rails_admin 1.4.2 → 1.4.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of rails_admin might be problematic. Click here for more details.

Files changed (15) hide show
  1. checksums.yaml +5 -5
  2. data/Gemfile +1 -1
  3. data/README.md +10 -11
  4. data/app/assets/javascripts/rails_admin/ra.filter-box.js +4 -4
  5. data/app/assets/javascripts/rails_admin/ra.nested-form-hooks.coffee +4 -1
  6. data/app/assets/javascripts/rails_admin/ra.widgets.coffee +12 -3
  7. data/lib/rails_admin/adapters/active_record.rb +2 -2
  8. data/lib/rails_admin/config/configurable.rb +18 -11
  9. data/lib/rails_admin/config/fields/factories/active_storage.rb +1 -1
  10. data/lib/rails_admin/config/fields/types/password.rb +5 -1
  11. data/lib/rails_admin/engine.rb +6 -3
  12. data/lib/rails_admin/extensions/paper_trail/auditing_adapter.rb +2 -0
  13. data/lib/rails_admin/support/csv_converter.rb +6 -0
  14. data/lib/rails_admin/version.rb +1 -1
  15. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 304c4e0f0cb8e46bab128045cd480163e9b86e6e
4
- data.tar.gz: e3a2a9e2c86f2227c0b8b9b3cdf955b4695154dd
2
+ SHA256:
3
+ metadata.gz: a2511d4339254d5f386a4b2730f4dd468526dc5bffec56a265113c003c8906b6
4
+ data.tar.gz: bacfe19f0d8622834410c587a188061f1ed423a61e598bde8d23c8002b8e1a44
5
5
  SHA512:
6
- metadata.gz: 1d489cc488adace10d7645b530f303e81cf96f981fddda20a01b9ff93e3b36678b23fe1ddd277d99a606c3ddec57c61851ebbace6d2e1515d7f36db97b49153a
7
- data.tar.gz: 7bfe657ca2eb9c41646736d33985adcc02fb1184689e0f69320f4a9fc838c15fb139f43872570be8752021a9387a077bd87d88acbd39458c9df027250a7cdd77
6
+ metadata.gz: 90a5aed673d2db9af5c31fa297a5e155cf9edbe23a281020cb30a7f07f644dfaf70b4fbddb6aaf806d8815f398c6861711441be6378d154c97736f7fcd6ebf13
7
+ data.tar.gz: 44144612bdc0eb7be539d3d730b1a0bddfe4686161e322f56d05df758427959e4aba3ef73305e792038ae82cccaa410e72ba750f51be804674d2fd9ef08509cb
data/Gemfile CHANGED
@@ -10,7 +10,7 @@ group :active_record do
10
10
 
11
11
  platforms :ruby, :mswin, :mingw do
12
12
  gem 'mysql2', '>= 0.3.14'
13
- gem 'sqlite3', '>= 1.3'
13
+ gem 'sqlite3', '~> 1.3.0'
14
14
  end
15
15
  end
16
16
 
data/README.md CHANGED
@@ -20,10 +20,18 @@ RailsAdmin is a Rails engine that provides an easy-to-use interface for managing
20
20
 
21
21
  ### [Action required] Security issue
22
22
 
23
- **RailsAdmin prior to 1.3.0 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 1.3.0 or later as soon as possible, if you are on those versions. See [#2985](https://github.com/sferik/rails_admin/issues/2985) for the detail.
23
+ > **RailsAdmin prior to 1.3.0 have been reported to have XSS vulnerability.** We strongly recommend that you upgrade RailsAdmin to 1.3.0 or later as soon as possible, if you are on those versions. See [#2985](https://github.com/sferik/rails_admin/issues/2985) for the detail.
24
+ >
25
+ > Also, 1.0.0 and 1.1.0 is known to have [CSRF vulnerability](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a), too.
24
26
 
25
- Also, 1.0.0 and 1.1.0 is known to have [CSRF vulnerability](https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a), too.
27
+ ## Getting started
26
28
 
29
+ * Check out [the docs][docs].
30
+ * Try the [live demo][demo]. ([Source code][dummy_app])
31
+
32
+ [demo]: http://rails-admin-tb.herokuapp.com/
33
+ [dummy_app]: https://github.com/bbenezech/dummy_app
34
+ [docs]: https://github.com/sferik/rails_admin/wiki
27
35
 
28
36
  ## Features
29
37
  * CRUD any data with ease
@@ -72,15 +80,6 @@ end
72
80
 
73
81
  Details: [Models](https://github.com/sferik/rails_admin/wiki/Models), [Groups](https://github.com/sferik/rails_admin/wiki/Groups), [Fields](https://github.com/sferik/rails_admin/wiki/Fields)
74
82
 
