tiny_admin 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 748ac60bbfef74485795f95728033866510e728572d391b2a3f381fde88434f6
-  data.tar.gz: 59c0a78183a960e28cb1670d4484be18e368ec48cf622bd8034087192385b7dd
+  metadata.gz: 6b1b97d53e29a9534e5bad33db4ab61e52de4325cd68d6556da668bf940815b5
+  data.tar.gz: 2d94e52253fdf7fe44edf2ef731c166ade81c5972b84fac80d3adc99d7e347d2
 SHA512:
-  metadata.gz: 8ba6531f80fbaab695c59a309e7249f071a1f4491fd7800edb2562571beb352d3f4faff625876cf6dc87e9cdcbf8d12d002f343076446c8ad82653c8d488ce78
-  data.tar.gz: 162637202396ce2106c9ad9c2117a22becc3ad99c3a4e0f72f850624089cb110e2eda4ae39aa66e6c4897bb6c5ad0789003d10711c94ba74f28616afa3e5e82a
+  metadata.gz: b681c29bc30097703aa541af928a9f0d73e698cb0a7bf1e95264f92be92c6b420f556f1eda1fe9dd3c6a12efcefa3c975c84ab52664607cf2a9eab15e88e3192
+  data.tar.gz: dd1ae44d4d8eb14d212c980487ba3f57a37d0cf460f7a6cfa05eced7436ec2b6bd5015fb822f565f7923c8110e81c5c7a6072f688cb7b637a5b33479e16db668

data/README.md

@@ -3,7 +3,7 @@
 [![Gem Version](https://badge.fury.io/rb/tiny_admin.svg)](https://badge.fury.io/rb/tiny_admin)
 [![Gem Downloads](https://badgen.net/rubygems/dt/tiny_admin)](https://rubygems.org/gems/tiny_admin)
 [![Linters](https://github.com/blocknotes/tiny_admin/actions/workflows/linters.yml/badge.svg)](https://github.com/blocknotes/tiny_admin/actions/workflows/linters.yml)
-[![Specs](https://github.com/blocknotes/tiny_admin/actions/workflows/specs.yml/badge.svg)](https://github.com/blocknotes/tiny_admin/actions/workflows/specs.yml)
+[![Specs](https://github.com/blocknotes/tiny_admin/actions/workflows/tests.yml/badge.svg)](https://github.com/blocknotes/tiny_admin/actions/workflows/tests.yml)
 
 A compact and composable dashboard component for Ruby.
 

data/lib/tiny_admin/actions/index.rb

@@ -45,14 +45,14 @@ module TinyAdmin
         @params = context.request.params
         @repository = context.repository
         @pagination = options[:pagination] || 10
-        @current_page = (params['p'] || 1).to_i
-        @query_string = params_to_s(params.except('p'))
+        @current_page = (params["p"] || 1).to_i
+        @query_string = params_to_s(params.except("p"))
       end
 
       def prepare_filters(fields)
         filters = (options[:filters] || []).map { _1.is_a?(Hash) ? _1 : { field: _1 } }
-        filters = filters.each_with_object({}) { |filter, result| result[filter[:field]] = filter }
-        values = (params['q'] || {})
+        filters = filters.to_h { |filter| [filter[:field], filter] }
+        values = params["q"] || {}
         fields.each_with_object({}) do |(name, field), result|
           result[field] = { value: values[name], filter: filters[name] } if filters.key?(name)
         end

data/lib/tiny_admin/authentication.rb

@@ -3,7 +3,7 @@
 module TinyAdmin
   class Authentication < BasicApp
     route do |r|
-      r.get 'unauthenticated' do
+      r.get "unauthenticated" do
         if current_user
           r.redirect TinyAdmin.settings.root_path
         else
@@ -11,15 +11,15 @@ module TinyAdmin
         end
       end
 
-      r.post 'unauthenticated' do
+      r.post "unauthenticated" do
         warning = TinyAdmin.settings.helper_class.label_for(
-          'Failed to authenticate',
-          options: ['authentication.unauthenticated']
+          "Failed to authenticate",
+          options: ["authentication.unauthenticated"]
         )
         render_login(warnings: [warning])
       end
 
