rails_admin 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c69e517eca7e9a2fd7b5f93c966f86f9eadd57d5
-  data.tar.gz: c2df6d3bcda5e4ccd0cadef10ddc46a4e8f6c283
+  metadata.gz: 33d3dadad1730dcd25eec2e13d09c6f46e8b580c
+  data.tar.gz: 2f14072f95732283cf691142d80c65a47335e31e
 SHA512:
-  metadata.gz: e6fc0cb49d89c389de0afffdc0e17215d6e9d6a702ef8c263106058ed1f4a5bdd13e0d57ce9d39cc691a88de83669bfaeaaeb21c9657aaa096f2e387091b125e
-  data.tar.gz: fafcc0bb5ada22245b595107ee6c65c2b816de55d48d969e9ca4c225e428118ba4d4b8e5af6a4a2138e4c5b52a100fb1673970e31b0e087cc73d15d5da97d030
+  metadata.gz: b820c08a510d01a62f8e6ba65b48ea6c2c37243b5202bb86e51f74303bd1ff370789259623d3b8aaaf41d19c6408fc0d694ed3f4f20c76ae24e034d1f4991724
+  data.tar.gz: 22557c8d0ab68e47e48be789f7b813a32f50af4e2f194c7710d71557b105c14af9fd6956c4aeecc6aca889ab5d404493dc1a6c8ad0cf7488542cae812ac52070

data/Gemfile

@@ -1,14 +1,15 @@
 source 'https://rubygems.org'
 
 gem 'appraisal', '>= 2.0'
-gem 'rails', '~> 5.0.0'
+gem 'rails', '~> 5.1.0'
 gem 'haml'
 gem 'devise'
 
 group :active_record do
+  gem 'paper_trail'
+
   platforms :ruby, :mswin, :mingw do
     gem 'mysql2', '~> 0.3.14'
-    gem 'pg', '>= 0.14'
     gem 'sqlite3', '>= 1.3'
   end
 end

data/README.md

@@ -20,9 +20,9 @@ RailsAdmin is a Rails engine that provides an easy-to-use interface for managing
 
 ### [Action required] Security issue
 
-**RailsAdmin 1.0.0 and 1.1.0 have been reported to have CSRF vulnerability with default setup.** We strongly recommend that you upgrade RailsAdmin to 1.1.1 or later as soon as possible, if you are on these versions. See [b13e879e](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a) for the detail.
+**RailsAdmin prior to 1.3.0 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 1.3.0 or later as soon as possible, if you are on those versions. See [#2985](https://github.com/sferik/rails_admin/issues/2985) for the detail.
 
-This problem was reported by SourceClear, Inc.
+Also, 1.0.0 and 1.1.0 is known to have [CSRF vulnerability](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a), too.
 
 
 ## Features
@@ -42,7 +42,7 @@ This problem was reported by SourceClear, Inc.
 
 ## Installation
 
-1. On your gemfile: `gem 'rails_admin', '~> 1.2'`
+1. On your gemfile: `gem 'rails_admin', '~> 1.3'`
 2. Run `bundle install`
 3. Run `rails g rails_admin:install`
 4. Provide a namespace for the routes when asked
@@ -50,7 +50,7 @@ This problem was reported by SourceClear, Inc.
 
 ## Configuration
 ### Global
-In `config/initializers/rails_admin`:
+In `config/initializers/rails_admin.rb`:
 
 [Details](https://github.com/sferik/rails_admin/wiki/Base-configuration)
 