75
- ## Documentation
76
- https://github.com/sferik/rails_admin/wiki
77
-
78
- ## Demo
79
- Take RailsAdmin for a [test drive][demo] with sample data. ([Source code.][dummy_app])
80
-
81
- [demo]: http://rails-admin-tb.herokuapp.com/
82
- [dummy_app]: https://github.com/bbenezech/dummy_app
83
-
84
83
  ## Support
85
84
  If you have a question, please check this README, the wiki, and the [list of
86
85
  known issues][troubleshoot].
data/app/assets/javascripts/rails_admin/ra.filter-box.js CHANGED
@@ -48,7 +48,7 @@
48
48
  );
49
49
  case 'datetime':
50
50
  case 'timestamp':
51
- control = control || $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
51
+ control = control || $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
52
52
  .prop('name', operator_name)
53
53
  .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("date")))
54
54
  .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
@@ -103,7 +103,7 @@
103
103
  case 'string':
104
104
  case 'text':
105
105
  case 'belongs_to_association':
106
- control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
106
+ control = $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
107
107
  .prop('value', field_operator)
108
108
  .prop('name', operator_name)
109
109
  .append('<option value="_discard">...</option>')
@@ -122,7 +122,7 @@
122
122
  case 'integer':
123
123
  case 'decimal':
124
124
  case 'float':
125
- control = $('<select class="switch-additionnal-fieldsets input-sm form-control"></select>')
125
+ control = $('<select class="switch-additional-fieldsets input-sm form-control"></select>')
126
126
  .prop('name', operator_name)
127
127
  .append($('<option data-additional-fieldset="default" value="default"></option>').prop('selected', field_operator == "default").text(RailsAdmin.I18n.t("number")))
128
128
  .append($('<option data-additional-fieldset="between" value="between"></option>').prop('selected', field_operator == "between").text(RailsAdmin.I18n.t("between_and_")))
@@ -214,7 +214,7 @@
214
214
  $(this).find('i').toggleClass("icon-plus icon-minus")
215
215
  });
216
216
 
217
- $(document).on('change', "#filters_box .switch-additionnal-fieldsets", function(e) {
217
+ $(document).on('change', "#filters_box .switch-additional-fieldsets", function(e) {
218
218
  var selected_option = $(this).find('option:selected');
219
219
  if(klass = $(selected_option).data('additional-fieldset')) {
220
220
  $(this).siblings('.additional-fieldset:not(.' + klass + ')').hide('slow');
data/app/assets/javascripts/rails_admin/ra.nested-form-hooks.coffee CHANGED
@@ -9,6 +9,9 @@ $(document).ready ->
9
9
  $(document).on 'nested:fieldAdded', 'form', (content) ->
10
10
  field = content.field.addClass('tab-pane').attr('id', 'unique-id-' + (new Date().getTime()))
11
11
  new_tab = $('<li><a data-toggle="tab" href="#' + field.attr('id') + '">' + field.children('.object-infos').data('object-label') + '</a></li>')
12
+ new_tab = $('<li></li>').append(
13
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + field.attr('id')).text(field.children('.object-infos').data('object-label'))
14
+ )
12
15
  parent_group = field.closest('.control-group')
13
16
  controls = parent_group.children('.controls')
14
17
  one_to_one = controls.data('nestedone') != undefined
@@ -24,7 +27,7 @@ $(document).on 'nested:fieldAdded', 'form', (content) ->
24
27
  toggler.addClass('active').removeClass('disabled').children('i').addClass('icon-chevron-down').removeClass('icon-chevron-right')
25
28
 
26
29
  # Convert the "add nested field" button to just showing the title of the new model
27
- controls.find('.add_nested_fields').removeClass('add_nested_fields').html(field.children('.object-infos').data('object-label')) if one_to_one
30
+ controls.find('.add_nested_fields').removeClass('add_nested_fields').text(field.children('.object-infos').data('object-label')) if one_to_one
28
31
 
