quick_admin 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5af5176fddb574f8fc9b446503a342c2145b0321056bee52e3eec007d6e4f380
+  data.tar.gz: bb6312b10474f3ebd563331e32036a961e28c5b3234eada5d1de8b47f002b98c
+SHA512:
+  metadata.gz: 6f6ae346359efd5216aceff8a414103827e105f61f566122410aee4dcbd1b85bae005f28f92c719ab39ec6ad0c4d2f9af61bf4889f179914b18b89f11fbaf6b3
+  data.tar.gz: 3c8a42162cc052453aca127e994e495ab2b0872a7838f5389357d10eb8080551ea121c0f88c5e1b27f182f9aeafa49f438f057d1077af5f5f37168e318cea1ae

data/CHANGELOG.md

@@ -0,0 +1,46 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2025-01-03
+
+### Added
+- Initial release of QuickAdmin gem
+- Basic CRUD operations for Rails models
+- Search functionality across specified fields
+- Filtering by model attributes (boolean, date, datetime, text)
+- Sorting by any column
+- Bulk delete operations
+- Turbo/Hotwire integration for seamless UX
+- Active Storage support for file uploads
+- Modal forms for create/edit operations
+- Responsive design with mobile support
+- Pagination support
+- Configurable authentication (Devise, custom, or none)
+- Configurable CSS framework support (Tailwind, Bootstrap, or built-in)
+- Configurable text editor support (Trix, Lexical, or textarea)
+- Resource configuration DSL
+- Dashboard with resource counts
+- Built-in vanilla JavaScript controllers for search, filters, bulk actions, and modals
+
+### Security
+- CSRF protection via Rails default `protect_from_forgery`
+- Parameterized SQL queries for search functionality
+- Active Storage signed URLs for attachment access
+- Input sanitization through Rails strong parameters
+
+## [Unreleased]
+
+### Changed
+- Improved SQL injection protection in ORDER BY clause
+- Enhanced error handling in attachment handling
+- Better documentation and inline comments
+
+### Added
+- Comprehensive usage guide
+- Contributing guidelines
+- Security policy
+- Code of conduct

