Skip to content

Update primero #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AlexTheProg merged 30 commits into from
Jan 17, 2025
Merged

Update primero #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
ff88b09
R2-3127 - Mark for Offline action broken
dhernandez-quoin Nov 26, 2024
0bc74fe
R2-3127 - Store ids as metadata in Audit Logs
dhernandez-quoin Dec 4, 2024
3bd0b65
R2-3127 - Fix tests
dhernandez-quoin Dec 4, 2024
bb0b1de
Add data migration for gbv decimalPlaces forms
awensaunders Nov 25, 2024
aaba852
Update data migration to destroy and recreate relevant field
awensaunders Nov 25, 2024
4b095ca
Move from v2.12 to v2.11.1 for data migration
awensaunders Dec 4, 2024
6ea19ac
Update references in readme to point to new location
awensaunders Dec 4, 2024
0d1d510
R2-3138 - Security - Fix user escalation of privilege
aespinoza-quoin Dec 4, 2024
091bb2b
Merge pull request #482 from Jozian/data-migration-gbv-calculated-fields
pnabutovsky Dec 4, 2024
7d690a1
Merged in r2-3127-offline-action-broken (pull request #6998)
dhernandez-quoin Dec 4, 2024
55cd714
Merge branch 'main' of github.com:primeroIMS/primero into r2-3076-rec…
pnabutovsky Dec 4, 2024
ff7ee88
Merged in r2-3076-reconcile-gh-bb (pull request #7005)
pnabutovsky Dec 4, 2024
aaede4d
R2-3138 Adding more hidden attributes
aespinoza-quoin Dec 4, 2024
728dc7f
Merged in r2-3138-security-fix-user-escalation-privilege (pull reques…
aespinoza-quoin Dec 4, 2024
504ebe6
R2-3105 - W - Missing 'Show hidden fields' label on form export modal
aespinoza-quoin Dec 5, 2024
943f3df
Merged in r2-3105-missing-label-form-export (pull request #7006)
aespinoza-quoin Dec 5, 2024
eaad4ca
R2-3139: Fixing issue where users get signed out after updating their…
jtoliver-quoin Dec 5, 2024
05b27b9
Renaming method
jtoliver-quoin Dec 5, 2024
25bd032
R2-3068 - Fix current location horizontal scroll bar
aespinoza-quoin Dec 5, 2024
e092e59
Merged in r2-3068-current-location-scrollbar (pull request #7009)
aespinoza-quoin Dec 6, 2024
180289a
Merged in r2-3139-signout-password-change-main (pull request #7008)
jtoliver-quoin Dec 6, 2024
4ca1276
Updating Rails to 6.1.7.9, Puma, Nokogiri, etc
pnabutovsky Dec 6, 2024
bbe0d22
Fixing issue where changing password on another user changes the session
jtoliver-quoin Dec 6, 2024
e3ec5e9
Updating node packages from npm audit
jtoliver-quoin Dec 6, 2024
5787070
Merged in r2-3139-signout-password-change-main (pull request #7011)
jtoliver-quoin Dec 6, 2024
14c3425
Merged in r2-3144-security-updates (pull request #7010)
pnabutovsky Dec 6, 2024
a676a81
Updating rexml to 3.3.9 - CVE bill of health
pnabutovsky Dec 9, 2024
a057bc2
Bumping to v2.11.1
pnabutovsky Dec 9, 2024
e941c5f
Merged in r2-3144-rexml-update (pull request #7014)
pnabutovsky Dec 9, 2024
9781596
Merge branch 'main-upstream' into fork-update-2
AlexTheProg Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ gem 'prawn-table', '~> 0.2' # PDF generation
gem 'puma', '~> 6.4' # Ruby Rack server
gem 'rack', '~> 2.2'
