ransack 3.2.1 → 4.1.0

data/docs/docs/getting-started/simple-mode.md

@@ -27,6 +27,10 @@ def index
 end
 ```
 
+:::caution
+By default, searching and sorting are authorized on any column of your model. See [Authorization (allowlisting/denylisting)](/going-further/other-notes.md#authorization-allowlistingdenylisting) on how to prevent this.
+:::
+
 ### Default search options
 
 #### Search parameter
@@ -50,7 +54,7 @@ This may be disabled by setting the `strip_whitespace` option in a Ransack initi
 
 ```ruby
 Ransack.configure do |c|
-  # Change whitespace stripping behaviour.
+  # Change whitespace stripping behavior.
   # Default is true
   c.strip_whitespace = false
 end
@@ -60,7 +64,7 @@ end
 
 The two primary Ransack view helpers are `search_form_for` and `sort_link`,
 which are defined in
-[Ransack::Helpers::FormHelper](https://github.com/activerecord-hackery/ransack/lib/ransack/helpers/form_helper.rb).
+[Ransack::Helpers::FormHelper](https://github.com/activerecord-hackery/ransack/blob/main/lib/ransack/helpers/form_helper.rb).
 
 ### Form helper
 

data/docs/docs/getting-started/sorting.md

@@ -10,70 +10,62 @@ title: Sorting
 You can add a form to capture sorting and filtering options together.
 
 ```erb
-<div class="filters" id="filtersSidebar">
-  <header class="filters-header">
-    <div class="filters-header-content">
-      <h3>Filters</h3>
-    </div>
-  </header>
-
-  <div class="filters-content">
-    <%= search_form_for @q,
-          class: 'form',
-          url: articles_path,
-          html: { autocomplete: 'off', autocapitalize: 'none' } do |f| %>
-
-      <div class="form-group">
-        <%= f.label :title_cont, t('Filter_by_keyword') %>
-        <%= f.search_field :title_cont %>
-      </div>
-
-      <%= render partial: 'filters/date_title_sort', locals: { f: f } %>
-
-      <div class="form-group">
-        <%= f.label :grade_level_gteq, t('Grade_level') %> >=
-        <%= f.search_field :grade_level_gteq  %>
-      </div>
-
-      <div class="form-group">
-        <%= f.label :readability_gteq, t('Readability') %> >=
-        <%= f.search_field :readability_gteq  %>
-      </div>
-
-      <div class="form-group">
-        <i><%= @articles.total_count %> articles</i>
-      </div>
-
-      <div class="form-group">
-        <hr/>
-        <div class="filters-header-content">
-          <%= link_to request.path, class: 'form-link' do %>
-            <i class="far fa-undo icon-l"></i><%= t('Clear_all') %>
-          <% end %>
-
-          <%= f.submit t('Filter'), class: 'btn btn-primary' %>
-        </div>
-      </div>    
+# app/views/posts/index.html.erb
+
+<%= search_form_for @q do |f| %>
+  <%= f.label :title_cont %>
+  <%= f.search_field :title_cont %>
+
+  <%= f.submit "Search" %>
+<% end %>
+
+<table>
+  <thead>
+    <tr>
+      <th><%= sort_link(@q, :title, "Title") %></th>
+      <th><%= sort_link(@q, :category, "Category") %></th>
+      <th><%= sort_link(@q, :created_at, "Created at") %></th>
+    </tr>
+  </thead>
+
+  <tbody>
+    <% @posts.each do |post| %>
+      <tr>
+        <td><%= post.title %></td>
+        <td><%= post.category %></td>
+        <td><%= post.created_at.to_s(:long) %></td>
+      </tr>
     <% end %>
-  </div>
-</div>
+  </tbody>
+</table>
 ```
 
