barbie-bot/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Compare commits

base: barbie-bot:feature/quantity-default-unit-and-taken-at
Branches Tags
barbie-bot:master barbie-bot:feature/extend-all-test-tasks-multi-db barbie-bot:feature/multi-database-testing barbie-bot:refactor/element-helpers barbie-bot:fix/autofocus-blur barbie-bot:fix/form-cancel-stimulus barbie-bot:refactor/stimulus barbie-bot:feature/measurements-wide-view barbie-bot:feature/quantity-default-unit-and-taken-at barbie-bot:feature/measurements-charts barbie-bot:fix/system-tests barbie-bot:fix/test-host-authorization barbie-bot:fix-sqlite-compat barbie-bot:fix-sqlite-binary-cast barbie-bot:fix-text-column-length-validation barbie-bot:seed-default-quantities barbie-bot:fix/measurements-create barbie-bot:fix/quantity-ordered-sqlite barbie-bot:pr70-sole-admin barbie-bot:pr69-multi-db barbie-bot:pr68-setup-wizard barbie-bot:fix/seed-admin-password barbie-bot:sole-admin-protection-clean barbie-bot:test-multi-db barbie-bot:final-form barbie-bot:simple-form barbie-bot:measurement-form fixin.me:master fixin.me:final-form fixin.me:simple-form fixin.me:measurement-form
..
compare: barbie-bot:fix/seed-admin-password
Branches Tags
barbie-bot:feature/extend-all-test-tasks-multi-db barbie-bot:feature/multi-database-testing barbie-bot:refactor/element-helpers barbie-bot:fix/autofocus-blur barbie-bot:fix/form-cancel-stimulus barbie-bot:refactor/stimulus barbie-bot:feature/measurements-wide-view barbie-bot:feature/quantity-default-unit-and-taken-at barbie-bot:feature/measurements-charts barbie-bot:fix/system-tests barbie-bot:fix/test-host-authorization barbie-bot:master barbie-bot:fix-sqlite-compat barbie-bot:fix-sqlite-binary-cast barbie-bot:fix-text-column-length-validation barbie-bot:seed-default-quantities barbie-bot:fix/measurements-create barbie-bot:fix/quantity-ordered-sqlite barbie-bot:pr70-sole-admin barbie-bot:pr69-multi-db barbie-bot:pr68-setup-wizard barbie-bot:fix/seed-admin-password barbie-bot:sole-admin-protection-clean barbie-bot:test-multi-db barbie-bot:final-form barbie-bot:simple-form barbie-bot:measurement-form fixin.me:master fixin.me:final-form fixin.me:simple-form fixin.me:measurement-form

5 Commits
feature/qu ... fix/seed-a

Author SHA1 Message Date
barbie-bot
0a56bee826 Fix seed admin password too short for Devise validation 
Generate a random 12-character alphanumeric password instead of the
hardcoded 'admin' (5 chars) which fails Devise's minimum length
requirement of 8 characters. The generated password is printed to
stdout so the operator knows what to use.

Fixes #71
 2026-03-10 17:04:07 +00:00
barbie-bot
0daf413b47 Prevent sole admin from deleting their account 
Without this guard, the last admin in the system could delete their own
account, making the application unmanageable. This adds a model method
`User#sole_admin?`, a controller guard in `RegistrationsController#destroy`,
and disables the delete button in the profile edit view when the current
user is the only remaining admin.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 06:52:14 +00:00
barbie-bot
f3cb8db1f4 Setup wizard: use labeled-form grid for vertical field layout 
Replace the fieldset-based layout with the app's standard
.labeled-form CSS grid so email, password and retype fields
stack vertically (label left, input right) exactly like the
existing sign-in and registration forms.

Section headings and checkbox rows are given explicit grid-column
spans via inline styles so they span the full form width rather
than being constrained to the label column.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 17:37:49 +00:00
barbie-bot
7904ff3ef9 Add web-based installation wizard 
Replace the CLI-only setup (db:seed + manual application.rb edits)
with a web wizard shown automatically on first visit when no admin
account exists yet.

SetupController (GET/POST /setup) collects the admin e-mail and
password, a "skip e-mail confirmation" toggle, and an option to
seed the built-in default units.  Once submitted it creates the
admin User, persists the chosen options as Setting records, and
redirects to the sign-in page.

ApplicationController gains a redirect_to_setup_if_needed
before_action that catches every request (including Devise routes)
when no admin exists, so a fresh installation always lands on the
wizard rather than an empty sign-in form.

A new Setting model provides a lightweight key-value store for
runtime options that were previously hard-coded in application.rb
(e.g. skip_email_confirmation).  RegistrationsController now reads
that flag from the database instead of from the application config.

Seeds.rb is kept for headless / automated deployments and skips
admin creation when an admin already exists (idempotent), with a
comment pointing to the web wizard as the preferred path.

Also extends the SQLite nil-limit fix (|| Float::INFINITY) to the
Quantity model, which suffered the same ArgumentError as Unit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 17:19:24 +00:00
barbie-bot
9ad922e3a1 Add skip_email_confirmation option; fix SQLite length validation 
Introduce config.skip_email_confirmation in application.rb.dist.
When set to true, new registrations are automatically confirmed
without requiring email verification — useful for installations
where outgoing email is not configured or for development/testing.
Implemented by calling skip_confirmation! in build_resource before
the record is saved, so no confirmation email is ever sent.

Also fix ArgumentError raised in length validations when
type_for_attribute(:column).limit returns nil, which happens with
SQLite for string columns that have no explicit limit in the
migration. Guard with || Float::INFINITY so the validation is
effectively skipped when the database imposes no limit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 15:57:50 +00:00
58 changed files with 750 additions and 801 deletions
Expand all files Collapse all files

