chore: merge 8.1.0 into beta

.github/workflows/build.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - beta
+      - 7.x.x
   pull_request:
 
 env:
@@ -72,7 +73,7 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     needs: [lint, test]
-    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/beta')
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/7.x.x')
     steps:
       - uses: actions/checkout@v2
         with:

.releaserc.js

@@ -1,5 +1,5 @@
 module.exports = {
-  branches: ['main', {name: 'beta', prerelease: true}],
+  branches: ['main', '+([0-9])?(.{+([0-9]),x}).x', {name: 'beta', prerelease: true}],
   plugins: [
     [
       '@semantic-release/commit-analyzer', {

CHANGELOG.md

@@ -1,3 +1,129 @@
+# [8.1.0](https://github.com/ForestAdmin/forest-rails/compare/v8.0.17...v8.1.0) (2024-01-18)
+
+
+### Features
+
+* add polymorphic associations support ([#640](https://github.com/ForestAdmin/forest-rails/issues/640)) ([2d43bc3](https://github.com/ForestAdmin/forest-rails/commit/2d43bc35c9085555cb3625a4325e427e80a5ec6a))
+
+## [8.0.17](https://github.com/ForestAdmin/forest-rails/compare/v8.0.16...v8.0.17) (2023-12-05)
+
+
+### Bug Fixes
+
+* security vulnerabilities RCE on 8.x.x ([#638](https://github.com/ForestAdmin/forest-rails/issues/638)) ([02679b5](https://github.com/ForestAdmin/forest-rails/commit/02679b584b84eda3d1f0be6e6482d130b53b4d19))
+
+## [8.0.16](https://github.com/ForestAdmin/forest-rails/compare/v8.0.15...v8.0.16) (2023-11-16)
+
+
+### Bug Fixes
+
+* **authentication:** return errors detail instead of generic error 500 ([#636](https://github.com/ForestAdmin/forest-rails/issues/636)) ([1a69e2f](https://github.com/ForestAdmin/forest-rails/commit/1a69e2f0ce308b060454ca98ab0d08fd8f14a862))
+
+## [8.0.15](https://github.com/ForestAdmin/forest-rails/compare/v8.0.14...v8.0.15) (2023-10-23)
+
+
+### Bug Fixes
+
+* **permissions:** fetch permissions return an exception when the server doesn't return an 200 response ([#635](https://github.com/ForestAdmin/forest-rails/issues/635)) ([9a7590b](https://github.com/ForestAdmin/forest-rails/commit/9a7590b5084ed4588fab09bd903822d05a0930fc))
+
+## [8.0.14](https://github.com/ForestAdmin/forest-rails/compare/v8.0.13...v8.0.14) (2023-10-16)
+
+
+### Bug Fixes
+
+* **logger:** format of the datetime ([#634](https://github.com/ForestAdmin/forest-rails/issues/634)) ([e356b83](https://github.com/ForestAdmin/forest-rails/commit/e356b838ebd8b426d189f076414841216b5198ab)), closes [#633](https://github.com/ForestAdmin/forest-rails/issues/633)
+
+## [8.0.13](https://github.com/ForestAdmin/forest-rails/compare/v8.0.12...v8.0.13) (2023-10-05)
+
+
+### Bug Fixes
+
+* destroy record with restriction on children ([#632](https://github.com/ForestAdmin/forest-rails/issues/632)) ([da1f8b6](https://github.com/ForestAdmin/forest-rails/commit/da1f8b6cf22d1701a83c40e2a79d056622566715)), closes [#630](https://github.com/ForestAdmin/forest-rails/issues/630)
+
+## [8.0.12](https://github.com/ForestAdmin/forest-rails/compare/v8.0.11...v8.0.12) (2023-07-07)
+
+
+### Bug Fixes
+
+* allow charts with dynamic query using record id ([#628](https://github.com/ForestAdmin/forest-rails/issues/628)) ([ff2e1b5](https://github.com/ForestAdmin/forest-rails/commit/ff2e1b5231393a8adfbef3b9c4abb135999e73ad))
+
+## [8.0.11](https://github.com/ForestAdmin/forest-rails/compare/v8.0.10...v8.0.11) (2023-06-29)
+
+
+### Bug Fixes
+
+* reporter error on dissociate action ([#627](https://github.com/ForestAdmin/forest-rails/issues/627)) ([edc45aa](https://github.com/ForestAdmin/forest-rails/commit/edc45aa0d09f06d89acec3ac835347129aa35d7c))