-
 ## Sorting in the Controller
 
 To specify a default search sort field + order in the controller `index`:
 
 ```ruby
-@search = Post.ransack(params[:q])
-@search.sorts = 'name asc' if @search.sorts.empty?
-@posts = @search.result.paginate(page: params[:page], per_page: 20)
+# app/controllers/posts_controller.rb
+class PostsController < ActionController::Base
+  def index
+    @q = Post.ransack(params[:q])
+    @q.sorts = 'title asc' if @q.sorts.empty?
+
+    @posts = @q.result(distinct: true)
+  end
+end
 ```
 
 Multiple sorts can be set by:
 
 ```ruby
-@search = Post.ransack(params[:q])  
-@search.sorts = ['name asc', 'created_at desc'] if @search.sorts.empty?
-@posts = @search.result.paginate(page: params[:page], per_page: 20)
+# app/controllers/posts_controller.rb
+class PostsController < ActionController::Base
+  def index
+    @q = Post.ransack(params[:q])
+    @q.sorts = ['title asc', 'created_at desc'] if @q.sorts.empty?
+
+    @posts = @q.result(distinct: true)
+  end
+end
 ```

data/docs/docs/going-further/acts-as-taggable-on.md

@@ -67,24 +67,24 @@ When you're writing a `Ransack` search form, you can choose any of the following
 
 ### Option A - Match keys exactly
 
-Option `a` will match keys exactly. This is the solution to choose if you want to distinguish 'Home' from 'Homework': searching for 'Home' will return just the `Task` with id 1. It also allows searching for more than one tag at once (comma separated):
+Option `A` will match keys exactly. This is the solution to choose if you want to distinguish 'Home' from 'Homework': searching for 'Home' will return just the `Task` with id 1. It also allows searching for more than one tag at once (comma separated):
 - `Home, Personal` will return task 1
 - `Home, Homework` will return task 1 and 2
 
 ### Option B - match key combinations
 
-Option `b` will match all keys exactly. This is the solution if you wanna search for specific combinations of tags:
+Option `B` will match all keys exactly. This is the solution if you wanna search for specific combinations of tags:
 - `Home` will return nothing, as there is no Task with just the `Home` tag
 - `Home, Personal` will return task 1
 
 ### Option C - match substrings
 
-Option `c` is used to match substrings. This is useful when you don't care for the exact tag, but only for part of it:
+Option `C` is used to match substrings. This is useful when you don't care for the exact tag, but only for part of it:
 - `Home` will return task 1 and 2 (`/Home/` matches both `"Home"` and `"Homework"`)
 
 ### Option D - select from a list of tags
 
-In Option D we allow the user to select a list of valid tags and then search againt them. We use the plural name here.
+In Option `D` we allow the user to select a list of valid tags and then search against them. We use the plural name here.
 
 ```erb
 <div class='form-group'>

data/docs/docs/going-further/form-customisation.md

@@ -3,7 +3,7 @@ sidebar_position: 4
 title: Form customisation
 ---
 
-Predicate and attribute labels in forms may be specified with I18n in a translation file (see the locale files in [Ransack::Locale](https://github.com/activerecord-hackery/ransack/activerecord-hackery/ransack/tree/master/lib/ransack/locale) for more examples):
+Predicate and attribute labels in forms may be specified with I18n in a translation file (see the locale files in [Ransack::Locale](https://github.com/activerecord-hackery/ransack/tree/main/lib/ransack/locale) for more examples):
 
 ```yml
 # locales/en.yml

data/docs/docs/going-further/i18n.md

@@ -6,12 +6,12 @@ title: i18n
 # i18n and Ransack
 
 Ransack translation files are available in
-[Ransack::Locale](https://github.com/activerecord-hackery/ransack/lib/ransack/locale). You may also be interested in one of the
+[Ransack::Locale](https://github.com/activerecord-hackery/ransack/tree/main/lib/ransack/locale). You may also be interested in one of the
 many translations for Ransack available at
 http://www.localeapp.com/projects/2999.
 