data/app/assets/javascripts/rails_admin/ra.filter-box.js

@@ -19,90 +19,154 @@
 
       switch(field_type) {
         case 'boolean':
-          var control = '<select class="input-sm form-control" name="' + value_name + '">' +
-            '<option value="_discard">...</option>' +
-            '<option value="true"' + (field_value == "true" ? 'selected="selected"' : '') + '>' + RailsAdmin.I18n.t("true") + '</option>' +
-            '<option value="false"' + (field_value == "false" ? 'selected="selected"' : '') + '>' + RailsAdmin.I18n.t("false") + '</option>' +
-            '<option disabled="disabled">---------</option>' +
-            '<option ' + (field_value == "_present" ? 'selected="selected"' : '') + ' value="_present">' + RailsAdmin.I18n.t("is_present") + '</option>' +
-            '<option ' + (field_value == "_blank"   ? 'selected="selected"' : '') + ' value="_blank"  >' + RailsAdmin.I18n.t("is_blank") + '</option>' +
-          '</select>';
+          control = $('<select class="input-sm form-control"></select>')
+            .prop('name', value_name)
+            .append('<option value="_discard">...</option>')
+            .append($('<option value="true"></option>').prop('selected', field_value == "true").text(RailsAdmin.I18n.t("true")))
+            .append($('<option value="false"></option>').prop('selected', field_value == "false").text(RailsAdmin.I18n.t("false")))
+            .append('<option disabled="disabled">---------</option>')
+            .append($('<option value="_present"></option>').prop('selected', field_value == "_present").text(RailsAdmin.I18n.t("is_present")))
+            .append($('<option value="_blank"></option>').prop('selected', field_value == "_blank").text(RailsAdmin.I18n.t("is_blank")));
           break;
         case 'date':
           additional_control =
-          '<input size="20" class="date additional-fieldset default input-sm form-control" style="display:' + ((!field_operator || field_operator == "default") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[0] || '') + '" /> ' +
-          '<input size="20" placeholder="-∞" class="date additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[1] || '') + '" /> ' +
-          '<input size="20" placeholder="∞" class="date additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[2] || '') + '" />';
+            $('<input size="20" class="date additional-fieldset default input-sm form-control" type="text" />')
+            .css('display', (!field_operator || field_operator == "default") ? 'inline-block' : 'none')
+            .prop('name', value_name + '[]')
+            .prop('value', field_value[0] || '')
+            .add(
+              $('<input size="20" placeholder="-∞" class="date additional-fieldset between input-sm form-control" type="text" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[1] || '')
+            )
+            .add(
+              $('<input size="20" placeholder="∞" class="date additional-fieldset between input-sm form-control" type="text" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[2] || '')
+            );
         case 'datetime':
         case 'timestamp':
-          control = control || '<select class="switch-additionnal-fieldsets input-sm form-control" name="' + operator_name + '">' +
-            '<option ' + (field_operator == "default"   ? 'selected="selected"' : '') + ' data-additional-fieldset="default" value="default">' + RailsAdmin.I18n.t("date") + '</option>' +
-            '<option ' + (field_operator == "between"   ? 'selected="selected"' : '') + ' data-additional-fieldset="between" value="between">' + RailsAdmin.I18n.t("between_and_") + '</option>' +
-            '<option ' + (field_operator == "today"   ? 'selected="selected"' : '') + ' value="today">' + RailsAdmin.I18n.t("today") + '</option>' +
-            '<option ' + (field_operator == "yesterday"   ? 'selected="selected"' : '') + ' value="yesterday">' + RailsAdmin.I18n.t("yesterday") + '</option>' +
-            '<option ' + (field_operator == "this_week"   ? 'selected="selected"' : '') + ' value="this_week">' + RailsAdmin.I18n.t("this_week") + '</option>' +
-            '<option ' + (field_operator == "last_week"   ? 'selected="selected"' : '') + ' value="last_week">' + RailsAdmin.I18n.t("last_week") + '</option>' +
-            '<option disabled="disabled">---------</option>' +
-            '<option ' + (field_operator == "_not_null" ? 'selected="selected"' : '') + ' value="_not_null">' + RailsAdmin.I18n.t("is_present") + '</option>' +
-            '<option ' + (field_operator == "_null"     ? 'selected="selected"' : '') + ' value="_null" >' + RailsAdmin.I18n.t("is_blank") + '</option>' +
-          '</select>'
+          control = control || $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+            .prop('name', operator_name)
+            .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("date")))
+            .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
+            .append($('<option value="today"></option>').prop('selected', field_operator == "today").text(RailsAdmin.I18n.t("today")))
+            .append($('<option value="yesterday"></option>').prop('selected', field_operator == "yesterday").text(RailsAdmin.I18n.t("yesterday")))
+            .append($('<option value="this_week"></option>').prop('selected', field_operator == "this_week").text(RailsAdmin.I18n.t("this_week")))
+            .append($('<option value="last_week"></option>').prop('selected', field_operator == "last_week").text(RailsAdmin.I18n.t("last_week")))
+            .append('<option disabled="disabled">---------</option>')
