Content provider bug fixing

CHANGE_LOG.md

@@ -1,15 +1,17 @@
 # Version Change Log
 The sections below refer to the release tags for this repository:
+<<<<<<< HEAD
 ## [Version 1.4.3](https://github.com/dresa-org-au/TeSS/releases/tag/v1.4.2)
 
-Deployed: *TBA*
+Deployed: *28<sup>th</sup> January, 2023*
 
 - Updates:
   - [Invite Email: Add Getting Started Information](https://github.com/nrmay/issues/374)
-
+  - [Optimize Search Fields](https://github.com/nrmay/TeSS/issues/321)
 
 - Fixes:
   - [Security Updates 4](https://github.com/nrmay/TeSS/issues/373)
+  - [Security Updates 5](https://github.com/nrmay/TeSS/issues/385)
 
 
 ## [Version 1.4.2](https://github.com/dresa-org-au/TeSS/releases/tag/v1.4.2)

Gemfile

@@ -54,7 +54,7 @@ gem 'dynamic_sitemaps', github: 'lassebunk/dynamic_sitemaps', branch: 'master'
 gem 'whenever', '~> 1.0.0'
 
 # These are required for Sidekiq, to look up scientific topics
-gem 'httparty'
+gem 'httparty', '~> 0.21.0'
 gem 'sidekiq', '~> 6.5.6'
 gem 'slim'
 
@@ -109,7 +109,7 @@ gem 'icalendar', '~> 2.4.1'
 
 gem 'bootstrap-datepicker-rails', '~> 1.6.4.1'
 
-gem 'rack', '~> 2.2.3.1'
+gem 'rack', '~> 2.2.6.2'
 
 gem 'rack-cors', require: 'rack/cors'
 
@@ -148,7 +148,7 @@ gem 'rest-client'
 
 # for converting html to markdown
 gem 'reverse_markdown'
-gem 'nokogiri', '~> 1.13.6'
+gem 'nokogiri', '~> 1.13.10'
 
 # eventbrite api
 gem 'eventbrite_sdk'
@@ -160,7 +160,14 @@ gem 'sassc', '= 2.1.0'
 gem 'psych', '< 4'
 
 # rails html sanitizer security update
-gem 'rails-html-sanitizer', '~> 1.4.3'
+gem 'rails-html-sanitizer', '~> 1.4.4'
+gem 'loofah', '~> 2.19.1'
+
+# fix net-protocol warnings by specifically importing net-http
+gem 'net-http'
+
+# security update 5
+gem 'globalid', '~> 1.0.1'
 
 source 'https://rails-assets.org' do
   gem 'rails-assets-clipboard', '~> 1.5.12'