29
32
  $(document).on 'nested:fieldRemoved', 'form', (content) ->
30
33
  field = content.field
data/app/assets/javascripts/rails_admin/ra.widgets.coffee CHANGED
@@ -115,7 +115,11 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
115
115
  # add each nested field to a tab-pane and reference it in the nav
116
116
  tab_content.children('.fields:not(.tab-pane)').addClass('tab-pane').each ->
117
117
  $(this).attr('id', 'unique-id-' + (new Date().getTime()) + Math.floor(Math.random()*100000)) # some elements are created on the same ms
118
- nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>')
118
+ nav.append(
119
+ $('<li></li>').append(
120
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
121
+ )
122
+ )
119
123
  # only if no tab is set to active
120
124
  if nav.find("> li.active").length == 0
121
125
  # init first tab, toggler and tab_content/tabs visibility
@@ -143,8 +147,12 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
143
147
  toggler = field.find('> .controls > .btn-group > .toggler')
144
148
  tab_content.children(".fields:not(.tab-pane)").addClass('tab-pane active').each ->
145
149
  # Convert the "add nested field" button to just showing the title of the new model
146
- field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').html( $(this).children('.object-infos').data('object-label') )
147
- nav.append('<li><a data-toggle="tab" href="#' + this.id + '">' + $(this).children('.object-infos').data('object-label') + '</a></li>')
150
+ field.find('> .controls .add_nested_fields').removeClass('add_nested_fields').text( $(this).children('.object-infos').data('object-label') )
151
+ nav.append(
152
+ $('<li></li>').append(
153
+ $('<a></a>').attr('data-toggle', 'tab').attr('href', '#' + this.id).text($(this).children('.object-infos').data('object-label'))
154
+ )
155
+ )
148
156
  first_tab = nav.find("> li > a[data-toggle='tab']:first")
149
157
  first_tab.tab('show')
150
158
  field.find("> .controls > [data-target]:first").html('<i class="icon-white"></i> ' + first_tab.html())
@@ -240,6 +248,7 @@ $(document).on 'rails_admin.dom_ready', (e, content) ->
240
248
  options = $(this).data('options')
241
249
  textarea = this
242
250
  $.getScript options['locations']['mode'], (script, textStatus, jqXHR) ->
251
+ options = $(domEle).data('options')
243
252
  $('head').append('<link href="' + options['locations']['theme'] + '" rel="stylesheet" media="all" type="text\/css">')
244
253
  CodeMirror.fromTextArea(textarea,options['options'])
245
254
  $(textarea).addClass('codemirrored')
data/lib/rails_admin/adapters/active_record.rb CHANGED
@@ -223,6 +223,8 @@ module RailsAdmin
223
223
  def build_statement_for_string_or_text
224
224
  return if @value.blank?
225
225
 
226
+ return ["(#{@column} = ?)", @value] if ['is', '='].include?(@operator)
227
+
226
228
  unless ['postgresql', 'postgis'].include? ar_adapter
227
229
  @value = @value.mb_chars.downcase
228
230
  end
@@ -235,8 +237,6 @@ module RailsAdmin
235
237
  "#{@value}%"
236
238
  when 'ends_with'
237
239
  "%#{@value}"
238
- when 'is', '='
239
- @value
240
240
  else
241
241
  return
242
242
  end
data/lib/rails_admin/config/configurable.rb CHANGED
@@ -23,6 +23,23 @@ module RailsAdmin
23
23
  self.class.register_deprecated_instance_option(option_name, replacement_option_name, scope, &custom_error)
24
24
  end
25
25
 
26
+ private
27
+
28
+ def with_recurring(option_name, value_proc, default_proc)
29
+ # Track recursive invocation with an instance variable. This prevents run-away recursion
30
+ # and allows configurations such as
31
+ # label { "#{label}".upcase }
32
+ # This will use the default definition when called recursively.
33
+ if instance_variable_get("@#{option_name}_recurring")
34
+ instance_eval(&default_proc)
35
+ else
36
+ instance_variable_set("@#{option_name}_recurring", true)
37
+ instance_eval(&value_proc)
38
+ end
39
+ ensure
40
+ instance_variable_set("@#{option_name}_recurring", false)
41
+ end
42
+
26
43
  module ClassMethods
27
44
  # Register an instance option. Instance option is a configuration
28
45
  # option that stores its value within an instance variable and is
@@ -51,17 +68,7 @@ module RailsAdmin
51
68
  value = instance_variable_get("@#{option_name}_registered")
52
69
  case value
53
70
  when Proc
54
- # Track recursive invocation with an instance variable. This prevents run-away recursion
55
- # and allows configurations such as
56
- # label { "#{label}".upcase }
57
- # This will use the default definition when called recursively.
58
- if instance_variable_get("@#{option_name}_recurring")
59
- value = instance_eval(&default)
60
- else
61
- instance_variable_set("@#{option_name}_recurring", true)
62
- value = instance_eval(&value)
63
- instance_variable_set("@#{option_name}_recurring", false)
64
- end
71
+ value = with_recurring(option_name, value, default)
65
72
  when nil
66
73
  value = instance_eval(&default)
67
74
  end
data/lib/rails_admin/config/fields/factories/active_storage.rb CHANGED
@@ -3,7 +3,7 @@ require 'rails_admin/config/fields/types'
3
3
  require 'rails_admin/config/fields/types/file_upload'
4
4
 