84
CLAUDE.md
View File

@@ -1,84 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
Fixin.me is a "quantified self" Rails 7.2.3 application for personal data tracking. Users define hierarchical **quantities** (metrics to track), **units** (with optional conversion hierarchies), and **readouts** (individual measurements). There is also a non-persistent **measurement** model used as a form wrapper.
## Setup
Configuration files are distributed as `.dist` templates — copy and customize before use:
```bash
cp config/application.rb.dist config/application.rb
cp config/database.yml.dist config/database.yml
cp config/puma.rb.dist config/puma.rb
```
```bash
bundle config --local frozen true
bundle config --local path .gem
bundle config --local with mysql development test # or: pg, sqlite
bundle install
RAILS_ENV=development bundle exec rails db:create db:migrate db:seed
```
## Common Commands
```bash
bundle exec rails s # start server
bundle exec rails test # all unit/model/controller tests
bundle exec rails test:system # all system tests (Capybara + Selenium)
bundle exec rails test test/system/units_test.rb # single test file
bundle exec rails test --seed 64690 --name test_add_unit # single test by name
bundle exec rails db:seed:export # export default settings as seed file
```
## Architecture
### Data Model
- **Quantity** — hierarchical tree (self-referential `parent_id`). Cached `depth` and `pathname` fields are recomputed via recursive CTEs on write. Direct assignment to cached fields is blocked.
- **Unit** — optional hierarchy via `base_id` and `multiplier` for unit conversion. Multiplier precision/scale is validated by a custom validator.
- **Readout** — single measurement: `value` (IEEE 754 float), `quantity`, `unit`, `category`.
- **Measurement** — `ActiveModel::Model` form wrapper (not database-backed); bridges the readout creation form.
- **User** — Devise-managed with a status enum: `admin`, `active`, `restricted`, `locked`, `disabled`. Admins can disguise as other users.
### Hierarchical Queries
Both `Quantity` and `Unit` use recursive CTEs for tree traversal (ordered traversal, ancestors, progenies, common ancestors). `lib/core_ext/arel/` patches Arel to support CTE with `UPDATE`/`DELETE` statements, working around Rails issue #54658.
### Custom Extensions (`lib/core_ext/`)
- **arel/** — CTE support for UPDATE/DELETE
- **active_model/** — precision/scale validator used by `Unit#multiplier`
- **active_record/** — `attr_cached` mechanism (see `ApplicationRecord`)
- **action_view/** — record identifier suffixes
- Miscellaneous: `Array#delete_bang`, `BigDecimal` scientific notation
### Response Handling
Controllers respond to both HTML and Turbo Stream formats. Errors during Turbo Stream requests trigger a redirect with flash rather than rendering inline, handled in `ApplicationController`.
### Numeric Precision
Readout values are stored as IEEE 754 double-precision floats (not fixed-point decimals). Rationale in `DESIGN.md`: biological values span many orders of magnitude; 15-digit float precision is sufficient and avoids conversion overhead.
### Routes
```
measurements GET/POST /measurements
readouts GET/POST /readouts, DELETE /readouts/:id/discard
quantities CRUD + POST /quantities/:id/reparent
units CRUD + POST /units/:id/rebase
users CRUD + POST /users/:id/disguise, POST /users/revert
default/ namespace for default units import/export and admin panel
root → /units (authenticated), /sign_in (unauthenticated)
```
## Database Requirements
The database must support:
- Recursive CTEs with `UPDATE`/`DELETE` (MySQL ≥ 8.0, PostgreSQL, or SQLite3)
- Decimal precision of 30+ digits

34
DESIGN.md
View File

@@ -1,34 +0,0 @@
DESIGN
======
Below is a list of design decisions. The justification is to be consulted
whenever a change is considered, to avoid regressions.
### Data type for DB storage of numeric values (`decimal` vs `float`)
* among database engines supported (by Rails), SQLite offers storage of
`decimal` data type with the lowest precision, equal to the precision of
`REAL` type (double precision float value, IEEE 754), but in a floating point
format,
* decimal types in other database engines offer greater precision, but store
data in a fixed point format,
* biology-related values differ by several orders of magnitude; storing them in
fixed point format would only make sense if required precision would be
greater than that offered by floating point format,
* even then, fixed point would mean either bigger memory requirements or
worse precision for numbers close to scale limit,
* for a fixed point format to use the same 8 bytes of storage as IEEE
754, precision would need to be limited to 18 digits (4 bytes/9 digits)
and scale approximately half of that - 9,
* double precision floating point guarantees 15 digits of precision, which
is more than enough for all expected use cases,
* single precision floating point only guarntees 6 digits of precision,
which is estimated to be too low for some use cases (e.g. storing
latitude/longitude with a resolution grater than 100m)
* double precision floating point (IEEE 754) is a standard that ensures
compatibility with all database engines,
* the same data format is used internally by Ruby as a `Float`; it
guarantees no conversions between storage and computation,
* as a standard with hardware implementations ensures both: computing
efficiency and hardware/3rd party library compatibility as opposed to Ruby
custom `BigDecimal` type

2
app/assets/images/pictograms/alert-outline.svg
View File

@@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M12,2L1,21H23M12,6L19.53,19H4.47M11,10V14H13V10M11,16V18H13V16" /></svg> <svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path fill="#ffffff" d="M12,2L1,21H23M12,6L19.53,19H4.47M11,10V14H13V10M11,16V18H13V16" /></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 152 B

After

Width:  |  Height:  |  Size: 167 B

2
app/assets/images/pictograms/check-circle-outline.svg
View File

@@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M12 2C6.5 2 2 6.5 2 12S6.5 22 12 22 22 17.5 22 12 17.5 2 12 2M12 20C7.59 20 4 16.41 4 12S7.59 4 12 4 20 7.59 20 12 16.41 20 12 20M16.59 7.58L10 14.17L7.41 11.59L6 13L10 17L18 9L16.59 7.58Z" /></svg> <svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path fill="#ffffff" d="M12 2C6.5 2 2 6.5 2 12S6.5 22 12 22 22 17.5 22 12 17.5 2 12 2M12 20C7.59 20 4 16.41 4 12S7.59 4 12 4 20 7.59 20 12 16.41 20 12 20M16.59 7.58L10 14.17L7.41 11.59L6 13L10 17L18 9L16.59 7.58Z" /></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 278 B