+            .append($('<option value="_not_null"></option>').prop('selected', field_operator == "_not_null").text(RailsAdmin.I18n.t("is_present")))
+            .append($('<option value="_null"></option>').prop('selected', field_operator == "_null").text(RailsAdmin.I18n.t("is_blank")));
           additional_control = additional_control ||
-          '<input size="25" class="datetime additional-fieldset default input-sm form-control" style="display:' + ((!field_operator || field_operator == "default") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[0] || '') + '" /> ' +
-          '<input size="25" placeholder="-∞" class="datetime additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[1] || '') + '" /> ' +
-          '<input size="25" placeholder="∞" class="datetime additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="text" name="' + value_name + '[]" value="' + (field_value[2] || '') + '" />';
+            $('<input size="25" class="datetime additional-fieldset default input-sm form-control" type="text" />')
+            .css('display', (!field_operator || field_operator == "default") ? 'inline-block' : 'none')
+            .prop('name', value_name + '[]')
+            .prop('value', field_value[0] || '')
+            .add(
+              $('<input size="25" placeholder="-∞" class="datetime additional-fieldset between input-sm form-control" type="text" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[1] || '')
+            )
+            .add(
+              $('<input size="25" placeholder="∞" class="datetime additional-fieldset between input-sm form-control" type="text" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[2] || '')
+            );
           break;
         case 'enum':
           var multiple_values = ((field_value instanceof Array) ? true : false)
-          control = '<select style="display:' + (multiple_values ? 'none' : 'inline-block') + '" ' + (multiple_values ? '' : 'name="' + value_name + '"') + ' data-name="' + value_name + '" class="select-single input-sm form-control">' +
-              '<option value="_discard">...</option>' +
-              '<option ' + (field_value == "_present" ? 'selected="selected"' : '') + ' value="_present">' + RailsAdmin.I18n.t("is_present") + '</option>' +
-              '<option ' + (field_value == "_blank"   ? 'selected="selected"' : '') + ' value="_blank">' + RailsAdmin.I18n.t("is_blank") + '</option>' +
-              '<option disabled="disabled">---------</option>' +
-              select_options +
-            '</select>' +
-            '<select multiple="multiple" style="display:' + (multiple_values ? 'inline-block' : 'none') + '" ' + (multiple_values ? 'name="' + value_name + '[]"' : '') + ' data-name="' + value_name + '[]" class="select-multiple input-sm form-control">' +
-              select_options +
-            '</select> ' +
-            '<a href="#" class="switch-select"><i class="icon-' + (multiple_values ? 'minus' : 'plus') + '"></i></a>';
+          control = $('<select class="select-single input-sm form-control"></select>')
+            .css('display', multiple_values ? 'none' : 'inline-block')
+            .prop('name', multiple_values ? undefined : value_name)
+            .data('name', value_name)
+            .append('<option value="_discard">...</option>')
+            .append($('<option value="_present"></option>').prop('selected', field_value == "_present").text(RailsAdmin.I18n.t("is_present")))
+            .append($('<option value="_blank"></option>').prop('selected', field_value == "_blank").text(RailsAdmin.I18n.t("is_blank")))
+            .append('<option disabled="disabled">---------</option>')
+            .append(select_options)
+            .add(
+              $('<select multiple="multiple" class="select-multiple input-sm form-control"></select>')
+              .css('display', multiple_values ? 'inline-block' : 'none')
+              .prop('name', multiple_values ? value_name + '[]' : undefined)
+              .data('name', value_name + '[]')
+              .append(select_options)
+            )
+            .add(
+              $('<a href="#" class="switch-select"></a>')
+              .append($('<i></i>').addClass('icon-' + (multiple_values ? 'minus' : 'plus')))
+            );
         break;
         case 'string':
         case 'text':
         case 'belongs_to_association':
-          control = '<select class="switch-additionnal-fieldsets input-sm form-control" value="' + field_operator + '" name="' + operator_name + '">' +
-            '<option data-additional-fieldset="additional-fieldset"'  + (field_operator == "like"        ? 'selected="selected"' : '') + ' value="like">' + RailsAdmin.I18n.t("contains") + '</option>' +
-            '<option data-additional-fieldset="additional-fieldset"'  + (field_operator == "is"          ? 'selected="selected"' : '') + ' value="is">' + RailsAdmin.I18n.t("is_exactly") + '</option>' +
-            '<option data-additional-fieldset="additional-fieldset"'  + (field_operator == "starts_with" ? 'selected="selected"' : '') + ' value="starts_with">' + RailsAdmin.I18n.t("starts_with") + '</option>' +
-            '<option data-additional-fieldset="additional-fieldset"'  + (field_operator == "ends_with"   ? 'selected="selected"' : '') + ' value="ends_with">' + RailsAdmin.I18n.t("ends_with") + '</option>' +
-            '<option disabled="disabled">---------</option>' +
-            '<option ' + (field_operator == "_not_null"    ? 'selected="selected"' : '') + ' value="_not_null">' + RailsAdmin.I18n.t("is_present") + '</option>' +
-            '<option ' + (field_operator == "_null"      ? 'selected="selected"' : '') + ' value="_null">' + RailsAdmin.I18n.t("is_blank") + '</option>' +
