diff --git a/Gemfile b/Gemfile index 6db40fe..2819ef6 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem 'mysql2' gem 'activerecord-mysql-adapter' # --- backward compatibility (TO BE REMOVED!) -gem 'protected_attributes' +# gem 'protected_attributes' # ---------------------------------------------------- CAPISTRANO FOR DEPLOYMENT gem 'capistrano' @@ -31,6 +31,9 @@ gem "rolify", ">= 3.2.0" # --- app configuration: config/application.yml gem "figaro", ">= 0.5.0" + +gem 'rails3-jquery-autocomplete' #, '1.0.9' + # --------------------------------------------------------------------------- js gem 'jquery-rails' # --- for easily passing variables to javascript diff --git a/Gemfile.lock b/Gemfile.lock index 36b6f70..b835fb7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -158,6 +158,7 @@ GEM bundler (>= 1.3.0, < 2.0) railties (= 4.0.0) sprockets-rails (~> 2.0.0) + rails3-jquery-autocomplete (0.6.0) railties (4.0.0) actionpack (= 4.0.0) activesupport (= 4.0.0) @@ -238,6 +239,7 @@ DEPENDENCIES protected_attributes quiet_assets (>= 1.0.1) rails (= 4.0.0) + rails3-jquery-autocomplete rolify (>= 3.2.0) rvm-capistrano sass-rails diff --git a/app/controllers/adm/admins_controller.rb b/app/controllers/adm/admins_controller.rb index 9dae073..806e151 100644 --- a/app/controllers/adm/admins_controller.rb +++ b/app/controllers/adm/admins_controller.rb @@ -1,5 +1,5 @@ class Adm::AdminsController < AdmController - before_filter :administrator_only! + before_action :administrator_only! # GET /adm/admins # GET /adm/admins.json @@ -42,7 +42,7 @@ def edit # POST /adm/admins # POST /adm/admins.json def create - @admin = Admin.new(params[:admin]) + @admin = Admin.new(admin_params) respond_to do |format| if @admin.save @@ -61,7 +61,7 @@ def update @admin = Admin.find(params[:id]) respond_to do |format| - if @admin.update_attributes(params[:admin]) + if @admin.update_attributes(admin_params) format.html { redirect_to [:adm, @admin], notice: 'Admin was successfully updated.' } format.json { head :no_content } else @@ -82,4 +82,11 @@ def destroy format.json { head :no_content } end end + + private + + def admin_params + params.require(:admin).permit :name, :email, :role, :password, :password_confirmation, :remember_me, :lab_ids + end + end diff --git a/app/controllers/adm/books_controller.rb b/app/controllers/adm/books_controller.rb index 5f1d143..90d5342 100644 --- a/app/controllers/adm/books_controller.rb +++ b/app/controllers/adm/books_controller.rb @@ -36,7 +36,7 @@ def edit # POST /adm/books def create if params[:isbn_step] - @books=Book.new_given_isbn(params[:book][:isbn]) + @books=Book.new_given_isbn(book_params[:isbn]) if @books.count == 1 @book=@books.first if @book.new_record? @@ -52,7 +52,7 @@ def create end else if @books.first.new_record? - @book = Book.new(params[:book]) + @book = Book.new(book_params) render "new_as_merge" else @isbn = params[:book][:isbn] @@ -63,7 +63,7 @@ def create end end else - @book = Book.new(params[:book]) + @book = Book.new(book_params) respond_to do |format| if @book.save @@ -80,7 +80,7 @@ def update @book = Book.find(params[:id]) respond_to do |format| - if @book.update_attributes(params[:book]) + if @book.update_attributes(book_params) format.html { redirect_to @book, notice: 'Book was successfully updated.' } else format.html { render action: "edit" } @@ -97,4 +97,11 @@ def destroy format.html { redirect_to books_url } end end + + private + + def book_params + params.require(:book).permit :abstract, :author, :call1, :call2, :call3, :call4, :categories, :collation, :collection, :currency, :edition, :editor, :idx, :isbn, :language, :notes, :price, :pubyear, :title, :toc, :publisher, :publisher_name, :subtitle, :volume + end + end diff --git