Gemfile.lock

@@ -164,7 +164,7 @@ GEM
     friendly_id (5.2.5)
       activerecord (>= 4.0.0)
     geocoder (1.8.0)
-    globalid (1.0.0)
+    globalid (1.0.1)
       activesupport (>= 5.0)
     gravtastic (3.2.6)
     haml (5.0.4)
@@ -181,8 +181,8 @@ GEM
     http-accept (1.7.0)
     http-cookie (1.0.5)
       domain_name (~> 0.5)
-    httparty (0.20.0)
-      mime-types (~> 3.0)
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
     httpclient (2.8.3)
     i18n (1.12.0)
@@ -277,7 +277,7 @@ GEM
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.18.0)
+    loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lunchy (0.10.4)
@@ -307,6 +307,8 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.6.0)
     nested_form (0.3.2)
+    net-http (0.3.2)
+      uri
     net-http-persistent (4.0.1)
       connection_pool (~> 2.2)
     net-protocol (0.1.3)
@@ -317,7 +319,7 @@ GEM
       timeout
     netrc (0.11.0)
     nio4r (2.5.8)
-    nokogiri (1.13.8-x86_64-linux)
+    nokogiri (1.13.10-x86_64-linux)
       racc (~> 1.4)
     nokogumbo (2.0.5)
       nokogiri (~> 1.8, >= 1.8.4)
@@ -358,8 +360,8 @@ GEM
     public_suffix (5.0.0)
     pundit (1.1.0)
       activesupport (>= 3.0.0)
-    racc (1.6.0)
-    rack (2.2.3.1)
+    racc (1.6.2)
+    rack (2.2.6.2)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
     rack-oauth2 (1.21.2)
@@ -395,8 +397,8 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.4.4)
+      loofah (~> 2.19, >= 2.19.1)
     rails-i18n (5.1.3)
       i18n (>= 0.7, < 2)
       railties (>= 5.0, < 6)
@@ -626,6 +628,7 @@ GEM
     unicorn (6.1.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
+    uri (0.12.2)
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
@@ -674,10 +677,11 @@ DEPENDENCIES
   font-awesome-sass (~> 4.7.0)
   friendly_id (~> 5.2.4)
   geocoder
+  globalid (~> 1.0.1)
   gravtastic (~> 3.2.6)
   haml (~> 5.0.4)
   handlebars_assets
-  httparty
+  httparty (~> 0.21.0)
   i18n_data
   icalendar (~> 2.4.1)
   iso_country_codes
@@ -690,10 +694,12 @@ DEPENDENCIES
   kt-paperclip (~> 6.4, >= 6.4.1)
   linkeddata
   listen
+  loofah (~> 2.19.1)
   lunchy
   minitest (= 5.10.3)
   money-rails
-  nokogiri (~> 1.13.6)
+  net-http
+  nokogiri (~> 1.13.10)
   omniauth-rails_csrf_protection
   omniauth_openid_connect
   pg
@@ -702,7 +708,7 @@ DEPENDENCIES
   psych (< 4)
   public_activity (~> 1.6.4)!
   pundit (~> 1.1.0)
-  rack (~> 2.2.3.1)
+  rack (~> 2.2.6.2)
   rack-cors
   rails (~> 5.2.8.1)
   rails-assets-clipboard (~> 1.5.12)!
@@ -711,7 +717,7 @@ DEPENDENCIES
   rails-assets-markdown-it (~> 7.0.1)!
   rails-assets-moment (~> 2.15.0)!
   rails-controller-testing
-  rails-html-sanitizer (~> 1.4.3)
+  rails-html-sanitizer (~> 1.4.4)
   rails-i18n
   rails_admin
   rdoc (>= 6.3.1)
@@ -745,4 +751,4 @@ DEPENDENCIES
   will_paginate
 
 BUNDLED WITH
-   2.3.21
+   2.3.14

app/assets/stylesheets/application.scss

@@ -42,7 +42,7 @@ body {
   min-width: 320px;
   position: relative;
   margin: 0;
-  padding-bottom: 215px;
+  padding-bottom: 280px;
   min-height: 100%;
 }
 

app/models/content_provider.rb

@@ -122,15 +122,15 @@ def remove_editor(editor)
 
       # transfer events to the provider's user
       editor.events.each do |event|
-        if event.content_provider.id == id
+        if !event.content_provider.nil? and event.content_provider.id == id
           event.user = user
           event.save!
         end
       end
 
       # transfer materials to the provider's user
       editor.materials.each do |material|
-        if material.content_provider.id == id
+        if !material.content_provider.nil? and material.content_provider.id == id
           material.user = user
           material.save!
         end

app/models/event.rb

@@ -131,8 +131,8 @@ class Event < ApplicationRecord
   #                   :target_audience, :venue)
 
   def self.facet_fields
-    field_list = %w( city country content_provider cost_basis eligibility end
-                      event_types fields keywords online organizer start
+    field_list = %w( city country content_provider host_institutions cost_basis eligibility
+                      event_types fields keywords online organizer
                       target_audience venue )
     field_list.append('operations') unless TeSS::Config.feature['disabled'].include? 'operations'
     field_list.append('scientific_topics') unless TeSS::Config.feature['disabled'].include? 'topics'

app/views/content_providers/_form.html.erb

@@ -17,7 +17,7 @@
   <%= f.input :content_provider_type, label: 'Type', collection: ContentProvider::PROVIDER_TYPE, include_blank: false %>
 
   <% if current_user.is_admin? %>
-    <%= f.input :user_id, label: 'Owner', collection: User.all %>
+    <%= f.input :user_id, label: 'Owner', collection: User.order('LOWER(users.username)').all%>
   <% end %>
 
   <%= f.dropdown :approved_editors, options: get_list_of_user_names, label: 'Approved Editors' %>

app/views/events/_form.html.erb

@@ -95,6 +95,11 @@
   <!-- Field: Organiser -->
   <%= f.input :organizer, field_lock: true, label: 'Organiser', input_html: { title: t('events.hints.organizer') } %>
 
+  <!-- Field: Content Provider -->
+  <%= f.input :content_provider_id, label: 'Content provider (where the event metadata is obtained from)',
+              collection: current_user.get_editable_providers, label_method: :title, value_method: :id, include_blank: true,
+              field_lock: true %>
+
   <!-- Field: Contact -->
   <%= f.input :contact, input_html: { rows: '5', title: t('events.hints.contact') }, field_lock: true %>
 
