plutonium 0.58.1 → 0.60.0

data/lib/generators/pu/rodauth/admin_generator.rb

@@ -95,13 +95,16 @@ module Pu
       def create_invite_interaction
         template "app/interactions/invite_admin_interaction.rb",
           "app/interactions/#{normalized_name}/invite_interaction.rb"
+        template "app/interactions/resend_admin_interaction.rb",
+          "app/interactions/#{normalized_name}/resend_invite_interaction.rb"
 
         inject_into_file "app/definitions/#{normalized_name}_definition.rb",
-          "  action :invite, interaction: #{name.classify}::InviteInteraction, collection: true, category: :primary\n",
+          "  action :invite, interaction: #{name.classify}::InviteInteraction, collection: true, category: :primary\n" \
+          "  action :resend_invite, interaction: #{name.classify}::ResendInviteInteraction, record_action: true, category: :secondary\n",
           after: /class #{name.classify}Definition < .+\n/
 
         inject_into_file "app/policies/#{normalized_name}_policy.rb",
-          "def invite?\n    true\n  end\n\n  ",
+          "def invite?\n    true\n  end\n\n  def resend_invite?\n    record.unverified?\n  end\n\n  ",
           before: "# Core attributes"
       end
 

data/lib/generators/pu/rodauth/migration_generator.rb

@@ -20,7 +20,7 @@ module Pu
       desc "Generate migrations for supported features\n\n" \
            "Supported Features\n" \
            "=========================================\n" \
-           "#{MIGRATION_CONFIG.keys.sort.map(&:to_s).join "\n"}\n\n\n\n"
+           "#{MIGRATION_CONFIG.keys.sort.join "\n"}\n\n\n\n"
 
       class_option :features, required: true, type: :array,
         desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)"

data/lib/generators/pu/rodauth/templates/app/interactions/resend_admin_interaction.rb.tt

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class <%= name.classify %>::ResendInviteInteraction < Plutonium::Resource::Interaction
+  presents label: "Resend Invitation", icon: Phlex::TablerIcons::MailForward
+
+  attribute :resource
+
+  def execute
+    unless resource.unverified?
+      return failed("Can only resend invitations to unverified accounts")
+    end
+
+    RodauthApp.rodauth(:<%= normalized_name %>).verify_account_resend(login: resource.email)
+    succeed(resource).with_message("Invitation resent to #{resource.email}")
+  rescue ::Rodauth::InternalRequestError => e
+    failed(e.message)
+  end
+end

data/lib/generators/pu/rodauth/views_generator.rb

@@ -13,7 +13,7 @@ module Pu
       desc "Generate views for selected features\n\n" \
            "Supported Features\n" \
            "=========================================\n" \
-           "#{VIEW_CONFIG.keys.sort.map(&:to_s).join "\n"}\n\n\n\n"
+           "#{VIEW_CONFIG.keys.sort.join "\n"}\n\n\n\n"
 
       argument :plugin_name, type: :string, optional: true,
         desc: "[CONFIG] Name of the configured rodauth app. Leave blank to use the primary account."

data/lib/plutonium/definition/base.rb

@@ -34,6 +34,7 @@ module Plutonium
       include Search
       include NestedInputs
       include StructuredInputs
+      include FormLayout
       include IndexViews
       include Metadata
 
@@ -62,6 +63,9 @@ module Plutonium
       # fields
       defineable_props :field, :input, :display, :column
 