a/app/controllers/adm/deg_isbns_controller.rb b/app/controllers/adm/deg_isbns_controller.rb index a4f156a..ec0c8ff 100644 --- a/app/controllers/adm/deg_isbns_controller.rb +++ b/app/controllers/adm/deg_isbns_controller.rb @@ -20,7 +20,7 @@ def edit def update @degisbn=DegIsbn.find(params["id"]) isbn=@degisbn.isbn - @book=Book.new(params["book"].merge({:isbn=>isbn})) + @book=Book.new(book_params.merge({:isbn=>isbn})) if @book.save @degisbn.count = @degisbn.count + 1 @degisbn.books.find(params["merge_book_ids"]).each do |b| @@ -45,4 +45,11 @@ def update render :action => "edit" end end + + private + + def book_params + params.require(:book).permit :abstract, :author, :call1, :call2, :call3, :call4, :categories, :collation, :collection, :currency, :edition, :editor, :idx, :isbn, :language, :notes, :price, :pubyear, :title, :toc, :publisher, :publisher_name, :subtitle, :volume + end + end diff --git a/app/controllers/adm/items_controller.rb b/app/controllers/adm/items_controller.rb index 4c04450..bc3902e 100644 --- a/app/controllers/adm/items_controller.rb +++ b/app/controllers/adm/items_controller.rb @@ -1,5 +1,5 @@ class Adm::ItemsController < AdmController - before_filter :set_book, :only => [:new, :create] + before_action :set_book, :only => [:new, :create] load_and_authorize_resource :except => [:index] # GET /items diff --git a/app/controllers/adm/labs_controller.rb b/app/controllers/adm/labs_controller.rb index a8d5337..7a2ade5 100644 --- a/app/controllers/adm/labs_controller.rb +++ b/app/controllers/adm/labs_controller.rb @@ -1,5 +1,5 @@ class Adm::LabsController < AdmController - before_filter :administrator_only! + before_action :administrator_only! # GET /adm/labs # GET /adm/labs.json @@ -44,7 +44,7 @@ def edit # POST /adm/labs # POST /adm/labs.json def create - @lab = Lab.new(params[:adm_lab]) + @lab = Lab.new(lab_params) respond_to do |format| if @lab.save @@ -63,7 +63,7 @@ def update @lab = Lab.find(params[:id]) respond_to do |format| - if @lab.update_attributes(params[:adm_lab]) + if @lab.update_attributes(lab_params) format.html { redirect_to @lab, notice: 'Lab was successfully updated.' } format.json { head :no_content } else @@ -84,4 +84,11 @@ def destroy format.json { head :no_content } end end + + private + + def lab_params + params.require(:adm_lab).permit :name, :nick + end + end diff --git a/app/controllers/adm/locations_controller.rb b/app/controllers/adm/locations_controller.rb index 0372d67..21ed865 100644 --- a/app/controllers/adm/locations_controller.rb +++ b/app/controllers/adm/locations_controller.rb @@ -47,7 +47,7 @@ def edit # POST /adm/locations # POST /adm/locations.json def create - @location = Location.new(params[:location]) + @location = Location.new(location_params) respond_to do |format| if @location.save @@ -66,7 +66,7 @@ def update @location = Location.find(params[:id]) respond_to do |format| - if @location.update_attributes(params[:location]) + if @location.update_attributes(location_params) format.html { redirect_to adm_locations_url, notice: "Location #{@location.name} was successfully updated." } format.json { head :no_content } else @@ -87,4 +87,11 @@ def destroy format.json { head :no_content } end end + + private + + def location_params + params.require(:location).permit(:name) + end + end diff --git a/app/controllers/adm/publisher_mergers_controller.rb b/app/controllers/adm/publisher_mergers_controller.rb index f4c687a..a236b20 100644 --- a/app/controllers/adm/publisher_mergers_controller.rb +++ b/app/controllers/adm/publisher_mergers_controller.rb @@ -13,7 +13,7 @@ def new # POST /publisher_mergers def create @publishers=Publisher.find(params["mergenda_ids"]) - @publisher=Publisher.new(params["publisher"]) + @publisher=Publisher.new(publisher_params) if