@@ -155,11 +160,6 @@
     <%= f.input :cost_value, as: :decimal, label: 'Cost', input_html: { title: t('events.hints.cost_value'), min: '0' } %>
   </div>
 
-  <!-- Field: Content Provider -->
-  <%= f.input :content_provider_id, label: 'Content provider (where the event metadata is obtained from)',
-              collection: current_user.get_editable_providers, label_method: :title, value_method: :id, include_blank: true,
-              field_lock: true %>
-
   <!-- Field: Materials -->
   <%= f.internal_resource :materials %>
   <div class="row">

app/views/layouts/_dresa_funded_by.erb

@@ -1,25 +1,16 @@
 <!-- show on large and medium screens -->
-<div class="col-md-3 hidden-sm hidden-xs">
-  <%= link_to 'https://www.pawsey.org.au/', class: 'funder-logo', target: '_blank' do %>
-    <%= image_tag 'supporters/Pawsey-Logo.png', title: 'Pawsey Supercomputing Research Centre' %>
-  <% end %>
-</div>
-<div class="col-md-3 hidden-sm hidden-xs">
+<div class="col-md-4 hidden-sm hidden-xs">
   <%= link_to 'https://www.ardc.edu.au/', class: 'funder-logo', target: '_blank' do %>
     <%= image_tag 'supporters/ARDC-Logo.png', title: 'Australian Research Data Commons' %>
   <% end %>
 </div>
-
-<!-- show on all screens -->
-<div class="col-md-4 col-sm-8 col-xs-12 funder-text">
-  <%= raw t 'footer.funded_by' %>
+<div class="col-md-4 hidden-sm hidden-xs">
+  <%= link_to 'https://www.nci.org.au/', class: 'funder-logo', target: '_blank' do %>
+    <%= image_tag 'supporters/NCI-Australia-Logo-Inverted.png', title: 'National Computational Infrastructure Australia' %>
+  <% end %>
 </div>
-
-<!-- show on large, medium and small screens -->
-<div class="col-md-2 col-sm-4 hidden-xs">
-  <%= link_to 'https://www.dese.gov.au/ncris', class: 'funder-logo', target: '_blank' do %>
-    <%= image_tag 'supporters/NCRIS-Logo-Inverted.png', style: 'height: 80px;',
-                  title: 'National Collaborative Research Infrastructure Strategy (NCRIS)' %>
+<div class="col-md-4 hidden-sm hidden-xs">
+  <%= link_to 'https://www.pawsey.org.au/', class: 'funder-logo', target: '_blank' do %>
+    <%= image_tag 'supporters/Pawsey-Logo.png', title: 'Pawsey Supercomputing Research Centre' %>
   <% end %>
 </div>
-

app/views/layouts/_dresa_funded_by_text.erb

@@ -0,0 +1,13 @@
+<!-- show on all screens -->
+<div class="col-md-10 col-sm-10 col-xs-12 funder-text">
+  <%= raw t 'footer.funded_by' %>
+</div>
+
+<!-- show on large, medium and small screens -->
+<div class="col-md-2 col-sm-2 hidden-xs">
+  <%= link_to 'https://www.dese.gov.au/ncris', class: 'funder-logo', target: '_blank' do %>
+    <%= image_tag 'supporters/NCRIS-Logo-Inverted.png', style: 'height: 80px;',
+                  title: 'National Collaborative Research Infrastructure Strategy (NCRIS)' %>
+  <% end %>
+</div>
+

app/views/layouts/_dresa_supported_by.erb

@@ -33,11 +33,6 @@
                 title: 'Department of Data Science and Artificial Intelligence, Monash University' %>
 <% end %>
 
-<%= link_to 'https://www.nci.org.au/', class: 'footer-logo', target: '_blank' do %>
-  <%= image_tag 'supporters/NCI-Australia-Logo-Gray.png', style: 'height: 22px;',
-                title: 'National Computational Infrastructure Australia' %>
-<% end %>
-
 <%= link_to 'https://www.newcastle.edu.au/', class: 'footer-logo', target: '_blank' do %>
   <%= image_tag 'supporters/Newcastle-Logo-Inverted.png', style: 'height: 24px;',
                 title: 'University of Newcastle, Australia' %>
@@ -51,4 +46,4 @@
 <%= link_to 'https://www.sydney.edu.au/researc/facilities/sydney-informatics-hub.html', class: 'footer-logo', target: '_blank' do %>
   <%= image_tag 'supporters/UoS-Inverted.png', style: 'height: 33px',
                 title: 'Sydney Informatics Hub' %>
-<% end %>
+<% end %>

