Merge branch 'main' into authorization_framework

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/codeql.yml

@@ -0,0 +1,42 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - main
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: security-extended,security-and-quality
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/issue-auto-unassign.yml

@@ -1,3 +1,5 @@
+name: Auto-unassign issue
+
 on:
   schedule:
     # * is a special character in YAML so you have to quote this string

.github/workflows/rubyonrails.yml

@@ -29,7 +29,7 @@ jobs:
       DATABASE_URL: "postgres://rails:password@localhost:5432/rails_test"
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       # Add or replace dependency steps here
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Ruby and gems
         uses: ruby/setup-ruby@v1
         with:

.gitignore

@@ -47,6 +47,7 @@
 # IDE
 .idea
 .vscode
+/.env
 
 # OS
 .DS_Store

Gemfile.lock

@@ -110,7 +110,8 @@ GEM
     bootstrap_form (5.3.2)
       actionpack (>= 6.1)
       activemodel (>= 6.1)
-    brakeman (6.0.1)
+    brakeman (6.1.2)
+      racc
     builder (3.2.4)
     capybara (3.39.2)
       addressable
@@ -138,7 +139,7 @@ GEM
     debug (1.8.0)
       irb (>= 1.5.0)
       reline (>= 0.3.1)
-    devise (4.9.2)
+    devise (4.9.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -223,7 +224,7 @@ GEM
       guard-compat (~> 1.0)
       multi_json (~> 1.8)
     http_parser.rb (0.8.0)
-    i18n (1.14.1)
+    i18n (1.14.4)
       concurrent-ruby (~> 1.0)
     importmap-rails (1.2.1)
       actionpack (>= 6.0.0)
@@ -297,7 +298,7 @@ GEM
       ast (~> 2.4.1)
       racc
     pg (1.5.3)
-    phonelib (0.8.2)
+    phonelib (0.8.7)
     popper_js (2.11.7)
     pry (0.14.2)
       coderay (~> 1.1)
@@ -450,7 +451,7 @@ GEM
     unicode-display_width (2.4.2)
     warden (1.2.9)
       rack (>= 2.0.9)
-    web-console (4.2.0)
+    web-console (4.2.1)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)

app/controllers/adoptable_pets_controller.rb

@@ -12,7 +12,7 @@ def show
     @pet = Pet.find(params[:id])
     authorize! @pet, with: AdoptablePetPolicy
 
-    if current_user
+    if current_user&.adopter_account
       @adoption_application =
         AdopterApplication.find_by(
           pet_id: @pet.id,

app/controllers/matches_controller.rb

@@ -2,6 +2,9 @@ class MatchesController < ApplicationController
   before_action :set_pet, only: %i[create]
   before_action :set_match, only: %i[destroy]
 
+  before_action :set_pet, only: %i[create]
+  before_action :set_match, only: %i[destroy]
+
   def create
     authorize! context: {organization: @pet.organization}
 

app/controllers/organizations/tasks_controller.rb

@@ -30,7 +30,7 @@ def edit
   end
 
   def update
-    @task.next_due_date_in_days = nil unless task_params.dig(:next_due_date_in_days)
+    @task.next_due_date_in_days = nil unless task_params.dig(:next_due_date_in_days) || task_params.dig(:completed)
 
     respond_to do |format|
       if @task.update(task_params)

app/javascript/controllers/application.js

@@ -6,13 +6,4 @@ const application = Application.start()
 application.debug = false
 window.Stimulus   = application
 
-// google map script tag calls this method via callback param when finished loading
-// this creates a custom event that is being listened to in the view to build map
-// without this google-map controller JS runs before google is available and fails
-window.initMap = () => {
-    console.log('initMap was called');
-    const event = new Event("MapLoaded", {"bubbles":true, "cancelable":false});
-    window.dispatchEvent(event)
-}
-
 export { application }

app/models/adopter_foster_profile.rb

@@ -42,8 +42,8 @@
 #
 # Indexes
 #
-#  index_adopter_profiles_on_adopter_account_id  (adopter_account_id)
-#  index_adopter_profiles_on_location_id         (location_id)
+#  index_adopter_foster_profiles_on_adopter_account_id  (adopter_account_id)
+#  index_adopter_foster_profiles_on_location_id         (location_id)
 #
 # Foreign Keys
 #

app/views/adoptable_pets/show.html.erb

@@ -18,7 +18,9 @@
           </div>
         </div>
         <div>
-          <%= link_to 'Become an adopter', new_user_registration_path, class: 'btn btn-primary btn-sm d-none d-md-block' %>
+          <% unless current_user %>
+            <%= link_to t('general.become_an_adopter'), new_user_registration_path, class: 'btn btn-primary btn-sm d-none d-md-block' %>
+          <% end %>
         </div>
       </div>
     </div>

app/views/layouts/shared/_navbar.html.erb

@@ -1,12 +1,14 @@
 <nav class="navbar navbar-expand-lg bg-transparent shadow-none px-0 py-3">
   <div class="container-fluid px-4">
-    <%= link_to home_index_path, class: 'navbar-brand' do %>
+    <%= image_tag('png/logo.png', width: '40px', height: '35px', alt: 'Organization logo',
+                    class: 'pe-2') %>
+    <%= link_to home_index_path, class: 'navbar-brand fw-bold text-black' do %>
       <%= Current.organization.name %>
     <% end %>
 
     <div class="d-flex align-items-center order-lg-3">
       <div>
-        <button class="navbar-toggler collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#navbar-default3" aria-controls="navbar-default3" aria-expanded="false" aria-label="Toggle navigation">
+        <button class="navbar-toggler collapsed me-1" type="button" data-bs-toggle="collapse" data-bs-target="#navbar-default3" aria-controls="navbar-default3" aria-expanded="false" aria-label="Toggle navigation">
           <span class="icon-bar top-bar mt-0"></span>
           <span class="icon-bar middle-bar"></span>
           <span class="icon-bar bottom-bar"></span>
@@ -74,17 +76,23 @@
     <!-- Button -->
 
     <!-- Collapse -->
-    <div class="collapse navbar-collapse" id="navbar-default3">
+    <div class="justify-content-end collapse navbar-collapse " id="navbar-default3">
       <ul class="navbar-nav">
 
+        <li class='nav-item'>
+          <%= active_link_to 'Adopt', new_user_registration_path, class: 'nav-link' %>
+        </li>
+        <li class='nav-item'>
+          <%= active_link_to 'Get Involved', '#', class: 'nav-link' %>
+        </li>
         <li class='nav-item'>
           <%= active_link_to 'About Us', about_us_path, class: 'nav-link' %>
         </li>
         <li class='nav-item'>
           <%= active_link_to 'Partners', partners_path, class: 'nav-link' %>
         </li>
-        <li class="nav-item d-block d-md-none">
-          <%= active_link_to 'Adopt', new_user_registration_path, class: 'nav-link' %>
+        <li class="nav-item">
+          <%= active_link_to 'Donate', donate_path, class: 'nav-link' %>
         </li>
         <li class="nav-item d-block d-md-none">
           <%= active_link_to 'Log In', new_user_session_path, class: 'nav-link' %>
@@ -93,3 +101,9 @@
     </div>
   </div>
 </nav>
+<!--  Demo banner-->
+<% if Rails.env.staging? %>
+  <div class="container-fluid m-0 p-2 text-center bg-danger-soft display-6">
+    This is a demo site
+  </div>
+<%  end %>