+      # export
+      defineable_prop :export
+
       # queries
       defineable_props :filter, :scope
 

data/lib/plutonium/definition/form_layout.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Definition
+    # Declarative form sectioning. Mixed into both resource definitions and
+    # interactions (mirrors StructuredInputs). The layout references field KEYS
+    # only and carries section-level options; per-field config stays on `input`.
+    #
+    # @example
+    #   form_layout do
+    #     section :identity, :name, :email, label: "Your identification"
+    #     section :address, :street, :city, collapsible: true, columns: 2,
+    #       condition: -> { object.requires_address? }
+    #     ungrouped label: "Other"
+    #   end
+    module FormLayout
+      extend ActiveSupport::Concern
+
+      UNGROUPED_KEY = :ungrouped
+
+      # One declared section, or the implicit `ungrouped` bucket (empty `fields`).
+      Section = Struct.new(:key, :fields, :options) do
+        def ungrouped? = key == UNGROUPED_KEY
+        def label = options[:label] || key.to_s.humanize
+        def description = options[:description]
+        def collapsible? = !!options[:collapsible]
+        def collapsed? = !!options[:collapsed]
+        def columns = options[:columns]
+        def condition = options[:condition]
+      end
+
+      # A section paired with the concrete fields it will render (after policy
+      # filtering). Produced by #resolve_form_sections (a later task).
+      ResolvedSection = Struct.new(:section, :fields)
+
+      # Collects section/ungrouped calls from a form_layout block in order.
+      class Builder
+        attr_reader :sections
+
+        def initialize
+          @sections = []
+          @ungrouped_seen = false
+        end
+
+        def section(key, *fields, **options)
+          if key == UNGROUPED_KEY
+            raise ArgumentError,
+              "`section :#{UNGROUPED_KEY}` is reserved — use the `ungrouped` macro"
+          end
+          validate_columns!(options)
+          @sections << Section.new(key:, fields: fields.freeze, options: options.freeze)
+        end
+
+        def ungrouped(**options)
+          raise ArgumentError, "`ungrouped` may only be declared once" if @ungrouped_seen
+          @ungrouped_seen = true
+          validate_columns!(options)
+          @sections << Section.new(key: UNGROUPED_KEY, fields: [].freeze, options: options.freeze)
+        end
+
+        private
+
+        def validate_columns!(options)
+          return unless options.key?(:columns)
+          value = options[:columns]
+          unless Integer === value && value > 0
+            raise ArgumentError,
+              "form_layout :columns must be a positive Integer, got #{value.inspect}"
+          end
+        end
+      end
+
+      class_methods do
+        # Declare the form layout. Re-declaring replaces it as a unit.
+        def form_layout(&block)
+          raise ArgumentError, "`form_layout` requires a block" unless block
+          builder = Builder.new
+          builder.instance_exec(&block)
+          @defined_form_layout = builder.sections.freeze
+        end
+
+        # Ordered Array<Section>, or nil when no layout was declared.
+        def defined_form_layout
+          @defined_form_layout
+        end
+
+        def inherited(subclass)
+          super
+          subclass.instance_variable_set(:@defined_form_layout, defined_form_layout&.dup)
+        end
+      end
+
+      # Instance access — the form render path holds a definition/interaction
+      # instance (mirrors the defineable_prop convention).
+      def defined_form_layout
+        self.class.defined_form_layout
+      end
+
+      # Resolve the policy-filtered field list into ordered ResolvedSections.
+      # Returns nil when no layout is declared (caller falls back to one grid).
+      def resolve_form_sections(resource_fields)
+        layout = defined_form_layout
+        return nil unless layout
+
+        resource_fields = resource_fields.map(&:to_sym)
+        known = resource_fields.to_set
+
+        # First-section-wins assignment: map each field to the first section key.
+        owner = {}
+        layout.each do |section|
+          next if section.ungrouped?
+          section.fields.each do |f|
+            unless known.include?(f)
+              raise ArgumentError,
+                "form_layout section :#{section.key} references unknown field :#{f}"
+            end
+            owner[f] ||= section.key
+          end
+        end
+        leftovers = resource_fields.reject { |f| owner.key?(f) }
+
+        resolved = layout.map do |section|
+          fields =
+            if section.ungrouped?
+              leftovers
+            else
+              section.fields.select { |f| owner[f] == section.key }
+            end
+          ResolvedSection.new(section:, fields:)
+        end
+
+        unless layout.any?(&:ungrouped?)
+          implicit = ResolvedSection.new(
+            section: Section.new(key: UNGROUPED_KEY, fields: [].freeze, options: {}.freeze),
+            fields: leftovers
+          )
+          resolved.push(implicit)
+        end
+
+        resolved
+      end
+    end
+  end
+end