params["commit"] == "Merge" render action: "edit" else @@ -35,4 +35,10 @@ def create end end + private + + def publisher_params + params.require(:publisher).permit(:name) + end + end diff --git a/app/controllers/adm/publishers_controller.rb b/app/controllers/adm/publishers_controller.rb index 80511b1..b36dff3 100644 --- a/app/controllers/adm/publishers_controller.rb +++ b/app/controllers/adm/publishers_controller.rb @@ -1,5 +1,5 @@ class Adm::PublishersController < AdmController - before_filter :administrator_only! + before_action :administrator_only! # GET /adm/publishers # GET /adm/publishers.json @@ -42,7 +42,7 @@ def edit # POST /adm/publishers # POST /adm/publishers.json def create - @publisher = Publisher.new(params[:publisher]) + @publisher = Publisher.new(publisher_params) respond_to do |format| if @publisher.save @@ -61,7 +61,7 @@ def update @publisher = Publisher.find(params[:id]) respond_to do |format| - if @publisher.update_attributes(params[:publisher]) + if @publisher.update_attributes(publisher_params) format.html { redirect_to @publisher, notice: 'Publisher was successfully updated.' } format.json { head :no_content } else @@ -82,4 +82,11 @@ def destroy format.json { head :no_content } end end + + private + + def publisher_params + params.require(:publisher).permit(:name) + end + end diff --git a/app/controllers/adm/users_controller.rb b/app/controllers/adm/users_controller.rb index c34582e..12007a2 100644 --- a/app/controllers/adm/users_controller.rb +++ b/app/controllers/adm/users_controller.rb @@ -55,7 +55,7 @@ def edit # POST /admin/users # POST /admin/users.json def create - @user = User.new(params[:user]) + @user = User.new(user_params) respond_to do |format| if @user.save @@ -74,7 +74,7 @@ def update @user = User.find(params[:id]) respond_to do |format| - if @user.update_attributes(params[:user]) + if @user.update_attributes(user_params) format.html { redirect_to [:adm, @user], notice: 'User was successfully updated.' } format.json { head :no_content } else @@ -101,4 +101,10 @@ def destroy end end + private + + def user_params + params.require(:user).permit(:name, :email, :nebis, :legacy_id, :lab_id, :notes) + end + end diff --git a/app/controllers/adm_controller.rb b/app/controllers/adm_controller.rb index c69e470..58a89ff 100644 --- a/app/controllers/adm_controller.rb +++ b/app/controllers/adm_controller.rb @@ -1,5 +1,5 @@ class AdmController < ApplicationController - before_filter :authenticate_admin! + before_action :authenticate_admin! def administrator_only! # raise User::NotAuthorized unless current_user.admin? diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0f23b41..8918af4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,6 +1,6 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :set_gon_for_admin + before_action :set_gon_for_admin # check_authorization diff --git a/app/controllers/nebis_controller.rb b/app/controllers/nebis_controller.rb index d0301f0..8b34d3b 100644 --- a/app/controllers/nebis_controller.rb +++ b/app/controllers/nebis_controller.rb @@ -1,6 +1,6 @@ class NebisController < ApplicationController - before_filter :nebis_session, :only => :show + before_action :nebis_session, :only => :show def show @user = User.find_by_nebis(params[:id]) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 83738a0..484ac68 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController - before_filter :authenticate_admin!, :only => [:show] + before_action :authenticate_admin!, :only => [:show] # GET /users/1 # GET /users/1.json diff --git a/app/models/admin.rb b/app/models/admin.rb index 3de7013..05f1409 100644 --- a/app/models/admin.rb +++ b/app/models/admin.rb @@ -10,9 +10,9 @@ class Admin < ActiveRecord::Base # :recoverable, :rememberable, :trackable, :validatable devise :database_authenticatable, :recoverable - # Setup accessible (or protected) attributes for your model - attr_accessible :name, :email, :role, :password, :password_confirmation, :remember_me, :lab_ids - # attr_accessible :title, :body + # # Setup accessible (or protected) attributes for your model + # attr_accessible :name, :email, :role, :password, :password_confirmation, :remember_me, :lab_ids + # # attr_accessible :title, :body has_and_belongs_to_many :labs, :class_name => "Lab", :join_table => "operatorships" has_many :inventory_sessions, :class_name => "InventorySession", :foreign_key => "admin_id", :order => 'updated_at DESC' diff --git a/app/models/book.rb b/app/models/book.rb index cce0f75..9df33d2 100644 --- a/app/models/book.rb +++ b/app/models/book.rb @@ -3,8 +3,6 @@ class Book < ActiveRecord::Base extend Memoist - attr_accessible :abstract, :author, :call1, :call2, :call3, :call4, :categories, :collation, :collection, :currency, :edition, :editor, :idx, :isbn, :language, :notes, :price, :pubyear, :title, :toc, :publisher, :publisher_name, :subtitle, :volume - has_many :items, :as => :inventoriable # has_many :loans, :class_name => "Loan", :foreign_key => "book_id" # has_many :checkouts, :class_name => "Loan", :foreign_key => "book_id", :conditions=>{:return_date=>nil} diff --git a/app/models/deg_isbn.rb b/app/models/deg_isbn.rb index 7530498..629cb9e 100644 --- a/app/models/deg_isbn.rb +++ b/app/models/deg_isbn.rb @@ -1,5 +1,5 @@ class DegIsbn < ActiveRecord::Base - attr_accessible :isbn, :count, :mergeables + has_many :books, :class_name => "Book", :foreign_key => "isbn", :primary_key => "isbn" # def mergeables diff --git a/app/models/good.rb b/app/models/good.rb index 8b27259..284b244 100644 --- a/app/models/good.rb +++ b/app/models/good.rb @@ -1,5 +1,7 @@ class Good < ActiveRecord::Base - attr_accessible :inventory_session_id, :item_id, :previous_shelf_id, :current_shelf_id + + # attr_accessible :inventory_session_id, :item_id, :previous_shelf_id, :current_shelf_id + belongs_to :item, :class_name => "Item", :foreign_key => "item_id" belongs_to :inventory_session, :class_name => "InventorySession", :foreign_key => "inventory_session_id" belongs_to :current_shelf, :class_name => "Shelf", :foreign_key => "current_shelf_id" diff --git a/app/models/lab.rb b/app/models/lab.rb index 04bfd93..2c63ab2 100644 --- a/app/models/lab.rb +++ b/app/models/lab.rb @@ -1,5 +1,4 @@ class Lab < ActiveRecord::Base - attr_accessible :name, :nick has_many :users has_many :items has_many :book_items, :class_name => "Item", :conditions=>{:inventoriable_type=>"Book"}, :include => :inventoriable diff --git a/app/models/loan.rb b/app/models/loan.rb index a123ac7..131530f 100644 --- a/app/models/loan.rb +++ b/app/models/loan.rb @@ -1,5 +1,5 @@ class Loan < ActiveRecord::Base - attr_accessible :item, :user + # attr_accessible :item, :user belongs_to :user, :class_name => "User", :foreign_key => "user_id" belongs_to :item, :class_name => "Item", :foreign_key => "item_id", :include => :inventoriable diff --git a/app/models/location.rb b/app/models/location.rb index 5e7a09d..e0169eb 100644 --- a/app/models/location.rb +++ b/app/models/location.rb @@ -1,5 +1,4 @@ class Location < ActiveRecord::Base - attr_accessible :name validates_uniqueness_of :name, :on => :create, :message => "a room with this name already exists" def self.names_list diff --git a/app/models/publisher.rb b/app/models/publisher.rb index 32eebff..7050048 100644 --- a/app/models/publisher.rb +++ b/app/models/publisher.rb @@ -1,5 +1,4 @@ class Publisher < ActiveRecord::Base - attr_accessible :name has_many :books diff --git