-      r.get 'logout' do
+      r.get "logout" do
         logout_user
         r.redirect TinyAdmin.settings.root_path
       end
@@ -33,9 +33,9 @@ module TinyAdmin
 
       page = prepare_page(login, options: %i[no_menu compact_layout])
       page.messages = {
-        notices: notices || flash['notices'],
-        warnings: warnings || flash['warnings'],
-        errors: errors || flash['errors']
+        notices: notices || flash["notices"],
+        warnings: warnings || flash["warnings"],
+        errors: errors || flash["errors"]
       }
       render(inline: page.call)
     end

data/lib/tiny_admin/basic_app.rb

@@ -5,17 +5,19 @@ module TinyAdmin
     include Utils
 
     class << self
+      include Utils
+
       def authentication_plugin
         plugin = TinyAdmin.settings.authentication&.dig(:plugin)
-        plugin_class = plugin.is_a?(String) ? Object.const_get(plugin) : plugin
+        plugin_class = to_class(plugin) if plugin
         plugin_class || TinyAdmin::Plugins::NoAuth
       end
     end
 
     plugin :flash
     plugin :not_found
-    plugin :render, engine: 'html'
-    plugin :sessions, secret: SecureRandom.hex(64)
+    plugin :render, engine: "html"
+    plugin :sessions, secret: ENV.fetch("TINY_ADMIN_SECRET") { SecureRandom.hex(64) }
 
     plugin authentication_plugin, TinyAdmin.settings.authentication
 

data/lib/tiny_admin/field.rb

@@ -12,13 +12,13 @@ module TinyAdmin
     end
 
     def apply_call_option(target)
-      messages = (options[:call] || '').split(',').map(&:strip)
+      messages = (options[:call] || "").split(",").map(&:strip)
       messages.inject(target) { |result, msg| result&.send(msg) } if messages.any?
     end
 
     def translate_value(value)
       if options && options[:method]
-        method, *args = options[:method].split(',').map(&:strip)
+        method, *args = options[:method].split(",").map(&:strip)
         if options[:converter]
           Object.const_get(options[:converter]).send(method, value, options: args || [])
         else
@@ -30,10 +30,11 @@ module TinyAdmin
     end
 
     class << self
+      include Utils
+
       def create_field(name:, title: nil, type: nil, options: {})
         field_name = name.to_s
-        field_title = field_name.respond_to?(:humanize) ? field_name.humanize : field_name.tr('_', ' ').capitalize
-        new(name: field_name, title: title || field_title, type: type || :string, options: options || {})
+        new(name: field_name, title: title || humanize(field_name), type: type || :string, options: options || {})
       end
     end
   end

data/lib/tiny_admin/plugins/active_record_repository.rb

@@ -54,7 +54,7 @@ module TinyAdmin
       def apply_filters(query, filters)
         filters.each do |field, filter|
           value = filter&.dig(:value)
-          next if value.nil? || value == ''
+          next if value.nil? || value == ""
 
           query =
             case field.type

data/lib/tiny_admin/plugins/base_repository.rb

@@ -3,7 +3,8 @@
 module TinyAdmin
   module Plugins
     class BaseRepository
-      RecordNotFound = Class.new(StandardError)
+      class RecordNotFound < StandardError
+      end
 
       attr_reader :model
 

data/lib/tiny_admin/plugins/no_auth.rb

@@ -8,12 +8,12 @@ module TinyAdmin
       end
 
       module InstanceMethods
-        def authenticate_user!
+        def authenticate_user! # rubocop:disable Naming/PredicateMethod
           true
         end
 
         def current_user
-          'admin'
+          "admin"
         end
 
         def logout_user

data/lib/tiny_admin/plugins/simple_auth.rb

@@ -1,21 +1,21 @@
 # frozen_string_literal: true
 
-require 'digest'
+require "digest"
 
 module TinyAdmin
   module Plugins
     module SimpleAuth
       class << self
         def configure(app, opts = {})
-          @@opts = opts || {} # rubocop:disable Style/ClassVars
-          @@opts[:password] ||= ENV.fetch('ADMIN_PASSWORD_HASH', nil) # NOTE: fallback value
+          opts ||= {}
+          password_hash = opts[:password] || ENV.fetch("ADMIN_PASSWORD_HASH", nil)
 
           Warden::Strategies.add(:secret) do
-            def authenticate!
-              secret = params['secret'] || ''
-              return fail(:invalid_credentials) if Digest::SHA512.hexdigest(secret) != @@opts[:password]
+            define_method(:authenticate!) do
+              secret = params["secret"] || ""
+              return fail(:invalid_credentials) if Digest::SHA512.hexdigest(secret) != password_hash
 
