super_settings 2.4.3 → 2.6.0

data/lib/super_settings/application.rb

@@ -8,12 +8,16 @@ module SuperSettings
     include Helper
 
     # @param layout [String, Symbol] path to an ERB template to use as the layout around the application UI. You can
-    #                                pass the symbol +:default+ to use the default layout that ships with the gem.
+    #   pass the symbol +:default+ to use the default layout that ships with the gem.
     # @param add_to_head [String] HTML code to add to the <head> element on the page.
     # @param api_base_url [String] the base URL for the REST API.
     # @param color_scheme [Symbol] whether to use dark mode for the application UI. If +nil+, the user's system
-    #                              preference will be used.
-    def initialize(layout: nil, add_to_head: nil, api_base_url: nil, color_scheme: nil)
+    #   preference will be used.
+    # @param dark_mode_selector [String] a CSS selector that sets dark mode when it matches an element in the page.
+    #   This is an alternative to using the color_scheme option.
+    # @param read_only [Boolean] whether to render the application in read-only mode (edit controls hidden).
+    # @param locale [String] the locale code for translations (default: "en").
+    def initialize(layout: nil, add_to_head: nil, api_base_url: nil, color_scheme: nil, dark_mode_selector: nil, read_only: false, locale: nil)
       if layout
         layout = File.expand_path(File.join("application", "layout.html.erb"), __dir__) if layout == :default
         @layout = ERB.new(File.read(layout)) if layout
@@ -25,6 +29,9 @@ module SuperSettings
 
       @api_base_url = api_base_url
       @color_scheme = color_scheme&.to_sym
+      @dark_mode_selector = dark_mode_selector
+      @read_only = !!read_only
+      @locale = locale || SuperSettings::MiniI18n::DEFAULT_LOCALE
     end
 
     # Render the web UI application HTML.
@@ -38,6 +45,17 @@ module SuperSettings
       html
     end
 
+    # Render the edit form HTML for a single setting.
+    #
+    # @return [String] the rendered HTML
+    def render_edit
+      template = ERB.new(File.read(File.expand_path(File.join("application", "edit.html.erb"), __dir__)))
+      html = template.result(binding)
+      html = render_layout { html } if @layout
+      html = html.html_safe if html.respond_to?(:html_safe)
+      html
+    end
+
     private
 
     def render_layout

data/lib/super_settings/configuration.rb

@@ -12,6 +12,8 @@ module SuperSettings
 
     # Configuration for the controller.
     class Controller
+      VALID_COLOR_SCHEMES = [:light, :dark, :system].freeze
+
       # @api private
       attr_reader :enhancement
 
@@ -25,12 +27,13 @@ module SuperSettings
       def initialize
         @superclass = nil
         @web_ui_enabled = true
-        @color_scheme = false
+        @color_scheme = nil
         @changed_by_block = nil
         @enhancement = nil
         @application_name = nil
         @application_logo = nil
         @application_link = nil
+        @dark_mode_selector = nil
       end
 
       def superclass
@@ -41,10 +44,10 @@ module SuperSettings
         end
       end
 
-      # Optinal name of the application displayed in the view.
+      # Optional name of the application displayed in the view.
       attr_accessor :application_name
 
-      # Optional mage URL for the application logo.
+      # Optional image URL for the application logo.
       attr_accessor :application_logo
 
       # Optional URL for a link back to the rest of the application.
@@ -69,11 +72,30 @@ module SuperSettings
       end
 
       # Set dark mode for the web UI. Possible values are :light, :dark, or :system.
-      # The default value is :light.
+      # When the value is not set (or is invalid), theme selection is left dynamic.
       attr_writer :color_scheme
 