a/app/models/user.rb b/app/models/user.rb index c091204..260b92a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -14,7 +14,7 @@ class User < ActiveRecord::Base # Setup accessible (or protected) attributes for your model # attr_accessible :name, :email, :password, :password_confirmation, :remember_me, :location, :nebis, :legacy_id # attr_accessible :name, :email, :password, :password_confirmation, :location, :nebis, :legacy_id - attr_accessible :name, :email, :nebis, :legacy_id, :lab_id, :notes + # attr_accessible :name, :email, :nebis, :legacy_id, :lab_id, :notes # attr_accessible :title, :body validates_presence_of :name diff --git a/config/application.rb b/config/application.rb index 691d3ac..50f7a86 100644 --- a/config/application.rb +++ b/config/application.rb @@ -43,15 +43,6 @@ class Application < Rails::Application # like if you have constraints or database-specific column types # config.active_record.schema_format = :sql - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = true - - # Enable the asset pipeline - config.assets.enabled = true - # Version of your assets, change this if you want to expire all your assets config.assets.version = '1.0' diff --git a/config/environments/development.rb b/config/environments/development.rb index 44cf443..4aa4047 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -19,19 +19,8 @@ # Print deprecation notices to the Rails logger config.active_support.deprecation = :log - # Only use best-standards-support built into browsers - config.action_dispatch.best_standards_support = :builtin - - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - # config.active_record.auto_explain_threshold_in_seconds = 0.5 - - # Do not compress assets - config.assets.compress = false - # Expands the lines which load the assets config.assets.debug = true + + config.eager_load = false end diff --git a/config/environments/production.rb b/config/environments/production.rb index f659807..d68b468 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -12,7 +12,7 @@ config.serve_static_assets = false # Compress JavaScripts and CSS - config.assets.compress = true + config.assets.js_compressor = :uglifier # Don't fallback to assets pipeline if a precompiled asset is missed config.assets.compile = false @@ -64,4 +64,7 @@ # Log the query plan for queries taking more than this (works # with SQLite, MySQL, and PostgreSQL) # config.active_record.auto_explain_threshold_in_seconds = 0.5 + + config.eager_load = true + end diff --git a/config/environments/test.rb b/config/environments/test.rb index 14d4207..3bcc24d 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -11,9 +11,6 @@ config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" - # Log error messages when you accidentally call methods on nil - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -29,9 +26,9 @@ # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Print deprecation notices to the stderr config.active_support.deprecation = :stderr + + config.eager_load = false + end diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index e2345a1..291afa5 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -4,4 +4,9 @@ # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. + +# TODO: remove this as of complete transition to rails 4 Thot::Application.config.secret_token = '58d516353d106b5d3e3e37e7c4e66513ef1597d6ec0a23f71a616edf0088259c9643fb5ba7f880ddb38f015083bbcacdc221699195ccfe7f0f6a97154b4e692b' + + +Thot::Application.config.secret_key_base = '58d516353d106b5d3e3e37e7c4e66513ef1597d6ec0a23f71a616edf95636253c9643fb5ba7f880ddb38f015083bbcacdc1039476257ccfe7f0f6a97154b4e692b' diff --git a/vendor/plugins/.gitkeep b/vendor/plugins/.gitkeep deleted file mode 100644 index e69de29..0000000