From a013439442f1510405c4834810f09799b9103523 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Wed, 12 Feb 2025 15:10:41 +0200 Subject: [PATCH 1/8] enhancement: log errors rescued `perform_action_and_record_errors` --- app/controllers/avo/base_controller.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/controllers/avo/base_controller.rb b/app/controllers/avo/base_controller.rb index a7ec077b2f..916ac0b2d8 100644 --- a/app/controllers/avo/base_controller.rb +++ b/app/controllers/avo/base_controller.rb @@ -241,12 +241,16 @@ def perform_action_and_record_errors(&block) begin succeeded = block.call rescue ActiveRecord::RecordInvalid => error + log_error error + # Do nothing as the record errors are already being displayed # On associations controller add errors from join record to record if controller_name == "associations" @record.errors.add(:base, error.message) end rescue => exception + log_error exception + # In case there's an error somewhere else than the record # Example: When you save a license that should create a user for it and creating that user throws and error. # Example: When you Try to delete a record and has a foreign key constraint. @@ -258,6 +262,13 @@ def perform_action_and_record_errors(&block) @record.errors.any? ? false : succeeded end + def log_error(error) + return if Rails.env.production? + + Rails.logger.error error + Rails.logger.error error.backtrace.join("\n") + end + def model_params request_params = params.require(model_param_key).permit(permitted_params) From bb0aa4ff41483245e79420d2dcd8e4f70376e673 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Wed, 12 Feb 2025 18:26:00 +0200 Subject: [PATCH 2/8] enhancement: preview policy --- app/controllers/avo/base_controller.rb | 8 +++- app/views/avo/base/preview.html.erb | 51 ++++++++++++++++---------- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/app/controllers/avo/base_controller.rb b/app/controllers/avo/base_controller.rb index 916ac0b2d8..94224ee380 100644 --- a/app/controllers/avo/base_controller.rb +++ b/app/controllers/avo/base_controller.rb @@ -208,9 +208,13 @@ def destroy end def preview - @resource.hydrate(record: @record, view: Avo::ViewInquirer.new(:show), user: _current_user, params: params) + @authorized = @authorization.set_record(@record || @resource.model_class).authorize_action :preview, raise_exception: false - @preview_fields = @resource.get_preview_fields + if @authorized + @resource.hydrate(record: @record, view: Avo::ViewInquirer.new(:show), user: _current_user, params: params) + + @preview_fields = @resource.get_preview_fields + end render layout: params[:turbo_frame].blank? end diff --git a/app/views/avo/base/preview.html.erb b/app/views/avo/base/preview.html.erb index bbf2a27743..e0d5ce928a 100644 --- a/app/views/avo/base/preview.html.erb +++ b/app/views/avo/base/preview.html.erb @@ -1,24 +1,37 @@ <%= turbo_frame_tag params[:turbo_frame] do %> - <%= content_tag :div, class: "-mx-2" do %> - <%= content_tag :div, class: "px-6 py-4" do %> -
Previewing <%= @resource.record_title %>
- <% end %> + <% if @authorized %> + <%= content_tag :div, class: "-mx-2" do %> + <%= content_tag :div, class: "px-6 py-4" do %> +
Previewing <%= @resource.record_title %>
+ <% end %> - <% if @preview_fields.present? %> -
- <% @preview_fields.each_with_index do |field, index| %> - <%= render field - .hydrate( - resource: @resource, - record: @resource.record, - user: @resource.user, - view: Avo::ViewInquirer.new(:show) - ) - .component_for_view(:show) - .new(field: field, resource: @resource, index: index, compact: true, short: true) - %> - <% end %> -
+ <% if @preview_fields.present? %> +
+ <% @preview_fields.each_with_index do |field, index| %> + <%= render field + .hydrate( + resource: @resource, + record: @resource.record, + user: @resource.user, + view: Avo::ViewInquirer.new(:show) + ) + .component_for_view(:show) + .new(field: field, resource: @resource, index: index, compact: true, short: true) + %> + <% end %> +
+ <% end %> <% end %> + <% else %> +
+
+
+ <%= svg "heroicons/solid/exclamation-circle", class: "h-6" %> +
+
+

