From 47c5040891c75df03f45b763cf356e7233f42296 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Mon, 5 Dec 2022 10:04:43 -0500 Subject: [PATCH 01/11] gemfile update to rails 7 With new version of kithe with rails7 bugfix TEMPORARILY using unrelased questioning_authority (qa) gem with rails 7 support. --- Gemfile | 9 ++- Gemfile.lock | 154 +++++++++++++++++++++++++++------------------------ 2 files changed, 89 insertions(+), 74 deletions(-) diff --git a/Gemfile b/Gemfile index e875ce35e..c15def205 100644 --- a/Gemfile +++ b/Gemfile @@ -9,7 +9,7 @@ ruby "~> #{File.read(File.join(__dir__ , '.ruby-version')).chomp.split('.').slic gem 'lockbox' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.1.1' +gem 'rails', '~> 7.0.0' # Our JS/CSS/asset bundler gem "vite_rails", "~> 3.0" @@ -98,7 +98,7 @@ gem 'font-awesome-rails', '~> 4.7' gem "lograge", "< 2" gem "device_detector", "~> 1.0" # user-agent parsing we use for logging -gem 'kithe', "~> 2.6" +gem 'kithe', "~> 2.7" # attr_son is a dependency of kithe, but we want to make sure it gets require'd directly # to avoid weird auto-loading issues. gem "attr_json", "~> 1.0" @@ -107,7 +107,10 @@ gem "traject", ">= 3.5" # to include support for HTTP basic auth in Solr url gem 'simple_form', "~> 5.0" gem "browse-everything", "~> 1.2" -gem "qa", "~> 5.2" + +# TEMPORARY use unreleased rails7 branch for qa +gem "qa", "~> 5.2", github: "samvera/questioning_authority", branch: "rails_7" + gem "shrine", "~> 3.3" #, path: "../shrine" # shrine-compat endpoint to get uppy to direct upload to S3 with resumable multi-part upload gem "uppy-s3_multipart" diff --git a/Gemfile.lock b/Gemfile.lock index ce5f8dffd..504f90f5e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,42 +1,64 @@ +GIT + remote: https://github.com/samvera/questioning_authority.git + revision: 64e6365173d70cc629f8654e69f67251ec057185 + branch: rails_7 + specs: + qa (5.9.0) + activerecord-import + deprecation + faraday (< 3.0, != 2.0.0) + geocoder + ldpath + nokogiri (~> 1.6) + rails (>= 5.0, < 7.1) + rdf + GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) access-granted (1.3.3) - actioncable (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + actioncable (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actionmailbox (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) mail (>= 2.7.1) - actionmailer (6.1.7) - actionpack (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activesupport (= 6.1.7) + net-imap + net-pop + net-smtp + actionmailer (7.0.4) + actionpack (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activesupport (= 7.0.4) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7) - actionview (= 6.1.7) - activesupport (= 6.1.7) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.4) + actionview (= 7.0.4) + activesupport (= 7.0.4) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7) - actionpack (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + actiontext (7.0.4) + actionpack (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7) - activesupport (= 6.1.7) + actionview (7.0.4) + activesupport (= 7.0.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -44,32 +66,31 @@ GEM active_encode (1.0.0) addressable (~> 2.8) rails - activejob (6.1.7) - activesupport (= 6.1.7) + activejob (7.0.4) + activesupport (= 7.0.4) globalid (>= 0.3.6) - activemodel (6.1.7) - activesupport (= 6.1.7) - activerecord (6.1.7) - activemodel (= 6.1.7) - activesupport (= 6.1.7) + activemodel (7.0.4) + activesupport (= 7.0.4) + activerecord (7.0.4) + activemodel (= 7.0.4) + activesupport (= 7.0.4) activerecord-import (1.4.1) activerecord (>= 4.2) activerecord-postgres_enum (2.0.1) activerecord (>= 5.2) pg - activestorage (6.1.7) - actionpack (= 6.1.7) - activejob (= 6.1.7) - activerecord (= 6.1.7) - activesupport (= 6.1.7) + activestorage (7.0.4) + actionpack (= 7.0.4) + activejob (= 7.0.4) + activerecord (= 7.0.4) + activesupport (= 7.0.4) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7) + activesupport (7.0.