diff --git a/.github/workflows/rspec.yml b/.github/workflows/rspec.yml new file mode 100644 index 00000000..c624032a --- /dev/null +++ b/.github/workflows/rspec.yml @@ -0,0 +1,34 @@ +name: RSpec + +on: push + +jobs: + tests: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + # Maintained versions: 3.0, 3.1, 3.2 + # Security updates only: 2.7 (EOL: 2023-03-31) + # Source: https://www.ruby-lang.org/en/downloads/branches/ + ruby: + - "2.7" + - "3.0" + - "3.1" + - "3.2" + gemfile: + - rails-6.1.x + - rails-7.0.x + env: + BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile + RAILS_ENV: test + name: "Ruby ${{ matrix.ruby }}, ${{ matrix.gemfile }}" + steps: + - uses: actions/checkout@v2 + - name: Set up Ruby & bundle gems + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - name: Run the tests + run: bundle exec rake spec diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 9090c023..00000000 --- a/.travis.yml +++ /dev/null @@ -1,20 +0,0 @@ -env: - - GEM=core BUNDLE_WITHOUT=attachments:pages - - GEM=attachments BUNDLE_WITHOUT=pages - - GEM=pages -rvm: - - 2.4.6 - - 2.5.5 - - 2.6.3 -gemfile: - - gemfiles/rails-4.2.x.gemfile - - gemfiles/rails-5.2.x.gemfile -before_install: - - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true - - gem install bundler -v '< 2' -before_script: - - cd $GEM -script: - - bundle exec rake db:schema:load spec RAILS_ENV=test -matrix: - fast_finish: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d60a8c9..df557c26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +## Unreleased + +* Require Rails 6.1+ and Ruby 2.7+ +* Drop official support for Rails 6.0 and lower, Ruby 2.6 and lower +* Added CI for Rails 7.0, Ruby 3.x to test compatibility +* Require Ransack to be at least 4.0 (security concerns) +* Replace paperclip with kt-paperclip (compatibility fork) + ## 2.6.0 * Redirect to original page after login diff --git a/README.md b/README.md index ac0384bb..df5abd64 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,16 @@ +# About this fork + +Migrating away from a CMS is a lot of work. A more pragmatic approach for us was to make Brightcontent work newer Ruby and Rails versions. + +Specific issues we've addressed: + +- Port CI from Travis to Github Actions (Travis no longer works) +- Dropped support for Rails lower than 6.1 and Ruby lower than 2.7 +- Rails v6.1 + Ruby 2.7 compatibility (extended CI to test them, no code changes needed) +- Investigating: Rails v7.0 + Ruby 3.x compatibility (extended CI to test them, no code changes yet) +- Require Ransack 4.0 or higher (security issues with lower versions) +- Replace paperclip with kt-paperclip (compatibility fork) + Brightcontent ============= @@ -15,7 +28,7 @@ Brightcontent, yet another rails CMS / admin panel * No standard 'cms-modules', we hate those, making custom is easy enough * Built in the rails way, use your normals models, only controllers and views are provided * Only exception: Page model is provided with tree structure, sorting, hidden and pretty urls like `/services/cleaning/houses` -* Supports Rails 4.2 and above +* Supports Rails 5.2 and above * Strong Parameters support ![Brightcontent preview](doc/browser.jpg) diff --git a/Rakefile b/Rakefile index bb1a3b50..06118bcd 100644 --- a/Rakefile +++ b/Rakefile @@ -8,6 +8,7 @@ end PROJECTS = %w{core pages attachments} PROJECTS.each do |name| + desc "Run tests for #{name}" task "spec_#{name}" do sh "cd #{name} && bundle exec rake db:schema:load spec RAILS_ENV=test" end diff --git a/attachments/brightcontent-attachments.gemspec b/attachments/brightcontent-attachments.gemspec index d2905a43..840d68a9 100644 --- a/attachments/brightcontent-attachments.gemspec +++ b/attachments/brightcontent-attachments.gemspec @@ -16,6 +16,6 @@ Gem::Specification.new do |s| s.require_paths = ["lib"] s.add_dependency "brightcontent-core", version - s.add_dependency "paperclip", ">= 3.0.0" + s.add_dependency "kt-paperclip", ">= 6.0.0" s.add_dependency "jquery-fileupload-rails" end diff --git a/core/app/controllers/brightcontent/application_controller.rb b/core/app/controllers/brightcontent/application_controller.rb index 7abbc5a1..d259a107 100644 --- a/core/app/controllers/brightcontent/application_controller.rb +++ b/core/app/controllers/brightcontent/application_controller.rb @@ -27,6 +27,12 @@ def current_user end helper_method :current_user + def ransack_auth_object + current_user + end + helper_method :ransack_auth_object + + def user_resources @user_resources ||= @current_user.resources end diff --git a/core/brightcontent-core.gemspec b/core/brightcontent-core.gemspec index 79cb26d6..9bbefb9c 100644 --- a/core/brightcontent-core.gemspec +++ b/core/brightcontent-core.gemspec @@ -15,7 +15,7 @@ Gem::Specification.new do |s| s.test_files = `git ls-files -- spec/*`.split("\n") s.require_paths = ["lib"] - s.add_dependency "rails", ">= 4.2.0" + s.add_dependency "rails", ">= 6.1.0" s.add_dependency "bcrypt" s.add_dependency "bootstrap-sass", ">= 3.4.0" s.add_dependency "bootstrap-wysihtml5-rails", ">= 