gem 'rack-attack', '>= 6.6' # Rack middleware to rate limit sensetive routes, such as those used for auth
gem 'rails', '6.1.7.8'
gem 'rails', '6.1.7.9'
gem 'rake', '~> 13.0'
gem 'rbnacl', '>= 7.1.1' # Libsodium Ruby binding. Used for encrypting export file passwords.
gem 'rubyzip', '~> 2.3', # Zip and encrypt exported files
Expand Down
140 changes: 69 additions & 71 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,62 +1,62 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.7.8)
actionpack (= 6.1.7.8)
activesupport (= 6.1.7.8)
actioncable (6.1.7.9)
actionpack (= 6.1.7.9)
activesupport (= 6.1.7.9)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.8)
actionpack (= 6.1.7.8)
activejob (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
actionmailbox (6.1.7.9)
actionpack (= 6.1.7.9)
activejob (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
mail (>= 2.7.1)
actionmailer (6.1.7.8)
actionpack (= 6.1.7.8)
actionview (= 6.1.7.8)
activejob (= 6.1.7.8)
activesupport (= 6.1.7.8)
actionmailer (6.1.7.9)
actionpack (= 6.1.7.9)
actionview (= 6.1.7.9)
activejob (= 6.1.7.9)
activesupport (= 6.1.7.9)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.7.8)
actionview (= 6.1.7.8)
activesupport (= 6.1.7.8)
actionpack (6.1.7.9)
actionview (= 6.1.7.9)
activesupport (= 6.1.7.9)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.8)
actionpack (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
actiontext (6.1.7.9)
actionpack (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
nokogiri (>= 1.8.5)
actionview (6.1.7.8)
activesupport (= 6.1.7.8)
actionview (6.1.7.9)
activesupport (= 6.1.7.9)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.1.7.8)
activesupport (= 6.1.7.8)
activejob (6.1.7.9)
activesupport (= 6.1.7.9)
globalid (>= 0.3.6)
activemodel (6.1.7.8)
activesupport (= 6.1.7.8)
activerecord (6.1.7.8)
activemodel (= 6.1.7.8)
activesupport (= 6.1.7.8)
activemodel (6.1.7.9)
activesupport (= 6.1.7.9)
activerecord (6.1.7.9)
activemodel (= 6.1.7.9)
activesupport (= 6.1.7.9)
activerecord-nulldb-adapter (0.9.0)
activerecord (>= 5.2.0, < 7.1)
activestorage (6.1.7.8)
actionpack (= 6.1.7.8)
activejob (= 6.1.7.8)
activerecord (= 6.1.7.8)
activesupport (= 6.1.7.8)
activestorage (6.1.7.9)
actionpack (= 6.1.7.9)
activejob (= 6.1.7.9)
activerecord (= 6.1.7.9)
activesupport (= 6.1.7.9)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.8)
activesupport (6.1.7.9)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
Expand Down Expand Up @@ -111,7 +111,7 @@ GEM
crass (1.0.6)
csv-safe (3.2.1)
daemons (1.4.1)
date (3.3.4)
date (3.4.1)
deep_merge (1.2.2)
delayed_job (4.1.11)
activesupport (>= 3.0, < 8.0)
Expand Down Expand Up @@ -183,7 +183,7 @@ GEM
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
logger (1.6.1)
loofah (2.22.0)
loofah (2.23.1)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
mail (2.8.1)
Expand All @@ -200,7 +200,7 @@ GEM
mime-types-data (3.2023.0808)
mini_magick (4.12.0)
mini_mime (1.1.5)
mini_portile2 (2.8.7)
mini_portile2 (2.8.8)
minipack (0.3.6)
actionview
railties (>= 4.2)