-          '</select>'
-          additional_control = '<input class="additional-fieldset input-sm form-control" style="display:' + (field_operator == "_blank" || field_operator == "_present" ? 'none' : 'inline-block') + ';" type="text" name="' + value_name + '" value="' + field_value + '" /> ';
+          control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+            .prop('value', field_operator)
+            .prop('name', operator_name)
+            .append('<option value="_discard">...</option>')
+            .append($('<option data-additional-fieldset="additional-fieldset" value="like"></option>').prop('selected', field_operator == "like").text(RailsAdmin.I18n.t("contains")))
+            .append($('<option data-additional-fieldset="additional-fieldset" value="is"></option>').prop('selected', field_operator == "is").text(RailsAdmin.I18n.t("is_exactly")))
+            .append($('<option data-additional-fieldset="additional-fieldset" value="starts_with"></option>').prop('selected', field_operator == "starts_with").text(RailsAdmin.I18n.t("starts_with")))
+            .append($('<option data-additional-fieldset="additional-fieldset" value="ends_with"></option>').prop('selected', field_operator == "ends_with").text(RailsAdmin.I18n.t("ends_with")))
+            .append('<option disabled="disabled">---------</option>')
+            .append($('<option value="_present"></option>').prop('selected', field_operator == "_present").text(RailsAdmin.I18n.t("is_present")))
+            .append($('<option value="_blank"></option>').prop('selected', field_operator == "_blank").text(RailsAdmin.I18n.t("is_blank")));
+          additional_control = $('<input class="additional-fieldset input-sm form-control" type="text" />')
+            .css('display', field_operator == "_present" || field_operator == "_blank" ? 'none' : 'inline-block')
+            .prop('name', value_name)
+            .prop('value', field_value);
           break;
         case 'integer':
         case 'decimal':
         case 'float':
-          control = '<select class="switch-additionnal-fieldsets input-sm form-control" name="' + operator_name + '">' +
-            '<option ' + (field_operator == "default"   ? 'selected="selected"' : '') + ' data-additional-fieldset="default" value="default">' + RailsAdmin.I18n.t("number") + '</option>' +
-            '<option ' + (field_operator == "between"   ? 'selected="selected"' : '') + ' data-additional-fieldset="between" value="between">' + RailsAdmin.I18n.t("between_and_") + '</option>' +
-            '<option disabled="disabled">---------</option>' +
-            '<option ' + (field_operator == "_not_null" ? 'selected="selected"' : '') + ' value="_not_null">' + RailsAdmin.I18n.t("is_present") +'</option>' +
-            '<option ' + (field_operator == "_null"     ? 'selected="selected"' : '') + ' value="_null" >' + RailsAdmin.I18n.t("is_blank") + '</option>' +
-          '</select>'
+          control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+            .prop('name', operator_name)
+            .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("number")))
+            .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
+            .append('<option disabled="disabled">---------</option>')
+            .append($('<option value="_not_null"></option>').prop('selected', field_operator == "_not_null").text(RailsAdmin.I18n.t("is_present")))
+            .append($('<option value="_null"></option>').prop('selected', field_operator == "_null").text(RailsAdmin.I18n.t("is_blank")));
           additional_control =
-          '<input class="additional-fieldset default input-sm form-control" style="display:' + ((!field_operator || field_operator == "default") ? 'inline-block' : 'none') + ';" type="' + field_type + '" name="' + value_name + '[]" value="' + (field_value[0] || '') + '" /> ' +
-          '<input placeholder="-∞" class="additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="' + field_type + '" name="' + value_name + '[]" value="' + (field_value[1] || '') + '" /> ' +
-          '<input placeholder="∞" class="additional-fieldset between input-sm form-control" style="display:' + ((field_operator == "between") ? 'inline-block' : 'none') + ';" type="' + field_type + '" name="' + value_name + '[]" value="' + (field_value[2] || '') + '" />';
+            $('<input class="additional-fieldset default input-sm form-control" type="text" />')
+            .css('display', (!field_operator || field_operator == "default") ? 'inline-block' : 'none')
+            .prop('type', field_type)
+            .prop('name', value_name + '[]')
+            .prop('value', field_value[0] || '')
+            .add(
+              $('<input placeholder="-∞" class="additional-fieldset between input-sm form-control" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('type', field_type)
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[1] || '')
+            )
+            .add(
+              $('<input placeholder="∞" class="additional-fieldset between input-sm form-control" />')
+              .css('display', (field_operator == "between") ? 'inline-block' : 'none')
+              .prop('type', field_type)
+              .prop('name', value_name + '[]')
+              .prop('value', field_value[2] || '')
+            );
           break;
         default:
-          control = '<input type="text" class="input-sm form-control" name="' + value_name + '" value="' + field_value + '"/> ';
+          control = $('<input type="text" class="input-sm form-control" />')
+            .prop('name', value_name)
+            .prop('value', field_value);
           break;
       }
 