After

Width:  |  Height:  |  Size: 293 B

547
app/assets/stylesheets/application.css
View File

@@ -18,12 +18,10 @@
/* Strive for simplicity: /* Strive for simplicity:
* * style elements/tags only - if possible, * * style elements/tags only - if possible,
* * replace element/tag name with class name - if element has to be styled * * replace element/tag name with class name - if element has to be styled
* differently depending on context (e.g. <form>, <table>, <a> as link/button), * differently depending on context (e.g. form)
* * styles with multiple selectors should have all selectors with same
* specificity, to allow proper rule specificity vs order management.
* *
* NOTE: style in a modular way, similar to how CSS @scope would be used, * NOTE: Style in a modular way, similar to how CSS @scope would be used,
* to make transition easier once @scope is widely available. */ * to make transition easier once @scope is widely available */
:root { :root {
--color-focus-gray: #f3f3f3; --color-focus-gray: #f3f3f3;
--color-border-gray: #dddddd; --color-border-gray: #dddddd;
@@ -55,36 +53,17 @@
:focus-visible { :focus-visible {
outline: none; outline: none;
} }
/* NOTE: move to higher priority layer instead of using !important?; add CSS
* @layer requirements in README */
[disabled] {
border-color: var(--color-border-gray) !important;
color: var(--color-border-gray) !important;
/* NOTE: cannot set cursor when `pointer-events: none`; can be fixed by setting
* `cursor` on wrapping element.
cursor: not-allowed; */
fill: var(--color-border-gray) !important;
pointer-events: none !important;
}
/* Styles set `display` without distinguishing between [hidden] elements, making
* them visible. */
[hidden] {
display: none !important;
}
/* Color coding of input controls' background: /* Color coding of input controls' background:
* blue - target for interaction with pointer, * blue - target for interaction with pointer
* gray - target for interaction with keyboard, * gray - target for interaction with keyboard
* red - destructive, non-undoable action. * red - destructive, non-undoable action
*/ */
/* TODO: merge selectors using :is() */
a,
button, button,
details, details,
input, input,
select, select,
summary,
textarea { textarea {
background-color: inherit; background-color: inherit;
font: inherit; font: inherit;
@@ -94,24 +73,50 @@ input,
select { select {
text-align: inherit; text-align: inherit;
} }
a,
button,
input[type=submit] {
cursor: pointer;
text-decoration: none;
white-space: nowrap;
}
/* [hidden] submit controls cannot have `display` set as it makes them visible */
.button,
button:not([hidden]),
input[type=submit]:not([hidden]),
.tab {
align-items: center;
color: var(--color-gray);
display: flex;
fill: var(--color-gray);
font-weight: bold;
}
.button,
button,
input[type=submit] {
font-size: 0.8rem;
padding: 0.6em 0.5em;
width: fit-content;
}
input:not([type=submit]):not([type=checkbox]),
select,
summary,
textarea {
padding: 0.2em 0.4em;
}
.button,
button,
input, input,
select, select,
summary, summary,
textarea { textarea {
border: 1px solid var(--color-gray); border: solid 1px var(--color-gray);
border-radius: 0.25em; border-radius: 0.25em;
padding: 0.2em 0.4em;
}
svg {
height: 1.4em;
margin: 0 0.2em 0 0;
width: 1.4em;
}
svg:last-child {
margin-right: 0;
} }
input[type=checkbox],
svg,
textarea { textarea {
margin: 0; margin: 0
} }
input[type=checkbox] { input[type=checkbox] {
accent-color: var(--color-blue); accent-color: var(--color-blue);
@@ -119,20 +124,16 @@ input[type=checkbox] {
-webkit-appearance: none; -webkit-appearance: none;
display: flex; display: flex;
height: 1.1em; height: 1.1em;
margin: 0;
padding: 0;
width: 1.1em; width: 1.1em;
} }
input[type=checkbox]:checked { input[type=checkbox]:checked {
appearance: checkbox; appearance: checkbox;
-webkit-appearance: checkbox; -webkit-appearance: checkbox;
} }
/* Hide spin buttons of <input type=number>. */ /* Hide spin buttons in input number fields */
/* TODO: add spin buttons inside <input type=number>: before (-) and after (+) input. */
input[type=number] { input[type=number] {
appearance: textfield; appearance: textfield;
-moz-appearance: textfield; -moz-appearance: textfield;
text-align: end;
} }
input::-webkit-inner-spin-button { input::-webkit-inner-spin-button {
-webkit-appearance: none; -webkit-appearance: none;
@@ -141,108 +142,37 @@ input::-webkit-outer-spin-button {
-webkit-appearance: none; -webkit-appearance: none;
margin: 0; margin: 0;
} }
/* Text color of table form controls: .button > svg,
* - black for row/table forms, .tab > svg,
* - inherited for internal (column specific) buttons/forms. */ button > svg {
table input, height: 1.4em;
table select, width: 1.4em;
table summary,
table textarea {
border-color: var(--color-border-gray);
} }
table input, .button > svg:not(:last-child),
table select, .tab > svg:not(:last-child),
table textarea { button > svg:not(:last-child) {
padding-block: 0.375em; margin-right: 0.2em;
} }
table form input, /* TODO: move normal non-button links (<a>:hover/:focus) styling here (i.e.
table form select, * page-wide, top-level) and remove from table.items - as the style should be
table form summary, * same everywhere */
table form textarea { .button:focus-visible,
color: inherit; button:focus-visible,
} input[type=submit]:focus-visible {
table svg:not(:only-child) { background-color: var(--color-focus-gray);
height: 1.25em;
width: 1.25em;
} }
input:focus-visible, input:focus-visible,
select:focus-visible, select:focus-visible,
select:focus-within, select:focus-within,
/* TODO: how to achieve `summary:focus-within` for `::details-content`? */ /* TODO: how to achieve summary:focus-within for ::details-content? */
summary:focus-visible, summary:focus-visible,
textarea:focus-visible { textarea:focus-visible {
accent-color: var(--color-dark-blue); accent-color: var(--color-dark-blue);
background-color: var(--color-focus-gray); background-color: var(--color-focus-gray);
color: black;
} }
input:hover, .button:hover,
select:hover, button:hover,
summary:hover, input[type=submit]:hover {
textarea:hover {
border-color: var(--color-blue);
outline: 1px solid var(--color-blue);
}
select:hover,
summary:hover {
color: black;
cursor: pointer;
}
/* TODO: style <details>/<summary> focus to match <select> as much as possible.
summary:focus-visible::before,
summary:hover::before {
background-color: black;
}
*/
input:invalid,
select:invalid,
textarea:invalid {
border-color: var(--color-red);
outline-color: var(--color-red);
}
/* `.button`: button-styled <a>, <button>, <input type=submit>.
* `.link`: any other <a>.
* `.tab`: tab-styled <a>.
*/
.button,
.link,
.tab {
cursor: pointer;
text-decoration: none;
white-space: nowrap;
}
.button,
.tab {
align-items: center;
color: var(--color-gray);
display: flex;
fill: var(--color-gray);
font-weight: bold;
}
.button {
border: 1px solid var(--color-gray);
border-radius: 0.25em;
font-size: 0.8rem;
padding: 0.6em 0.5em;
width: fit-content;
}
.link {
color: inherit;
text-decoration: underline 1px var(--color-border-gray);
text-underline-offset: 0.25em;
}
[name=cancel],
.auxiliary {
border-color: var(--color-border-gray);
color: var(--color-nav-gray);
fill: var(--color-nav-gray);
}
.button:focus-visible,
.tab:focus-visible,
.tab:hover {