-              success!(app: 'TinyAdmin')
+              success!(app: "TinyAdmin")
             end
           end
 
@@ -29,15 +29,15 @@ module TinyAdmin
 
       module InstanceMethods
         def authenticate_user!
-          env['warden'].authenticate!
+          env["warden"].authenticate!
         end
 
         def current_user
-          env['warden'].user
+          env["warden"].user
         end
 
         def logout_user
-          env['warden'].logout
+          env["warden"].logout
         end
       end
     end

data/lib/tiny_admin/raw_html.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module TinyAdmin
+  class RawHtml
+    attr_reader :to_s
+
+    def initialize(value)
+      @to_s = value.to_s
+    end
+  end
+end

data/lib/tiny_admin/router.rb

@@ -9,7 +9,7 @@ module TinyAdmin
     route do |r|
       TinyAdmin.settings.load_settings
 
-      r.on 'auth' do
+      r.on "auth" do
         r.run Authentication
       end
 
@@ -25,7 +25,7 @@ module TinyAdmin
         # :nocov:
       end
 
-      r.post '' do
+      r.post "" do
         r.redirect TinyAdmin.settings.root_path
       end
 
@@ -48,13 +48,13 @@ module TinyAdmin
 
     def render_page(page)
       if page.respond_to?(:messages=)
-        page.messages = { notices: flash['notices'], warnings: flash['warnings'], errors: flash['errors'] }
+        page.messages = { notices: flash["notices"], warnings: flash["warnings"], errors: flash["errors"] }
       end
       render(inline: page.call)
     end
 
     def root_route(req)
-      if authorization.allowed?(current_user, :root)
+      authorize!(:root) do
         if TinyAdmin.settings.root[:redirect]
           req.redirect route_for(TinyAdmin.settings.root[:redirect])
         else
@@ -62,31 +62,27 @@ module TinyAdmin
           attributes = TinyAdmin.settings.root.slice(:content, :title, :widgets)
           render_page prepare_page(page_class, attributes: attributes, params: request.params)
         end
-      else
-        render_page prepare_page(TinyAdmin.settings.page_not_allowed)
       end
     end
 
     def setup_page_route(req, slug, page_data)
       req.get slug do
-        if authorization.allowed?(current_user, :page, slug)
+        authorize!(:page, slug) do
           attributes = page_data.slice(:content, :title, :widgets)
           render_page prepare_page(page_data[:class], slug: slug, attributes: attributes, params: request.params)
-        else
-          render_page prepare_page(TinyAdmin.settings.page_not_allowed)
         end
       end
     end
 
     def setup_resource_routes(req, slug, options:)
       req.on slug do
-        setup_collection_routes(req, slug, options: options)
-        setup_member_routes(req, slug, options: options)
+        repository = options[:repository].new(options[:model])
+        setup_collection_routes(req, slug, options: options, repository: repository)
+        setup_member_routes(req, slug, options: options, repository: repository)
       end
     end
 
-    def setup_collection_routes(req, slug, options:)
-      repository = options[:repository].new(options[:model])
+    def setup_collection_routes(req, slug, options:, repository:)
       action_options = options[:index] || {}
 
       # Custom actions
@@ -99,9 +95,9 @@ module TinyAdmin
       )
 
       # Index
-      if options[:only].include?(:index) || options[:only].include?('index')
+      if options[:only].include?(:index) || options[:only].include?("index")
         req.is do
-          if authorization.allowed?(current_user, :resource_index, slug)
+          authorize!(:resource_index, slug) do
             context = Context.new(
               actions: custom_actions,
               repository: repository,
@@ -111,15 +107,12 @@ module TinyAdmin
             )
             index_action = TinyAdmin::Actions::Index.new
             render_page index_action.call(app: self, context: context, options: action_options)
-          else
-            render_page prepare_page(TinyAdmin.settings.page_not_allowed)
           end
         end
       end
     end
 
-    def setup_member_routes(req, slug, options:)
-      repository = options[:repository].new(options[:model])
+    def setup_member_routes(req, slug, options:, repository:)
       action_options = (options[:show] || {}).merge(record_not_found_page: TinyAdmin.settings.record_not_found)
 
       req.on String do |reference|
@@ -134,9 +127,9 @@ module TinyAdmin
         )
 
