rails_admin 1.4.2 → 1.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 304c4e0f0cb8e46bab128045cd480163e9b86e6e
-  data.tar.gz: e3a2a9e2c86f2227c0b8b9b3cdf955b4695154dd
+SHA256:
+  metadata.gz: a2511d4339254d5f386a4b2730f4dd468526dc5bffec56a265113c003c8906b6
+  data.tar.gz: bacfe19f0d8622834410c587a188061f1ed423a61e598bde8d23c8002b8e1a44
 SHA512:
-  metadata.gz: 1d489cc488adace10d7645b530f303e81cf96f981fddda20a01b9ff93e3b36678b23fe1ddd277d99a606c3ddec57c61851ebbace6d2e1515d7f36db97b49153a
-  data.tar.gz: 7bfe657ca2eb9c41646736d33985adcc02fb1184689e0f69320f4a9fc838c15fb139f43872570be8752021a9387a077bd87d88acbd39458c9df027250a7cdd77
+  metadata.gz: 90a5aed673d2db9af5c31fa297a5e155cf9edbe23a281020cb30a7f07f644dfaf70b4fbddb6aaf806d8815f398c6861711441be6378d154c97736f7fcd6ebf13
+  data.tar.gz: 44144612bdc0eb7be539d3d730b1a0bddfe4686161e322f56d05df758427959e4aba3ef73305e792038ae82cccaa410e72ba750f51be804674d2fd9ef08509cb

data/Gemfile

@@ -10,7 +10,7 @@ group :active_record do
 
   platforms :ruby, :mswin, :mingw do
     gem 'mysql2', '>= 0.3.14'
-    gem 'sqlite3', '>= 1.3'
+    gem 'sqlite3', '~> 1.3.0'
   end
 end
 

data/README.md

@@ -20,10 +20,18 @@ RailsAdmin is a Rails engine that provides an easy-to-use interface for managing
 
 ### [Action required] Security issue
 
-**RailsAdmin prior to 1.3.0 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 1.3.0 or later as soon as possible, if you are on those versions. See [#2985](https://github.com/sferik/rails_admin/issues/2985) for the detail.
+> **RailsAdmin prior to 1.3.0 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 1.3.0 or later as soon as possible, if you are on those versions. See [#2985](https://github.com/sferik/rails_admin/issues/2985) for the detail.
+> 
+> Also, 1.0.0 and 1.1.0 is known to have [CSRF vulnerability](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a), too.
 
-Also, 1.0.0 and 1.1.0 is known to have [CSRF vulnerability](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a), too.
+## Getting started
 
+* Check out [the docs][docs].
+* Try the [live demo][demo]. ([Source code][dummy_app])
+
+[demo]: http://rails-admin-tb.herokuapp.com/
+[dummy_app]: https://github.com/bbenezech/dummy_app
+[docs]: https://github.com/sferik/rails_admin/wiki
 
 ## Features
 * CRUD any data with ease
@@ -72,15 +80,6 @@ end
 
 Details: [Models](https://github.com/sferik/rails_admin/wiki/Models), [Groups](https://github.com/sferik/rails_admin/wiki/Groups), [Fields](https://github.com/sferik/rails_admin/wiki/Fields)
 
-## Documentation
-https://github.com/sferik/rails_admin/wiki
-
-## Demo
-Take RailsAdmin for a [test drive][demo] with sample data. ([Source code.][dummy_app])
-
-[demo]: http://rails-admin-tb.herokuapp.com/
-[dummy_app]: https://github.com/bbenezech/dummy_app
-
 ## Support
 If you have a question, please check this README, the wiki, and the [list of
 known issues][troubleshoot].

data/app/assets/javascripts/rails_admin/ra.filter-box.js

@@ -48,7 +48,7 @@
             );
         case 'datetime':
         case 'timestamp':
-          control = control || $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+          control = control || $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
             .prop('name', operator_name)
             .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("date")))
             .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
@@ -103,7 +103,7 @@
         case 'string':
         case 'text':
         case 'belongs_to_association':
-          control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+          control = $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
             .prop('value', field_operator)
             .prop('name', operator_name)
             .append('<option value="_discard">...</option>')
@@ -122,7 +122,7 @@
         case 'integer':
         case 'decimal':
         case 'float':
-          control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
+          control = $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
             .prop('name', operator_name)
             .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("number")))
             .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
@@ -214,7 +214,7 @@
     $(this).find('i').toggleClass("icon-plus icon-minus")
   });
 