app/views/layouts/_footer.html.erb

@@ -2,7 +2,7 @@
   <div class="container">
 
     <div class="row">
-      <div class="col-md-3 col-sm-4 col-xs-6">
+      <div class="col-md-3 col-sm-3 col-xs-6">
         <%= link_to 'Terms of Use', '/DReSA-Terms-of-use.pdf', target: '_blank' %>
         |
         <%= link_to 'User Manual', '/DReSA-User-Manual.pdf', target: '_blank' %><br/>
@@ -12,10 +12,16 @@
         <%= link_to "Source code [ version: #{app_version_text} ]",
                     "#{TeSS::Config.site['repository']}/blob/master/README.md", target: '_blank' %>
       </div>
-      <div class="col-md-9 col-sm-8 col-xs-6">
+      <div class="col-md-9 col-sm-9 col-xs-6">
         <%= render :partial => 'layouts/dresa_funded_by' %>
       </div>
     </div>
+
+    <div class="row">
+      <div class="col-lg-12">
+        <%= render :partial => 'layouts/dresa_funded_by_text' %>
+      </div>
+    </div>
 
     <div class="row hidden-sm hidden-xs hidden-md no-gutters" style="margin-bottom: 0;">
       <div class="col-lg-12 supported-by">

app/views/search/common/_search_info.html.erb

@@ -10,5 +10,5 @@ resource_type - type of result objects returned by SOLR, may or may not be passe
 <% local_assigns.fetch :resource_type, 'result' %>
 <%# RESULTS COUNT %>
 <div class="search-results-count">
-  <%= pluralize( resources.total, resource_type.humanize.downcase ) %> found
+  <%=resources.total.to_s%> <%=resource_type.humanize.downcase.pluralize(resources.total)%> found
 </div>

app/views/users/show.html.erb

@@ -185,8 +185,8 @@
           <div id="events" class="tab-pane fade in active">
             <div class="row">
               <div class="search-results-count">
-                <%= (upcoming_events.count > 0 ? "Showing" : "Found") + " #{pluralize(events.count, "upcoming event")}#{(upcoming_events.count > resource_limit) ? " out of #{upcoming_events.count}" : ''}." %>
-                <%= "Found #{pluralize(past_events.count, "past event")}." %>
+                <%= (upcoming_events.count > 0 ? "Showing" : "Found") + " " + events.count.to_s + " #{"upcoming event".pluralize(events.count)}#{(upcoming_events.count > resource_limit) ? " out of #{upcoming_events.count}" : ''}." %>
+                <%= "Found " + past_events.count.to_s + " #{"past event".pluralize(past_events.count)}." %>
               </div>
               <ul>
                 <% if upcoming_events.count > resource_limit %>
@@ -212,7 +212,7 @@
           <div id="materials" class="tab-pane fade">
             <div class="row">
               <div class="search-results-count">
-                <%= (materials.count > 0 ? "Showing" : "Found") + " #{pluralize(materials.count, "material")}#{(@user.materials.count > resource_limit) ? " out of #{@user.materials.count}" : ''}." %>
+                <%= (materials.count > 0 ? "Showing" : "Found") + " " + materials.count.to_s + " #{"material".pluralize(materials.count)}#{(@user.materials.count > resource_limit) ? " out of #{@user.materials.count}" : ''}." %>
                 <%= link_to('View all results.', materials_path(user: @user.username)) if (@user.materials.count > resource_limit) %>
               </div>
               <% materials.each do |material| %>
@@ -227,7 +227,7 @@
           <div id="packages" class="tab-pane fade">
             <div class="row">
               <div class="search-results-count">
-                <%= (packages.count > 0 ? "Showing" : "Found") + " #{pluralize(packages.count, "package")}#{(@user.packages.count > resource_limit) ? " out of #{@user.packages.count}" : ''}." %>
+                <%= (packages.count > 0 ? "Showing" : "Found") + " " + packages.count.to_s + " #{"package".pluralize(packages.count)}#{(@user.packages.count > resource_limit) ? " out of #{@user.packages.count}" : ''}." %>
                 <%= link_to('View all results.', packages(user: @user.username)) if (@user.packages.count > resource_limit) %>
               </div>
               <% packages.each do |package| %>