From 54897c8f978f127a44c0a9d20c1e87cea840b21f Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 1 May 2014 10:38:20 -0400 Subject: [PATCH] Update to Rails 4 --- apps/workbench/Gemfile | 11 +- apps/workbench/Gemfile.lock | 183 +++++++++--------- apps/workbench/app/models/arvados_base.rb | 28 ++- .../app/views/links/_recent.html.erb | 2 +- .../app/views/users/_show_admin.html.erb | 2 +- apps/workbench/config/application.default.yml | 14 +- apps/workbench/config/application.rb | 13 +- .../environments/development.rb.example | 12 +- .../config/environments/production.rb.example | 6 +- .../config/environments/test.rb.example | 6 - apps/workbench/config/routes.rb | 8 +- 11 files changed, 140 insertions(+), 145 deletions(-) diff --git a/apps/workbench/Gemfile b/apps/workbench/Gemfile index ee43a895c7..736a6057d5 100644 --- a/apps/workbench/Gemfile +++ b/apps/workbench/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '~> 3.2.0' +gem 'rails', '~> 4.0.0' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' @@ -14,8 +14,8 @@ gem 'sass' # Gems used only for assets and not required # in production environments by default. group :assets do - gem 'sass-rails', '~> 3.2.0' - gem 'coffee-rails', '~> 3.2.0' + gem 'sass-rails', '~> 4.0.0' + gem 'coffee-rails', '~> 4.0.0' # See https://github.com/sstephenson/execjs#readme for more supported runtimes gem 'therubyracer', :platforms => :ruby @@ -59,5 +59,8 @@ gem 'RedCloth' gem 'piwik_analytics' gem 'httpclient' -gem 'themes_for_rails' + +# This fork has Rails 4 compatible routes +gem 'themes_for_rails', git: 'https://github.com/holtkampw/themes_for_rails', ref: '1fd2d7897d75ae0d6375f4c390df87b8e91ad417' + gem "deep_merge", :require => 'deep_merge/rails_compat' diff --git a/apps/workbench/Gemfile.lock b/apps/workbench/Gemfile.lock index e1e2b81954..ca9afb14a5 100644 --- a/apps/workbench/Gemfile.lock +++ b/apps/workbench/Gemfile.lock @@ -1,41 +1,46 @@ +GIT + remote: https://github.com/holtkampw/themes_for_rails + revision: 1fd2d7897d75ae0d6375f4c390df87b8e91ad417 + ref: 1fd2d7897d75ae0d6375f4c390df87b8e91ad417 + specs: + themes_for_rails (0.5.1) + rails (>= 3.0.0) + GEM remote: https://rubygems.org/ specs: RedCloth (4.2.9) - actionmailer (3.2.15) - actionpack (= 3.2.15) + actionmailer (4.0.4) + actionpack (= 4.0.4) mail (~> 2.5.4) - actionpack (3.2.15) - activemodel (= 3.2.15) - activesupport (= 3.2.15) - builder (~> 3.0.0) + actionpack (4.0.4) + activesupport (= 4.0.4) + builder (~> 3.1.0) erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.15) - activesupport (= 3.2.15) - builder (~> 3.0.0) - activerecord (3.2.15) - activemodel (= 3.2.15) - activesupport (= 3.2.15) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.15) - activemodel (= 3.2.15) - activesupport (= 3.2.15) - activesupport (3.2.15) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + activemodel (4.0.4) + activesupport (= 4.0.4) + builder (~> 3.1.0) + activerecord (4.0.4) + activemodel (= 4.0.4) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.4) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.3) + activesupport (4.0.4) + i18n (~> 0.6, >= 0.6.9) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) andand (1.3.3) - arel (3.0.2) - bootstrap-sass (3.1.0.1) + arel (4.0.2) + bootstrap-sass (3.1.1.1) sass (~> 