Expand All @@ -209,7 +209,7 @@ GEM
multipart-post (2.3.0)
net-http-persistent (4.0.2)
connection_pool (~> 2.2)
net-imap (0.4.12)
net-imap (0.5.1)
date
net-protocol
net-pop (0.1.2)
Expand All @@ -218,8 +218,8 @@ GEM
timeout
net-smtp (0.5.0)
net-protocol
nio4r (2.5.9)
nokogiri (1.16.5)
nio4r (2.7.4)
nokogiri (1.16.8)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
openssl (3.1.0)
Expand All @@ -244,9 +244,9 @@ GEM
byebug (~> 11.0)
pry (>= 0.13, < 0.15)
public_suffix (5.0.3)
puma (6.4.2)
puma (6.5.0)
nio4r (~> 2.0)
racc (1.8.0)
racc (1.8.1)
rack (2.2.9)
rack-attack (6.7.0)
rack (>= 1.0, < 4)
Expand All @@ -257,20 +257,20 @@ GEM
rack_session_access (0.2.0)
builder (>= 2.0.0)
rack (>= 1.0.0)
rails (6.1.7.8)
actioncable (= 6.1.7.8)
actionmailbox (= 6.1.7.8)
actionmailer (= 6.1.7.8)
actionpack (= 6.1.7.8)
actiontext (= 6.1.7.8)
actionview (= 6.1.7.8)
activejob (= 6.1.7.8)
activemodel (= 6.1.7.8)
activerecord (= 6.1.7.8)
activestorage (= 6.1.7.8)
activesupport (= 6.1.7.8)
rails (6.1.7.9)
actioncable (= 6.1.7.9)
actionmailbox (= 6.1.7.9)
actionmailer (= 6.1.7.9)
actionpack (= 6.1.7.9)
actiontext (= 6.1.7.9)
actionview (= 6.1.7.9)
activejob (= 6.1.7.9)
activemodel (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
bundler (>= 1.15.0)
railties (= 6.1.7.8)
railties (= 6.1.7.9)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
Expand All @@ -280,15 +280,15 @@ GEM
activesupport (>= 5.0.0)
minitest
nokogiri (>= 1.6)
rails-html-sanitizer (1.6.0)
rails-html-sanitizer (1.6.1)
loofah (~> 2.21)
nokogiri (~> 1.14)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
rails-i18n (7.0.8)
i18n (>= 0.7, < 2)
railties (>= 6.0.0, < 8)
railties (6.1.7.8)
actionpack (= 6.1.7.8)
activesupport (= 6.1.7.8)
railties (6.1.7.9)
actionpack (= 6.1.7.9)
activesupport (= 6.1.7.9)
method_source
rake (>= 12.2)
thor (~> 1.0)
Expand All @@ -305,8 +305,7 @@ GEM
responders (3.1.1)
actionpack (>= 5.2)
railties (>= 5.2)
rexml (3.3.6)
strscan
rexml (3.3.9)
roo (2.10.0)
nokogiri (~> 1)
rubyzip (>= 1.3.0, < 3.0.0)
Expand Down Expand Up @@ -384,11 +383,10 @@ GEM
sprockets (4.2.1)
concurrent-ruby (~> 1.0)
rack (>= 2.2.4, < 4)
sprockets-rails (3.4.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets-rails (3.5.2)
actionpack (>= 6.1)
activesupport (>= 6.1)
sprockets (>= 3.0.0)
strscan (3.1.0)
sunspot (2.6.0)
pr_geohash (~> 1.0)
rsolr (>= 1.1.1, < 3)
Expand All @@ -403,7 +401,7 @@ GEM
unicode-display_width (>= 1.1.1, < 3)
text (1.3.1)
thor (1.3.1)
timeout (0.4.1)
timeout (0.4.2)
ttfunk (1.7.0)
twitter_cldr (4.4.5)
camertron-eprun
Expand Down Expand Up @@ -476,7 +474,7 @@ DEPENDENCIES
rack-mini-profiler (>= 1.0.0)
rack-test (~> 1.1)
rack_session_access (~> 0.2)
rails (= 6.1.7.8)
rails (= 6.1.7.9)
rails-controller-testing (~> 1.0)
rake (~> 13.0)
rbnacl (>= 7.1.1)
Expand Down
5 changes: 5 additions & 0 deletions app/controllers/api/v2/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ def update
validate_json!(User::USER_FIELDS_SCHEMA, user_params)
@user.update_with_properties(@user_params)
@user.save!
keep_user_signed_in
end