 Predicate and attribute translations in forms may be specified as follows (see
-the translation files in [Ransack::Locale](https://github.com/activerecord-hackery/ransack/lib/ransack/locale) for more examples):
+the translation files in [Ransack::Locale](https://github.com/activerecord-hackery/ransack/tree/main/lib/ransack/locale) for more examples):
 
 locales/en.yml:
 ```yml
@@ -27,7 +27,7 @@ en:
       gt: greater than
       lt: less than
     models:
-      person: Passanger
+      person: Passenger
     attributes:
       person:
         name: Full Name

data/docs/docs/going-further/other-notes.md

@@ -182,7 +182,7 @@ for an `auth_object` key in the options hash which can be used by your own
 overridden methods.
 
 Here is an example that puts all this together, adapted from
-[this blog post by Ernie Miller](http://erniemiller.org/2012/05/11/why-your-ruby-class-macros-might-suck-mine-did/).
+[this blog post by Ernie Miller](https://ernie.io/2012/05/11/why-your-ruby-class-macros-might-suck-mine-did/).
 In an `Article` model, add the following `ransackable_attributes` class method
 (preferably private):
 
@@ -354,7 +354,7 @@ argument are not easily usable yet, because the array currently needs to be
 wrapped in an array to function (see
 [this issue](https://github.com/activerecord-hackery/ransack/issues/404)),
 which is not compatible with Ransack form helpers. For this use case, it may be
-better for now to use [ransackers](https://github.com/activerecord-hackery/ransack/wiki/Using-Ransackers) instead,
+better for now to use [ransackers](https://activerecord-hackery.github.io/ransack/going-further/ransackers) instead,
 where feasible. Pull requests with solutions and tests are welcome!
 
 ### Grouping queries by OR instead of AND

data/docs/docs/going-further/polymorphic-search.md

@@ -38,3 +38,9 @@ Location.ransack(locatable_of_House_type_number_eq: 100).result
 ```
 
 note the `_of_House_type_` added to the search key. This allows Ransack to correctly specify the table names in SQL join queries.
+
+For namespaced models you should use a quoted string containing the standard Ruby module notation
+
+```ruby
+Location.ransack('locatable_of_Residences::House_type_number_eq' => 100).result
+```

data/docs/docs/going-further/saving-queries.md

@@ -72,7 +72,7 @@ class ApplicationController < ActionController::Base
   end
 
 protected
-  # GENERATE A GENERIC SESSION KEY BASED ON TEH CONTROLLER NAME
+  # GENERATE A GENERIC SESSION KEY BASED ON THE CONTROLLER NAME
   def search_key
     "#{controller_name}_search".to_sym
   end

data/docs/docs/going-further/searching-postgres.md

@@ -13,7 +13,7 @@ See [this issue](https://github.com/activerecord-hackery/ransack/issues/321) for
 
 ### Using a fixed key
 
-See here for searching on a fixed key in a JSONB column: https://github.com/activerecord-hackery/ransack/wiki/Using-Ransackers#3-search-on-a-fixed-key-in-a-jsonb--hstore-column
+See here for searching on a fixed key in a JSONB column: https://activerecord-hackery.github.io/ransack/going-further/ransackers/#postgres-columns
 
 ### Using the JSONB contains operator
 

data/docs/package.json

@@ -14,15 +14,19 @@
     "write-heading-ids": "docusaurus write-heading-ids"
   },
   "dependencies": {
-    "@docusaurus/core": "^2.0.0-beta.20",
-    "@docusaurus/preset-classic": "^2.0.0-beta.20",
-    "@easyops-cn/docusaurus-search-local": "^0.25.0",
+    "@docusaurus/core": "^2.2.0",
+    "@docusaurus/preset-classic": "^2.2.0",
+    "@easyops-cn/docusaurus-search-local": "^0.33.5",
     "@mdx-js/react": "^1.6.22",
     "clsx": "^1.1.1",
     "prism-react-renderer": "^1.3.1",
     "react": "^17.0.2",
     "react-dom": "^17.0.2"
   },
+  "resolutions": {
+    "trim": "^0.0.3",
+    "got": "^11.8.5"
+  },
   "browserslist": {
     "production": [
       ">0.5%",