0.3.2" @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.add_dependency "sassc-rails", ">= 2.0" s.add_dependency "simple_form" s.add_dependency "will_paginate" - s.add_dependency "ransack", ">= 1.1" + s.add_dependency "ransack", ">= 4.0" s.add_development_dependency "rake" s.add_development_dependency "sqlite3" diff --git a/core/lib/brightcontent/base_controller_ext/filtering.rb b/core/lib/brightcontent/base_controller_ext/filtering.rb index 15a455e9..e363b699 100644 --- a/core/lib/brightcontent/base_controller_ext/filtering.rb +++ b/core/lib/brightcontent/base_controller_ext/filtering.rb @@ -10,7 +10,7 @@ module Filtering end def ransack_search - @_ransack_search ||= base_collection.ransack(params[:q]) + @_ransack_search ||= base_collection.ransack(params[:q], auth_object: ransack_auth_object) end def collection diff --git a/core/lib/brightcontent/view_lookup/filter_field.rb b/core/lib/brightcontent/view_lookup/filter_field.rb index acf0cf9f..16672132 100644 --- a/core/lib/brightcontent/view_lookup/filter_field.rb +++ b/core/lib/brightcontent/view_lookup/filter_field.rb @@ -11,12 +11,16 @@ def controller view_context.controller end + def ransack_auth_object + view_context.current_user + end + def column? resource_class.column_names.include? options[:field].to_s end def scope? - resource_class.ransackable_scopes.include?(options[:field].to_sym) + resource_class.ransackable_scopes(ransack_auth_object).include?(options[:field].to_sym) end def belongs_to_association? diff --git a/core/spec/dummy/app/models/application_record.rb b/core/spec/dummy/app/models/application_record.rb new file mode 100644 index 00000000..b70aabe0 --- /dev/null +++ b/core/spec/dummy/app/models/application_record.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class ApplicationRecord < ActiveRecord::Base + self.abstract_class = true + + # Safe default: expose no attributes + def self.ransackable_attributes(auth_object = nil) + [] + end + + # Safe default: expose no associations + def self.ransackable_associations(auth_object = nil) + [] + end +end diff --git a/core/spec/dummy/app/models/author.rb b/core/spec/dummy/app/models/author.rb index 2c7579da..eadb1713 100644 --- a/core/spec/dummy/app/models/author.rb +++ b/core/spec/dummy/app/models/author.rb @@ -1,3 +1,3 @@ -class Author < ActiveRecord::Base +class Author < ApplicationRecord has_many :blogs end diff --git a/core/spec/dummy/app/models/blog.rb b/core/spec/dummy/app/models/blog.rb index 792b3f1b..0fdcad88 100644 --- a/core/spec/dummy/app/models/blog.rb +++ b/core/spec/dummy/app/models/blog.rb @@ -1,4 +1,4 @@ -class Blog < ActiveRecord::Base +class Blog < ApplicationRecord belongs_to :author has_many :comments @@ -8,4 +8,12 @@ class Blog < ActiveRecord::Base def self.ransackable_scopes(auth = nil) [:exclude_inactive] end + + def self.ransackable_attributes(auth_object = nil) + ["active", "author_id", "body", "created_at", "featured", "id", "name", "updated_at"] + end + + def self.ransackable_associations(auth_object = nil) + ["author", "comments"] + end end diff --git a/core/spec/dummy/app/models/comment.rb b/core/spec/dummy/app/models/comment.rb index ac56d97b..69e03132 100644 --- a/core/spec/dummy/app/models/comment.rb +++ b/core/spec/dummy/app/models/comment.rb @@ -1,3 +1,7 @@ -class Comment < ActiveRecord::Base +class Comment < ApplicationRecord belongs_to :blog + + def self.ransackable_attributes(auth_object = nil) + ["blog_id", "created_at", "id", "text", "updated_at"] + end end diff --git a/core/spec/dummy/app/models/grouped_blog.rb b/core/spec/dummy/app/models/grouped_blog.rb index 7b8dc6b8..e8ce8ea4 100644 --- a/core/spec/dummy/app/models/grouped_blog.rb +++ b/core/spec/dummy/app/models/grouped_blog.rb @@ -1,4 +1,4 @@ -class GroupedBlog < ActiveRecord::Base +class GroupedBlog < ApplicationRecord belongs_to :author scope :exclude_inactive, ->{ where(active: true) } diff --git a/gemfiles/rails-5.2.x.gemfile b/gemfiles/rails-6.1.x.gemfile similarity index 83% rename from gemfiles/rails-5.2.x.gemfile rename to gemfiles/rails-6.1.x.gemfile index ac3136cc..d51c9975 100644 --- a/gemfiles/rails-5.2.x.gemfile +++ b/gemfiles/rails-6.1.x.gemfile @@ -1,6 +1,7 @@ source "https://rubygems.org" -gem "rails", "~> 5.2.0" +gem "rails", "~> 6.1.0" +gem "sprockets", "< 4.0" gemspec name: "brightcontent-core", path: "../core", group: :core gemspec name: "brightcontent-attachments", path: "../attachments", group: :attachments diff --git a/gemfiles/rails-4.2.x.gemfile b/gemfiles/rails-7.0.x.gemfile similarity index 83% rename from gemfiles/rails-4.2.x.gemfile rename to gemfiles/rails-7.0.x.gemfile index 2248363e..28400f38 100644 --- a/gemfiles/rails-4.2.x.gemfile +++ b/gemfiles/rails-7.0.x.gemfile @@ -1,7 +1,7 @@ source "https://rubygems.org" -gem "rails", "~> 4.2.0" -gem "sqlite3", "~> 1.3.6" +gem "rails", "~> 7.0.0" +gem "sprockets", "< 4.0" gemspec name: "brightcontent-core", path: "../core", group: :core gemspec name: "brightcontent-attachments", path: "../attachments", group: :attachments