       var $content = $('<p>')
         .addClass('filter form-search')
-        .append('<span class="label label-info form-label"><a href="#delete" class="delete"><i class="fa fa-trash-o fa-fw icon-white"></i>' + field_label + '</a></span>')
-        .append('&nbsp;' + control + '&nbsp;' + (additional_control || ''));
+        .append(
+          $('<span class="label label-info form-label"></span>')
+          .append($('<a href="#delete" class="delete"></a>').append('<i class="fa fa-trash-o fa-fw icon-white"></i>').append(document.createTextNode(field_label)))
+        )
+        .append('&nbsp;')
+        .append(control)
+        .append('&nbsp;')
+        .append(additional_control);
 
       $('#filters_box').append($content);
 

data/app/assets/javascripts/rails_admin/ra.filtering-multiselect.js

@@ -186,12 +186,13 @@
         }
         if (filtered.length > 0) {
           widget.collection[0].innerHTML = '';
-          var filteredContainer = [];
           for (i = 0; i < filtered.length; i++) {
-            var newOptions = '<option value="'+matches[filtered[i]].id+'" title="'+matches[filtered[i]].label+'">'+matches[filtered[i]].label+'</option>';
-            filteredContainer.push(newOptions);
+            var newOptions = $('<option></option>')
+              .prop('value', matches[filtered[i]].id)
+              .prop('title', matches[filtered[i]].label)
+              .text(matches[filtered[i]].label);
+            $(widget.collection[0]).append(newOptions);
           }
-          widget.collection[0].innerHTML = filteredContainer.join("");
         } else {
           widget.collection[0].innerHTML = widget.noObjectsPlaceholder;
         }
@@ -212,12 +213,11 @@
       var widget = this;
 
       this.element.find("option").each(function(i, option) {
+        widget._cache['o_' + option.value] = {id: option.value, value: $(option).text()};
         if (option.selected) {
-          widget._cache['o_' + option.value] = {id: option.value, value: option.innerHTML};
-          $(option).clone().appendTo(widget.selection).attr("selected", false).attr("title", $(option).text());
+          $(option).clone().appendTo(widget.selection).prop("selected", false).prop("title", $(option).text());
         } else {
-          widget._cache['o_' + option.value] = {id: option.value, value: option.innerHTML};
-          $(option).clone().appendTo(widget.collection).attr("selected", false).attr("title", $(option).text());
+          $(option).clone().appendTo(widget.collection).prop("selected", false).prop("title", $(option).text());
         }
       });
     },
@@ -227,7 +227,7 @@
       options.each(function(i, option) {
         widget.element.find('option[value="' + option.value + '"]').removeAttr("selected");
       });
-      $(options).appendTo(this.collection).attr('selected', false);
+      $(options).appendTo(this.collection).prop('selected', false);
     },
 
     _query: function(query, success) {
@@ -282,12 +282,12 @@
       options.each(function(i, option) {
         var el = widget.element.find('option[value="' + option.value + '"]');
         if (el.length) {
-          el.attr("selected", "selected");
+          el.prop("selected", true);
         } else {
-          widget.element.append($('<option></option>').attr('value', option.value).attr('selected', "selected"));
+          widget.element.append($('<option></option>').prop('value', option.value).prop('selected', true));
         }
       });
-      $(options).appendTo(this.selection).attr('selected', false);
+      $(options).appendTo(this.selection).prop('selected', false);
     },
 
     _move: function(direction, options) {

data/app/assets/javascripts/rails_admin/ra.filtering-select.js

@@ -189,6 +189,11 @@
         input.attr('placeholder', this.element.attr('placeholder'));
       }
 
+      if (this.element.attr('required')) {
+        input.attr('required', this.element.attr('required'));
+        this.element.attr('required', false);
+      }
+
       return input;
     },
 

data/app/assets/javascripts/rails_admin/ra.i18n.coffee

@@ -2,6 +2,8 @@
 @RailsAdmin.I18n = class Locale
   @init: (@locale, @translations)->
     moment.locale(@locale)
+    if typeof(@translations) == "string"
+      @translations = JSON.parse(@translations)
 
   @t:(key) ->
     humanize = key.charAt(0).toUpperCase() + key.replace(/_/g, " ").slice(1)

data/app/assets/javascripts/rails_admin/ra.widgets.coffee

@@ -171,6 +171,31 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
                 html = html.add(option)
               object_select.html(html)
 
+
+    # simplemde
+
+    goSimpleMDEs = ->
+      content.find('[data-richtext=simplemde]').not('.simplemded').each (index, domEle) ->
+        options = $(this).data('options')
+        instance_config = options.instance_config
+        new window.SimpleMDE($.extend(true, {
+          element: document.getElementById(this.id),
+          autosave: {
+            uniqueId: this.id
+          }
+        }, instance_config))
+        $(this).addClass('simplemded')
+
+    $editors = content.find('[data-richtext=simplemde]').not('.simplemded')
+    if $editors.length
+      if not window.SimpleMDE
+        options = $editors.first().data('options')
+        $('head').append('<link href="' + options['css_location'] + '" rel="stylesheet" media="all" type="text\/css">')
+        $.getScript options['js_location'], (script, textStatus, jqXHR) ->
+          goSimpleMDEs()
+      else
+        goSimpleMDEs()
+
     # ckeditor
 
     goCkeditors = ->

data/app/controllers/rails_admin/application_controller.rb

@@ -11,7 +11,7 @@ module RailsAdmin
   end
 
   class ApplicationController < Config.parent_controller.constantize
-    protect_from_forgery with: :exception
+    protect_from_forgery(Config.forgery_protection_settings)
 
     before_action :_authenticate!
     before_action :_authorize!