3.2) bootstrap-x-editable-rails (1.5.1.1) railties (>= 3.0) - builder (3.0.4) + builder (3.1.4) capistrano (2.15.5) highline net-scp (>= 1.0.0) @@ -48,56 +53,56 @@ GEM rack (>= 1.0.0) rack-test (>= 0.5.4) xpath (~> 2.0) - childprocess (0.5.1) + childprocess (0.5.3) ffi (~> 1.0, >= 1.0.11) cliver (0.3.2) - coffee-rails (3.2.2) + coffee-rails (4.0.1) coffee-script (>= 2.2.0) - railties (~> 3.2.0) + railties (>= 4.0.0, < 5.0) coffee-script (2.2.0) coffee-script-source execjs - coffee-script-source (1.6.3) + coffee-script-source (1.7.0) commonjs (0.2.7) - daemon_controller (1.1.7) + daemon_controller (1.2.0) deep_merge (1.0.1) erubis (2.7.0) execjs (2.0.2) ffi (1.9.3) headless (1.0.1) - highline (1.6.20) + highline (1.6.21) hike (1.2.3) httpclient (2.3.4.1) - i18n (0.6.5) - journey (1.0.4) - jquery-rails (3.0.4) + i18n (0.6.9) + jquery-rails (3.1.0) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) json (1.8.1) - less (2.4.0) + less (2.5.0) commonjs (~> 0.2.7) - less-rails (2.4.2) + less-rails (2.5.0) actionpack (>= 3.1) - less (~> 2.4.0) + less (~> 2.5.0) libv8 (3.16.14.3) mail (2.5.4) mime-types (~> 1.16) treetop (~> 1.4.8) - mime-types (1.25) - mini_portile (0.5.2) - multi_json (1.8.2) - net-scp (1.1.2) + mime-types (1.25.1) + mini_portile (0.5.3) + minitest (4.7.5) + multi_json (1.9.3) + net-scp (1.2.1) net-ssh (>= 2.6.5) net-sftp (2.1.2) net-ssh (>= 2.6.5) - net-ssh (2.7.0) + net-ssh (2.9.0) net-ssh-gateway (1.2.0) net-ssh (>= 2.6.5) nokogiri (1.6.1) mini_portile (~> 0.5.0) - oj (2.1.7) - passenger (4.0.23) - daemon_controller (>= 1.1.0) + oj (2.9.0) + passenger (4.0.41) + daemon_controller (>= 1.2.0) rack rake (>= 0.8.1) piwik_analytics (1.0.2) @@ -109,68 +114,64 @@ GEM cliver (~> 0.3.1) multi_json (~> 1.0) websocket-driver (>= 0.2.0) - polyglot (0.3.3) - rack (1.4.5) - rack-cache (1.2) - rack (>= 0.4) - rack-ssl (1.3.3) - rack + polyglot (0.3.4) + rack (1.5.2) rack-test (0.6.2) rack (>= 1.0) - rails (3.2.15) - actionmailer (= 3.2.15) - actionpack (= 3.2.15) - activerecord (= 3.2.15) - activeresource (= 3.2.15) - activesupport (= 3.2.15) - bundler (~> 1.0) - railties (= 3.2.15) - railties (3.2.15) - actionpack (= 3.2.15) - activesupport (= 3.2.15) - rack-ssl (~> 1.3.2) + rails (4.0.4) + actionmailer (= 4.0.4) + actionpack (= 4.0.4) + activerecord (= 4.0.4) + activesupport (= 4.0.4) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.4) + sprockets-rails (~> 2.0.0) + railties (4.0.4) + actionpack (= 4.0.4) + activesupport (= 4.0.4) rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (10.1.0) - rdoc (3.12.2) - json (~> 1.4) + thor (>= 0.18.1, < 2.0) + rake (10.3.1) ref (1.0.5) - rubyzip (1.1.0) + rubyzip (1.1.3) rvm-capistrano (1.5.1) capistrano (~> 2.15.4) - sass (3.2.12) - sass-rails (3.2.6) - railties (~> 3.2.0) - sass (>= 3.1.10) - tilt (~> 1.3) - selenium-webdriver (2.40.0) + sass (3.2.19) + sass-rails (4.0.3) + railties (>= 4.0.0, < 5.0) + sass (~> 3.2.0) + sprockets (~> 2.8, <= 2.11.0) + sprockets-rails (~> 2.0) + selenium-webdriver (2.41.0) childprocess (>= 0.5.0) multi_json (~> 1.0) rubyzip (~> 1.0) websocket (~> 1.0.4) - sprockets (2.2.2) + sprockets (2.11.0) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sqlite3 (1.3.8) - themes_for_rails (0.5.1) - rails (>= 3.0.0) - therubyracer (0.12.0) + sprockets-rails (2.0.1) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + sqlite3 (1.3.9) + therubyracer (0.12.1) libv8 (~> 3.16.14.0) ref - thor (0.18.1) + thor (0.19.1) + thread_safe (0.3.3) tilt (1.4.1) treetop (1.4.15) polyglot polyglot (>= 0.3.1) - tzinfo (0.3.38) - uglifier (2.3.1) + tzinfo (0.3.39) + uglifier (2.5.0) execjs (>= 0.3.0) json (>= 1.8.0) websocket (1.0.7) - websocket-driver (0.3.2) + websocket-driver (0.3.3) xpath (2.0.0) nokogiri (~> 1.3) @@ -183,7 +184,7 @@ DEPENDENCIES bootstrap-sass (~> 3.1.0) bootstrap-x-editable-rails capybara - coffee-rails (~> 3.2.0) + coffee-rails (~> 4.0.0) deep_merge headless httpclient @@ -195,12 +196,12 @@ DEPENDENCIES passenger piwik_analytics poltergeist - rails (~> 3.2.0) + rails (~> 4.0.0) rvm-capistrano sass - sass-rails (~> 3.2.0) + sass-rails (~> 4.0.0) selenium-webdriver sqlite3 - themes_for_rails + themes_for_rails! therubyracer uglifier (>= 1.0.3) diff --git a/apps/workbench/app/models/arvados_base.rb b/apps/workbench/app/models/arvados_base.rb index 1cf0d1fe84..78947ce79a 100644 --- a/apps/workbench/app/models/arvados_base.rb +++ b/apps/workbench/app/models/arvados_base.rb @@ -21,8 +21,15 @@ class ArvadosBase < ActiveRecord::Base end end - def initialize(*args) - super(*args) + def initialize raw_params={} + begin + super self.class.permit_attribute_params(raw_params) + rescue Exception => e + logger.debug raw_params + logger.debug self.class.permit_attribute_params(raw_params).inspect + logger.debug self.class.attribute_info.inspect + raise e + end @attribute_sortkey ||= { 'id' => nil, 'uuid' => '000', @@ -58,7 +65,6 @@ class ArvadosBase < ActiveRecord::Base @columns << column(k, :text) serialize k, coldef[:type].constantize end - attr_accessible k @attribute_info[k] = coldef end end @@ -115,6 +121,22 @@ class ArvadosBase < ActiveRecord::Base ArvadosResourceList.new(self).all(*args) end + def self.permit_attribute_params raw_params + # strong_parameters does not provide security in Workbench: anyone + # who can get this far can just as well do a call directly to our + # database (Arvados) with the same credentials we use. + ActionController::Parameters.new(raw_params).permit! + end + + def self.create raw_params={} + logger.error permit_attribute_params(raw_params).inspect + super(permit_attribute_params(raw_params)) + end + + def update_attributes raw_params={} + super(self.class.permit_attribute_params(raw_params)) + end + def save obdata = {} self.class.columns.each do |col| diff --git a/apps/workbench/app/views/links/_recent.html.erb b/apps/workbench/app/views/links/_recent.html.erb index 7548ae111f..1e60bf511d 100644 --- a/apps/workbench/app/views/links/_recent.html.erb +++ b/apps/workbench/app/views/links/_recent.html.erb @@ -38,7 +38,7 @@ <% if current_user and (current_user.is_admin or current_user.uuid == link.owner_uuid) %> - <%= link_to raw(''), { action: 'destroy', id: link.uuid }, { confirm: 'Delete this link?', method: 'delete' } %> + <%= link_to raw(''), { action: 'destroy', id: link.uuid }, data: {confirm: 'Delete this link?', method: 'delete'} %> <% end %> diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb index e2f5fdfa64..f667f388bd 100644 --- a/apps/workbench/app/views/users/_show_admin.html.erb +++ b/apps/workbench/app/views/users/_show_admin.html.erb @@ -15,7 +15,7 @@ account.