+
+## [8.0.10](https://github.com/ForestAdmin/forest-rails/compare/v8.0.9...v8.0.10) (2023-06-19)
+
+
+### Bug Fixes
+
+* **smartaction:**  register custom endpoint for load/changes hooks ([#626](https://github.com/ForestAdmin/forest-rails/issues/626)) ([3d66b3b](https://github.com/ForestAdmin/forest-rails/commit/3d66b3bff1ddfb3476af3b6f54bcef6f15d79247))
+
+## [8.0.9](https://github.com/ForestAdmin/forest-rails/compare/v8.0.8...v8.0.9) (2023-06-13)
+
+
+### Bug Fixes
+
+* **permissions:** use correct collection name for model under module ([#624](https://github.com/ForestAdmin/forest-rails/issues/624)) ([e896763](https://github.com/ForestAdmin/forest-rails/commit/e8967631d93a8375de26f7707f8acba93f6ecc5c))
+
+## [8.0.8](https://github.com/ForestAdmin/forest-rails/compare/v8.0.7...v8.0.8) (2023-05-23)
+
+
+### Bug Fixes
+
+* **scope:** cast filters to json before merge with scope ([#622](https://github.com/ForestAdmin/forest-rails/issues/622)) ([b0e0196](https://github.com/ForestAdmin/forest-rails/commit/b0e01966158a37cadb2de7bf6ac177e53912d437))
+
+## [8.0.7](https://github.com/ForestAdmin/forest-rails/compare/v8.0.6...v8.0.7) (2023-05-23)
+
+
+### Bug Fixes
+
+* **operator:** replace the hard-coded duration by the duration variable ([#621](https://github.com/ForestAdmin/forest-rails/issues/621)) ([776f23d](https://github.com/ForestAdmin/forest-rails/commit/776f23d4afe47a0d41ca65abf9762e1c86504b3e))
+
+## [8.0.6](https://github.com/ForestAdmin/forest-rails/compare/v8.0.5...v8.0.6) (2023-05-05)
+
+
+### Bug Fixes
+
+* **hooks:** use exact namespace to prevent controller conflict ([#620](https://github.com/ForestAdmin/forest-rails/issues/620)) ([3e4e7d6](https://github.com/ForestAdmin/forest-rails/commit/3e4e7d64dcbe22f981ef21d82076765fd8a12ed3))
+
+## [8.0.5](https://github.com/ForestAdmin/forest-rails/compare/v8.0.4...v8.0.5) (2023-05-04)
+
+
+### Bug Fixes
+
+* **relation:** fix dissociate all records of relationship ([#618](https://github.com/ForestAdmin/forest-rails/issues/618)) ([861d76f](https://github.com/ForestAdmin/forest-rails/commit/861d76f2606f66d81df0cd31581950744a4b67a9))
+
+## [8.0.4](https://github.com/ForestAdmin/forest-rails/compare/v8.0.3...v8.0.4) (2023-04-21)
+
+
+### Bug Fixes
+
+* **action:** authorize all actions on development environment ([#617](https://github.com/ForestAdmin/forest-rails/issues/617)) ([72bec24](https://github.com/ForestAdmin/forest-rails/commit/72bec24fee8b0397c80a93654d28f52d9c20cc15))
+
+## [8.0.3](https://github.com/ForestAdmin/forest-rails/compare/v8.0.2...v8.0.3) (2023-04-06)
+
+
+### Bug Fixes
+
+* **permissions:** use forest collection name for check the permission ([#616](https://github.com/ForestAdmin/forest-rails/issues/616)) ([a35646f](https://github.com/ForestAdmin/forest-rails/commit/a35646f4c39cb151aed14e52e1be1099b1946fd9))
+
+## [8.0.2](https://github.com/ForestAdmin/forest-rails/compare/v8.0.1...v8.0.2) (2023-03-22)
+
+
+### Bug Fixes
+
+* developers can disable automatic schema send ([#614](https://github.com/ForestAdmin/forest-rails/issues/614)) ([97e1f06](https://github.com/ForestAdmin/forest-rails/commit/97e1f06d9442ed8faf8b22504caf76c8a4b50fe1))
+
+## [8.0.1](https://github.com/ForestAdmin/forest-rails/compare/v8.0.0...v8.0.1) (2023-03-16)
+
+
+### Bug Fixes
+
+* schema version generation for all versions ([#613](https://github.com/ForestAdmin/forest-rails/issues/613)) ([de72c6e](https://github.com/ForestAdmin/forest-rails/commit/de72c6e514ebb3483ffaf0fbc739acfeae0a56e7))
+
 # [8.0.0](https://github.com/ForestAdmin/forest-rails/compare/v7.8.1...v8.0.0) (2023-03-14)
 