+      # Return the configured color scheme.
+      #
+      # @return [Symbol, nil]
       def color_scheme
-        (@color_scheme ||= :light).to_sym
+        scheme = @color_scheme&.to_sym
+        VALID_COLOR_SCHEMES.include?(scheme) ? scheme : nil
+      end
+
+      # Set a CSS selector that sets dark mode. This is an alternative to using the color_scheme
+      # option and can be used if you have a custom implementation for dark mode in your application.
+      # Dark mode will be enabled in the settings web UI when the selector matches an element in the page.
+      attr_accessor :dark_mode_selector
+
+      # Return the selector used to enable dark mode from host page state.
+      #
+      # @return [String, nil]
+      def resolved_dark_mode_selector
+        return @dark_mode_selector if @dark_mode_selector
+        return "[data-theme=dark]" if color_scheme.nil?
+
+        nil
       end
 
       # Enhance the controller. You can define methods or call controller class methods like

data/lib/super_settings/controller_actions.rb

@@ -19,8 +19,13 @@ module SuperSettings
 
     # Render the HTML application for managing settings.
     def root
-      html = SuperSettings::Application.new.render
-      render html: html.html_safe, layout: true
+      application = SuperSettings::Application.new(
+        read_only: super_settings_read_only?,
+        locale: I18n.locale,
+        color_scheme: SuperSettings.configuration.controller.color_scheme,
+        dark_mode_selector: SuperSettings.configuration.controller.resolved_dark_mode_selector
+      )
+      render html: application.render.html_safe, layout: true
     end
 
     # API endpoint for getting active settings. See SuperSettings::RestAPI for details.
@@ -40,6 +45,10 @@ module SuperSettings
 
     # API endpoint for updating settings. See SuperSettings::RestAPI for details.
     def update
+      if super_settings_read_only?
+        render json: {error: "Access denied"}, status: 403
+        return
+      end
       changed_by = SuperSettings.configuration.controller.changed_by(self)
       result = SuperSettings::RestAPI.update(params[:settings], changed_by)
       if result[:success]
@@ -69,12 +78,40 @@ module SuperSettings
       render json: SuperSettings::RestAPI.updated_since(params[:time])
     end
 
+    # API endpoint for checking if the user is authorized to edit settings.
+    def authorized
+      permission = super_settings_read_only? ? "read-only" : "read-write"
+      headers["super-settings-permission"] = permission
+      headers["cache-control"] = "no-cache"
+      render json: {authorized: true, permission: permission}
+    end
+
+    # Serve up the api.js file that defines a JavaScript client for the REST API.
+    def api_js
+      js = File.read(File.expand_path(File.join("application", "api.js"), __dir__))
+      render js: js.html_safe, content_type: "application/javascript; charset=utf-8"
+    end
+
     protected
 
+    # Mark the current request as read-only. When read-only, the web UI will hide edit
+    # controls and write API endpoints will return 403. Call this in a +before_action+ to
+    # restrict a user to read-only access.
+    def super_settings_read_only!
+      request.env["super_settings.read_only"] = true
+    end
+
+    # Return true if the current request has been marked as read-only.
+    def super_settings_read_only?
+      !!request.env["super_settings.read_only"]
+    end
+
     # Return true if CSRF protection needs to be enabled for the request.
     # By default it is only enabled on stateful requests that include Basic authorization
     # or cookies in the request so that stateless REST API calls are allowed.
     def protect_from_forgery?
+      return false if action_name == "api_js"
+
       request.cookies.present? || request.authorization.to_s.split(" ", 2).first&.match?(/\ABasic/i)
     end
   end

data/lib/super_settings/http_client.rb

@@ -135,6 +135,7 @@ module SuperSettings
     end
 
     def set_headers(request)
+      request.basic_auth(@user, @password) if @user
       @headers.each do |name, value|
         name = name.to_s
         values = Array(value)
@@ -148,7 +149,7 @@ module SuperSettings
     def request_uri(path, params = nil)
       uri = URI.join(@base_uri, path.delete_prefix("/"))
       if (params && !params.empty?) || (@base_uri.query && !@base_uri.query.empty?)
-        uri.query = [uri.query, query_string(params)].join("&")
+        uri.query = [uri.query, query_string(params)].compact.join("&")
       end
       uri
     end