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2025 QuickAdmin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,270 @@
+# QuickAdmin
+
+[![Gem Version](https://badge.fury.io/rb/quick_admin.svg)](https://badge.fury.io/rb/quick_admin)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+A lightweight, minimal Rails admin interface gem with modern Turbo/Hotwire integration.
+
+QuickAdmin provides a simple, no-hassle admin interface for your Rails applications without the complexity and overhead of heavier admin frameworks.
+
+## Features
+
+- ✅ **Minimal Dependencies**: Only Rails required
+- ✅ **Modern UX**: Built with Turbo and Stimulus
+- ✅ **CRUD Operations**: Create, read, update, delete
+- ✅ **Search & Filtering**: Real-time search and filtering
+- ✅ **Mass Actions**: Bulk delete and operations
+- ✅ **File Uploads**: Active Storage integration
+- ✅ **Responsive Design**: Works on all devices
+- ✅ **Configurable**: Optional Devise, Tailwind, Bootstrap, Trix support
+
+## Quick Start
+
+```bash
+# Add to Gemfile
+gem 'quick_admin'
+
+# Install
+bundle install
+rails generate quick_admin:install
+
+# Configure (config/initializers/quick_admin.rb)
+QuickAdmin.resource :user do |r|
+  r.fields :name, :email, :created_at
+  r.searchable :name, :email
+  r.editable :name, :email
+end
+
+# Visit http://localhost:3000/admin
+```
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'quick_admin'
+```
+
+And then execute:
+
+```bash
+$ bundle install
+$ rails generate quick_admin:install
+```
+
+## Configuration
+
+Configure QuickAdmin in `config/initializers/quick_admin.rb`:
+
+```ruby
+QuickAdmin.configure do |config|
+  config.authentication = :devise    # Optional: :devise, :custom, or nil
+  config.css_framework = :tailwind   # Optional: :tailwind, :bootstrap, or :none
+  config.text_editor = :trix         # Optional: :trix, :lexical, or :textarea
+  config.per_page = 25
+  config.mount_path = '/admin'
+  config.app_name = 'My Admin'
+end
+```
+
+## Resource Configuration
+
+Define your admin resources:
+
+```ruby
+QuickAdmin.resource :user do |r|
+  r.fields :name, :email, :created_at, :updated_at
+  r.searchable :name, :email
+  r.filterable :created_at
+  r.editable :name, :email
+  r.name 'Users'
+end
+
+QuickAdmin.resource :post do |r|
+  r.fields :title, :content, :published, :author, :created_at
+  r.searchable :title, :content
+  r.filterable :published, :created_at
+  r.editable :title, :content, :published
+end
+```
+
+## Field Types
+
+QuickAdmin automatically detects and handles various field types:
+
+- **Text**: String, text fields
+- **Numbers**: Integer, decimal, float
+- **Dates**: Date, datetime, timestamp
+- **Booleans**: True/false values
+- **Files**: Active Storage attachments
+- **Rich Text**: With Trix integration (optional)
+
+## Authentication
+
+### No Authentication (Default)
+```ruby
+config.authentication = nil
+```
+
+### With Devise
+```ruby
+config.authentication = :devise
+```
+
+### Custom Authentication
+```ruby
+config.authentication = :custom
+
+# Override in your ApplicationController
+class ApplicationController < ActionController::Base
+  private
+  
+  def admin_authenticated?
+    current_user&.admin?
+  end
+end
+```
+
+## Styling
+
+### Built-in Styles (Default)
+```ruby
+config.css_framework = :none
+```
+
+### With Tailwind CSS
+```ruby
+config.css_framework = :tailwind
+```
+
+### With Bootstrap
+```ruby
+config.css_framework = :bootstrap
+```
+
+## Text Editors
+
+### Simple Textarea (Default)
+```ruby
+config.text_editor = :textarea
+```
+
+### With Trix (Action Text)
+```ruby
+config.text_editor = :trix
+```
+
+### With Lexical
+```ruby
+config.text_editor = :lexical
+```
+
+## Usage
+
+After configuration, visit your admin interface at the configured mount path (default: `/admin`).
+
+### Features Available:
+- Browse all configured resources
+- Create, edit, and delete records
+- Search across specified fields
+- Filter by configured fields
+- Sort by any column
+- Bulk delete operations
+- File upload and preview
+- Responsive modal forms
+
+## ⚠️ Security Warning
+
+**By default, QuickAdmin does NOT require authentication.** This is intentional for development but **MUST be changed for production**.
+
+```ruby
+# ❌ NEVER use this in production
+QuickAdmin.configure do |config|
+  config.authentication = nil
+end
+
+# ✅ Always use authentication in production
+QuickAdmin.configure do |config|
+  config.authentication = :devise  # or :custom
+end
+```
+
+See [SECURITY.md](SECURITY.md) for detailed security guidelines.
+
+## Requirements
+
+- Ruby >= 3.0.0
+- Rails >= 7.0.0
+- Turbo Rails >= 2.0
+
+## Documentation
+
+- 📖 [Usage Guide](USAGE_GUIDE.md) - Comprehensive usage documentation
+- 🔒 [Security Policy](SECURITY.md) - Security best practices
+- 🤝 [Contributing](CONTRIBUTING.md) - How to contribute
+- 📋 [Changelog](CHANGELOG.md) - Version history
+- 📜 [Code of Conduct](CODE_OF_CONDUCT.md) - Community guidelines
+
+## Development
+
+After checking out the repo, run:
+
+```bash
+bundle install
+bundle exec rspec
+
+# Run the dummy app
+cd spec/dummy
+rails db:migrate
+rails server
+# Visit http://localhost:3000/admin
+```
+
+## Roadmap
+
+- [ ] Advanced filtering options
+- [ ] Export to CSV/Excel
+- [ ] Custom actions per resource
+- [ ] Batch update operations
+- [ ] Activity logging/audit trail
+- [ ] Dashboard customization
+- [ ] Role-based permissions
+- [ ] API endpoint generation
+
+## Contributing
+
+We welcome contributions! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests.
+
+### Quick Contribution Guide
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/amazing-feature`)
+3. Add tests for your changes
+4. Ensure all tests pass (`bundle exec rspec`)
+5. Commit your changes (`git commit -am 'Add amazing feature'`)
+6. Push to the branch (`git push origin feature/amazing-feature`)
+7. Open a Pull Request
+
+## Support
+
+- 🐛 [Report a bug](https://github.com/yourusername/quick_admin/issues/new?labels=bug)
+- 💡 [Request a feature](https://github.com/yourusername/quick_admin/issues/new?labels=enhancement)
+- 💬 [Ask a question](https://github.com/yourusername/quick_admin/discussions)
+
+## Alternatives
+
+QuickAdmin is designed to be minimal. If you need more features, consider:
+
+- [ActiveAdmin](https://github.com/activeadmin/activeadmin) - Feature-rich admin framework
+- [RailsAdmin](https://github.com/railsadminteam/rails_admin) - Traditional admin interface
+- [Administrate](https://github.com/thoughtbot/administrate) - Thoughtbot's admin framework
+- [Avo](https://avohq.io/) - Modern admin panel (commercial)
+
+## License
+
+The gem is available as open source under the [MIT License](https://opensource.org/licenses/MIT).
+
+## Acknowledgments
+
+Built with ❤️ by the Rails community. Special thanks to all contributors!