5
5
  RailsAdmin::Config::Fields.register_factory do |parent, properties, fields|
6
- if defined?(::ActiveStorage) && properties.is_a?(RailsAdmin::Adapters::ActiveRecord::Association) && (match = /\A(.+)_attachments?\Z/.match properties.name) && properties.klass.to_s == 'ActiveStorage::Attachment'
6
+ if defined?(::ActiveStorage) && properties.try(:association?) && (match = /\A(.+)_attachments?\Z/.match properties.name) && properties.klass.to_s == 'ActiveStorage::Attachment'
7
7
  name = match[1]
8
8
  field = RailsAdmin::Config::Fields::Types.load(
9
9
  properties.type == :has_many ? :multiple_active_storage : :active_storage,
data/lib/rails_admin/config/fields/types/password.rb CHANGED
@@ -13,7 +13,11 @@ module RailsAdmin
13
13
  end
14
14
 
15
15
  def parse_input(params)
16
- params[name] = params[name].presence
16
+ if params[name].present?
17
+ params[name] = params[name]
18
+ else
19
+ params.delete(name)
20
+ end
17
21
  end
18
22
 
19
23
  register_instance_option :formatted_value do
data/lib/rails_admin/engine.rb CHANGED
@@ -43,9 +43,12 @@ module RailsAdmin
43
43
  Dir[File.join(File.dirname(__FILE__), '../tasks/*.rake')].each { |f| load f }
44
44
  end
45
45
 
46
- # Check for required middlewares, can be missing in Rails API mode
46
+ # Check for required middlewares, users may forget to use them in Rails API mode
47
47
  config.after_initialize do |app|
48
- has_session_store = app.config.middleware.to_a.any? { |m| m.klass.try(:<=, ActionDispatch::Session::AbstractStore) } || ::Rails.version < '5.0'
48
+ has_session_store = ::Rails.version < '5.0' || app.config.middleware.to_a.any? do |m|
49
+ m.klass.try(:<=, ActionDispatch::Session::AbstractStore) ||
50
+ m.klass.name =~ /^ActionDispatch::Session::/
51
+ end
49
52
  loaded = app.config.middleware.to_a.map(&:name)
50
53
  required = %w(ActionDispatch::Cookies ActionDispatch::Flash Rack::MethodOverride)
51
54
  missing = required - loaded
@@ -54,7 +57,7 @@ module RailsAdmin
54
57
  configs << "config.middleware.use #{app.config.session_store.try(:name) || 'ActionDispatch::Session::CookieStore'}, #{app.config.session_options}" unless has_session_store
55
58
  raise <<-EOM
56
59
  Required middlewares for RailsAdmin are not added
57
- To fix tihs, add
60
+ To fix this, add
58
61
 
59
62
  #{configs.join("\n ")}
60
63
 
data/lib/rails_admin/extensions/paper_trail/auditing_adapter.rb CHANGED
@@ -1,3 +1,5 @@
1
+ require 'active_support/core_ext/string/strip'
2
+
1
3
  module RailsAdmin
2
4
  module Extensions
3
5
  module PaperTrail
data/lib/rails_admin/support/csv_converter.rb CHANGED
@@ -35,6 +35,12 @@ module RailsAdmin
35
35
  end
36
36
 
37
37
  def to_csv(options = {})
38
+ if CSV::VERSION == '3.0.2'
39
+ raise <<-MSG.gsub(/^\s+/, '')
40
+ CSV library bundled with Ruby 2.6.0 has encoding issue, please upgrade Ruby to 2.6.1 or later.
41
+ https://github.com/ruby/csv/issues/62
42
+ MSG
43
+ end
38
44
  options = HashWithIndifferentAccess.new(options)
39
45
  encoding_to = Encoding.find(options[:encoding_to]) if options[:encoding_to].present?
40
46
 
data/lib/rails_admin/version.rb CHANGED
@@ -2,7 +2,7 @@ module RailsAdmin
2
2
  class Version
3
3
  MAJOR = 1
4
4
  MINOR = 4
5
- PATCH = 2
5
+ PATCH = 3
6
6
  PRE = nil
7
7
 
8
8
  class << self
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_admin
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.2
4
+ version: 1.4.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Michaels-Ober
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2018-09-23 00:00:00.000000000 Z
15
+ date: 2020-03-17 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: builder
@@ -621,8 +621,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
621
621
  - !ruby/object:Gem::Version
622
622
  version: 1.8.11
623
623
  requirements: []
624
- rubyforge_project:
625
- rubygems_version: 2.5.2
624
+ rubygems_version: 3.0.3
626
625
  signing_key:
627
626
  specification_version: 4
628
627
  summary: Admin for Rails