 

Gemfile

@@ -14,6 +14,7 @@ gemspec
 group :development, :test do
   gem 'byebug'
   gem 'rspec-rails'
+  gem "timecop"
 end
 
 group :test do

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    forest_liana (8.0.0)
+    forest_liana (8.1.0)
       arel-helpers
       bcrypt
       deepsort
@@ -231,6 +231,7 @@ GEM
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
     thor (1.2.1)
+    timecop (0.9.6)
     timeout (0.3.1)
     tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
@@ -272,6 +273,7 @@ DEPENDENCIES
   rspec-rails
   simplecov (~> 0.17.0)
   sqlite3 (~> 1.4)
+  timecop
   useragent
 
 BUNDLED WITH

app/controllers/forest_liana/actions_controller.rb

@@ -1,5 +1,5 @@
 module ForestLiana
-  class ActionsController < ApplicationController
+  class ActionsController < ForestLiana::ApplicationController
 
     def get_smart_action_hook_request
       if params[:data] && params[:data][:attributes] && params[:data][:attributes][:collection_name]

app/controllers/forest_liana/application_controller.rb

@@ -4,6 +4,7 @@
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
     rescue_from ForestLiana::Ability::Exceptions::AccessDenied, with: :render_error
+    rescue_from ForestLiana::Errors::HTTP403Error, with: :render_error
     rescue_from ForestLiana::Errors::HTTP422Error, with: :render_error
 
     def self.papertrail?

app/controllers/forest_liana/associations_controller.rb

@@ -72,12 +72,13 @@ def associate
 
     def dissociate
       begin
-        dissociator = HasManyDissociator.new(@resource, @association, params)
+        dissociator = HasManyDissociator.new(@resource, @association, params, forest_user)
         dissociator.perform
 
         head :no_content
       rescue => error
-        FOREST_LOGGER.error "Association Associate error: #{error}\n#{format_stacktrace(error)}"
+        FOREST_REPORTER.report error
+        FOREST_LOGGER.error "Association Dissociate error: #{error}\n#{format_stacktrace(error)}"
         internal_server_error
       end
     end

app/controllers/forest_liana/authentication_controller.rb

@@ -39,6 +39,8 @@ def start_authentication
     end
 
     def authentication_callback
+      return authentication_exception if params.key?(:error)
+
       begin
         token = @authentication_service.verify_code_and_generate_token(params)
 
@@ -55,6 +57,21 @@ def authentication_callback
       end
     end
 
+    def authentication_exception
+      begin
+        raise ForestLiana::Errors::AuthenticationOpenIdClientException.new(params[:error], params[:error_description], params[:state])
+      rescue => error
+        FOREST_REPORTER.report error
+        FOREST_LOGGER.error "AuthenticationOpenIdClientException: #{error.error_description}"
+
+        render json: {
+          error: error.error,
+          error_description: error.error_description,
+          state: error.state
+        }, status: :unauthorized
+      end
+    end
+
     def logout
       begin
         if cookies.has_key?(:forest_session_token)

app/controllers/forest_liana/resources_controller.rb

@@ -129,17 +129,20 @@ def update
 
     def destroy
       forest_authorize!('delete', forest_user, @resource)
-        begin
+      begin
         collection_name = ForestLiana.name_for(@resource)
         scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, forest_user, collection_name, params[:timezone])
 
         unless scoped_records.exists?(params[:id])
           return render serializer: nil, json: { status: 404 }, status: :not_found
         end
 