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/app/assets/javascripts/quick_admin/application.js

@@ -0,0 +1,245 @@
+// QuickAdmin JavaScript Application
+
+// Simple vanilla JS approach to avoid import issues
+document.addEventListener('DOMContentLoaded', function() {
+  
+  // Global confirmation handler for delete and dangerous actions
+  // Works without turbo-rails by reading data-turbo-confirm or data-confirm
+  document.addEventListener('click', function(e) {
+    const el = e.target.closest('[data-turbo-confirm],[data-confirm]');
+    if (!el) return;
+    const msg = el.getAttribute('data-turbo-confirm') || el.getAttribute('data-confirm');
+    if (msg && !window.confirm(msg)) {
+      e.preventDefault();
+      e.stopImmediatePropagation();
+    }
+  }, true);
+
+  // Turbo-specific click handler for anchors (covers data-turbo-method)
+  document.addEventListener('turbo:click', function(e) {
+    const link = e.target && e.target.closest && e.target.closest('a[data-turbo-confirm],a[data-confirm]');
+    if (!link) return;
+    const msg = link.getAttribute('data-turbo-confirm') || link.getAttribute('data-confirm');
+    if (msg && !window.confirm(msg)) {
+      e.preventDefault();
+      e.stopImmediatePropagation();
+    }
+  }, true);
+
+  // Final guard: confirmation right before Turbo sends the request
+  document.addEventListener('turbo:before-fetch-request', function(e) {
+    const el = e.target && (e.target.closest ? e.target.closest('[data-turbo-confirm],[data-confirm]') : null);
+    if (!el) return;
+    const msg = el.getAttribute('data-turbo-confirm') || el.getAttribute('data-confirm');
+    if (msg && !window.confirm(msg)) {
+      e.preventDefault();
+    }
+  }, true);
+
+  document.addEventListener('submit', function(e) {
+    const form = e.target;
+    if (!(form instanceof HTMLFormElement)) return;
+    // Prefer the exact submitter (button) the user clicked
+    const submitter = e.submitter || document.activeElement || form.querySelector('[type="submit"]');
+    let msg = null;
+    if (submitter) {
+      msg = submitter.getAttribute('data-turbo-confirm') || submitter.getAttribute('data-confirm');
+    }
+    if (!msg) {
+      msg = form.getAttribute('data-turbo-confirm') || form.getAttribute('data-confirm');
+    }
+    if (msg && !window.confirm(msg)) {
+      e.preventDefault();
+      e.stopImmediatePropagation();
+    }
+  }, true);
+  
+  // Modal functionality
+  document.addEventListener('click', function(e) {
+    // Close modal when clicking overlay
+    if (e.target.classList.contains('modal-overlay')) {
+      closeModal();
+    }
+    
+    // Close modal when clicking close button
+    if (e.target.classList.contains('modal-close') || 
+        e.target.hasAttribute('data-action') && e.target.getAttribute('data-action').includes('modal#close')) {
+      e.preventDefault();
+      closeModal();
+    }
+  });
+  
+  // Close modal on Escape key
+  document.addEventListener('keydown', function(e) {
+    if (e.key === 'Escape') {
+      closeModal();
+    }
+  });
+  
+  function closeModal() {
+    const modal = document.getElementById('modal');
+    if (modal) {
+      modal.innerHTML = '';
+      document.body.style.overflow = '';
+    }
+  }
+  
+  // Search functionality with debouncing
+  function initializeSearch() {
+    const searchInputs = document.querySelectorAll('[data-search="input"]');
+    searchInputs.forEach(function(input) {
+      if (!input.hasAttribute('data-initialized')) {
+        let timeout;
+        input.addEventListener('input', function() {
+          clearTimeout(timeout);
+          timeout = setTimeout(function() {
+            input.closest('form').submit();
+          }, 300);
+        });
+        input.setAttribute('data-initialized', 'true');
+      }
+    });
+  }
+  
+  // Filter functionality
+  function initializeFilters() {
+    const filterSelects = document.querySelectorAll('[data-filter="select"]');
+    filterSelects.forEach(function(select) {
+      if (!select.hasAttribute('data-initialized')) {
+        select.addEventListener('change', function() {
+          select.closest('form').submit();
+        });
+        select.setAttribute('data-initialized', 'true');
+      }
+    });
+  }
+  
+  // Initialize search and filters on page load
+  initializeSearch();
+  initializeFilters();
+  
+  // Bulk actions functionality
