typeahead_attributes!(@typeahead_option)
           end
 
           def build_association_attributes
@@ -79,6 +129,20 @@ module Plutonium
             end
           end
 
+          private
+
+          # Polymorphic reflections raise NameError on #klass — they
+          # have no single target class to search, so opt out.
+          def typeahead_target_class
+            return nil unless association_reflection
+            return nil if association_reflection.respond_to?(:polymorphic?) && association_reflection.polymorphic?
+            association_reflection.klass
+          end
+
+          def typeahead_kind_and_name(_typeahead_option)
+            [:input, association_reflection.name]
+          end
+
           def build_singluar_association_attributes
             attributes.fetch(:input_param) { attributes[:input_param] = :"#{association_reflection.name}_sgid" }
           end
@@ -88,9 +152,21 @@ module Plutonium
             attributes[:multiple] = true
           end
 
+          # Validates a submitted SGID against the authorized association scope
+          # (not against `choices`, which is capped at `choice_limit` and may
+          # not include records reachable via typeahead). For explicit
+          # `@raw_choices`, fall back to membership in the rendered list.
           def normalize_simple_input(input_value)
-            @signed_global_ids ||= choices.values.map { |choice| SignedGlobalID.parse(choice) }
-            ([SignedGlobalID.parse(input_value.presence)].compact & @signed_global_ids)[0]
+            sgid = SignedGlobalID.parse(input_value.presence)
+            return nil unless sgid
+
+            if @raw_choices
+              @signed_global_ids ||= choices.values.map { |choice| SignedGlobalID.parse(choice) }
+              return @signed_global_ids.include?(sgid) ? sgid : nil
+            end
+
+            return nil unless sgid.model_class <= association_reflection.klass
+            authorized_relation.exists?(id: sgid.model_id) ? sgid : nil
           end
 
           def selected?(option)

data/lib/plutonium/ui/form/concerns/typeahead_attributes.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module UI
+    module Form
+      module Concerns
+        # Shared typeahead wiring for association/resource select components.
+        #
+        # Hosts must implement two hooks:
+        #
+        #   typeahead_target_class      -> the associated model class, or nil
+        #                                  (returns nil for polymorphic/unknown)
+        #   typeahead_kind_and_name(opt) -> [:input | :filter, Symbol], used when
+        #                                  the consumer didn't pass an explicit
+        #                                  `typeahead: {kind:, name:}` hash
+        #
+        # The concern owns:
+        #   - `configure_typeahead_attributes!` — call from `before_template`
+        #   - `typeahead_searchable?` — registry + fallback-column check
+        #   - `typeahead_url_for` — engine route helper lookup
+        module TypeaheadAttributes
+          extend ActiveSupport::Concern
+
+          private
+
+          # Adds the typeahead URL data attr so the slim-select Stimulus
+          # controller delegates to the backend via events.search.
+          # Default-on (opt out with `typeahead: false`). Pass a Hash to
+          # override kind/name (e.g. `typeahead: {kind: :filter, name: :status}`).
+          #
+          # Auto opt-out: if the associated resource has neither a `search`
+          # block nor a fallback search column on the model, fall back to
+          # slim-select's eager list + client-side filter — the backend
+          # would just return unfiltered records.
+          def configure_typeahead_attributes!(typeahead_option)
+            return if typeahead_option == false
+            return unless typeahead_searchable?
+            url = typeahead_url_for(typeahead_option)
+            return unless url
+            attributes[:data_slim_select_typeahead_url_value] = url
+          end
+
+          def typeahead_searchable?
+            klass = typeahead_target_class
+            return false unless klass
+
+            # Go through `resource_definition` so portal/package namespacing
+            # is honored — a portal can ship its own definition with a
+            # different `search` block than the base.
+            return true if resource_definition(klass).class._search_definition.present?
+
+            Plutonium::Resource::Controllers::Typeahead
+              .searchable_column_for(klass, label_method: @label_method).present?
+          rescue NameError
+            false
+          end
+
+          def typeahead_url_for(typeahead_option)
+            kind, name = if typeahead_option.is_a?(Hash)
+              [typeahead_option[:kind] || :input, typeahead_option[:name]]
+            else
+              typeahead_kind_and_name(typeahead_option)
+            end
+            return nil unless name
+
+            route_key = resource_class.model_name.route_key
+            helper = (kind == :filter) ? :"typeahead_filter_#{route_key}_path" : :"typeahead_input_#{route_key}_path"
+
+            # Engine route helpers are the source of truth for routes
+            # mounted under a Plutonium portal — phlex-rails' `helpers`
+            # proxy is deprecated and not the right entry point here.
+            # Helper may be absent if a consumer removed the typeahead
+            # route from the resource — fall back to no URL, slim-select
+            # uses its eager list.
+            url_helpers = current_engine.routes.url_helpers
+            return nil unless url_helpers.respond_to?(helper)
+            url_helpers.public_send(helper, name: name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/ui/form/resource.rb

@@ -70,10 +70,6 @@ module Plutonium
           end
         end
 
-        def in_modal?
-          current_turbo_frame == Plutonium::REMOTE_MODAL_FRAME
-        end
-
         def show_submit_and_continue?
           return false unless object.respond_to?(:new_record?)
 

