tolaria 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/javascripts/admin/views/fields/attachment_field.js +1 -1
- data/app/assets/javascripts/admin/views/fields/has_many.js +3 -3
- data/app/assets/javascripts/admin/views/fields/image_association_select.js +1 -1
- data/app/assets/javascripts/admin/views/fields/markdown_composer.js +2 -2
- data/app/assets/javascripts/admin/views/fields/slug_field.js +3 -3
- data/app/assets/javascripts/admin/views/fields/swatch_field.js +5 -3
- data/app/assets/javascripts/admin/views/sessions.js +4 -4
- data/app/assets/stylesheets/admin/components/_buttons.scss +3 -0
- data/app/controllers/tolaria/tolaria_controller.rb +4 -1
- data/app/helpers/admin/table_helper.rb +2 -2
- data/app/helpers/admin/view_helper.rb +11 -0
- data/app/mailers/passcode_mailer.rb +1 -1
- data/app/views/admin/session/form.html.erb +3 -2
- data/app/views/admin/shared/_head.html.erb +1 -1
- data/app/views/admin/shared/forms/_has_many_header.html.erb +1 -1
- data/app/views/admin/shared/forms/_timestamp_field.html.erb +1 -0
- data/app/views/admin/tolaria_resource/_index_table.html.erb +3 -1
- data/app/views/admin/tolaria_resource/edit.html.erb +1 -1
- data/lib/tolaria/version.rb +1 -1
- data/test/demo/app/models/blog_post.rb +4 -0
- data/test/integration/interface_test.rb +11 -0
- data/test/integration/session_test.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 924bb7dffa35ab0de6adf4b9bd114ad055f01b10
|
4
|
+
data.tar.gz: ce331c2da73214162b3faa2fb95a6e18fcbc998e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c95dd58c6023309fc4e939f9cf167ed752a2b85d8c289081b373e548ffeb9dea534786ebf8195712b484fbe7e28f26e9a6a97c86b2dbeef8111c4e28d4ae7bbf
|
7
|
+
data.tar.gz: b0ccd3893916a3855d69c90d233722b166eba39028f50f991409a5e4de89d5c85543769abad35d012fcd4b1cb45bd6cf42de4af81bab73e244d5f34632cb5ec2
|
@@ -1,7 +1,7 @@
|
|
1
1
|
var HasManyView = Backbone.View.extend({
|
2
2
|
|
3
3
|
initialize: function() {
|
4
|
-
this.$button = $(".has-many-create").first();
|
4
|
+
this.$button = $(".has-many-create", this.el).first();
|
5
5
|
this.template = this.$button.data("template");
|
6
6
|
this.templateID = this.$button.data("id");
|
7
7
|
},
|
@@ -24,7 +24,7 @@ var HasManyView = Backbone.View.extend({
|
|
24
24
|
|
25
25
|
var $parentHeader = $(event.currentTarget).parents(".has-many-header").first();
|
26
26
|
var $fieldgroup = $parentHeader.nextUntil(".has-many-header, .has-many-create");
|
27
|
-
var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first()
|
27
|
+
var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first();
|
28
28
|
|
29
29
|
if (!!$destroyInput.length) {
|
30
30
|
// The model is already persisted, set the destruction flag
|
@@ -43,7 +43,7 @@ var HasManyView = Backbone.View.extend({
|
|
43
43
|
|
44
44
|
restoreFieldgroup: function(event) {
|
45
45
|
|
46
|
-
var $undoControl = $(event.currentTarget)
|
46
|
+
var $undoControl = $(event.currentTarget);
|
47
47
|
var $fieldgroup = $undoControl.nextUntil(".has-many-header, .has-many-create");
|
48
48
|
var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first();
|
49
49
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
var ImageAssociationSelectView = Backbone.View.extend({
|
2
2
|
|
3
3
|
initialize: function() {
|
4
|
-
this.$select = this.$el.find("select")
|
4
|
+
this.$select = this.$el.find("select");
|
5
5
|
this.$previewImage = this.$el.find(".image-association-select-image");
|
6
6
|
this.hiddenClass = "-hidden";
|
7
7
|
|
@@ -90,7 +90,7 @@ var MarkdownComposerView = Backbone.View.extend({
|
|
90
90
|
self.presentErrorMessage("The server refused to send you a preview. Please sign in and out of the admin panel and try again.");
|
91
91
|
},
|
92
92
|
500: function(xhr, status, error) {
|
93
|
-
self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.")