data/lib/super_settings/local_cache.rb

@@ -120,16 +120,14 @@ module SuperSettings
       end
 
       load_block = lambda do
-        begin
-          values = {}
-          start_time = Time.now
-          Setting.active.each do |setting|
-            values[setting.key] = setting.value.freeze
-          end
-          set_cache_values(start_time) { values }
-        ensure
-          @refreshing = false
+        values = {}
+        start_time = Time.now
+        Setting.active.each do |setting|
+          values[setting.key] = setting.value.freeze
         end
+        set_cache_values(start_time) { values }
+      ensure
+        @refreshing = false
       end
 
       if asynchronous
@@ -158,14 +156,12 @@ module SuperSettings
       end
 
       refresh_block = lambda do
-        begin
-          last_db_update = Setting.last_updated_at
-          if last_db_update.nil? || last_db_update >= last_refresh_time - 1
-            merge_load(last_refresh_time)
-          end
-        ensure
-          @refreshing = false
+        last_db_update = Setting.last_updated_at
+        if last_db_update.nil? || last_db_update >= last_refresh_time - 1
+          merge_load(last_refresh_time)
         end
+      ensure
+        @refreshing = false
       end
 
       if asynchronous

data/lib/super_settings/mini_i18n.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require "json"
+
+module SuperSettings
+  # Internationalization support for the web UI. Translations are stored as
+  # JSON files in +app/locales/+ with one file per locale (e.g. +en.json+).
+  #
+  # Ruby templates use `#t` to look up a dotted key. JavaScript receives the
+  # full translation hash inlined via a +<script>+ tag so that the same JSON
+  # file drives both server-side and client-side strings.
+  module MiniI18n
+    DEFAULT_LOCALE = "en"
+
+    @cache = {}
+    @mutex = Mutex.new
+
+    class << self
+      # Return the list of available locale codes derived from the JSON files
+      # present in +app/locales/+.
+      #
+      # @return [Array<String>] locale codes, e.g. +["en"]+
+      def available_locales
+        load_all_locales.keys.sort
+      end
+
+      # Look up a translation by dotted key for the given locale.
+      # Falls back to the default locale when the key is missing, and
+      # ultimately returns the key itself if no translation is found.
+      #
+      # @param key [String] dotted translation key, e.g. +"page.title"+
+      # @param locale [String] the locale code (default: +DEFAULT_LOCALE+)
+      # @return [String] the translated string
+      def t(key, locale: DEFAULT_LOCALE)
+        translations = translations_for(locale)
+        translations[key] || translations_for(DEFAULT_LOCALE)[key] || key
+      end
+
+      # Return the full translation hash for a locale. Used to inline
+      # translations into the HTML page for JavaScript consumption.
+      #
+      # @param locale [String] the locale code
+      # @return [Hash<String, String>] all key/value translations
+      def translations_for(locale)
+        load_all_locales[normalize_locale(locale)] || load_all_locales[DEFAULT_LOCALE] || {}
+      end
+
+      # Return the text direction for the given locale. Reads the +"dir"+ key
+      # from the locale's translations hash, falling back to +"ltr"+ when not set.
+      #
+      # @param locale [String] the locale code
+      # @return [String] +"ltr"+ or +"rtl"+
+      def text_direction(locale = DEFAULT_LOCALE)
+        dir = translations_for(locale)["dir"]
+        (dir == "rtl") ? "rtl" : "ltr"
+      end
+
+      # Clear the translation cache. Called automatically in development mode.
+      #
+      # @return [void]
+      def clear_cache!
+        @mutex.synchronize { @cache = {} }
+      end
+
+      private
+
+      # Normalize a locale string to just the language subtag if the full
+      # tag is not available (e.g. "en-US" → "en").
+      def normalize_locale(locale)
+        locale = locale.to_s.strip.tr("_", "-").downcase
+        return locale if @cache.key?(locale)
+
+        # Try the language subtag (e.g. "en-us" → "en")
+        lang = locale.split("-").first
+        lang if @cache.key?(lang)
+      end
+
+      # Load every JSON file from the locales directory, keyed by filename
+      # stem (e.g. "en").
+      def load_all_locales
+        if development_mode?
+          @mutex.synchronize { @cache = {} }
+        end
+
+        return @cache unless @cache.empty?
+
+        @mutex.synchronize do
+          return @cache unless @cache.empty?
+
+          Dir.glob(File.join(locales_dir, "*.json")).each do |path|
+            code = File.basename(path, ".json").downcase
+            @cache[code] = JSON.parse(File.read(path))
+          rescue JSON::ParserError
+            # Skip malformed locale files
+          end
+        end
+
+        @cache
+      end
+
+      def locales_dir
+        File.expand_path(File.join("..", "..", "app", "locales"), __dir__)
+      end
+
+      def development_mode?
+        ENV.fetch("RACK_ENV", ENV.fetch("RAILS_ENV", "development")) == "development"
+      end
+    end
+  end
+end