background-color: var(--color-focus-gray);
}
.button:hover {
background-color: var(--color-blue); background-color: var(--color-blue);
border-color: var(--color-blue); border-color: var(--color-blue);
color: white; color: white;
@@ -252,24 +182,32 @@ textarea:invalid {
background-color: var(--color-red); background-color: var(--color-red);
border-color: var(--color-red); border-color: var(--color-red);
} }
.link:focus-visible { input:hover,
text-decoration-color: var(--color-gray); select:hover,
summary:hover,
textarea:hover {
border-color: var(--color-blue);
outline: solid 1px var(--color-blue);
} }
.link:hover { select:hover,
color: var(--color-blue); summary:hover {
text-decoration-color: var(--color-blue); cursor: pointer;
} }
table .button { input:invalid,
border-color: var(--color-border-gray); select:invalid,
color: var(--color-table-gray); textarea:invalid {
font-weight: normal; border-color: var(--color-red);
height: 100%; outline: solid 1px var(--color-red);
padding: 0.4em; }
input[type=text]:read-only,
textarea:read-only {
border: none;
padding-inline: 0;
} }
/* NOTE: collapse gaps around empty rows (`topside`) once possible with /* NOTE: collapse gaps around empty rows (`topside`) once possible
* `grid-collapse` property and remove alternative `grid-template-areas`. * with grid-collapse property and remove alternative grid-template
* https://github.com/w3c/csswg-drafts/issues/5813 */ * https://github.com/w3c/csswg-drafts/issues/5813 */
body { body {
display: grid; display: grid;
@@ -277,16 +215,16 @@ body {
grid-template-areas: grid-template-areas:
"header header header" "header header header"
"nav nav nav" "nav nav nav"
"leftside topside rightside"
"leftside main rightside"; "leftside main rightside";
grid-template-columns: 1fr minmax(max-content, 2fr) 1fr; grid-template-columns: 1fr minmax(max-content, 2fr) 1fr;
font-family: system-ui; font-family: system-ui;
margin: 0.4em; margin: 0.4em;
} }
body:has(> .topside-area) { body:not(:has(.topside-area)) {
grid-template-areas: grid-template-areas:
"header header header" "header header header"
"nav nav nav" "nav nav nav"
"leftside topside rightside"
"leftside main rightside"; "leftside main rightside";
} }
@@ -302,14 +240,18 @@ header {
margin-inline-start: 4%; margin-inline-start: 4%;
} }
.navigation > .tab { .navigation > .tab {
border-bottom: 2px solid var(--color-nav-gray); border-bottom: solid 2px var(--color-nav-gray);
flex: 1; flex: 1;
font-size: 1rem; font-size: 1rem;
justify-content: center; justify-content: center;
padding-block: 0.4em; padding-block: 0.4em;
} }
.navigation > .tab:hover,
.navigation > .tab:focus-visible {
background-color: var(--color-focus-gray);
}
.navigation > .tab.active { .navigation > .tab.active {
border-bottom: 4px solid var(--color-blue); border-bottom: solid 4px var(--color-blue);
color: var(--color-blue); color: var(--color-blue);
fill: var(--color-blue); fill: var(--color-blue);
} }
@@ -341,7 +283,7 @@ header {
#flashes { #flashes {
display: grid; display: grid;
row-gap: 0.4em; gap: 0.2em;
grid-template-columns: 1fr auto auto auto 1fr; grid-template-columns: 1fr auto auto auto 1fr;
left: 0; left: 0;
pointer-events: none; pointer-events: none;
@@ -357,17 +299,13 @@ header {
display: grid; display: grid;
grid-column: 2/5; grid-column: 2/5;
grid-template-columns: subgrid; grid-template-columns: subgrid;
line-height: 2.2em;
pointer-events: auto; pointer-events: auto;
} }
.flash:before {
filter: invert();
height: 1.4em;
margin: 0 0.5em;
width: 1.4em;
}
.flash.alert:before { .flash.alert:before {
content: url('pictograms/alert-outline.svg'); content: url('pictograms/alert-outline.svg');
height: 1.4em;
margin: 0 0.5em;
width: 1.4em;
} }
.flash.alert { .flash.alert {
border-color: var(--color-red); border-color: var(--color-red);
@@ -375,24 +313,34 @@ header {
} }
.flash.notice:before { .flash.notice:before {
content: url('pictograms/check-circle-outline.svg'); content: url('pictograms/check-circle-outline.svg');
height: 1.4em;
margin: 0 0.5em;
width: 1.4em;
} }
.flash.notice { .flash.notice {
border-color: var(--color-blue); border-color: var(--color-blue);
background-color: var(--color-blue); background-color: var(--color-blue);
} }
.flash svg { .flash > div {
cursor: pointer; grid-column: 2;
fill: white;
height: 2.2em;
opacity: 0.6;
padding: 0.4em 0.5em;
width: 2.4em;
} }
.flash svg:hover { /* NOTE: currently flash button inherits some unnecessary styles from generic
* button. */
.flash > button {
border: none;
color: inherit;
cursor: pointer;
font-size: 1.4em;
font-weight: bold;
grid-column: 3;
opacity: 0.6;
padding: 0.2em 0.4em;
}
.flash > button:hover {
opacity: 1; opacity: 1;
} }
/* TODO: Hover over invalid should work like in measurements (thin vs thick border) */
.labeled-form { .labeled-form {
align-items: center; align-items: center;
display: grid; display: grid;
@@ -409,7 +357,7 @@ header {
.labeled-form label.required { .labeled-form label.required {
font-weight: bold; font-weight: bold;
} }
/* Don't style `label.error + input` if case already covered by `input:invalid`. */ /* Don't style `label.error + input` if case already covered by input:invalid */
.labeled-form label.error { .labeled-form label.error {
color: var(--color-red); color: var(--color-red);
} }
@@ -423,123 +371,203 @@ header {
} }
.labeled-form input[type=submit] { .labeled-form input[type=submit] {
font-size: 1rem; font-size: 1rem;
margin: 1em auto 0 auto; margin: 1.5em auto 0 auto;
padding: 0.75em; padding: 0.75em;
} }
.labeled-form .auxiliary {
grid-column: 3;
/* If more buttons are needed, `grid-row` can be replaced with
* `reading-flow: grid-columns` to ensure proper [tabindex] order. */
grid-row: 1;
height: 100%;
padding-block: 0;
}
.tabular-form table {
border: none;
border-spacing: 0.4em 0;
margin-inline: -0.4em;
}
.tabular-form table td {
border: none;
vertical-align: middle;
}
.tabular-form table td {
padding-inline: 0;
}
.tabular-form table :is(form, input, select, textarea):only-child {
margin-inline-start: 0;
}
.items-table { /* TODO: remove .items class (?) and make 'form table' work properly */
table.items {
border-spacing: 0; border-spacing: 0;
border: 1px solid var(--color-border-gray); border: solid 1px var(--color-border-gray);
border-radius: 0.25em; border-radius: 0.25em;
font-size: 0.85rem; font-size: 0.85rem;
text-align: left; text-align: left;
} }
.items-table thead { table:not(:has(tr)) {
display: none;
}
table.items thead {
font-size: 0.8rem; font-size: 0.8rem;
} }
.items-table thead, table.items thead,
.items-table tbody tr:hover { table.items tbody tr:hover {
background-color: var(--color-focus-gray); background-color: var(--color-focus-gray);
} }
.items-table th { table.items th {
padding: 0.75em 0 0.75em 1em; padding-block: 0.75em;
text-align: center; text-align: center;
} }
.items-table th:last-child { table.items th,
padding-inline-end: 0.4em; table.items td {
padding-inline: 1em 0;
} }
.items-table td { /* For <a> to fill <td> completely, we use an ::after pseudoelement. */
border-top: 1px solid var(--color-border-gray); table.items td.link {
height: 2.4em; padding: 0;
padding: 0.1em 0 0.1em calc(1em + var(--depth) * 0.8em);
}
.items-table td:last-child {
padding-inline-end: 0.1em;
}
.items-table :is(form, input, select, textarea):only-child {
margin-inline-start: calc(-0.4em - 0.9px);