+  function initializeBulkActions() {
+    const bulkForms = document.querySelectorAll('[data-bulk-actions="form"]');
+    bulkForms.forEach(function(form) {
+      const toggleAll = form.querySelector('[data-bulk-actions="toggle-all"]');
+      const items = form.querySelectorAll('[data-bulk-actions="item"]');
+      const submitBtn = form.querySelector('[data-bulk-actions="submit"]');
+      
+      // Remove existing event listeners to prevent duplicates
+      if (toggleAll && !toggleAll.hasAttribute('data-initialized')) {
+        toggleAll.addEventListener('change', function() {
+          const checked = toggleAll.checked;
+          items.forEach(function(item) {
+            item.checked = checked;
+          });
+          updateSubmitButton();
+        });
+        toggleAll.setAttribute('data-initialized', 'true');
+      }
+      
+      items.forEach(function(item) {
+        if (!item.hasAttribute('data-initialized')) {
+          item.addEventListener('change', updateSubmitButton);
+          item.setAttribute('data-initialized', 'true');
+        }
+      });
+      
+      function updateSubmitButton() {
+        const checkedItems = form.querySelectorAll('[data-bulk-actions="item"]:checked');
+        if (submitBtn) {
+          submitBtn.disabled = checkedItems.length === 0;
+          if (checkedItems.length > 0) {
+            submitBtn.textContent = `Delete Selected (${checkedItems.length})`;
+          } else {
+            submitBtn.textContent = "Delete Selected";
+          }
+        }
+      }
+    });
+  }
+  
+  // Initialize bulk actions on page load
+  initializeBulkActions();
+  
+  // Re-initialize all components after turbo updates
+  document.addEventListener('turbo:frame-load', function(event) {
+    console.log('Turbo frame loaded:', event.target.id);
+    initializeSearch();
+    initializeFilters();
+    initializeBulkActions();
+    initializeAlerts();
+  });
+  
+  // Also reinitialize after turbo stream actions
+  document.addEventListener('turbo:before-stream-render', function(event) {
+    console.log('Turbo stream before render:', event.detail.newStream);
+    // Clear existing initializations so they can be re-added
+    document.querySelectorAll('[data-initialized]').forEach(function(element) {
+      element.removeAttribute('data-initialized');
+    });
+  });
+  
+  // Additional event listeners for debugging and ensuring functionality
+  document.addEventListener('turbo:submit-start', function(event) {
+    console.log('Form submission started:', event.target);
+  });
+  
+  document.addEventListener('turbo:submit-end', function(event) {
+    console.log('Form submission ended:', event.target, 'Success:', event.detail.success);
+    if (event.detail.success) {
+      // Reinitialize everything after successful form submission
+      setTimeout(function() {
+        initializeSearch();
+        initializeFilters();
+        initializeBulkActions();
+        initializeAlerts();
+      }, 100);
+    }
+  });
+  
+  // Handle turbo stream rendering completion
+  document.addEventListener('turbo:before-stream-render', function() {
+    // Clear all flash messages before new ones are added
+    document.querySelectorAll('.flash-message').forEach(function(msg) {
+      msg.remove();
+    });
+  });
+  
+  // Auto-dismiss alerts function
+  function initializeAlerts() {
+    const alerts = document.querySelectorAll('[data-auto-dismiss="true"]:not([data-alert-initialized])');
+    alerts.forEach(function(alert) {
+      alert.setAttribute('data-alert-initialized', 'true');
+      setTimeout(function() {
+        if (alert.parentNode) {
+          alert.style.opacity = '0';
+          alert.style.transform = 'translateY(-10px)';
+          setTimeout(function() {
+            if (alert.parentNode) {
+              alert.remove();
+            }
+          }, 300);
+        }
+      }, 3000);
+    });
+  }
+  
+  // Initialize alerts on page load
+  initializeAlerts();
+  
+  // Alert close buttons
+  document.addEventListener('click', function(e) {
+    if (e.target.classList.contains('alert-close')) {
+      const alert = e.target.closest('.alert');
+      if (alert) {
+        alert.style.opacity = '0';
+        alert.style.transform = 'translateY(-10px)';
+        setTimeout(function() {
+          alert.remove();
+        }, 300);
+      }
+    }
+  });
+  
+});