-  $(document).on('change', "#filters_box .switch-additionnal-fieldsets", function(e) {
+  $(document).on('change', "#filters_box .switch-additional-fieldsets", function(e) {
     var selected_option = $(this).find('option:selected');
     if(klass = $(selected_option).data('additional-fieldset')) {
       $(this).siblings('.additional-fieldset:not(.' + klass + ')').hide('slow');

data/app/assets/javascripts/rails_admin/ra.nested-form-hooks.coffee

@@ -9,6 +9,9 @@ $(document).ready ->
 $(document).on 'nested:fieldAdded', 'form', (content) ->
   field = content.field.addClass('tab-pane').attr('id', 'unique-id-' + (new Date().getTime()))
   new_tab = $('<li><a data-toggle="tab" href="#' + field.attr('id') + '">' + field.children('.object-infos').data('object-label') + '</a></li>')
+  new_tab = $('<li></li>').append(
+    $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + field.attr('id')).text(field.children('.object-infos').data('object-label'))
+  )
   parent_group = field.closest('.control-group')
   controls = parent_group.children('.controls')
   one_to_one = controls.data('nestedone') != undefined
@@ -24,7 +27,7 @@ $(document).on 'nested:fieldAdded', 'form', (content) ->
   toggler.addClass('active').removeClass('disabled').children('i').addClass('icon-chevron-down').removeClass('icon-chevron-right')
 
   # Convert the "add nested field" button to just showing the title of the new model
-  controls.find('.add_nested_fields').removeClass('add_nested_fields').html(field.children('.object-infos').data('object-label')) if one_to_one
+  controls.find('.add_nested_fields').removeClass('add_nested_fields').text(field.children('.object-infos').data('object-label')) if one_to_one
 
 $(document).on 'nested:fieldRemoved', 'form', (content) ->
   field = content.field

data/app/assets/javascripts/rails_admin/ra.widgets.coffee

@@ -115,7 +115,11 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
       # add each nested field to a tab-pane and reference it in the nav
       tab_content.children('.fields:not(.tab-pane)').addClass('tab-pane').each ->
         $(this).attr('id', 'unique-id-' + (new Date().getTime()) + Math.floor(Math.random()*100000)) # some elements are created on the same ms
-        nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>')
+        nav.append(
+          $('<li></li>').append(
+            $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
+          )
+        )
       # only if no tab is set to active
       if nav.find("> li.active").length == 0
         # init first tab, toggler and tab_content/tabs visibility
@@ -143,8 +147,12 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
       toggler = field.find('> .controls > .btn-group > .toggler')
       tab_content.children(".fields:not(.tab-pane)").addClass('tab-pane active').each ->
         # Convert the "add nested field" button to just showing the title of the new model
-        field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').html( $(this).children('.object-infos').data('object-label') )
-        nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>')
+        field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').text( $(this).children('.object-infos').data('object-label') )
+        nav.append(
+          $('<li></li>').append(
+            $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
+          )
+        )
       first_tab = nav.find("> li > a[data-toggle='tab']:first")
       first_tab.tab('show')
       field.find("> .controls > [data-target]:first").html('<i class="icon-white"></i> ' + first_tab.html())
@@ -240,6 +248,7 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
         options = $(this).data('options')
         textarea = this
         $.getScript options['locations']['mode'], (script, textStatus, jqXHR) ->
+          options = $(domEle).data('options')
           $('head').append('<link href="' + options['locations']['theme'] + '" rel="stylesheet" media="all" type="text\/css">')
           CodeMirror.fromTextArea(textarea,options['options'])
           $(textarea).addClass('codemirrored')

data/lib/rails_admin/adapters/active_record.rb

@@ -223,6 +223,8 @@ module RailsAdmin
         def build_statement_for_string_or_text
           return if @value.blank?
 
+          return ["(#{@column} = ?)", @value] if ['is', '='].include?(@operator)
+
           unless ['postgresql', 'postgis'].include? ar_adapter
             @value = @value.mb_chars.downcase
           end
@@ -235,8 +237,6 @@ module RailsAdmin
               "#{@value}%"
             when 'ends_with'
               "%#{@value}"
-            when 'is', '='
-              @value
             else
               return
             end

data/lib/rails_admin/config/configurable.rb

@@ -23,6 +23,23 @@ module RailsAdmin
         self.class.register_deprecated_instance_option(option_name, replacement_option_name, scope, &custom_error)
       end
 