-        scoped_records.destroy(params[:id])
-
-        head :no_content
+        if scoped_records.destroy(params[:id])
+          head :no_content
+        else
+          restrict_error = ActiveRecord::DeleteRestrictionError.new
+          render json: { errors: [{ status: :bad_request, detail: restrict_error.message }] }, status: :bad_request
+        end
       rescue => error
         FOREST_REPORTER.report error
         FOREST_LOGGER.error "Record Destroy error: #{error}\n#{format_stacktrace(error)}"
@@ -151,9 +154,14 @@ def destroy_bulk
       forest_authorize!('delete', forest_user, @resource)
       begin
         ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
-        @resource.destroy(ids) if ids&.any?
-
-        head :no_content
+        @resource.transaction do
+          ids.each do |id|
+            record = @resource.find(id)
+            record.destroy!
+          end
+        end
+      rescue ActiveRecord::RecordNotDestroyed => error
+        render json: { errors: [{ status: :bad_request, detail: error.message }] }, status: :bad_request
       rescue => error
         FOREST_REPORTER.report error
         FOREST_LOGGER.error "Records Destroy error: #{error}\n#{format_stacktrace(error)}"

app/deserializers/forest_liana/resource_deserializer.rb

@@ -63,7 +63,12 @@ def extract_relationships
             # ActionController::Parameters do not inherit from Hash anymore
             # since Rails 5.
             if (data.is_a?(Hash) || data.is_a?(ActionController::Parameters)) && data[:id]
-              @attributes[name] = association.klass.find(data[:id])
+              if (SchemaUtils.polymorphic?(association))
+                @attributes[association.foreign_key] = data[:id]
+                @attributes[association.foreign_type] = data[:type]
+              else
+                @attributes[name] = association.klass.find(data[:id])
+              end
             elsif data.blank?
               @attributes[name] = nil
             end

app/helpers/forest_liana/query_helper.rb

@@ -1,8 +1,16 @@
 module ForestLiana
   module QueryHelper
     def self.get_one_associations(resource)
-      SchemaUtils.one_associations(resource)
-        .select { |association| SchemaUtils.model_included?(association.klass) }
+      associations = SchemaUtils.one_associations(resource)
+        .select do |association|
+          if SchemaUtils.polymorphic?(association)
+            SchemaUtils.polymorphic_models(association).all? { |model| SchemaUtils.model_included?(model) }
+          else
+            SchemaUtils.model_included?(association.klass)
+          end
+        end
+
+      associations
     end
 
     def self.get_one_association_names_symbol(resource)
@@ -18,10 +26,19 @@ def self.get_tables_associated_to_relations_name(resource)
       associations_has_one = self.get_one_associations(resource)
 
       associations_has_one.each do |association|
-        if tables_associated_to_relations_name[association.table_name].nil?
-          tables_associated_to_relations_name[association.table_name] = []
+        if SchemaUtils.polymorphic?(association)
+          SchemaUtils.polymorphic_models(association).each do |model|
+            if tables_associated_to_relations_name[model.table_name].nil?
+              tables_associated_to_relations_name[model.table_name] = []
+            end
+            tables_associated_to_relations_name[model.table_name] << association.name
+          end
+        else
+          if tables_associated_to_relations_name[association.try(:table_name)].nil?
+            tables_associated_to_relations_name[association.table_name] = []
+          end
+          tables_associated_to_relations_name[association.table_name] << association.name
         end
-        tables_associated_to_relations_name[association.table_name] << association.name
       end
 
       tables_associated_to_relations_name

app/serializers/forest_liana/serializer_factory.rb

@@ -265,7 +265,19 @@ def mixpanel_integration?
 
         SchemaUtils.associations(active_record_class).each do |a|
           begin
-            if SchemaUtils.model_included?(a.klass)
+            if SchemaUtils.polymorphic?(a)
+              serializer.send(serializer_association(a), a.name) {
+                if [:has_one, :belongs_to].include?(a.macro)
+                  begin
+                    object.send(a.name)
+                  rescue ActiveRecord::RecordNotFound
+                    nil
+                  end
+                else
+                  []
+                end
+              }
+            elsif SchemaUtils.model_included?(a.klass)
               serializer.send(serializer_association(a), a.name) {
                 if [:has_one, :belongs_to].include?(a.macro)
                   begin
@@ -369,6 +381,7 @@ def serializer_association(association)
 
     def attributes(active_record_class)
       return [] if @is_smart_collection
+
       active_record_class.column_names.select do |column_name|
         !association?(active_record_class, column_name)
       end
@@ -410,6 +423,9 @@ def association?(active_record_class, column_name)
     def foreign_keys(active_record_class)
       begin
         SchemaUtils.belongs_to_associations(active_record_class).map(&:foreign_key)
+        SchemaUtils.belongs_to_associations(active_record_class)
+                   .select { |association| !SchemaUtils.polymorphic?(association) }
+                   .map(&:foreign_key)
       rescue => err
         # Association foreign_key triggers an error. Put the stacktrace and
         # returns no foreign keys.