As an admin, you can deactivate and reset this user. This will remove all repository/VM permissions for the user. If you "setup" the user again, the user will have to sign the user agreement again.

-<%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', confirm: "Are you sure you want to deactivate #{@object.full_name}?"%> +<%= button_to "Deactivate #{@object.full_name}", unsetup_user_url(id: @object.uuid), class: 'btn btn-primary', data: {confirm: "Are you sure you want to deactivate #{@object.full_name}?"} %>
<% content_for :footer_html do %> diff --git a/apps/workbench/config/application.default.yml b/apps/workbench/config/application.default.yml index c80b7f960a..533382edb1 100644 --- a/apps/workbench/config/application.default.yml +++ b/apps/workbench/config/application.default.yml @@ -3,15 +3,12 @@ development: cache_classes: false - whiny_nils: true + eager_load: true consider_all_requests_local: true action_controller.perform_caching: false action_mailer.raise_delivery_errors: false active_support.deprecation: :log action_dispatch.best_standards_support: :builtin - active_record.mass_assignment_sanitizer: :strict - active_record.auto_explain_threshold_in_seconds: 0.5 - assets.compress: false assets.debug: true profiling_enabled: true site_name: Arvados Workbench (dev) @@ -19,10 +16,10 @@ development: production: force_ssl: true cache_classes: true + eager_load: true consider_all_requests_local: false action_controller.perform_caching: true serve_static_assets: false - assets.compress: true assets.compile: false assets.digest: true i18n.fallbacks: true @@ -38,18 +35,18 @@ production: test: cache_classes: true + eager_load: false serve_static_assets: true static_cache_control: public, max-age=3600 - whiny_nils: true consider_all_requests_local: true action_controller.perform_caching: false action_dispatch.show_exceptions: false action_controller.allow_forgery_protection: false action_mailer.delivery_method: :test - active_record.mass_assignment_sanitizer: :strict active_support.deprecation: :stderr profiling_enabled: false secret_token: <%= rand(2**256).to_s(36) %> + secret_key_base: <%= rand(2**256).to_s(36) %> # When you run the Workbench's integration tests, it starts the API # server as a dependency. These settings should match the API @@ -62,6 +59,8 @@ test: site_name: Workbench:test common: + assets.js_compressor: false + assets.css_compressor: false data_import_dir: /tmp/arvados-workbench-upload data_export_dir: /tmp/arvados-workbench-download arvados_login_base: https://arvados.local/login @@ -72,5 +71,6 @@ common: arvados_theme: default show_user_agreement_inline: false secret_token: ~ + secret_key_base: ~ default_openid_prefix: https://www.google.com/accounts/o8/id send_user_setup_notification_email: true diff --git a/apps/workbench/config/application.rb b/apps/workbench/config/application.rb index 0e1ec9604c..c456bb117d 100644 --- a/apps/workbench/config/application.rb +++ b/apps/workbench/config/application.rb @@ -2,12 +2,7 @@ require File.expand_path('../boot', __FILE__) require 'rails/all' -if defined?(Bundler) - # If you precompile assets before deploying to production, use this line - Bundler.require(*Rails.groups(:assets => %w(development test))) - # If you want your assets lazily compiled in production, use this line - # Bundler.require(:default, :assets, Rails.env) -end +Bundler.require(:default, Rails.env) module ArvadosWorkbench class Application < Rails::Application @@ -47,12 +42,6 @@ module ArvadosWorkbench # like if you have constraints or database-specific column types # config.active_record.schema_format = :sql - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = true - # Enable the asset pipeline config.assets.enabled = true diff --git a/apps/workbench/config/environments/development.rb.example b/apps/workbench/config/environments/development.rb.example index 