data/lib/plutonium/interaction/base.rb

@@ -26,6 +26,7 @@ module Plutonium
       include Plutonium::Definition::ConfigAttr
       include Plutonium::Definition::Presentable
       include Plutonium::Definition::StructuredInputs
+      include Plutonium::Definition::FormLayout
 
       # On interactions, declaring a structured input also declares the backing
       # ActiveModel attribute so the value survives `attributes=` and appears in

data/lib/plutonium/package/engine.rb

@@ -4,14 +4,24 @@ module Plutonium
       extend ActiveSupport::Concern
 
       included do
-        # prevent this package from being added to the view lookup
-        # since we need finer control over how views are resolved.
-        # view lookup configuration is handled at the controller level
-        config.before_configuration do
-          # this touches the internals of rails, but I could not find a good way of doing this
-          # we get the initializer instance and set the block property to a noop
+        # Prevent this package's app/views from being appended to the global
+        # ActionController/ActionMailer view lookup — Plutonium resolves package
+        # views at the controller level (see Plutonium::Core::Controllers::Bootable,
+        # which reads current_engine.paths["app/views"]). We neutralize the
+        # engine's built-in `add_view_paths` initializer rather than clearing
+        # config.paths["app/views"], which that controller-level resolver needs.
+        #
+        # This MUST run as a real initializer (before :add_view_paths), NOT in
+        # before_configuration: that hook can fire before sibling package engines
+        # are loaded (it does in development, where :before_configuration has
+        # already run by the time config/packages.rb loads). Touching
+        # Rails.application.initializers there forces Rails.application.railties
+        # to memoize early — with only the packages loaded so far — permanently
+        # dropping the rest from the autoload paths (e.g. `uninitialized constant
+        # Blogging::Post`). By initializer-run time, railties is fully populated.
+        initializer :plutonium_neutralize_add_view_paths, before: :add_view_paths do
           add_view_paths_initializer = Rails.application.initializers.find do |a|
-            a.context_class == self && a.name.to_s == "add_view_paths"
+            a.context_class == self.class && a.name.to_s == "add_view_paths"
           end
           add_view_paths_initializer&.instance_variable_set(:@block, ->(app) {})
         end

data/lib/plutonium/query/filter.rb

@@ -17,9 +17,12 @@ module Plutonium
         end
       end
 
-      def initialize(key:)
+      attr_reader :resource_class
+
+      def initialize(key:, resource_class: nil)
         super()
         @key = key
+        @resource_class = resource_class
       end
     end
   end

data/lib/plutonium/query/filters/association.rb

@@ -16,10 +16,9 @@ module Plutonium
       #   filter :user, with: :association, class_name: User, scope: ->(s) { s.active }
       #
       class Association < Filter
-        def initialize(class_name: nil, resource_class: nil, scope: nil, multiple: true, **)
+        def initialize(class_name: nil, scope: nil, multiple: true, **)
           super(**)
           @class_name = class_name
-          @resource_class = resource_class
           @scope_proc = scope
           @multiple = multiple
         end

data/lib/plutonium/resource/controller.rb

@@ -16,6 +16,7 @@ module Plutonium
       include Plutonium::Resource::Controllers::CrudActions
       include Plutonium::Resource::Controllers::InteractiveActions
       include Plutonium::Resource::Controllers::Typeahead
+      include Plutonium::Resource::Controllers::ExportCsv
       include Plutonium::StructuredInputs::ParamsConcern
 