         # Show
-        if options[:only].include?(:show) || options[:only].include?('show')
+        if options[:only].include?(:show) || options[:only].include?("show")
           req.is do
-            if authorization.allowed?(current_user, :resource_show, slug)
+            authorize!(:resource_show, slug) do
               context = Context.new(
                 actions: custom_actions,
                 reference: reference,
@@ -147,8 +140,6 @@ module TinyAdmin
               )
               show_action = TinyAdmin::Actions::Show.new
               render_page show_action.call(app: self, context: context, options: action_options)
-            else
-              render_page prepare_page(TinyAdmin.settings.page_not_allowed)
             end
           end
         end
@@ -157,11 +148,11 @@ module TinyAdmin
 
     def setup_custom_actions(req, custom_actions = nil, options:, repository:, slug:, reference: nil)
       (custom_actions || []).each_with_object({}) do |custom_action, result|
-        action_slug, action = custom_action.first
-        action_class = to_class(action)
+        action_slug, action_config = custom_action.first
+        action_class, http_method = parse_action_config(action_config)
 
-        req.get action_slug.to_s do
-          if authorization.allowed?(current_user, :custom_action, action_slug.to_s)
+        req.public_send(http_method, action_slug.to_s) do
+          authorize!(:custom_action, action_slug.to_s) do
             context = Context.new(
               actions: {},
               reference: reference,
@@ -172,8 +163,6 @@ module TinyAdmin
             )
             custom_action = action_class.new
             render_page custom_action.call(app: self, context: context, options: options)
-          else
-            render_page prepare_page(TinyAdmin.settings.page_not_allowed)
           end
         end
 
@@ -181,8 +170,26 @@ module TinyAdmin
       end
     end
 
+    def parse_action_config(config)
+      if config.is_a?(Hash)
+        action_class = to_class(config[:action] || config["action"])
+        http_method = (config[:method] || config["method"] || "get").to_sym
+        [action_class, http_method]
+      else
+        [to_class(config), :get]
+      end
+    end
+
     def authorization
       TinyAdmin.settings.authorization_class
     end
+
+    def authorize!(action, param = nil)
+      if authorization.allowed?(current_user, action, param)
+        yield
+      else
+        render_page prepare_page(TinyAdmin.settings.page_not_allowed)
+      end
+    end
   end
 end

data/lib/tiny_admin/settings.rb

@@ -19,9 +19,9 @@ module TinyAdmin
       %i[page_not_found] => Views::Pages::PageNotFound,
       %i[record_not_found] => Views::Pages::RecordNotFound,
       %i[repository] => Plugins::ActiveRecordRepository,
-      %i[root_path] => '/admin',
+      %i[root_path] => "/admin",
       %i[root page] => Views::Pages::Root,
-      %i[root title] => 'TinyAdmin',
+      %i[root title] => "TinyAdmin",
       %i[sections] => []
     }.freeze
 
@@ -67,6 +67,8 @@ module TinyAdmin
     end
 
     def load_settings
+      return if @loaded
+
       # default values
       DEFAULTS.each do |(option, param), default|
         if param
@@ -78,17 +80,23 @@ module TinyAdmin
       end
 
       @store ||= TinyAdmin::Store.new(self)
-      self.root_path = '/' if root_path == ''
+      self.root_path = "/" if root_path == ""
 
-      if authentication[:plugin] <= Plugins::SimpleAuth
+      if authentication[:plugin].is_a?(Module) && authentication[:plugin] <= Plugins::SimpleAuth
         logout_path = "#{root_path}/auth/logout"
-        authentication[:logout] ||= TinyAdmin::Section.new(name: 'logout', slug: 'logout', path: logout_path)
+        authentication[:logout] ||= TinyAdmin::Section.new(name: "logout", slug: "logout", path: logout_path)
       end
       store.prepare_sections(sections, logout: authentication[:logout])
+      @loaded = true
     end
 
     def reset!
-      @options = {}
+      @options = {
+        components: {},
+        sections: []
+      }
+      @store = nil
+      @loaded = false
     end
 