389a25420f..3ea9ec2016 100644 --- a/apps/workbench/config/environments/development.rb.example +++ b/apps/workbench/config/environments/development.rb.example @@ -6,9 +6,6 @@ ArvadosWorkbench::Application.configure do # since you don't have to restart the web server when you make code changes. config.cache_classes = false - # Log error messages when you accidentally call methods on nil. - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -22,15 +19,8 @@ ArvadosWorkbench::Application.configure do # Only use best-standards-support built into browsers config.action_dispatch.best_standards_support = :builtin - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - config.active_record.auto_explain_threshold_in_seconds = 0.5 - # Do not compress assets - config.assets.compress = false + config.assets.js_compressor = false # Expands the lines which load the assets config.assets.debug = true diff --git a/apps/workbench/config/environments/production.rb.example b/apps/workbench/config/environments/production.rb.example index bb7595454e..209556cbf4 100644 --- a/apps/workbench/config/environments/production.rb.example +++ b/apps/workbench/config/environments/production.rb.example @@ -12,7 +12,7 @@ ArvadosWorkbench::Application.configure do config.serve_static_assets = false # Compress JavaScripts and CSS - config.assets.compress = true + config.assets.js_compressor = :yui # Don't fallback to assets pipeline if a precompiled asset is missed config.assets.compile = false @@ -61,10 +61,6 @@ ArvadosWorkbench::Application.configure do # Send deprecation notices to registered listeners config.active_support.deprecation = :notify - # Log the query plan for queries taking more than this (works - # with SQLite, MySQL, and PostgreSQL) - # config.active_record.auto_explain_threshold_in_seconds = 0.5 - # Log timing data for API transactions config.profiling_enabled = false diff --git a/apps/workbench/config/environments/test.rb.example b/apps/workbench/config/environments/test.rb.example index b3cb72aff2..fd034d3185 100644 --- a/apps/workbench/config/environments/test.rb.example +++ b/apps/workbench/config/environments/test.rb.example @@ -11,9 +11,6 @@ ArvadosWorkbench::Application.configure do config.serve_static_assets = true config.static_cache_control = "public, max-age=3600" - # Log error messages when you accidentally call methods on nil - config.whiny_nils = true - # Show full error reports and disable caching config.consider_all_requests_local = true config.action_controller.perform_caching = false @@ -29,9 +26,6 @@ ArvadosWorkbench::Application.configure do # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Print deprecation notices to the stderr config.active_support.deprecation = :stderr diff --git a/apps/workbench/config/routes.rb b/apps/workbench/config/routes.rb index cac3431667..7d6d3b6eac 100644 --- a/apps/workbench/config/routes.rb +++ b/apps/workbench/config/routes.rb @@ -18,8 +18,8 @@ ArvadosWorkbench::Application.routes.draw do resources :authorized_keys resources :job_tasks resources :jobs - match '/logout' => 'sessions#destroy' - match '/logged_out' => 'sessions#index' + match '/logout' => 'sessions#destroy', via: [:get, :post] + get '/logged_out' => 'sessions#index' resources :users do get 'home', :on => :member get 'welcome', :on => :collection @@ -39,7 +39,7 @@ ArvadosWorkbench::Application.routes.draw do get 'compare', on: :collection end resources :links - match '/collections/graph' => 'collections#graph' + get '/collections/graph' => 'collections#graph' resources :collections do post 'set_persistent', on: :member end @@ -52,5 +52,5 @@ ArvadosWorkbench::Application.routes.draw do # Send unroutable requests to an arbitrary controller # (ends up at ApplicationController#render_not_found) - match '*a', :to => 'links#render_not_found' + match '*a', to: 'links#render_not_found', via: [:get, :post] end -- 2.39.5