       included do

data/lib/plutonium/resource/controllers/export_csv.rb

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+
+require "csv"
+
+module Plutonium
+  module Resource
+    module Controllers
+      # Streams the current resource collection as a CSV download.
+      #
+      # Auto-mounted on every Plutonium resource via the
+      # `interactive_resource_actions` routing concern (see
+      # Plutonium::Routing::MapperExtensions). Gated by the `export_csv?`
+      # policy method, which defaults to `false` — export is strictly
+      # opt-in (enable it by overriding `export_csv?` to return true).
+      #
+      # The exported rows are exactly the index's filtered collection
+      # (`filtered_resource_collection`) — same search, filters, scope, and
+      # tenant/parent scoping — but NOT paginated: every matching record is
+      # exported. Rows are streamed (a lazy Enumerator body + `find_each`) so
+      # memory stays flat regardless of row count.
+      #
+      # Columns come from `policy.permitted_attributes_for_export` (defaults
+      # to the index columns), with the primary key always prepended as the
+      # first column. Per-field output and headers are customizable through
+      # the definition's `export` DSL.
+      #
+      # `find_each` iterates in primary-key order, so the file does not
+      # preserve the index's current sort (filters/search/scope still apply).
+      #
+      # Streaming uses a lazy Enumerator response body rather than
+      # `send_stream` — the latter lives in ActionController::Live, which
+      # would turn *every* resource action into a threaded streaming
+      # response. The Enumerator body streams through Rack on its own.
+      module ExportCsv
+        extend ActiveSupport::Concern
+
+        # Placeholder written when a column is neither an `export` block nor a
+        # real attribute on the record, so the export degrades to a usable file
+        # instead of a mid-stream NoMethodError (which would truncate the
+        # already-committed download).
+        INVALID_COLUMN = "<<invalid column>>"
+
+        included do
+          before_action :authorize_export_csv!, only: :export_csv
+          # Row-level authorization is the scope itself
+          # (current_authorized_scope via filtered_resource_collection), so
+          # the after_action scope verifier is redundant here.
+          skip_verify_current_authorized_scope only: :export_csv
+        end
+
+        # GET /<resources>/export_csv
+        def export_csv
+          response.headers["Content-Type"] = "text/csv; charset=utf-8"
+          response.headers["Content-Disposition"] =
+            ActionDispatch::Http::ContentDisposition.format(disposition: "attachment", filename: export_csv_filename)
+          # Defeat proxy/`Rack::ETag` buffering so rows flush as they're read.
+          response.headers["X-Accel-Buffering"] = "no"
+          response.headers["Cache-Control"] = "no-cache"
+
+          self.response_body = export_csv_lines
+        end
+
+        private
+
+        def authorize_export_csv!
+          authorize_current! resource_class, to: :export_csv?
+        end
+
+        def export_csv_filename
+          suffix = export_all_requested? ? "_all" : ""
+          "#{export_csv_basename}#{suffix}_#{Date.current}.csv"
+        end
+
+        # The human resource name, slugified for a filesystem-friendly file
+        # (Blogging::Post → "posts", not the route key "blogging_posts").
+        def export_csv_basename
+          helpers.resource_name_plural(resource_class).parameterize(separator: "_")
+        end
+
+        # Which records to export. Two modes:
+        # - default — the index's filtered collection (current scope,
+        #   filters, and search via `?q`).
+        # - `?all=1` — the entire authorized scope, bypassing the query
+        #   object entirely (no scope/filter/search/default-scope).
+        # Both still respect tenant/parent scoping (current_authorized_scope).
+        def export_csv_collection
+          export_all_requested? ? current_authorized_scope : filtered_resource_collection
+        end
+
+        def export_all_requested?
+          ActiveModel::Type::Boolean.new.cast(params[:all])
+        end
+
+        # A lazy line enumerator: the header row, then one CSV line per
+        # record streamed via `find_each` (bounded memory). Pure with
+        # respect to the response, so it's unit-testable on its own.
+        def export_csv_lines
+          columns = export_columns
+          Enumerator.new do |yielder|
+            yielder << export_csv_row(columns.map { |name| export_csv_header(name) })
+            export_csv_collection.find_each do |record|
+              yielder << export_csv_row(columns.map { |name| export_csv_value(record, name) })
+            end
+          end
+        end
+
+        # Serializes one row, neutralizing spreadsheet formula injection per cell.
+        def export_csv_row(cells)
+          CSV.generate_line(cells.map { |cell| neutralize_csv_formula(cell) })
+        end
+
+        # A cell beginning with = + - @ (or a leading tab/CR) is executed as a
+        # formula by Excel/Sheets. Prefix it with a single quote so the value
+        # imports as literal text (CSV/formula injection).
+        def neutralize_csv_formula(value)
+          string = value.to_s
+          /\A[=+\-@\t\r]/.match?(string) ? "'#{string}" : string
+        end
+
+        # The primary key is always the first column, followed by the
+        # policy's exportable attributes (de-duplicated so an explicitly
+        # listed primary key isn't repeated).
+        def export_columns
+          primary_key = resource_class.primary_key.to_sym
+          [primary_key] + (exportable_attributes.map(&:to_sym) - [primary_key])
+        end
+
+        def exportable_attributes
+          @exportable_attributes ||= current_policy.send_with_report(:permitted_attributes_for_export)
+        end
+
+        # Resolves a cell's value. An `export` block (definition DSL) takes
+        # precedence; otherwise the attribute is read off the record.
+        # Associations render as their display label — the same as the index —
+        # instead of "#<User:0x…>"; scalars pass through untouched. A name that
+        # is neither an `export` block nor a real attribute renders the
+        # INVALID_COLUMN placeholder rather than aborting the stream.
+        def export_csv_value(record, name)
+          definition = current_definition.defined_exports[name]
+          return definition[:block].call(record) if definition && definition[:block]
+
+          begin
+            value = record.public_send(name)
+          rescue NoMethodError
+            return INVALID_COLUMN
+          end
+
+          case value
+          when ActiveRecord::Base then helpers.display_name_of(value)
+          when ActiveRecord::Relation then helpers.display_name_of(value.to_a)
+          else value
+          end
+        end
+
+        def export_csv_header(name)
+          definition = current_definition.defined_exports[name]
+          definition&.dig(:options, :label) || name.to_s.humanize
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/resource/controllers/queryable.rb