data/lib/plutonium/ui/grid/resource.rb

@@ -44,7 +44,7 @@ module Plutonium
             query: current_query_object,
             search_url: request.path,
             search_value: params.dig(:q, :search) || params[:search],
-            views: resource_definition.defined_views,
+            views: resource_definition.defined_index_views,
             current_view: :grid,
             view_cookie_name: Plutonium::UI::Page::Index.view_cookie_name(resource_class),
             view_cookie_path: Plutonium::UI::Page::Index.view_cookie_path(request)

data/lib/plutonium/ui/layout/base.rb

@@ -105,6 +105,7 @@ module Plutonium
 
         def render_after_main
           turbo_frame_tag(Plutonium::REMOTE_MODAL_FRAME)
+          turbo_frame_tag(Plutonium::REMOTE_MODAL_SECONDARY_FRAME)
         end
 
         def render_content(&)

data/lib/plutonium/ui/page/base.rb

@@ -90,13 +90,6 @@ module Plutonium
         # Returns false by default; pages opt-in by overriding.
         def aside_present? = false
 
-        # True when the page is rendered inside any turbo frame.
-        def in_frame? = current_turbo_frame.present?
-
-        # True when the page is rendered inside the remote_modal turbo frame.
-        # Used by form pages to suppress the sticky footer (modal owns its own footer).
-        def in_modal? = current_turbo_frame == Plutonium::REMOTE_MODAL_FRAME
-
         # Customization hooks
         def render_before_header
         end

data/lib/plutonium/ui/page/index.rb

@@ -46,11 +46,11 @@ module Plutonium
         # Resolution order:
         # 1. `?view=` URL param (so a shared link can pin a view)
         # 2. The view-preference cookie (sticky per-resource selection)
-        # 3. The resource's `default_view` (which itself defaults to
-        #    `views.first`)
+        # 3. The resource's `default_index_view` (which itself defaults to
+        #    `index_views.first`)
         def selected_view
           definition = current_definition
-          enabled = definition.defined_views
+          enabled = definition.defined_index_views
 
           requested = params[:view]&.to_sym
           return requested if requested && enabled.include?(requested)
@@ -58,7 +58,7 @@ module Plutonium
           stored = helpers.cookies[self.class.view_cookie_name(resource_class)]&.to_sym
           return stored if stored && enabled.include?(stored)
 
-          definition.default_view
+          definition.default_index_view
         end
 
         def page_type = :index_page

data/lib/plutonium/ui/table/resource.rb

@@ -44,7 +44,7 @@ module Plutonium
             query: current_query_object,
             search_url: current_search_url,
             search_value: params.dig(:q, :search) || params[:search],
-            views: resource_definition.defined_views,
+            views: resource_definition.defined_index_views,
             current_view: :table,
             view_cookie_name: Plutonium::UI::Page::Index.view_cookie_name(resource_class),
             view_cookie_path: Plutonium::UI::Page::Index.view_cookie_path(request)

data/lib/plutonium/version.rb

@@ -1,5 +1,5 @@
 module Plutonium
-  VERSION = "0.50.0"
+  VERSION = "0.51.0"
   NEXT_MAJOR_VERSION = VERSION.split(".").tap { |v|
     v[1] = v[1].to_i + 1
     v[2] = 0

data/lib/plutonium.rb

@@ -28,6 +28,14 @@ module Plutonium
   # frame name lives in one place.
   REMOTE_MODAL_FRAME = "remote_modal"
 
+  # Secondary modal frame, used to stack a modal on top of the primary one
+  # (e.g. clicking the inline "+" next to an association field while the
+  # parent form is itself rendered in the primary modal). The layout
+  # renders a second frame, and `in_modal?` recognises both.
+  REMOTE_MODAL_SECONDARY_FRAME = "remote_modal_secondary"
+
+  MODAL_FRAMES = [REMOTE_MODAL_FRAME, REMOTE_MODAL_SECONDARY_FRAME].freeze
+
   # Set up Zeitwerk loader for the Plutonium gem
   # @return [Zeitwerk::Loader] configured Zeitwerk loader instance
   Loader = Zeitwerk::Loader.for_gem(warn_on_extra_files: false).tap do |loader|

data/lib/tasks/release.rake

@@ -102,7 +102,11 @@ namespace :release do
   desc "Build front-end assets"
   task :build_frontend do
     puts "Building front-end assets..."
-    system("yarn build") || abort("Front-end build failed")
+    # in: File::NULL — yarn 4 puts the terminal in raw mode for its
+    # progress UI and doesn't always restore it on exit. Without this,
+    # subsequent `$stdin.gets` prompts read one keystroke at a time and
+    # never see a newline, so Enter never terminates the line.
+    system("yarn build", in: File::NULL) || abort("Front-end build failed")
     puts "✓ Built front-end assets"
   end
 
@@ -160,6 +164,14 @@ namespace :release do
       exit 1
     end
 
+    # Snapshot the terminal mode up front. yarn 4 and git-cliff both put
+    # the TTY in raw mode for progress UIs and don't always restore it,
+    # which breaks every subsequent `$stdin.gets` (Enter arrives as a
+    # bare \r and gets() never returns). Restore the snapshot before each
+    # prompt so the user can actually answer.
+    tty_state = `stty -g 2>/dev/null`.strip
+    restore_tty = -> { system("stty #{tty_state} 2>/dev/null") if tty_state != "" }
+
     puts "Starting release workflow for v#{version}..."
 
     # Check npm authentication early, login if needed
@@ -179,6 +191,7 @@ namespace :release do
     current_branch = `git branch --show-current`.strip
     unless current_branch == "main" || current_branch == "master"
       puts "Warning: You're not on main/master branch (current: #{current_branch})"
+      restore_tty.call
       print "Continue anyway? [y/N] "
       exit 1 unless $stdin.gets.strip.downcase == "y"
     end
@@ -187,6 +200,7 @@ namespace :release do
     Rake::Task["release:prepare"].invoke(version)
 
     # Confirm before proceeding
+    restore_tty.call
     puts "\nReady to commit, tag, and publish?"
     print "Continue? [y/N] "
     exit 0 unless $stdin.gets.strip.downcase == "y"