data/app/assets/javascripts/quick_admin/controllers/alert_controller.js

@@ -0,0 +1,28 @@
+import { Controller } from "@hotwire/stimulus"
+
+export default class extends Controller {
+  static values = { autoDismiss: Boolean }
+  
+  connect() {
+    if (this.autoDismissValue) {
+      this.timeout = setTimeout(() => {
+        this.dismiss()
+      }, 5000)
+    }
+  }
+  
+  disconnect() {
+    if (this.timeout) {
+      clearTimeout(this.timeout)
+    }
+  }
+  
+  dismiss() {
+    this.element.style.opacity = "0"
+    this.element.style.transform = "translateY(-10px)"
+    
+    setTimeout(() => {
+      this.element.remove()
+    }, 300)
+  }
+}

data/app/assets/javascripts/quick_admin/controllers/bulk_actions_controller.js

@@ -0,0 +1,49 @@
+import { Controller } from "@hotwire/stimulus"
+
+export default class extends Controller {
+  static targets = ["item", "submitBtn", "toggleAll"]
+  
+  connect() {
+    this.updateSubmitButton()
+  }
+  
+  toggleAll(event) {
+    const checked = event.target.checked
+    this.itemTargets.forEach(item => {
+      item.checked = checked
+    })
+    this.updateSubmitButton()
+  }
+  
+  toggleItem() {
+    this.updateSubmitButton()
+    this.updateToggleAll()
+  }
+  
+  updateSubmitButton() {
+    const checkedItems = this.itemTargets.filter(item => item.checked)
+    this.submitBtnTarget.disabled = checkedItems.length === 0
+    
+    if (checkedItems.length > 0) {
+      this.submitBtnTarget.textContent = `Delete Selected (${checkedItems.length})`
+    } else {
+      this.submitBtnTarget.textContent = "Delete Selected"
+    }
+  }
+  
+  updateToggleAll() {
+    const checkedItems = this.itemTargets.filter(item => item.checked)
+    const toggleAll = this.toggleAllTarget
+    
+    if (checkedItems.length === 0) {
+      toggleAll.checked = false
+      toggleAll.indeterminate = false
+    } else if (checkedItems.length === this.itemTargets.length) {
+      toggleAll.checked = true
+      toggleAll.indeterminate = false
+    } else {
+      toggleAll.checked = false
+      toggleAll.indeterminate = true
+    }
+  }
+}