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) @@ -309,7 +330,7 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) - kithe (2.6.1) + kithe (2.7.0) attr_json (< 2.0.0) fastimage (~> 2.0) fx (>= 0.6.0, < 1) @@ -347,7 +368,7 @@ GEM loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.8.0.rc1) + mail (2.8.0.rc3) mini_mime (>= 0.1.1) net-imap net-pop @@ -435,15 +456,6 @@ GEM public_suffix (5.0.0) puma (5.6.5) nio4r (~> 2.0) - qa (5.9.0) - activerecord-import - deprecation - faraday (< 3.0, != 2.0.0) - geocoder - ldpath - nokogiri (~> 1.6) - rails (>= 5.0, < 6.2) - rdf racc (1.6.0) rack (2.2.4) rack-attack (6.6.1) @@ -454,21 +466,20 @@ GEM rack rack-test (2.0.2) rack (>= 1.3) - rails (6.1.7) - actioncable (= 6.1.7) - actionmailbox (= 6.1.7) - actionmailer (= 6.1.7) - actionpack (= 6.1.7) - actiontext (= 6.1.7) - actionview (= 6.1.7) - activejob (= 6.1.7) - activemodel (= 6.1.7) - activerecord (= 6.1.7) - activestorage (= 6.1.7) - activesupport (= 6.1.7) + rails (7.0.4) + actioncable (= 7.0.4) + actionmailbox (= 7.0.4) + actionmailer (= 7.0.4) + actionpack (= 7.0.4) + actiontext (= 7.0.4) + actionview (= 7.0.4) + activejob (= 7.0.4) + activemodel (= 7.0.4) + activerecord (= 7.0.4) + activestorage (= 7.0.4) + activesupport (= 7.0.4) bundler (>= 1.15.0) - railties (= 6.1.7) - sprockets-rails (>= 2.0.0) + railties (= 7.0.4) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -478,12 +489,13 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.4.3) loofah (~> 2.3) - railties (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + railties (7.0.4) + actionpack (= 7.0.4) + activesupport (= 7.0.4) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rake (13.0.6) ransack (3.2.1) activerecord (>= 6.1.5) @@ -494,7 +506,7 @@ GEM ffi (~> 1.0) rdf (3.2.9) link_header (~> 0.0, >= 0.0.8) - rdf-vocab (3.2.2) + rdf-vocab (3.2.3) rdf (~> 3.2, >= 3.2.4) redis (5.0.5) redis-client (>= 0.9.0) @@ -734,7 +746,7 @@ DEPENDENCIES irb (>= 1.3.1) jbuilder (~> 2.5) kaminari (~> 1.2) - kithe (~> 2.6) + kithe (~> 2.7) listen (~> 3.3) lockbox lograge (< 2) @@ -748,9 +760,9 @@ DEPENDENCIES prawn-svg (< 2) pry-byebug puma (~> 5.6) - qa (~> 5.2) + qa (~> 5.2)! rack-attack (~> 6.6) - rails (~> 6.1.1) + rails (~> 7.0.0) rails-controller-testing ransack (~> 3.0) reline (>= 0.2.1) From f1b29a2b187168afd72146da71fb5de105542d22 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Mon, 5 Dec 2022 10:20:57 -0500 Subject: [PATCH 02/11] DescriptionDisplayFormatter#format_plain make not html_safe? consistent with pre-Rails7 --- app/presenters/description_display_formatter.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/presenters/description_display_formatter.rb b/app/presenters/description_display_formatter.rb index de0ec36ed..b692b2e44 100644 --- a/app/presenters/description_display_formatter.rb +++ b/app/presenters/description_display_formatter.rb @@ -51,6 +51,11 @@ def format_plain str = strip_tags(description) + # For our existing specs, don't want this to be html_safe?, which it becomes + # in Rails 7-- to_str will make it non-html-safe again, for consistency, although + # may not matter. + str = str.to_str + if @truncate str = "#{truncate(str, escape: false, length: @truncate, separator: /\s/)}" end From b3cedf4f4103596af3840c14e6c228d2dd433129 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Mon, 5 Dec 2022 14:56:38 -0500 Subject: [PATCH 03/11] move to qa release