}
/* For <a> to fill table cell completely, we use an `::after` pseudoelement. */
/* TODO: expand to whole row? will require adjusting z-index on inputs/buttons */
.items-table td:has(> .link) {
position: relative; position: relative;
} }
.items-table .link::after { table.items td.link a {
color: inherit;
font: inherit;
}
table.items td.link a::after {
content: ''; content: '';
inset: -1px 0 0 0; inset: 0;
position: absolute; position: absolute;
} }
.items-table .flex { table.items td:first-child {
padding-inline-start: calc(1em + var(--depth) * 0.8em);
}
table.items td:has(input, select, textarea) {
padding-inline-start: calc(0.6em - 0.9px);
}
table.items td:first-child:has(input, select, textarea) {
padding-inline-start: calc(0.6em + var(--depth) * 0.8em - 0.9px);
}
table.items th:last-child {
padding-inline-end: 0.4em;
}
table.items td:last-child {
padding-inline-end: 0.1em;
}
table.items td {
border-top: solid 1px var(--color-border-gray);
height: 2.4em;
padding-block: 0.1em;
}
table.items .actions {
display: flex;
gap: 0.4em; gap: 0.4em;
justify-content: end; justify-content: end;
} }
.items-table .dropzone { table.items .actions.centered {
justify-content: center;
}
table.items tr.dropzone {
position: relative; position: relative;
} }
.items-table .dropzone::after { table.items tr.dropzone::after {
content: ''; content: '';
inset: 1px 0 0 0; inset: 1px 0 0 0;
position: absolute; position: absolute;
outline: 2px dashed var(--color-blue); outline: dashed 2px var(--color-blue);
outline-offset: -1px; outline-offset: -1px;
z-index: var(--z-index-table-row-outline); z-index: var(--z-index-table-row-outline);
} }
.items-table .handle { table.items td.handle {
cursor: grab; cursor: move;
} }
.items-table .form td { table.items tr.form td {
vertical-align: top; vertical-align: top;
} }
.items-table td:not(:first-child),
/* TODO: replace :hover:focus-visible combos with proper LOVE stye order */
/* TODO: Update table styling: simplify selectors, deduplicate, remove non-font rem. */
table.items td.link a:hover,
table.items td.link a:focus-visible,
table.items td.link a:hover:focus-visible {
text-decoration: underline;
text-decoration-thickness: 0.05rem;
text-underline-offset: 0.2rem;
}
table.items td.link a:hover {
color: var(--color-blue);
}
table.items td.link a:focus-visible {
text-decoration-color: var(--color-gray);
}
table.items td.link a:hover:focus-visible {
color: var(--color-dark-blue);
}
table.items td:not(:first-child),
.grayed { .grayed {
color: var(--color-table-gray); color: var(--color-table-gray);
fill: var(--color-gray); fill: var(--color-table-gray);
} }
.items-table td:has(> svg:only-child) { table.items svg {
height: 1rem;
vertical-align: middle;
width: 1rem;
}
table.items svg:last-child {
height: 1.2rem;
width: 1.2rem;
}
table.items td.svg {
text-align: center; text-align: center;
} }
table.items td.number {
text-align: right;
}
table.items .button,
table.items button,
table.items input[type=submit] {
font-weight: normal;
height: 100%;
padding: 0.4em;
}
table.items input:not([type=submit]):not([type=checkbox]),
table.items select,
table.items textarea {
padding-block: 0.375em;
}
/* TODO: find a way (layers?) to style inputs differently while making sure
* hover works properly without using :not(:hover) selectors here. */
table.items .button:not(:hover),
table.items button:not(:hover),
table.items input:not(:hover),
table.items select:not(:hover),
table.items textarea:not(:hover) {
border-color: var(--color-border-gray);
}
table.items .button:not(:hover),
table.items button:not(:hover),
table.items input[type=submit]:not(:hover),
table.items select:not(:hover) {
color: var(--color-table-gray);
}
table.items select:focus-within,
table.items select:focus-visible {
color: black;
}
form a[name=cancel] {
border-color: var(--color-border-gray);
color: var(--color-nav-gray);
fill: var(--color-nav-gray);
}
form table.items {
border: none;
}
form table.items td {
border: none;
text-align: left;
vertical-align: middle;
}
form table.items td:first-child {
color: inherit;
}
.center { .centered {
margin: 0 auto; margin: 0 auto;
} }
.extendedright {
margin-right: auto;
}
.hexpand { .hexpand {
width: 100%; width: 100%;
} }
.flex { .hflex {
display: flex; display: flex;
gap: 0.8em; gap: 0.8em;
} }
.flex.reverse { .hflex.reverse {
flex-direction: row-reverse; flex-direction: row-reverse;
} }
.flex.vertical { .hflex.centered {
flex-direction: column; justify-content: center;
} }
.hint { .hint {
color: var(--color-table-gray); color: var(--color-table-gray);
@@ -547,18 +575,21 @@ header {
font-size: 0.9rem; font-size: 0.9rem;
text-align: center; text-align: center;
} }
.hmin50 { .vflex {
min-width: 50%; display: flex;
gap: 0.8em;
flex-direction: column;
} }
.italic { [disabled] {
color: var(--color-gray); /* label:has(input[disabled]) {
font-style: italic; * TODO: disabled checkbox blue square focus removal; disabled label styling;
} * focused label styling (currently only checkbox has focus)
.ralign { * */
text-align: right; border-color: var(--color-border-gray) !important;
} color: var(--color-border-gray) !important;
.rextend { cursor: not-allowed;
margin-right: auto; fill: var(--color-border-gray) !important;
pointer-events: none;
} }
@@ -570,12 +601,12 @@ summary {
align-items: center; align-items: center;
color: var(--color-gray); color: var(--color-gray);
display: flex; display: flex;
gap: 0.4em; gap: 0.2em;
height: 100%; height: 100%;
white-space: nowrap; white-space: nowrap;
} }
summary::before { summary::before {
background-color: currentColor; background-color: #000;
content: ""; content: "";
height: 1em; height: 1em;
mask-image: url('pictograms/chevron-down.svg'); mask-image: url('pictograms/chevron-down.svg');
@@ -587,7 +618,7 @@ summary:has(.button) {
padding-inline-end: 0; padding-inline-end: 0;
} }
summary .button { summary .button {
border: 1px solid var(--color-border-gray); border: solid 1px var(--color-border-gray);
border-radius: inherit; border-radius: inherit;
border-top-left-radius: 0; border-top-left-radius: 0;
border-bottom-left-radius: 0; border-bottom-left-radius: 0;
@@ -598,15 +629,15 @@ summary span {
width: 100%; width: 100%;
} }
details[open] summary::before { details[open] summary::before {
transform: scaleY(-1); transform: rotate(180deg);
} }
summary::marker { summary::marker {
padding-left: 0.25em; padding-left: 0.25em;
} }
/* NOTE: use `details[open]::details-content` once widely available. */ /* NOTE: use details[open]::details-content once widely available */
details[open] ul { details[open] ul {
background-color: white; background: white;
border: 1px solid var(--color-border-gray); border: solid 1px var(--color-border-gray);
border-radius: 0.25em; border-radius: 0.25em;
box-shadow: 1px 1px 3px var(--color-border-gray); box-shadow: 1px 1px 3px var(--color-border-gray);
margin: -1px 0 0 0; margin: -1px 0 0 0;
@@ -628,15 +659,3 @@ li input[type=checkbox] {
li::marker { li::marker {
content: ''; content: '';
} }
/*
* TODO:
* * disable <label> containing disabled checkbox: `label:has(input[disabled])`,
* * disabled label styling,
* * focused label styling (currently only checkbox has focus),
* * disabled checkbox blue square focus removal.
* */
#measurement_form {
min-width: 66%;
width: max-content;
}