data/app/views/kaminari/ra-twitter-bootstrap/without_count/_next_page.html.haml

@@ -0,0 +1,4 @@
+- if current_page.last?
+  %li.next.disabled= link_to raw(t 'admin.pagination.next'), '#'
+- else
+  %li.next= link_to raw(t 'admin.pagination.next'), url, class: (remote ? 'pjax' : '')

data/app/views/kaminari/ra-twitter-bootstrap/without_count/_paginator.html.haml

@@ -0,0 +1,4 @@
+= paginator.render do
+  %ul.pagination
+    = prev_page_tag if !current_page.first?
+    = next_page_tag

data/app/views/kaminari/ra-twitter-bootstrap/without_count/_prev_page.html.haml

@@ -0,0 +1,4 @@
+- if current_page.first?
+  %li.prev.disabled= link_to raw(t 'admin.pagination.previous'), '#'
+- else
+  %li.prev= link_to raw(t 'admin.pagination.previous'), url, class: (remote ? 'pjax' : '')

data/app/views/rails_admin/main/_form_simple_mde.haml

@@ -0,0 +1,8 @@
+:ruby
+  js_data = {
+    js_location: field.js_location,
+    css_location: field.css_location,
+    instance_config: field.instance_config
+  }
+
+= form.text_area field.method_name, field.html_attributes.reverse_merge(data: { richtext: 'simplemde', options: js_data.to_json }).reverse_merge({ value: field.form_value })

data/app/views/rails_admin/main/history.html.haml

@@ -10,7 +10,7 @@
     .input-group
       %input.form-control.input-small{name: "query", type: "search", value: query, placeholder: "#{t("admin.misc.filter")}", class: 'input-small'}
       %span.input-group-btn
-        %button.btn.btn-primary{type: "submit", :'data-disable-with' => "<i class='icon-white icon-refresh'></i> ".html_safe + t("admin.misc.refresh")}
+        %button.btn.btn-primary{type: 'submit', :'data-disable-with' => '<i class="icon-white icon-refresh"></i> '.html_safe + t('admin.misc.refresh')}
           %i.icon-white.icon-refresh
           = t("admin.misc.refresh")
 %table#history.table.table-striped.table-condensed

data/app/views/rails_admin/main/index.html.haml

@@ -10,6 +10,7 @@
   export_action = nil unless export_action && authorized?(export_action.authorization_key, @abstract_model)
   description = RailsAdmin.config(@abstract_model.model_name).description
   properties = @model_config.list.with(controller: self.controller, view: self, object: @abstract_model.model.new).visible_fields
+  checkboxes = @model_config.list.checkboxes?
   # columns paginate
   sets = get_column_sets(properties)
   properties = sets[params[:set].to_i] || []
@@ -17,7 +18,8 @@
   other_right = sets[params[:set].to_i + 1].present?
 
 - content_for :contextual_tabs do
-  = bulk_menu
+  - if checkboxes
+    = bulk_menu
   - if filterable_fields.present?
     %li.dropdown{style: 'float:right'}
       %a.dropdown-toggle{href: '#', :'data-toggle' => "dropdown"}
@@ -75,8 +77,9 @@
     %table.table.table-condensed.table-striped
       %thead
         %tr
-          %th.shrink
-            %input.toggle{type: "checkbox"}
+          - if checkboxes
+            %th.shrink
+              %input.toggle{type: "checkbox"}
           - if other_left
             %th.other.left.shrink= "..."
           - properties.each do |property|
@@ -91,8 +94,8 @@
       %tbody
         - @objects.each do |object|
           %tr{class: "#{@abstract_model.param_key}_row #{@model_config.list.with(object: object).row_css_class}"}
-            %td
-              = check_box_tag "bulk_ids[]", object.id, false
+            - if checkboxes
+              %td= check_box_tag "bulk_ids[]", object.id, false
             - if @other_left_link ||= other_left && index_path(params.except('set').merge(params[:set].to_i != 1 ? {set: (params[:set].to_i - 1)} : {}))
               %td.other.left= link_to "...", @other_left_link, class: 'pjax'
             - properties.map{ |property| property.bind(:object, object) }.each do |property|
@@ -103,7 +106,11 @@
             %td.last.links
               %ul.inline.list-inline= menu_for :member, @abstract_model, object, true
 