data/lib/super_settings/rack_application.rb

@@ -104,9 +104,9 @@ module SuperSettings
     # Subclasses can override this method to return the path to an ERB file to use as the layout
     # for the HTML application. The layout can use any of the methods defined in SuperSettings::Application::Helper.
     #
-    # @return [String]
+    # @return [String, Symbol]
     def layout
-      "layout.html.erb"
+      :default
     end
 
     # Subclasses can override this method to add custom HTML to the <head> element in the HTML application.
@@ -133,12 +133,16 @@ module SuperSettings
       if request.get?
         if (path == "/" || path == "") && web_ui_enabled?
           return handle_root_request(request)
+        elsif path == "/authorized"
+          return handle_authorization_request(request)
+        elsif path == "/api.js"
+          return handle_api_js_request(request)
         elsif path == "/settings"
           return handle_index_request(request)
-        elsif path == "/setting"
-          return handle_show_request(request)
         elsif path == "/setting/history"
           return handle_history_request(request)
+        elsif path == "/setting"
+          return handle_show_request(request)
         elsif path == "/last_updated_at"
           return handle_last_updated_at_request(request)
         elsif path == "/updated_since"
@@ -157,9 +161,40 @@ module SuperSettings
       end
     end
 
+    def handle_authorization_request(request)
+      check_authorization(request) do |user|
+        read_only = !allow_write?(user) || !!request.env["super_settings.read_only"]
+        permission = read_only ? "read-only" : "read-write"
+        payload = {authorized: true, permission: permission}
+        [200, {"content-type" => "application/json; charset=utf-8", "cache-control" => "no-cache", "super-settings-permission" => permission}, [JSON.generate(payload)]]
+      end
+    end
+
+    def handle_api_js_request(request)
+      check_authorization(request) do |user|
+        js = File.read(File.expand_path(File.join("application", "api.js"), __dir__))
+        [200, {"content-type" => "application/javascript; charset=utf-8", "cache-control" => "no-cache"}, [js]]
+      end
+    end
+
     def handle_root_request(request)
-      response = check_authorization(request, write_required: true) do |user|
-        [200, {"content-type" => "text/html; charset=utf-8", "cache-control" => "no-cache"}, [Application.new(layout: :default, add_to_head: add_to_head(request), color_scheme: SuperSettings.configuration.controller.color_scheme).render]]
+      response = check_authorization(request) do |user|
+        read_only = !allow_write?(user) || !!request.env["super_settings.read_only"]
+        locale = resolve_locale(request)
+        headers = {"content-type" => "text/html; charset=utf-8", "cache-control" => "no-cache"}
+        lang = request.GET["lang"] if request.respond_to?(:GET)
+        if lang && SuperSettings::MiniI18n.available_locales.include?(lang)
+          headers["set-cookie"] = "super_settings_locale=#{lang}; path=/; SameSite=Lax"
+        end
+        application = Application.new(
+          layout: layout,
+          add_to_head: add_to_head(request),
+          color_scheme: SuperSettings.configuration.controller.color_scheme,
+          dark_mode_selector: SuperSettings.configuration.controller.resolved_dark_mode_selector,
+          read_only: read_only,
+          locale: locale
+        )
+        [200, headers, [application.render]]
       end
 