that supports rails 7 --- Gemfile | 5 +---- Gemfile.lock | 38 ++++++++++++++++---------------------- 2 files changed, 17 insertions(+), 26 deletions(-) diff --git a/Gemfile b/Gemfile index c15def205..6eb0328b1 100644 --- a/Gemfile +++ b/Gemfile @@ -107,10 +107,7 @@ gem "traject", ">= 3.5" # to include support for HTTP basic auth in Solr url gem 'simple_form', "~> 5.0" gem "browse-everything", "~> 1.2" - -# TEMPORARY use unreleased rails7 branch for qa -gem "qa", "~> 5.2", github: "samvera/questioning_authority", branch: "rails_7" - +gem "qa", "~> 5.2", ">= 5.2.10" gem "shrine", "~> 3.3" #, path: "../shrine" # shrine-compat endpoint to get uppy to direct upload to S3 with resumable multi-part upload gem "uppy-s3_multipart" diff --git a/Gemfile.lock b/Gemfile.lock index 504f90f5e..16f89614a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,18 +1,3 @@ -GIT - remote: https://github.com/samvera/questioning_authority.git - revision: 64e6365173d70cc629f8654e69f67251ec057185 - branch: rails_7 - specs: - qa (5.9.0) - activerecord-import - deprecation - faraday (< 3.0, != 2.0.0) - geocoder - ldpath - nokogiri (~> 1.6) - rails (>= 5.0, < 7.1) - rdf - GEM remote: https://rubygems.org/ specs: @@ -250,12 +235,12 @@ GEM factory_bot_rails (6.2.0) factory_bot (~> 6.2.0) railties (>= 5.0.0) - faraday (2.6.0) + faraday (2.7.1) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-follow_redirects (0.3.0) faraday (>= 1, < 3) - faraday-net_http (3.0.1) + faraday-net_http (3.0.2) faraday-retry (2.0.0) faraday (~> 2.0) faster_s3_url (1.0.0) @@ -368,7 +353,7 @@ GEM loofah (2.19.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - mail (2.8.0.rc3) + mail (2.8.0) mini_mime (>= 0.1.1) net-imap net-pop @@ -399,7 +384,7 @@ GEM net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.1.3) + net-protocol (0.2.0) timeout net-smtp (0.3.3) net-protocol @@ -456,7 +441,16 @@ GEM public_suffix (5.0.0) puma (5.6.5) nio4r (~> 2.0) - racc (1.6.0) + qa (5.10.0) + activerecord-import + deprecation + faraday (< 3.0, != 2.0.0) + geocoder + ldpath + nokogiri (~> 1.6) + rails (>= 5.0, < 7.1) + rdf + racc (1.6.1) rack (2.2.4) rack-attack (6.6.1) rack (>= 1.0, < 3) @@ -632,7 +626,7 @@ GEM thor (1.2.1) thread_safe (0.3.6) tilt (2.0.11) - timeout (0.3.0) + timeout (0.3.1) trailblazer-option (0.1.2) traject (3.7.0) concurrent-ruby (>= 0.8.0) @@ -760,7 +754,7 @@ DEPENDENCIES prawn-svg (< 2) pry-byebug puma (~> 5.6) - qa (~> 5.2)! + qa (~> 5.2, >= 5.2.10) rack-attack (~> 6.6) rails (~> 7.0.0) rails-controller-testing From 09efd7fded702138f173c2c62cf4894d4b4f0996 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 09:18:10 -0500 Subject: [PATCH 04/11] DescriptionDisplayFormatter#format_plain should not produce html entities in output --- app/presenters/description_display_formatter.rb | 8 ++------ spec/presenters/description_display_formatter_spec.rb | 9 +++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/app/presenters/description_display_formatter.rb b/app/presenters/description_display_formatter.rb index b692b2e44..2cb3e7449 100644 --- a/app/presenters/description_display_formatter.rb +++ b/app/presenters/description_display_formatter.rb @@ -49,12 +49,8 @@ def format def format_plain return "" if description.blank? - str = strip_tags(description) - - # For our existing specs, don't want this to be html_safe?, which it becomes - # in Rails 7-- to_str will make it non-html-safe again, for consistency, although - # may not matter. - str = str.to_str + # remove all tags, but no need or desire to escape punctuation etc into HTML entities + str = Loofah.fragment(description).text(:encode_special_chars => false) if @truncate str = "#{truncate(str, escape: false, length: @truncate, separator: /\s/)}" diff --git a/spec/presenters/description_display_formatter_spec.rb b/spec/presenters/description_display_formatter_spec.rb index a2313684b..45fe2192f 100644 --- a/spec/presenters/description_display_formatter_spec.rb +++ b/spec/presenters/description_display_formatter_spec.rb @@ -70,5 +70,14 @@ expect(formatted.length).to be < 400 end end + + describe "with html-unsafe chars" do + let(:html_description) { "2 < 3" } + + it "leaves chars alone" do + expect(formatted).to eq "2 < 3" + end + end + end end From 6c5672ce53f1dc1c4c4d38496460b55d1dfb5a78 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 10:36:19 -0500 Subject: [PATCH 05/11] trigger yarn install before assets:precompile --- Rakefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Rakefile b/Rakefile index 102e66219..9d131d6a8 100644 --- a/Rakefile +++ b/Rakefile @@ -4,3 +4,11 @@ require_relative 'config/application' Rails.application.load_tasks + + +# Rails7 stopped automatically doing a `yarn install`, although the yarn:install rake +# task is still available. vite-rails should wire this up but doesn't yet, so we do. +# See (TBD) +if Rake::Task.task_defined?("assets:precompile") && File.exist?(Rails.root.join("bin", "yarn")) + Rake::Task["assets:precompile"].enhance [ "yarn:install" ] +end From 6ae364c4b48a33740fb294e4257e8d0e41ceea02 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 10:57:31 -0500 Subject: [PATCH 06/11] update to kithe 2.7.1 with STI autoload bugfix --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 6eb0328b1..ce0bae38a 100644 --- a/Gemfile +++ b/Gemfile @@ -98,7 +98,7 @@ gem 'font-awesome-rails', '~> 4.7' gem "lograge", "< 2" gem "device_detector", "~> 1.0" # user-agent parsing we use for logging -gem 'kithe', "~> 2.7" +gem 'kithe', "~> 2.7", ">= 2.7.1" # attr_son is a dependency of kithe, but we want to make sure it gets require'd directly # to avoid weird auto-loading issues. gem "attr_json", "~> 1.0" diff --git a/Gemfile.lock b/Gemfile.lock index 16f89614a..768324ec0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -315,7 +315,7 @@ GEM activerecord kaminari-core (= 1.2.2) kaminari-core (1.2.2) - kithe (2.7.0) + kithe (2.7.1) attr_json (< 2.0.0) fastimage (~> 2.0) fx (>= 0.6.0, < 1) @@ -740,7 +740,7 @@ DEPENDENCIES irb (>= 1.3.1) jbuilder (~> 2.5) kaminari (~> 1.2) - kithe (~> 2.7) + kithe (~> 2.7, >= 2.7.1) listen (~> 3.3) lockbox lograge (< 2) From 0069185a95ca99b131ffb46fb5200bd864cd102f Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 11:51:37 -0500 Subject: [PATCH 07/11] comment linking to vite-rails report --- Rakefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 9d131d6a8..e402a548a 100644 --- a/Rakefile +++ b/Rakefile @@ -8,7 +8,11 @@ Rails.application.load_tasks # Rails7 stopped automatically doing a `yarn install`, although the yarn:install rake # task is still available. vite-rails should wire this up but doesn't yet, so we do. -# See (TBD) +# +# See https://github.com/ElMassimo/vite_ruby/discussions/316 +# +# May be fixed in a future vite-rails, in which case we may want to remove +# this if Rake::Task.task_defined?("assets:precompile") && File.exist?(Rails.root.join("bin", "yarn")) Rake::Task["assets:precompile"].enhance [ "yarn:install" ] end From 89e1818103017f89ac0fd84d93262b8d2bd2f76d Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 16:37:58 -0500 Subject: [PATCH 08/11] better docs of our vite yarn install workaround --- README.md | 2 ++ Rakefile | 14 ++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2ffb347ed..e5eccfc61 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,8 @@ We preferentially use Vite.js (an ES6-style JS bundler, https://vite-ruby.netlif * image files and other