<%= t "avo.not_authorized" %>

+
+
+
<% end %> <% end %> From 224b18375818eb462ee422b45d4e178cefdf9c0e Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Thu, 13 Feb 2025 13:00:50 +0200 Subject: [PATCH 3/8] fix preview exposing record.to_param when `show` is not authorized --- .../preview_field/index_component.html.erb | 9 +------- .../fields/preview_field/index_component.rb | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/app/components/avo/fields/preview_field/index_component.html.erb b/app/components/avo/fields/preview_field/index_component.html.erb index c5cece6693..4ce5f7530c 100644 --- a/app/components/avo/fields/preview_field/index_component.html.erb +++ b/app/components/avo/fields/preview_field/index_component.html.erb @@ -1,10 +1,3 @@ <%= index_field_wrapper(**field_wrapper_args, dash_if_blank: false, class: 'whitespace-no-wrap w-[1%]', flush: true, center_content: true) do %> - <%= link_to resource_view_path, - title: t('avo.view_item', item: @resource.name).humanize, - data: { - controller: "preview", - preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), - } do %> - <%= helpers.svg("heroicons/outline/magnifying-glass-circle", class: "block h-6 text-gray-600") %> - <% end %> + <%= render_preview %> <% end %> diff --git a/app/components/avo/fields/preview_field/index_component.rb b/app/components/avo/fields/preview_field/index_component.rb index 5381571e01..1daa0c6d96 100644 --- a/app/components/avo/fields/preview_field/index_component.rb +++ b/app/components/avo/fields/preview_field/index_component.rb @@ -1,4 +1,27 @@ # frozen_string_literal: true class Avo::Fields::PreviewField::IndexComponent < Avo::Fields::IndexComponent + include Avo::Concerns::ChecksShowAuthorization + + def render_preview + # Do not render the link if the user is not authorized to view the resource, + # as the link exposes the result of `record.to_param`. + return preview_icon if !can_view? + + link_to resource_view_path, title: t('avo.view_item', item: @resource.name).humanize do + preview_icon + end + end + + + def preview_icon + helpers.svg( + "heroicons/outline/magnifying-glass-circle", + class: "block h-6 text-gray-600", + data: { + controller: "preview", + preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), + } + ) + end end From ef16e942a1dbb7bcbe5bc5eb57eabc90ebe78192 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Thu, 13 Feb 2025 13:28:39 +0200 Subject: [PATCH 4/8] lint --- app/components/avo/fields/preview_field/index_component.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/components/avo/fields/preview_field/index_component.rb b/app/components/avo/fields/preview_field/index_component.rb index 1daa0c6d96..aebca53555 100644 --- a/app/components/avo/fields/preview_field/index_component.rb +++ b/app/components/avo/fields/preview_field/index_component.rb @@ -13,14 +13,13 @@ def render_preview end end - def preview_icon helpers.svg( "heroicons/outline/magnifying-glass-circle", class: "block h-6 text-gray-600", data: { controller: "preview", - preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), + preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), } ) end From 1c4b138437202b0253aa640cb291102ec06ad3b9 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Thu, 13 Feb 2025 13:28:59 +0200 Subject: [PATCH 5/8] lint --- app/components/avo/fields/preview_field/index_component.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/components/avo/fields/preview_field/index_component.rb b/app/components/avo/fields/preview_field/index_component.rb index aebca53555..ab721c8c37 100644 --- a/app/components/avo/fields/preview_field/index_component.rb +++ b/app/components/avo/fields/preview_field/index_component.rb @@ -8,7 +8,7 @@ def render_preview # as the link exposes the result of `record.to_param`. return preview_icon if !can_view? - link_to resource_view_path, title: t('avo.view_item', item: @resource.name).humanize do + link_to resource_view_path, title: t("avo.view_item", item: @resource.name).humanize do preview_icon end end From a891447629875d3f4352bac420392953d50dd097 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Thu, 13 Feb 2025 14:19:22 +0200 Subject: [PATCH 6/8] fix resource reader --- app/components/avo/fields/preview_field/index_component.