def destroy
Expand Down Expand Up @@ -73,4 +74,8 @@ def welcome
def identity_sync
@user.identity_sync(current_user)
end

def keep_user_signed_in
bypass_sign_in(@user) if @user.saved_change_to_encrypted_password? && current_user == @user
end
end
9 changes: 9 additions & 0 deletions app/controllers/application_api_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,18 @@ def model_class
end

def record_id
return unless params[:id].is_a?(String)

params[:id]
end

def metadata_record_ids
return [] unless params[:id].present?
return [params[:id]] if params[:id].is_a?(String)

params[:id].values
end

def authorize_all!(permission, records)
records.each do |record|
authorize!(permission, record)
Expand Down
3 changes: 2 additions & 1 deletion app/controllers/concerns/audit_log_actions.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ def default_metadata_audit_params
remote_ip: LogUtils.remote_ip(request),
agency_id: current_user.try(:agency_id),
role_id: current_user.try(:role_id),
http_method: request.method
http_method: request.method,
record_ids: metadata_record_ids
}
end

Expand Down
2 changes: 1 addition & 1 deletion app/javascript/components/form/fields/radio-input.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ function RadioInput({ commonInputProps, options, formMethods }) {

return (
<FormControl id={name} error={error} className={className}>
<FormLabel component="legend" className="MuiInputLabel-root">
<FormLabel component="label" className={css.radioLabel}>
{radioGroupLabel}
</FormLabel>
<Controller
Expand Down
33 changes: 33 additions & 0 deletions app/javascript/components/form/fields/radio-input.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
import { screen, mountedFieldComponent } from "test-utils";

import RadioInput from "./radio-input";

describe("<Form /> - fields/<RadioInput />", () => {
const props = {
commonInputProps: {
label: "Test Field 2",
name: "test"
},
options: [
{ id: 1, display_text: "option-1" },
{ id: 2, display_text: "option-2" }
],
formMethods: {}
};

it("renders RadioInput inputs", () => {
mountedFieldComponent(<RadioInput {...props} />);
expect(screen.getByText("option-1")).toBeInTheDocument();
expect(screen.getByText("option-2")).toBeInTheDocument();
});

it("renders help text", () => {
mountedFieldComponent(<RadioInput {...props} />);
expect(screen.getByText("Test Field 2 help text")).toBeInTheDocument();
});

it("renders label", () => {
mountedFieldComponent(<RadioInput {...props} />);
expect(screen.getByText("Test Field 2")).toBeInTheDocument();
});
});
5 changes: 5 additions & 0 deletions app/javascript/components/form/fields/styles.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,3 +145,8 @@
.downloadButton {
padding-top: 10px;
}

.radioLabel {
font-weight: bold;
color: var(--c-solid-black);
}
2 changes: 1 addition & 1 deletion app/javascript/components/index-filters/components/filter-types/select-filter/component.jsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ function Component({ filter, mode, moreSectionFilters = {}, multiple = true, res
return (
<Panel filter={filter} getValues={getValues} handleReset={handleReset}>
<Autocomplete
classes={{ root: css.select, ...listboxClasses }}
classes={{ paper: css.paper, root: css.select, ...listboxClasses }}
ListboxComponent={virtualize(filterOptions.length)}
disableListWrap
multiple={multiple}
Expand Down
7 changes: 7 additions & 0 deletions app/javascript/components/index-filters/components/filter-types/styles.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,13 @@
width: 100%;
}

.paper {
& ul {
width: fit-content;
overflow: auto;
}
}

.dateContainer {
width: 100%
}
Expand Down
4 changes: 3 additions & 1 deletion app/models/user.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,9 @@ def hidden_attributes
end

def self_hidden_attributes
%w[role_unique_id identity_provider_unique_id user_name]
%w[role_unique_id identity_provider_unique_id user_name user_group_unique_ids agency_id
identity_provider_id reset_password_token reset_password_sent_at service_account
unlock_token locked_at failed_attempts identity_provider_sync]
end

def password_parameters
Expand Down
Loading
Loading