static assets are for the moment still handled by sprockets, located in ./app/assets/images and fonts/, and referenced via rails sprockets helper methods. We could potentially switch some of these over to vite too. +* vite-ruby tries to install yarn deps using `npx`, but heroku ruby buildpack doesn't offer `npx` we have a workaround to run `yarn install` with `assets:precompile` in local `./Rakefile`. + #### Individual asset dependency special handling notes * blacklight JS and CSS now comes from the [blacklight-frontend npm package](https://www.npmjs.com/package/blacklight-frontend). If you update the blacklight rubygem, you will have to manually make sure to remember to check if a new `blacklight_frontend` npm package is available and update with yarn too! Letting these get out of sync could be disastrous, and is a somewhat confusing manual process. diff --git a/Rakefile b/Rakefile index e402a548a..4bc9cbd6d 100644 --- a/Rakefile +++ b/Rakefile @@ -6,13 +6,15 @@ require_relative 'config/application' Rails.application.load_tasks -# Rails7 stopped automatically doing a `yarn install`, although the yarn:install rake -# task is still available. vite-rails should wire this up but doesn't yet, so we do. +# Vite tries to install yarn/npm dependencies with `npx ci`, but heroku +# ruby buildpack doesn't have `npx` available, so it will fail. # -# See https://github.com/ElMassimo/vite_ruby/discussions/316 +# So we wire up assets:precompile to run `yarn install`, like it did pre-Rails 7, +# as `yarn` is available on heroku ruby buidpack. At worst, this might mean +# yarn install gets run twice, which should be pretty cheap. # -# May be fixed in a future vite-rails, in which case we may want to remove -# this -if Rake::Task.task_defined?("assets:precompile") && File.exist?(Rails.root.join("bin", "yarn")) +# See: https://github.com/ElMassimo/vite_ruby/discussions/316 +# +if Rake::Task.task_defined?("assets:precompile") && File.exist?(Rails.root.join("yarn.lock")) Rake::Task["assets:precompile"].enhance [ "yarn:install" ] end From 1e1962d636c94164f3f558e17f462f7a16c0d481 Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Tue, 6 Dec 2022 17:07:42 -0500 Subject: [PATCH 09/11] try locking to older net-protocol, see if it resolves our problems with ingest that we detected only manually --- Gemfile | 9 +++++++++ Gemfile.lock | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index ce0bae38a..0011f710a 100644 --- a/Gemfile +++ b/Gemfile @@ -18,6 +18,15 @@ gem "vite_rails", "~> 3.0" # this line is no longer needed once 2.8.0 final is released: gem "mail", ">= 2.8.0.rc1", "< 3" +# net-protocol 0.2.0 causes some problems with shrine. Until it's fixed +# we need to lock to older net-protocol. +# +# See: +# * https://github.com/shrinerb/shrine/issues/609#issuecomment-1340133144 +# * https://github.com/shrinerb/shrine/issues/610 +# +gem "net-protocol", "< 0.2.0" + gem "view_component", "~> 2.49" gem "alba", "~> 1.6" # for JSON serialization of models diff --git a/Gemfile.lock b/Gemfile.lock index 768324ec0..873886ef4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -384,7 +384,7 @@ GEM net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.0) + net-protocol (0.1.3) timeout net-smtp (0.3.3) net-protocol @@ -746,6 +746,7 @@ DEPENDENCIES lograge (< 2) mail (>= 2.8.0.rc1, < 3) matrix (~> 0.4) + net-protocol (< 0.2.0) oai (~> 1.0, >= 1.0.1) pdf-reader (~> 2.2) pg (>= 0.18, < 2.0) From a9bfd4bf9dd3b07e60462875c5df49d36190e2ff Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Thu, 8 Dec 2022 09:39:01 -0500 Subject: [PATCH 10/11] update to net-protocol 0.2.1, skipping buggy 0.2.0 --- Gemfile | 5 ++--- Gemfile.lock | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index 