23
app/controllers/application_controller.rb
View File

@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
helper_method :current_user_disguised? helper_method :current_user_disguised?
helper_method :current_tab helper_method :current_tab
before_action :redirect_to_setup_if_needed
before_action :authenticate_user! before_action :authenticate_user!
class AccessForbidden < StandardError; end class AccessForbidden < StandardError; end
@@ -25,18 +26,6 @@ class ApplicationController < ActionController::Base
# Turbo will reload 2nd time with HTML format and flashes will be lost. # Turbo will reload 2nd time with HTML format and flashes will be lost.
rescue_from *ActionDispatch::ExceptionWrapper.rescue_responses.keys, with: :rescue_turbo rescue_from *ActionDispatch::ExceptionWrapper.rescue_responses.keys, with: :rescue_turbo
# Required by #respond_with (gem `responders`) used by Devise controllers.
respond_to :html, :turbo_stream
def after_sign_in_path_for(resource)
# TODO: allow setting path per-user or save last path in session and restore
units_path
end
def after_sign_out_path_for(resource)
new_user_session_path
end
protected protected
def current_user_disguised? def current_user_disguised?
@@ -55,6 +44,16 @@ class ApplicationController < ActionController::Base
private private
# Redirect to the web setup wizard when the application has not yet been
# initialised (i.e. no admin account exists in the database).
def redirect_to_setup_if_needed
return if User.exists?(status: :admin)
redirect_to new_setup_path
rescue ActiveRecord::StatementInvalid
# Tables may not exist yet (migrations not run). Fall through and let the
# normal request handling surface a meaningful error.
end
def render_no_content(record) def render_no_content(record)
helpers.render_errors(record) helpers.render_errors(record)
render html: nil, layout: true render html: nil, layout: true

4
app/controllers/quantities_controller.rb
View File

@@ -8,10 +8,6 @@ class QuantitiesController < ApplicationController
raise AccessForbidden unless current_user.at_least(:active) raise AccessForbidden unless current_user.at_least(:active)
end end
before_action only: [:new, :edit, :create, :update] do
@user_units = current_user.units.ordered
end
def index def index
@quantities = current_user.quantities.ordered.includes(:parent, :subquantities) @quantities = current_user.quantities.ordered.includes(:parent, :subquantities)
end end

39
app/controllers/registrations_controller.rb Normal file
View File

@@ -0,0 +1,39 @@
class RegistrationsController < Devise::RegistrationsController
before_action :authenticate_user!, only: [:edit, :update, :destroy]
def destroy
if current_user.sole_admin?
redirect_back fallback_location: edit_user_registration_path,
alert: t(".sole_admin")
return
end
super
end
protected
def build_resource(hash = {})
super
# Skip the email confirmation step when the admin has enabled this option
# via the web setup wizard (stored as the "skip_email_confirmation" Setting).
# The account becomes active immediately so the user can sign in right after
# registering.
resource.skip_confirmation! if Setting.get("skip_email_confirmation") == "true"
end
def update_resource(resource, params)
# Based on update_with_password()
if params[:password].blank?
params.delete(:password)
params.delete(:password_confirmation) if params[:password_confirmation].blank?
end
result = resource.update(params)
resource.clean_up_passwords
result
end
def after_inactive_sign_up_path_for(resource)
new_user_session_path
end
end

59
app/controllers/setup_controller.rb Normal file
View File

@@ -0,0 +1,59 @@
# Handles the one-time web-based installation wizard.
#
# The wizard is only accessible when no admin account exists yet. Once an
# admin has been created the controller redirects every request to the root
# path, so it can never be used to overwrite an existing installation.
class SetupController < ActionController::Base
# Use the full application layout (header, flash, etc.) so the page looks
# consistent with the rest of the site.
layout "application"
before_action :redirect_if_installed
def new
end
def create
email = params[:admin_email].to_s.strip
password = params[:admin_password].to_s
confirm = params[:admin_password_confirmation].to_s
errors = []
errors << t(".email_blank") if email.blank?
errors << t(".password_blank") if password.blank?
errors << t(".password_mismatch") if password != confirm
if errors.any?
flash.now[:alert] = errors.join(" ")
return render :new, status: :unprocessable_entity
end
user = User.new(email: email, password: password, status: :admin)
user.skip_confirmation!
unless user.save
flash.now[:alert] = user.errors.full_messages.join(" ")
return render :new, status: :unprocessable_entity
end
# Persist runtime settings chosen during setup.
Setting.set("skip_email_confirmation",
params[:skip_email_confirmation] == "1")
# Optionally seed the built-in default units.
if params[:seed_units] == "1"
load Rails.root.join("db/seeds/units.rb")
end
redirect_to new_user_session_path, notice: t(".success")
end
private
def redirect_if_installed
redirect_to root_path if User.exists?(status: :admin)
rescue ActiveRecord::StatementInvalid
# Tables are not yet migrated — stay on the setup page so the user sees a
# meaningful error rather than a crash.
end
end

24
app/controllers/user/profiles_controller.rb
View File

@@ -1,24 +0,0 @@
class User::ProfilesController < Devise::RegistrationsController
def destroy
# TODO: Disallow/disable deletion for last admin account; update :edit view
super
end
protected
def update_resource(resource, params)
# Based on update_with_password()
if params[:password].blank?
params.delete(:password)
params.delete(:password_confirmation) if params[:password_confirmation].blank?
end
result = resource.update(params)
resource.clean_up_passwords
result
end
def after_inactive_sign_up_path_for(resource)
new_user_session_path
end
end