     private
@@ -104,12 +112,18 @@ module TinyAdmin
         value.each_key do |key2|
           path = [key, key2]
           if (DEFAULTS[path].is_a?(Class) || DEFAULTS[path].is_a?(Module)) && self[key][key2].is_a?(String)
-            self[key][key2] = Object.const_get(self[key][key2])
+            self[key][key2] = resolve_class(self[key][key2], setting: "#{key}.#{key2}")
           end
         end
       elsif value.is_a?(String) && (DEFAULTS[[key]].is_a?(Class) || DEFAULTS[[key]].is_a?(Module))
-        self[key] = Object.const_get(self[key])
+        self[key] = resolve_class(self[key], setting: key.to_s)
       end
     end
+
+    def resolve_class(class_name, setting:)
+      Object.const_get(class_name)
+    rescue NameError => e
+      raise NameError, "TinyAdmin: invalid class '#{class_name}' for setting '#{setting}' - #{e.message}"
+    end
   end
 end

data/lib/tiny_admin/store.rb

@@ -22,18 +22,15 @@ module TinyAdmin
         end
 
         slug = section[:slug].to_s
-        case section[:type]&.to_sym
-        when :content
-          list << add_content_section(slug, section)
-        when :page
-          list << add_page_section(slug, section)
-        when :resource
-          list << add_resource_section(slug, section)
-        when :url
-          list << add_url_section(slug, section)
-        end
+        item = case section[:type]&.to_sym
+               when :content then add_content_section(slug, section)
+               when :page then add_page_section(slug, section)
+               when :resource then add_resource_section(slug, section)
+               when :url then add_url_section(slug, section)
+               end
+        list << item if item
       end
-      navbar << logout if logout
+      @navbar << logout if logout
     end
 
     private
@@ -56,7 +53,7 @@ module TinyAdmin
         repository: to_class(section[:repository] || settings.repository)
       )
 
-      hidden = section[:options] && (section[:options].include?(:hidden) || section[:options].include?('hidden'))
+      hidden = section[:options] && (section[:options].include?(:hidden) || section[:options].include?("hidden"))
       TinyAdmin::Section.new(name: section[:name], slug: slug) unless hidden
     end
 

data/lib/tiny_admin/support.rb

@@ -3,6 +3,10 @@
 module TinyAdmin
   class Support
     class << self
+      def raw_html(value)
+        TinyAdmin::RawHtml.new(value)
+      end
+
       def call(value, options: [])
         options.inject(value) { |result, message| result&.send(message) } if value && options&.any?
       end
@@ -24,11 +28,19 @@ module TinyAdmin
       end
 
       def strftime(value, options: [])
-        value&.strftime(options&.first || '%Y-%m-%d %H:%M')
+        value&.strftime(options&.first || "%Y-%m-%d %H:%M")
       end
 
       def to_date(value, options: [])
-        value.to_date.to_s if value
+        value&.to_date&.to_s
+      rescue NoMethodError, ArgumentError
+        value&.to_s
+      end
+
+      def multiline(array, options: [])
+        return unless array.is_a?(Array)
+
+        raw_html(array.join("<br/>"))
       end
 
       def upcase(value, options: [])

data/lib/tiny_admin/utils.rb

@@ -1,17 +1,19 @@
 # frozen_string_literal: true
 
+require "cgi"
+
 module TinyAdmin
   module Utils
     def params_to_s(params)
       list = params.each_with_object([]) do |(param, value), result|
         if value.is_a?(Hash)
-          values = value.map { |key, val| "#{param}[#{key}]=#{val}" }
+          values = value.map { |key, val| "#{CGI.escape(param.to_s)}[#{CGI.escape(key.to_s)}]=#{CGI.escape(val.to_s)}" }
           result.concat(values)
         else
-          result.push(["#{param}=#{value}"])
+          result.push("#{CGI.escape(param.to_s)}=#{CGI.escape(value.to_s)}")
         end
       end
-      list.join('&')
+      list.join("&")
     end
 
     def prepare_page(page_class, slug: nil, attributes: nil, options: nil, params: nil)
@@ -40,9 +42,9 @@ module TinyAdmin
     end
 
     def humanize(string)
-      return '' unless string
+      return "" unless string
 
-      string.respond_to?(:humanize) ? string.humanize : string.tr('_', ' ').capitalize
+      string.respond_to?(:humanize) ? string.humanize : string.tr("_", " ").capitalize
     end
   end
 end

data/lib/tiny_admin/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TinyAdmin
-  VERSION = '0.10.0'
+  VERSION = "0.11.0"
 end