-    - if @objects.respond_to?(:total_count)
+    - if @model_config.list.limited_pagination
+      .row
+        .col-md-6= paginate(@objects, theme: 'ra-twitter-bootstrap/without_count', total_pages: Float::INFINITY, remote: true)
+
+    - elsif @objects.respond_to?(:total_count)
       - total_count = @objects.total_count.to_i
       .row
         .col-md-6= paginate(@objects, theme: 'ra-twitter-bootstrap', remote: true)

data/lib/rails_admin/adapters/active_record.rb

@@ -101,12 +101,6 @@ module RailsAdmin
 
         def add(field, value, operator)
           field.searchable_columns.flatten.each do |column_infos|
-            value =
-              if value.is_a?(Array)
-                value.map { |v| field.parse_value(v) }
-              else
-                field.parse_value(value)
-              end
             statement, value1, value2 = StatementBuilder.new(column_infos[:column], column_infos[:type], value, operator).to_statement
             @statements << statement if statement.present?
             @values << value1 unless value1.nil?
@@ -126,7 +120,8 @@ module RailsAdmin
       def query_scope(scope, query, fields = config.list.fields.select(&:queryable?))
         wb = WhereBuilder.new(scope)
         fields.each do |field|
-          wb.add(field, field.parse_value(query), field.search_operator)
+          value = parse_field_value(field, query)
+          wb.add(field, value, field.search_operator)
         end
         # OR all query statements
         wb.build

data/lib/rails_admin/config.rb

@@ -62,6 +62,10 @@ module RailsAdmin
       # set parent controller
       attr_accessor :parent_controller
 
+      # set settings for `protect_from_forgery` method
+      # By default, it raises exception upon invalid CSRF tokens
+      attr_accessor :forgery_protection_settings
+
       # Stores model configuration objects in a hash identified by model's class
       # name.
       #
@@ -288,6 +292,7 @@ module RailsAdmin
         @navigation_static_links = {}
         @navigation_static_label = nil
         @parent_controller = '::ActionController::Base'
+        @forgery_protection_settings = {with: :exception}
         RailsAdmin::Config::Actions.reset
       end
 

data/lib/rails_admin/config/actions/dashboard.rb

@@ -12,9 +12,13 @@ module RailsAdmin
           nil
         end
 
+        register_instance_option :auditing_versions_limit do
+          100
+        end
+
         register_instance_option :controller do
           proc do
-            @history = @auditing_adapter && @auditing_adapter.latest || []
+            @history = @auditing_adapter && @auditing_adapter.latest(@action.auditing_versions_limit) || []
             if @action.statistics?
               @abstract_models = RailsAdmin::Config.visible_models(controller: self).collect(&:abstract_model)
 

data/lib/rails_admin/config/fields/types/active_record_enum.rb

@@ -30,14 +30,20 @@ module RailsAdmin
           def parse_value(value)
             return unless value.present?
             if ::Rails.version >= '5'
-              abstract_model.model.attribute_types[name.to_s].deserialize(value)
+              abstract_model.model.attribute_types[name.to_s].serialize(value)
             else
-              enum.invert[type_cast_value(value)]
+              # Depending on the colum type and AR version, we might get a
+              # string or an integer, so we need to handle both cases.
+              enum.fetch(value) do
+                type_cast_value(value)
+              end
             end
           end
 
           def parse_input(params)
-            params[name] = parse_value(params[name]) if params[name]
+            value = params[name]
+            return unless value
+            params[name] = parse_input_value(value)
           end
 
           def form_value
@@ -46,6 +52,14 @@ module RailsAdmin
 
         private
 
+          def parse_input_value(value)
+            if ::Rails.version >= '5'
+              abstract_model.model.attribute_types[name.to_s].deserialize(value)
+            else
+              enum.invert[type_cast_value(value)]
+            end
+          end
+
           def type_cast_value(value)
             if ::Rails.version >= '4.2'
               abstract_model.model.column_types[name.to_s].type_cast_from_user(value)

data/lib/rails_admin/config/fields/types/all.rb

@@ -25,6 +25,7 @@ require 'rails_admin/config/fields/types/serialized'
 require 'rails_admin/config/fields/types/time'
 require 'rails_admin/config/fields/types/timestamp'
 require 'rails_admin/config/fields/types/color'
+require 'rails_admin/config/fields/types/simple_mde'
 require 'rails_admin/config/fields/types/ck_editor'
 require 'rails_admin/config/fields/types/code_mirror'
 require 'rails_admin/config/fields/types/wysihtml5'

data/lib/rails_admin/config/fields/types/datetime.rb

@@ -9,7 +9,7 @@ module RailsAdmin
           RailsAdmin::Config::Fields::Types.register(self)
 
           def parser
-            @parser ||= RailsAdmin::Support::Datetime.new(strftime_format)
+            RailsAdmin::Support::Datetime.new(strftime_format)
           end
 
           def parse_value(value)

data/lib/rails_admin/config/fields/types/json.rb

@@ -10,7 +10,11 @@ module RailsAdmin
           RailsAdmin::Config::Fields::Types.register(:jsonb, self)
 
           register_instance_option :formatted_value do
-            value.present? ? JSON.pretty_generate(value) : nil
+            value ? JSON.pretty_generate(value) : nil
+          end
+
+          register_instance_option :pretty_value do
+            bindings[:view].content_tag(:pre) { formatted_value }.html_safe
           end
 
           def parse_value(value)