+    private
+
+      def with_recurring(option_name, value_proc, default_proc)
+        # Track recursive invocation with an instance variable. This prevents run-away recursion
+        # and allows configurations such as
+        # label { "#{label}".upcase }
+        # This will use the default definition when called recursively.
+        if instance_variable_get("@#{option_name}_recurring")
+          instance_eval(&default_proc)
+        else
+          instance_variable_set("@#{option_name}_recurring", true)
+          instance_eval(&value_proc)
+        end
+      ensure
+        instance_variable_set("@#{option_name}_recurring", false)
+      end
+
       module ClassMethods
         # Register an instance option. Instance option is a configuration
         # option that stores its value within an instance variable and is
@@ -51,17 +68,7 @@ module RailsAdmin
               value = instance_variable_get("@#{option_name}_registered")
               case value
               when Proc
-                # Track recursive invocation with an instance variable. This prevents run-away recursion
-                # and allows configurations such as
-                # label { "#{label}".upcase }
-                # This will use the default definition when called recursively.
-                if instance_variable_get("@#{option_name}_recurring")
-                  value = instance_eval(&default)
-                else
-                  instance_variable_set("@#{option_name}_recurring", true)
-                  value = instance_eval(&value)
-                  instance_variable_set("@#{option_name}_recurring", false)
-                end
+                value = with_recurring(option_name, value, default)
               when nil
                 value = instance_eval(&default)
               end

data/lib/rails_admin/config/fields/factories/active_storage.rb

@@ -3,7 +3,7 @@ require 'rails_admin/config/fields/types'
 require 'rails_admin/config/fields/types/file_upload'
 
 RailsAdmin::Config::Fields.register_factory do |parent, properties, fields|
-  if defined?(::ActiveStorage) && properties.is_a?(RailsAdmin::Adapters::ActiveRecord::Association) && (match = /\A(.+)_attachments?\Z/.match properties.name) && properties.klass.to_s == 'ActiveStorage::Attachment'
+  if defined?(::ActiveStorage) && properties.try(:association?) && (match = /\A(.+)_attachments?\Z/.match properties.name) && properties.klass.to_s == 'ActiveStorage::Attachment'
     name = match[1]
     field = RailsAdmin::Config::Fields::Types.load(
       properties.type == :has_many ? :multiple_active_storage : :active_storage,

data/lib/rails_admin/config/fields/types/password.rb

@@ -13,7 +13,11 @@ module RailsAdmin
           end
 
           def parse_input(params)
-            params[name] = params[name].presence
+            if params[name].present?
+              params[name] = params[name]
+            else
+              params.delete(name)
+            end
           end
 
           register_instance_option :formatted_value do

data/lib/rails_admin/engine.rb

@@ -43,9 +43,12 @@ module RailsAdmin
       Dir[File.join(File.dirname(__FILE__), '../tasks/*.rake')].each { |f| load f }
     end
 
-    # Check for required middlewares, can be missing in Rails API mode
+    # Check for required middlewares, users may forget to use them in Rails API mode
     config.after_initialize do |app|
-      has_session_store = app.config.middleware.to_a.any? { |m| m.klass.try(:<=, ActionDispatch::Session::AbstractStore) } || ::Rails.version < '5.0'
+      has_session_store = ::Rails.version < '5.0' || app.config.middleware.to_a.any? do |m|
+        m.klass.try(:<=, ActionDispatch::Session::AbstractStore) ||
+          m.klass.name =~ /^ActionDispatch::Session::/
+      end
       loaded = app.config.middleware.to_a.map(&:name)
       required = %w(ActionDispatch::Cookies ActionDispatch::Flash Rack::MethodOverride)
       missing = required - loaded
@@ -54,7 +57,7 @@ module RailsAdmin
         configs << "config.middleware.use #{app.config.session_store.try(:name) || 'ActionDispatch::Session::CookieStore'}, #{app.config.session_options}" unless has_session_store
         raise <<-EOM
 Required middlewares for RailsAdmin are not added
-To fix tihs, add
+To fix this, add
 
   #{configs.join("\n  ")}
 

data/lib/rails_admin/extensions/paper_trail/auditing_adapter.rb

@@ -1,3 +1,5 @@
+require 'active_support/core_ext/string/strip'
+
 module RailsAdmin
   module Extensions
     module PaperTrail

data/lib/rails_admin/support/csv_converter.rb

@@ -35,6 +35,12 @@ module RailsAdmin
     end
 
     def to_csv(options = {})
+      if CSV::VERSION == '3.0.2'
+        raise <<-MSG.gsub(/^\s+/, '')
+          CSV library bundled with Ruby 2.6.0 has encoding issue, please upgrade Ruby to 2.6.1 or later.
+          https://github.com/ruby/csv/issues/62
+        MSG
+      end
       options = HashWithIndifferentAccess.new(options)
       encoding_to = Encoding.find(options[:encoding_to]) if options[:encoding_to].present?
 

data/lib/rails_admin/version.rb

@@ -2,7 +2,7 @@ module RailsAdmin
   class Version
     MAJOR = 1
     MINOR = 4
-    PATCH = 2
+    PATCH = 3
     PRE = nil
 
     class << self

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_admin
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.4.3
 platform: ruby
 authors:
 - Erik Michaels-Ober
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-23 00:00:00.000000000 Z
+date: 2020-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: builder
@@ -621,8 +621,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.11
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Admin for Rails