|
93
|
+
self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.");
|
94
94
|
}
|
95
95
|
},
|
96
96
|
|
@@ -145,7 +145,7 @@ var MarkdownComposerView = Backbone.View.extend({
|
|
145
145
|
|
146
146
|
events: {
|
147
147
|
|
148
|
-
"keyup": "
|
148
|
+
"keyup": "keyupCallback",
|
149
149
|
"focus textarea": "brightenSelf",
|
150
150
|
"blur textarea": "dimSelf",
|
151
151
|
|
@@ -8,13 +8,13 @@ var SlugFieldView = Backbone.View.extend({
|
|
8
8
|
|
9
9
|
refreshPreview: function() {
|
10
10
|
|
11
|
-
var val = $.trim(this.$input.val())
|
11
|
+
var val = $.trim(this.$input.val());
|
12
12
|
|
13
13
|
if (!!val) {
|
14
|
-
this.$previewFragment.html(this.parameterize(val))
|
14
|
+
this.$previewFragment.html(this.parameterize(val));
|
15
15
|
}
|
16
16
|
else {
|
17
|
-
this.$previewFragment.html("*")
|
17
|
+
this.$previewFragment.html("*");
|
18
18
|
}
|
19
19
|
|
20
20
|
},
|
@@ -44,10 +44,12 @@ var SwatchFieldView = Backbone.View.extend({
|
|
44
44
|
|
45
45
|
events: {
|
46
46
|
"keyup": "refreshPreview",
|
47
|
-
"change input": "refreshPreview",
|
48
|
-
"change input": "validateSelf",
|
49
47
|
"blur input": "validateSelf",
|
50
|
-
"focus input": "clearError"
|
48
|
+
"focus input": "clearError",
|
49
|
+
"change input": function(event) {
|
50
|
+
this.refreshPreview(event);
|
51
|
+
this.validateSelf(event);
|
52
|
+
}
|
51
53
|
}
|
52
54
|
|
53
55
|
});
|
@@ -47,19 +47,19 @@ var SessionView = Backbone.View.extend({
|
|
47
47
|
self.presentPasscodeInput();
|
48
48
|
},
|
49
49
|
404: function(xhr, status, error) {
|
50
|
-
self.presentErrorMessage(xhr.responseJSON.error)
|
50
|
+
self.presentErrorMessage(xhr.responseJSON.error);
|
51
51
|
},
|
52
52
|
423: function(xhr, status, error) {
|
53
|
-
self.presentErrorMessage(xhr.responseJSON.error)
|
53
|
+
self.presentErrorMessage(xhr.responseJSON.error);
|
54
54
|
},
|
55
55
|
500: function(xhr, status, error) {
|
56
|
-
self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.")
|
56
|
+
self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.");
|
57
57
|
}
|
58
58
|
},
|
59
59
|
|
60
60
|
timeout: 29000,
|
61
61
|
error: function(xhr, status, error) {
|
62
|
-
self.presentErrorMessage("Could not connect to the server. Check your network connection and try\xA0again.")
|
62
|
+
self.presentErrorMessage("Could not connect to the server. Check your network connection and try\xA0again.");
|
63
63
|
}
|
64
64
|
|
65
65
|
});
|
@@ -11,9 +11,12 @@ class Tolaria::TolariaController < ::ApplicationController
|
|
11
11
|
response.headers["X-UA-Compatible"] = "IE=edge"
|
12
12
|
# Forbid putting the admin in a frameset/iframe
|
13
13
|
response.headers["X-Frame-Options"] = "DENY"
|
14
|
-
#
|
14
|
+
# No cross-domain funny business from Flash
|
15
|
+
response.headers["X-Permitted-Cross-Domain-Policies"] = "none"
|
16
|
+
# Strict sniffing, type checks, and XSS modes for browsers that use these flags
|
15
17
|
response.headers["X-Content-Type-Options"] = "nosniff"
|
16
18
|
response.headers["X-XSS-Protection"] = "1; mode=block"
|
19
|
+
response.headers["X-Download-Options"] = "noopen"
|
17
20
|
end
|
18
21
|
|
19
22
|
def tolaria_template(name)