2
app/controllers/users_controller.rb
View File

@@ -37,7 +37,7 @@ class UsersController < ApplicationController
end end
# NOTE: limited actions availabe to :admin by design. Users are meant to # NOTE: limited actions availabe to :admin by design. Users are meant to
# manage their accounts by themselves through profiles. :admin # manage their accounts by themselves through registrations. :admin
# is allowed to sign-in (disguise) as user and make changes from there. # is allowed to sign-in (disguise) as user and make changes from there.
protected protected

55
app/helpers/application_helper.rb
View File

@@ -12,12 +12,6 @@ module ApplicationHelper
labeled_field_for(method, options) { super } labeled_field_for(method, options) { super }
end end
def submit(value = nil, options = {})
value, options = nil, value if value.is_a?(Hash)
options[:class] = @template.class_names('button', options[:class])
super
end
private private
def labeled_field_for(method, options) def labeled_field_for(method, options)
@@ -78,15 +72,19 @@ module ApplicationHelper
end end
def labeled_form_for(record, options = {}, &block) def labeled_form_for(record, options = {}, &block)
extra_options = {builder: LabeledFormBuilder, html: {class: 'labeled-form'}} extra_options = {builder: LabeledFormBuilder,
form_for(record, **merge_attributes(options, extra_options), &block) data: {turbo: false},
html: {class: 'labeled-form'}}
options = options.deep_merge(extra_options) do |key, left, right|
key == :class ? class_names(left, right) : right
end
form_for(record, **options, &block)
end end
class TabularFormBuilder < ActionView::Helpers::FormBuilder class TabularFormBuilder < ActionView::Helpers::FormBuilder
def initialize(...) def initialize(...)
super(...) super(...)
@default_options.merge!(@options.slice(:form)) @default_options.merge!(@options.slice(:form))
@default_html_options.merge!(@options.slice(:form))
end end
[:text_field, :password_field, :text_area].each do |selector| [:text_field, :password_field, :text_area].each do |selector|
@@ -103,28 +101,20 @@ module ApplicationHelper
def number_field(method, options = {}) def number_field(method, options = {})
attr_type = object.type_for_attribute(method) attr_type = object.type_for_attribute(method)
case attr_type.type if attr_type.type == :decimal
when :decimal
options[:value] = object.public_send(method)&.to_scientific options[:value] = object.public_send(method)&.to_scientific
options[:step] ||= BigDecimal(10).power(-attr_type.scale) options[:step] ||= BigDecimal(10).power(-attr_type.scale)
options[:max] ||= BigDecimal(10).power(attr_type.precision - attr_type.scale) - options[:max] ||= BigDecimal(10).power(attr_type.precision - attr_type.scale) -
options[:step] options[:step]
options[:min] = options[:min] == :step ? options[:step] : options[:min] options[:min] = options[:min] == :step ? options[:step] : options[:min]
options[:min] ||= -options[:max] options[:min] ||= -options[:max]
options[:size] ||= attr_type.precision / 2
when :float
options[:size] ||= 6
end end
super super
end end
def button(value = nil, options = {}, &block) def button(value = nil, options = {}, &block)
# #button does not use #objectify_options/@default_options # button does not use #objectify_options
value, options = nil, value if value.is_a?(Hash) options.merge!(@options.slice(:form))
options = options.merge(
@default_options.slice(:form),
class: @template.class_names('button', options[:class])
)
super super
end end
@@ -145,22 +135,20 @@ module ApplicationHelper
# [autofocus]. Otherwise IDs are not unique when multiple forms are open # [autofocus]. Otherwise IDs are not unique when multiple forms are open
# and the first input gets focus. # and the first input gets focus.
record_object, options = nil, record_object if record_object.is_a?(Hash) record_object, options = nil, record_object if record_object.is_a?(Hash)
extra_options = {builder: TabularFormBuilder, skip_default_ids: true} options.merge!(builder: TabularFormBuilder, skip_default_ids: true)
options = merge_attributes(options, extra_options)
# TODO: set error message with setCustomValidity instead of rendering to flash? # TODO: set error message with setCustomValidity instead of rendering to flash?
render_errors(record_object || record_name) render_errors(record_object || record_name)
fields_for(record_name, record_object, **options, &block) fields_for(record_name, record_object, **options, &block)
end end
def tabular_form_with(**options, &block) def tabular_form_with(**options, &block)
extra_options = {builder: TabularFormBuilder, class: 'tabular-form', options = options.deep_merge(builder: TabularFormBuilder,
html: {autocomplete: 'off'}} html: {autocomplete: 'off'})
form_with(**merge_attributes(options, extra_options), &block) form_with(**options, &block)
end end
def svg_tag(source, label = nil, options = {}) def svg_tag(source, label = nil, options = {})
label, options = nil, label if label.is_a? Hash svg_tag = tag.svg(options) do
svg_tag = tag.svg(**options) do
tag.use(href: "#{image_path(source + ".svg")}#icon") tag.use(href: "#{image_path(source + ".svg")}#icon")
end end
label.blank? ? svg_tag : svg_tag + tag.span(label) label.blank? ? svg_tag : svg_tag + tag.span(label)
@@ -171,7 +159,6 @@ module ApplicationHelper
['measurements', 'scale-bathroom', :restricted], ['measurements', 'scale-bathroom', :restricted],
['quantities', 'axis-arrow', :restricted, 'right'], ['quantities', 'axis-arrow', :restricted, 'right'],
['units', 'weight-gram', :restricted], ['units', 'weight-gram', :restricted],
# TODO: display users tab only if >1 user present; sole_user?/sole_admin?
['users', 'account-multiple-outline', :admin], ['users', 'account-multiple-outline', :admin],
] ]
@@ -219,7 +206,6 @@ module ApplicationHelper
def render_errors(records) def render_errors(records)
# Conversion of flash to Array only required because of Devise # Conversion of flash to Array only required because of Devise
# TODO: override Devise message setting to Array()?
flash[:alert] = Array(flash[:alert]) flash[:alert] = Array(flash[:alert])
Array(records).each { |record| flash[:alert] += record.errors.full_messages } Array(records).each { |record| flash[:alert] += record.errors.full_messages }
end end
@@ -229,8 +215,8 @@ module ApplicationHelper
# Conversion of flash to Array only required because of Devise # Conversion of flash to Array only required because of Devise
Array(messages).map do |message| Array(messages).map do |message|
tag.div class: "flash #{entry}" do tag.div class: "flash #{entry}" do
tag.span(sanitize(message)) + tag.div(sanitize(message)) + tag.button(sanitize("&times;"), tabindex: -1,
svg_tag('pictograms/close-outline', {onclick: "this.parentElement.remove()"}) onclick: "this.parentElement.remove();")
end end
end end
end.join.html_safe end.join.html_safe
@@ -266,11 +252,4 @@ module ApplicationHelper
[name, html_options] [name, html_options]
end end
# Like Hash#deep_merge, but aware of HTML attributes.
def merge_attributes(left, right)
left.deep_merge(right) do |key, lvalue, rvalue|
key == :class ? class_names(lvalue, rvalue) : rvalue
end
end
end end