@@ -40,6 +40,7 @@ module Plutonium
                   filter_class = Plutonium::Query::Filter.lookup(with)
                   options = value[:options].except(:with)
                   options[:key] ||= key
+                  options[:resource_class] ||= resource_class
                   with = filter_class.new(**options)
                 end
                 query_object.define_filter key, with, &value[:block]

data/lib/plutonium/resource/policy.rb

@@ -186,6 +186,16 @@ module Plutonium
         index?
       end
 
+      # Checks if CSV export is permitted.
+      #
+      # Defaults to false so export is strictly opt-in. Enable it per
+      # resource by overriding to return true (or delegating to index?).
+      #
+      # @return [Boolean] false by default.
+      def export_csv?
+        false
+      end
+
       # Core attributes
 
       # Returns the permitted attributes for the create action.
@@ -228,6 +238,17 @@ module Plutonium
         permitted_attributes_for_read
       end
 
+      # Returns the attributes included in an export (e.g. CSV columns).
+      #
+      # Format-agnostic on purpose (named `_export`, not `_export_csv`) so a
+      # future export format can reuse the same column set. Defaults to the
+      # index columns; override to tailor the exported columns.
+      #
+      # @return [Array<Symbol>] Delegates to permitted_attributes_for_index.
+      def permitted_attributes_for_export
+        permitted_attributes_for_index
+      end
+
       # Returns the permitted attributes for the new action.
       #
       # @return [Array<Symbol>] Delegates to permitted_attributes_for_create.