0011f710a..32fd73707 100644 --- a/Gemfile +++ b/Gemfile @@ -18,14 +18,13 @@ gem "vite_rails", "~> 3.0" # this line is no longer needed once 2.8.0 final is released: gem "mail", ">= 2.8.0.rc1", "< 3" -# net-protocol 0.2.0 causes some problems with shrine. Until it's fixed -# we need to lock to older net-protocol. +# avoid buggy net-protocol 0.2.0 which causes some problems with shrine. # # See: # * https://github.com/shrinerb/shrine/issues/609#issuecomment-1340133144 # * https://github.com/shrinerb/shrine/issues/610 # -gem "net-protocol", "< 0.2.0" +gem "net-protocol", "!= 0.2.0" gem "view_component", "~> 2.49" gem "alba", "~> 1.6" # for JSON serialization of models diff --git a/Gemfile.lock b/Gemfile.lock index 873886ef4..7c1d8df51 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -384,7 +384,7 @@ GEM net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.1.3) + net-protocol (0.2.1) timeout net-smtp (0.3.3) net-protocol @@ -746,7 +746,7 @@ DEPENDENCIES lograge (< 2) mail (>= 2.8.0.rc1, < 3) matrix (~> 0.4) - net-protocol (< 0.2.0) + net-protocol (!= 0.2.0) oai (~> 1.0, >= 1.0.1) pdf-reader (~> 2.2) pg (>= 0.18, < 2.0) From f2ba8c5f42ba3dcb0ef6252287d7a7987d0afa84 Mon Sep 17 00:00:00 2001 From: Eddie Rubeiz Date: Thu, 8 Dec 2022 11:01:16 -0500 Subject: [PATCH 11/11] Use Kithe::Model in access policy instead of the subclasses --- .../admin/collections_controller.rb | 2 +- app/controllers/admin/works_controller.rb | 2 +- app/policies/access_policy.rb | 20 ++++--------------- 3 files changed, 6 insertions(+), 18 deletions(-) diff --git a/app/controllers/admin/collections_controller.rb b/app/controllers/admin/collections_controller.rb index a8fa9518f..004e59029 100644 --- a/app/controllers/admin/collections_controller.rb +++ b/app/controllers/admin/collections_controller.rb @@ -113,7 +113,7 @@ def set_collection # enough for now. def collection_params permitted_attributes = [:title, :description, :department] - permitted_attributes << :published if can?(:publish, @collection || Collection) + permitted_attributes << :published if can?(:publish, @collection || Kithe::Model) Kithe::Parameters.new(params). require(:collection). diff --git a/app/controllers/admin/works_controller.rb b/app/controllers/admin/works_controller.rb index fb95cfb57..d8e149576 100644 --- a/app/controllers/admin/works_controller.rb +++ b/app/controllers/admin/works_controller.rb @@ -383,7 +383,7 @@ def batch_update end def batch_publish_toggle - authorize! :publish, Work + authorize! :publish, Kithe::Model unless params[:publish].in?(["on", "off"]) raise ArgumentError.new("Need `publish` param to be `on` or off`") diff --git a/app/policies/access_policy.rb b/app/policies/access_policy.rb index 3889e0dbc..580d687c1 100644 --- a/app/policies/access_policy.rb +++ b/app/policies/access_policy.rb @@ -8,31 +8,19 @@ class AccessPolicy include AccessGranted::Policy def configure - # The most important admin role, gets checked first - - role :admin, proc { |user| !user.nil? && user.admin_user? } do - can :destroy, Work - can :publish, Work - - can :destroy, Collection - can :publish, Collection - - can :destroy, Asset - can :publish, Asset + role :admin, proc { |user| user&.admin_user? } do + can [:destroy, :publish], Kithe::Model + can :access_staff_functions can :admin, User end - # Any logged-in staff considered staff at present role :staff, proc { |user| !user.nil? } do - can :read, Kithe::Model # whether publisehd or not - can :update, Kithe::Model - + can [:read, :update], Kithe::Model # whether published or not can :access_staff_functions can :destroy, Admin::QueueItemComment do |comment, user| comment.user_id == user.id end - end role :public do