       if [401, 403].include?(response.first)
@@ -224,11 +259,15 @@ module SuperSettings
 
     def check_authorization(request, write_required: false)
       user = current_user(request)
-      return json_response(401, error: "Authentiation required") unless authenticated?(user)
+      return json_response(401, error: "Authentication required") unless authenticated?(user)
 
       allowed = (write_required ? allow_write?(user) : allow_read?(user))
       return json_response(403, error: "Access denied") unless allowed
 
+      if write_required && request.env["super_settings.read_only"]
+        return json_response(403, error: "Access denied")
+      end
+
       yield(user)
     end
 
@@ -236,6 +275,54 @@ module SuperSettings
       [status, RESPONSE_HEADERS.dup, [payload.to_json]]
     end
 
+    # Determine the locale for a request. Precedence:
+    # 1. ?lang= query parameter
+    # 2. super_settings_locale cookie (set by the language picker)
+    # 3. Accept-Language header
+    # 4. Default locale
+    def resolve_locale(request)
+      available = SuperSettings::MiniI18n.available_locales
+
+      # 1. Explicit query parameter
+      lang = request.GET["lang"] if request.respond_to?(:GET)
+      return lang if lang && available.include?(lang)
+
+      # 2. Cookie
+      cookie = request.cookies["super_settings_locale"] if request.respond_to?(:cookies)
+      return cookie if cookie && available.include?(cookie)
+
+      # 3. Accept-Language header
+      accept = request.env["HTTP_ACCEPT_LANGUAGE"] if request.respond_to?(:env)
+      locale_from_accept_language(accept.to_s, available) || SuperSettings::MiniI18n::DEFAULT_LOCALE
+    end
+
+    # Parse the Accept-Language header and return the best matching locale.
+    def locale_from_accept_language(header, available)
+      return nil if header.nil? || header.empty?
+
+      # Parse tags with optional quality values, e.g. "en-US,en;q=0.9,fr;q=0.8"
+      tags = header.split(",").map { |entry|
+        parts = entry.strip.split(";")
+        tag = parts[0].to_s.strip.downcase.tr("_", "-")
+        q = 1.0
+        parts[1..].each do |p|
+          if p.strip.start_with?("q=")
+            q = p.strip.sub("q=", "").to_f
+          end
+        end
+        [tag, q]
+      }.sort_by { |_, q| -q }
+
+      tags.each do |tag, _|
+        return tag if available.include?(tag)
+        # Try language subtag
+        lang = tag.split("-").first
+        return lang if available.include?(lang)
+      end
+
+      nil
+    end
+
     def post_params(request)
       if request.content_type.to_s.match?(/\Aapplication\/json/i) && request.body
         request.params.merge(JSON.parse(request.body.read))

data/lib/super_settings/rest_api.rb

@@ -83,7 +83,7 @@ module SuperSettings
       #
       #   The response will be either
       #
-      #   {success: true}
+      #   {success: true, values: {key => value, ...}}
       #
       #   or
       #
@@ -93,7 +93,11 @@ module SuperSettings
       def update(settings_params, changed_by = nil)
         all_valid, settings = Setting.bulk_update(Array(settings_params), changed_by)
         if all_valid
-          {success: true}
+          values = {}
+          settings.each do |setting|
+            values[setting.key] = setting.value
+          end
+          {success: true, values: values}
         else
           errors = {}
           settings.each do |setting|
@@ -179,7 +183,7 @@ module SuperSettings
       #
       # @return [Hash] hash with the last updated timestamp
       def last_updated_at
-        {last_updated_at: Setting.last_updated_at.utc.iso8601(6)}
+        {last_updated_at: Setting.last_updated_at&.utc&.iso8601(6)}
       end
 