|
@@ -118,12 +118,12 @@ module Admin::TableHelper
|
|
118
118
|
# 14×14px in size.
|
119
119
|
#
|
120
120
|
# Other options are forwarded to `content_tag` for the `<td>`.
|
121
|
-
def index_td(resource, method_or_content, options = {}, &block)
|
121
|
+
def index_td(resource, method_or_content = {}, options = {}, &block)
|
122
122
|
|
123
123
|
options = method_or_content if block_given?
|
124
124
|
|
125
125
|
if block_given?
|
126
|
-
content =
|
126
|
+
content = capture(resource, &block)
|
127
127
|
elsif method_or_content.is_a?(Symbol)
|
128
128
|
content = resource.send(method_or_content)
|
129
129
|
else
|
@@ -58,6 +58,17 @@ module Admin::ViewHelper
|
|
58
58
|
return %{Are you sure you want to delete the #{resource.model_name.human.downcase} “#{Tolaria.display_name(resource)}”? This action is not reversible.}
|
59
59
|
end
|
60
60
|
|
61
|
+
def contextual_form_url
|
62
|
+
case controller.action_name
|
63
|
+
when "edit", "update"
|
64
|
+
url_for(action:"show", id:@resource.id)
|
65
|
+
when "new", "create"
|
66
|
+
url_for(action:"index")
|
67
|
+
else
|
68
|
+
nil
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
61
72
|
# Returns a `<span>` tag that displays the given `label` as a pill
|
62
73
|
# status badge. You can change the color of the pill by providing a
|
63
74
|
# six-digit hexadecimal `color` string, or passing one of the predefined
|
@@ -5,7 +5,7 @@ class PasscodeMailer < ActionMailer::Base
|
|
5
5
|
def passcode(administrator, passcode)
|
6
6
|
@administrator = administrator
|
7
7
|
@passcode = passcode
|
8
|
-
mail(to:administrator.email, subject:"#{Tolaria.config.company_name}
|
8
|
+
mail(to:administrator.email, subject:"#{@passcode} is your #{Tolaria.config.company_name} passcode")
|
9
9
|
end
|
10
10
|
|
11
11
|
end
|
@@ -19,7 +19,7 @@
|
|
19
19
|
autocorrect: "off",
|
20
20
|
autocapitalize: "none",
|
21
21
|
tabindex: 1,
|
22
|
-
value:
|
22
|
+
value: nil,
|
23
23
|
} %>
|
24
24
|
|
25
25
|
<%= f.label :passcode, "Passcode", for:"session-form-passcode", class:"visuallyhidden" %>
|
@@ -31,7 +31,8 @@
|
|
31
31
|
spellcheck: "false",
|
32
32
|
pattern: "[0-9]*",
|
33
33
|
tabindex: 2,
|
34
|
-
style: "display:none"
|
34
|
+
style: "display:none",
|
35
|
+
value: nil,
|
35
36
|
} %>
|
36
37
|
|
37
38
|
<%= f.button "Request a passcode", type:"submit", id:"session-form-submit", class:"session-button" %>
|
@@ -1,6 +1,6 @@
|
|
1
1
|
<head>
|
2
2
|
<meta charset="utf-8">
|
3
|
-
<title><%=
|
3
|
+
<title><%= content_for(:title) %><%= " • " if content_for(:title) %><%= Tolaria.config.company_name %></title>
|
4
4
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
5
5
|
<meta name="robots" content="noindex">
|
6
6
|
<meta name="google" content="notranslate">
|
@@ -8,7 +8,7 @@
|
|
8
8
|
<% if allow_destroy %>
|
9
9
|
|
10
10
|
<%= button_tag type:"button", class:"has-many-undo", style:"display:none" do %>
|
11
|
-
<span class="has-many-undo-text">This <%= f.object.model_name.human %> will be removed when you save your changes.</span>
|
11
|
+