data/lib/plutonium/routing/mapper_extensions.rb

@@ -42,6 +42,7 @@ module Plutonium
           define_member_interactive_actions
           define_collection_interactive_actions
           define_collection_typeahead_actions
+          define_collection_export_actions
         end
       end
 
@@ -181,6 +182,18 @@ module Plutonium
             as: :typeahead_filter
         end
       end
+
+      # Defines the collection-level CSV export action. Auto-mounted on
+      # every Plutonium resource alongside typeahead and bulk actions.
+      # The action itself is gated by the `export_csv?` policy (default
+      # false), so the route is harmless until a resource opts in.
+      #
+      # @return [void]
+      def define_collection_export_actions
+        collection do
+          get "export_csv", action: :export_csv, as: :export_csv
+        end
+      end
     end
   end
 end

data/lib/plutonium/ui/export_button.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module UI
+    # Connected split "Export" control for the index toolbar (sits beside
+    # the Filter button and shares its `pu-btn-outline pu-btn-sm` styling).
+    #
+    # The primary button exports the current view (selected scope + filters
+    # + search). The caret opens a menu with "Export all", which exports the
+    # entire authorized scope.
+    #
+    # Both links carry `target="_blank"`, which opens the streamed download
+    # in a new tab and bypasses Turbo (Turbo ignores links with a `target`).
+    #
+    # The two halves are joined into one control by flattening their shared
+    # inner corners via inline styles (`rounded-*-none` utilities aren't in
+    # the packaged stylesheet), so it reads as a single button rather than
+    # two pills.
+    class ExportButton < Plutonium::UI::Component::Base
+      # Inline corner/border tweaks that join the two halves seamlessly.
+      PRIMARY_STYLE = "border-top-right-radius:0;border-bottom-right-radius:0"
+      CARET_STYLE = "border-top-left-radius:0;border-bottom-left-radius:0;border-left-width:0;padding-left:0.375rem;padding-right:0.375rem"
+
+      def initialize(scoped_url:, all_url:)
+        @scoped_url = scoped_url
+        @all_url = all_url
+      end
+
+      def view_template
+        div(class: "relative inline-flex", data: {controller: "resource-drop-down"}) do
+          render_primary
+          render_caret
+          render_menu
+        end
+      end
+
+      private
+
+      def render_primary
+        a(
+          href: @scoped_url,
+          target: "_blank",
+          rel: "noopener",
+          class: "pu-btn pu-btn-outline pu-btn-sm",
+          style: PRIMARY_STYLE
+        ) do
+          render Phlex::TablerIcons::Download.new(class: "w-4 h-4 shrink-0")
+          span { "Export" }
+        end
+      end
+
+      def render_caret
+        button(
+          type: "button",
+          class: "pu-btn pu-btn-outline pu-btn-sm",
+          style: CARET_STYLE,
+          aria: {expanded: "false", haspopup: "menu", label: "More export options"},
+          data: {resource_drop_down_target: "trigger"}
+        ) do
+          render Phlex::TablerIcons::ChevronDown.new(class: "w-4 h-4")
+        end
+      end
+
+      def render_menu
+        div(
+          class: "hidden absolute right-0 top-full z-50 mt-1 w-48 origin-top-right bg-[var(--pu-surface)] " \
+                 "border border-[var(--pu-border)] rounded-[var(--pu-radius-lg)] overflow-hidden",
+          style: "box-shadow: var(--pu-shadow-lg)",
+          data: {resource_drop_down_target: "menu"}
+        ) do
+          div(class: "py-1") do
+            a(
+              href: @all_url,
+              target: "_blank",
+              rel: "noopener",
+              class: "flex items-center gap-2 px-4 py-2 text-sm text-[var(--pu-text)] hover:bg-[var(--pu-surface-alt)] transition-colors"
+            ) do
+              render Phlex::TablerIcons::Download.new(class: "w-4 h-4")
+              span { "Export all" }
+            end
+          end
+        end
+      end
+    end
+  end
+end