       # Return settings that have been updated since a specified timestamp.

data/lib/super_settings/setting.rb

@@ -266,7 +266,7 @@ module SuperSettings
           key = setting_params["key"]
           setting = changed[key] || Setting.find_by_key(key)
           unless setting
-            next if Coerce.present?(setting_params["delete"])
+            next if Coerce.present?(setting_params["deleted"])
 
             setting = Setting.new(key: setting_params["key"])
           end

data/lib/super_settings/storage/active_record_storage/models.rb

@@ -17,15 +17,13 @@ module SuperSettings
           # ActiveRecord storage is only available if the connection pool is connected and the table exists.
 
           def available?
-            begin
-              # table_exists? will attempt to retrieve a connection from the pool and load the schema_cache
-              # which is memoized per connection. If there is no database or connection, it will raise an error.
-              table_exists?
-            rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
-              # Ignore errors so the application doesn't break if the database is not available.
-              # Otherwise things like build processes can fail.
-              false
-            end
+            # table_exists? will attempt to retrieve a connection from the pool and load the schema_cache
+            # which is memoized per connection. If there is no database or connection, it will raise an error.
+            table_exists?
+          rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
+            # Ignore errors so the application doesn't break if the database is not available.
+            # Otherwise things like build processes can fail.
+            false
           end
         end
       end

data/lib/super_settings/storage/http_storage.rb

@@ -6,7 +6,7 @@ module SuperSettings
     # This storage engine is read only. It is intended to allow microservices to read settings from a
     # central application that exposes the SuperSettings::RestAPI.
     #
-    # You must the the base_url class attribute to the base URL of a SuperSettings REST API endpoint.
+    # You must set the base_url class attribute to the base URL of a SuperSettings REST API endpoint.
     # You can also set the timeout, headers, and query_params used in reqeusts to the API.
     class HttpStorage < StorageAttributes
       include Storage
@@ -135,7 +135,6 @@ module SuperSettings
       end
 
       def reload
-        self.class.find_by_key(key)
         self.attributes = self.class.find_by_key(key).attributes
         self
       end

data/lib/super_settings/storage/json_storage.rb

@@ -112,7 +112,7 @@ module SuperSettings
           end
         end
 
-        # Heper method to load settings from a JSON string.
+        # Helper method to load settings from a JSON string.
         #
         # @param json [String] JSON string to parse.
         # @return [Array<SuperSettings::Storage::JSONStorage>] Array of settings.

data/lib/super_settings/storage/mongodb_storage.rb

@@ -119,6 +119,7 @@ module SuperSettings
 
         def save_all(changes)
           upserts = changes.collect { |setting| upsert(setting) }
+          return true if upserts.empty?
           settings_collection.bulk_write(upserts)
           true
         end
@@ -191,7 +192,7 @@ module SuperSettings
           pipeline << {
             "$addFields": {
               history: {
-                "$slice": ["$history", offset, (limit || {"$size": "$history"})]
+                "$slice": ["$history", offset, limit || {"$size": "$history"}]
               }
             }
           }

data/lib/super_settings/storage/s3_storage.rb

@@ -61,7 +61,7 @@ module SuperSettings
         end
 
         def path=(value)
-          @path = "#{value}.chomp('/')/"
+          @path = "#{value.chomp("/")}/"
         end
 
         def hash

data/lib/super_settings/storage.rb

@@ -17,7 +17,7 @@ module SuperSettings
 
     def self.included(base)
       base.extend(ClassMethods)
-      base.include(Attributes) unless base.instance_methods.include?(:attributes=)
+      base.include(Attributes) unless base.method_defined?(:attributes=)
 
       base.instance_variable_set(:@load_asynchronous, nil)
     end

data/lib/super_settings/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SuperSettings
-  VERSION = File.read(File.expand_path("../../VERSION", __dir__)).chomp
+  VERSION = File.read(File.expand_path("../../VERSION", __dir__)).strip.freeze
 end