<span class="has-many-undo-text">This <%= f.object.model_name.human.titleize %> will be removed when you save your changes.</span>
|
12
12
|
<span class="button -small"><%= fontawesome_icon :undo %> Undo</span>
|
13
13
|
<% end %>
|
14
14
|
|
@@ -52,7 +52,9 @@
|
|
52
52
|
<tbody>
|
53
53
|
<% @resources.each do |resource| %>
|
54
54
|
<tr>
|
55
|
-
<%= index_td resource
|
55
|
+
<%= index_td resource do |resource| %>
|
56
|
+
<%= resource.id %>
|
57
|
+
<% end %>
|
56
58
|
<%= index_td resource, Tolaria.display_name(resource) %>
|
57
59
|
<%= actions_td resource %>
|
58
60
|
</tr>
|
@@ -4,7 +4,7 @@
|
|
4
4
|
<%= content_for :title, "New #{@managed_class.model_name.human.titleize}" %>
|
5
5
|
<% end %>
|
6
6
|
|
7
|
-
<%= form_for [:admin, @resource], builder:Admin::FormBuilder, html:{class:"resource-form"} do |form_builder| %>
|
7
|
+
<%= form_for [:admin, @resource], url:contextual_form_url, builder:Admin::FormBuilder, html:{class:"resource-form"} do |form_builder| %>
|
8
8
|
|
9
9
|
<div class="main-controls">
|
10
10
|
<div class="main-controls-left">
|
data/lib/tolaria/version.rb
CHANGED
@@ -10,6 +10,17 @@ class InterfaceTest < ActionDispatch::IntegrationTest
|
|
10
10
|
BlogPost.destroy_all
|
11
11
|
end
|
12
12
|
|
13
|
+
test "security headers are set" do
|
14
|
+
sign_in_dummy_administrator!
|
15
|
+
visit("/admin/blog_posts")
|
16
|
+
assert_equal page.response_headers["X-UA-Compatible"], "IE=edge"
|
17
|
+
assert_equal page.response_headers["X-Frame-Options"], "DENY"
|
18
|
+
assert_equal page.response_headers["X-Permitted-Cross-Domain-Policies"], "none"
|
19
|
+
assert_equal page.response_headers["X-Content-Type-Options"], "nosniff"
|
20
|
+
assert_equal page.response_headers["X-XSS-Protection"], "1; mode=block"
|
21
|
+
assert_equal page.response_headers["X-Download-Options"], "noopen"
|
22
|
+
end
|
23
|
+
|
13
24
|
test "menu is rendering" do
|
14
25
|
sign_in_dummy_administrator!
|
15
26
|
visit("/admin/blog_posts")
|
@@ -31,6 +31,12 @@ class SessionTest < ActionDispatch::IntegrationTest
|
|
31
31
|
assert_equal 200, status_code
|
32
32
|
end
|
33
33
|
|
34
|
+
test "admin form fields should be empty" do
|
35
|
+
visit "/admin/signin"
|
36
|
+
assert_equal nil, find("#session-form-email").value()
|
37
|
+
assert_equal nil, find("#session-form-passcode", visible:false).value()
|
38
|
+
end
|
39
|
+
|
34
40
|
test "session form doesn't explode when junk submitted" do
|
35
41
|
post "/admin/signin", {
|
36
42
|
a: "Z6b4y26r16eSz6w7qLef722MC1IGK36K",
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tolaria
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Corey Csuhta
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-
|
12
|
+
date: 2015-10-14 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bcrypt
|
@@ -427,7 +427,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
427
427
|
version: '0'
|
428
428
|
requirements: []
|
429
429
|
rubyforge_project:
|
430
|
-
rubygems_version: 2.4.
|
430
|
+
rubygems_version: 2.4.8
|
431
431
|
signing_key:
|
432
432
|
specification_version: 4
|
433
433
|
summary: A Rails CMS framework for making people happy.
|