data/lib/rails_admin/config/fields/types/simple_mde.rb

@@ -0,0 +1,33 @@
+require 'rails_admin/config/fields/base'
+
+module RailsAdmin
+  module Config
+    module Fields
+      module Types
+        class SimpleMDE < RailsAdmin::Config::Fields::Types::Text
+          # Register field type for the type loader
+          RailsAdmin::Config::Fields::Types.register(self)
+
+          # If you want to have a different SimpleMDE config for each instance
+          # you can override this option with these values: https://github.com/sparksuite/simplemde-markdown-editor#configuration
+          register_instance_option :instance_config do
+            nil
+          end
+
+          # Use this if you want to point to a cloud instance of the base SimpleMDE
+          register_instance_option :js_location do
+            "#{Rails.application.config.assets.prefix}/simplemde.min.js"
+          end
+
+          register_instance_option :css_location do
+            "#{Rails.application.config.assets.prefix}/simplemde.min.css"
+          end
+
+          register_instance_option :partial do
+            :form_simple_mde
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rails_admin/config/sections/list.rb

@@ -5,6 +5,10 @@ module RailsAdmin
     module Sections
       # Configuration of the list view
       class List < RailsAdmin::Config::Sections::Base
+        register_instance_option :checkboxes? do
+          true
+        end
+
         register_instance_option :filters do
           []
         end
@@ -14,6 +18,12 @@ module RailsAdmin
           RailsAdmin::Config.default_items_per_page
         end
 
+        # Positive value shows only prev, next links in pagination.
+        # This is for avoiding count(*) query.
+        register_instance_option :limited_pagination do
+          false
+        end
+
         register_instance_option :sort_by do
           parent.abstract_model.primary_key
         end

data/lib/rails_admin/extensions/history/auditing_adapter.rb

@@ -8,8 +8,8 @@ module RailsAdmin
           require 'rails_admin/extensions/history/history'
         end
 
-        def latest
-          ::RailsAdmin::History.latest
+        def latest(count = 100)
+          ::RailsAdmin::History.latest(count)
         end
 
         def delete_object(object, model, user)

data/lib/rails_admin/extensions/history/history.rb

@@ -11,8 +11,8 @@ module RailsAdmin
     default_scope { order('id DESC') }
 
     class << self
-      def latest
-        limit(100)
+      def latest(count = 100)
+        limit(count)
       end
 
       def create_history_item(message, object, abstract_model, user)

data/lib/rails_admin/extensions/paper_trail/auditing_adapter.rb

@@ -63,8 +63,10 @@ module RailsAdmin
           end
         end
 
-        def latest
-          @version_class.order('id DESC').limit(100).collect { |version| VersionProxy.new(version, @user_class) }
+        def latest(count = 100)
+          @version_class.
+            order(id: :desc).includes(:item).limit(count).
+            collect { |version| VersionProxy.new(version, @user_class) }
         end
 
         def delete_object(_object, _model, _user)

data/lib/rails_admin/version.rb

@@ -1,7 +1,7 @@
 module RailsAdmin
   class Version
     MAJOR = 1
-    MINOR = 2
+    MINOR = 3
     PATCH = 0
     PRE = nil
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_admin
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Erik Michaels-Ober
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-31 00:00:00.000000000 Z
+date: 2018-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: builder
@@ -421,6 +421,9 @@ files:
 - app/views/kaminari/ra-twitter-bootstrap/_page.html.haml
 - app/views/kaminari/ra-twitter-bootstrap/_paginator.html.haml
 - app/views/kaminari/ra-twitter-bootstrap/_prev_page.html.haml
+- app/views/kaminari/ra-twitter-bootstrap/without_count/_next_page.html.haml
+- app/views/kaminari/ra-twitter-bootstrap/without_count/_paginator.html.haml
+- app/views/kaminari/ra-twitter-bootstrap/without_count/_prev_page.html.haml
 - app/views/layouts/rails_admin/_navigation.html.haml
 - app/views/layouts/rails_admin/_secondary_navigation.html.haml
 - app/views/layouts/rails_admin/_sidebar_navigation.html.haml
@@ -442,6 +445,7 @@ files:
 - app/views/rails_admin/main/_form_nested_many.html.haml
 - app/views/rails_admin/main/_form_nested_one.html.haml
 - app/views/rails_admin/main/_form_polymorphic_association.html.haml
+- app/views/rails_admin/main/_form_simple_mde.haml
 - app/views/rails_admin/main/_form_text.html.haml
 - app/views/rails_admin/main/_form_wysihtml5.html.haml
 - app/views/rails_admin/main/_submit_buttons.html.haml
@@ -535,6 +539,7 @@ files:
 - lib/rails_admin/config/fields/types/polymorphic_association.rb
 - lib/rails_admin/config/fields/types/refile.rb
 - lib/rails_admin/config/fields/types/serialized.rb
+- lib/rails_admin/config/fields/types/simple_mde.rb
 - lib/rails_admin/config/fields/types/string.rb
 - lib/rails_admin/config/fields/types/text.rb
 - lib/rails_admin/config/fields/types/time.rb