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/components/avo/fields/preview_field/index_component.rb b/app/components/avo/fields/preview_field/index_component.rb index ab721c8c37..442357a988 100644 --- a/app/components/avo/fields/preview_field/index_component.rb +++ b/app/components/avo/fields/preview_field/index_component.rb @@ -3,6 +3,9 @@ class Avo::Fields::PreviewField::IndexComponent < Avo::Fields::IndexComponent include Avo::Concerns::ChecksShowAuthorization + # Used by Avo::Concerns::ChecksShowAuthorization + attr_reader :resource + def render_preview # Do not render the link if the user is not authorized to view the resource, # as the link exposes the result of `record.to_param`. From 8609c42f69e4d24c5082aef36a0243984dab9e30 Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Thu, 13 Feb 2025 17:36:22 +0200 Subject: [PATCH 7/8] revert show policy check --- .../fields/preview_field/index_component.rb | 29 +++++-------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/app/components/avo/fields/preview_field/index_component.rb b/app/components/avo/fields/preview_field/index_component.rb index 442357a988..09993bdd67 100644 --- a/app/components/avo/fields/preview_field/index_component.rb +++ b/app/components/avo/fields/preview_field/index_component.rb @@ -1,29 +1,16 @@ # frozen_string_literal: true class Avo::Fields::PreviewField::IndexComponent < Avo::Fields::IndexComponent - include Avo::Concerns::ChecksShowAuthorization - - # Used by Avo::Concerns::ChecksShowAuthorization - attr_reader :resource - def render_preview - # Do not render the link if the user is not authorized to view the resource, - # as the link exposes the result of `record.to_param`. - return preview_icon if !can_view? - link_to resource_view_path, title: t("avo.view_item", item: @resource.name).humanize do - preview_icon + helpers.svg( + "heroicons/outline/magnifying-glass-circle", + class: "block h-6 text-gray-600", + data: { + controller: "preview", + preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), + } + ) end end - - def preview_icon - helpers.svg( - "heroicons/outline/magnifying-glass-circle", - class: "block h-6 text-gray-600", - data: { - controller: "preview", - preview_url_value: helpers.preview_resource_path(resource: @resource, turbo_frame: :preview_modal), - } - ) - end end From 1f1ef97c4d0025fb2506c30f1af0c0cd8fc86cfa Mon Sep 17 00:00:00 2001 From: Paul Bob Date: Fri, 14 Feb 2025 10:43:07 +0200 Subject: [PATCH 8/8] fix: radio field accessibility on actions --- app/components/avo/fields/radio_field/edit_component.html.erb | 4 ++-- spec/dummy/app/avo/actions/sub/dummy_action.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/components/avo/fields/radio_field/edit_component.html.erb b/app/components/avo/fields/radio_field/edit_component.html.erb index cd84ac7316..b2973ff799 100644 --- a/app/components/avo/fields/radio_field/edit_component.html.erb +++ b/app/components/avo/fields/radio_field/edit_component.html.erb @@ -2,8 +2,8 @@
<% @field.options.each do |key, value| %>
- <%= form.radio_button @field.id, key %> - <%= form.label @field.id, value, value: value %> + <%= form.radio_button @field.id, key, checked: (@field.value.to_s == key.to_s) %> + <%= form.label @field.id, value, value: key %>
<% end %>
diff --git a/spec/dummy/app/avo/actions/sub/dummy_action.rb b/spec/dummy/app/avo/actions/sub/dummy_action.rb index 6f62505faa..f103b7d7cf 100644 --- a/spec/dummy/app/avo/actions/sub/dummy_action.rb +++ b/spec/dummy/app/avo/actions/sub/dummy_action.rb @@ -13,7 +13,7 @@ class Avo::Actions::Sub::DummyAction < Avo::BaseAction end def fields - field :size, as: :radio, options: {small: "Small Option", medium: "Medium Option", large: "Large Option"} + field :size, as: :radio, options: {small: "Small Option", medium: "Medium Option", large: "Large Option"}, default: :medium TestBuddy.hi("Dummy action fields") field :keep_modal_open, as: :boolean field :persistent_text, as: :text