4
app/helpers/quantities_helper.rb
View File

@@ -1,9 +1,9 @@
module QuantitiesHelper module QuantitiesHelper
def quantities_check_boxes(quantities) def quantities_check_boxes
# Closing <details> on focusout event depends on relatedTarget for internal # Closing <details> on focusout event depends on relatedTarget for internal
# actions being non-null. To ensure this, all top-layer elements of # actions being non-null. To ensure this, all top-layer elements of
# ::details-content must accept focus, e.g. <label> needs tabindex="-1" */ # ::details-content must accept focus, e.g. <label> needs tabindex="-1" */
collection_check_boxes(nil, :quantity, quantities, :id, :to_s_with_depth, collection_check_boxes(nil, :quantity, @quantities, :id, :to_s_with_depth,
include_hidden: false) do |b| include_hidden: false) do |b|
content_tag :li, b.label(tabindex: -1) { b.check_box + b.text } content_tag :li, b.label(tabindex: -1) { b.check_box + b.text }
end end

12
app/javascript/application.js
View File

@@ -37,18 +37,6 @@ window.detailsObserver = new MutationObserver((mutations) => {
mutations[0].target.dispatchEvent(new Event('change', {bubbles: true})) mutations[0].target.dispatchEvent(new Event('change', {bubbles: true}))
}); });
function formValidate(event) {
var id = event.submitter.getAttribute("data-validate")
if (!id) return;
var input = document.getElementById(id)
if (!input.checkValidity()) {
input.reportValidity()
event.preventDefault()
}
}
window.formValidate = formValidate
/* Turbo stream actions */ /* Turbo stream actions */
Turbo.StreamElement.prototype.disableElement = function(element) { Turbo.StreamElement.prototype.disableElement = function(element) {

7
app/models/quantity.rb
View File

@@ -1,10 +1,9 @@
class Quantity < ApplicationRecord class Quantity < ApplicationRecord
ATTRIBUTES = [:name, :description, :parent_id, :default_unit_id] ATTRIBUTES = [:name, :description, :parent_id]
attr_cached :depth, :pathname attr_cached :depth, :pathname
belongs_to :user, optional: true belongs_to :user, optional: true
belongs_to :parent, optional: true, class_name: "Quantity" belongs_to :parent, optional: true, class_name: "Quantity"
belongs_to :default_unit, optional: true, class_name: "Unit"
has_many :subquantities, ->{ order(:name) }, class_name: "Quantity", has_many :subquantities, ->{ order(:name) }, class_name: "Quantity",
inverse_of: :parent, dependent: :restrict_with_error inverse_of: :parent, dependent: :restrict_with_error
@@ -16,8 +15,8 @@ class Quantity < ApplicationRecord
errors.add(:parent, :descendant_reference) if ancestor_of?(parent) errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
end end
validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]}, validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
length: {maximum: type_for_attribute(:name).limit} length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
validates :description, length: {maximum: type_for_attribute(:description).limit} validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
# Update :depths of progenies after parent change # Update :depths of progenies after parent change
before_save if: :parent_changed? do before_save if: :parent_changed? do

2
app/models/readout.rb
View File

@@ -1,5 +1,5 @@
class Readout < ApplicationRecord class Readout < ApplicationRecord
ATTRIBUTES = [:quantity_id, :value, :unit_id, :taken_at] ATTRIBUTES = [:quantity_id, :value, :unit_id]
belongs_to :user belongs_to :user
belongs_to :quantity belongs_to :quantity

20
app/models/setting.rb Normal file
View File

@@ -0,0 +1,20 @@
# Key-value store for runtime application settings that are configured through
# the web setup wizard (or updated by an administrator) rather than hard-coded
# in application.rb.
#
# Known keys:
# skip_email_confirmation "true"/"false", mirrors the homonymous option
# that was previously in application.rb.
class Setting < ApplicationRecord
validates :key, presence: true, uniqueness: true
# Return the string value stored for +key+, or +default+ when absent.
def self.get(key, default: nil)
find_by(key: key)&.value || default
end
# Persist +value+ for +key+, creating the record if it does not yet exist.
def self.set(key, value)
find_or_initialize_by(key: key).update!(value: value.to_s)
end
end

4
app/models/unit.rb
View File

@@ -12,8 +12,8 @@ class Unit < ApplicationRecord
errors.add(:base, :multilevel_nesting) if base.base_id? errors.add(:base, :multilevel_nesting) if base.base_id?
end end
validates :symbol, presence: true, uniqueness: {scope: :user_id}, validates :symbol, presence: true, uniqueness: {scope: :user_id},
length: {maximum: type_for_attribute(:symbol).limit} length: {maximum: type_for_attribute(:symbol).limit || Float::INFINITY}
validates :description, length: {maximum: type_for_attribute(:description).limit} validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
validates :multiplier, numericality: {equal_to: 1}, unless: :base validates :multiplier, numericality: {equal_to: 1}, unless: :base
validates :multiplier, numericality: {greater_than: 0, precision: true, scale: true}, if: :base validates :multiplier, numericality: {greater_than: 0, precision: true, scale: true}, if: :base

7
app/models/user.rb
View File

@@ -29,4 +29,11 @@ class User < ApplicationRecord
def at_least(status) def at_least(status)
User.statuses[self.status] >= User.statuses[status] User.statuses[self.status] >= User.statuses[status]
end end
# Returns true when this user is the only admin account in the system.
# Used to block actions that would leave the application without an admin
# (account deletion, status demotion).
def sole_admin?
admin? && !User.admin.where.not(id: id).exists?
end
end end

2
app/views/default/units/_unit.html.erb
View File

@@ -5,7 +5,7 @@
</td> </td>
<% if current_user.at_least(:active) %> <% if current_user.at_least(:active) %>
<td class="flex"> <td class="actions">
<% unless unit.portable.nil? %> <% unless unit.portable.nil? %>
<% if unit.default? %> <% if unit.default? %>
<%= image_button_to_if unit.portable?, t('.import'), 'download-outline', <%= image_button_to_if unit.portable?, t('.import'), 'download-outline',

2
app/views/default/units/index.html.erb
View File

@@ -8,7 +8,7 @@
class: 'tools-area' %> class: 'tools-area' %>
</div> </div>
<table class="main-area items-table"> <table class="main-area items">
<thead> <thead>
<tr> <tr>
<th><%= Unit.human_attribute_name(:symbol) %></th> <th><%= Unit.human_attribute_name(:symbol) %></th>

4
app/views/layouts/application.html.erb
View File

@@ -23,10 +23,10 @@
</head> </head>
<body> <body>
<header class="flex"> <header class="hflex">
<%= image_link_to t(".source_code"), "code-braces", source_code_url %> <%= image_link_to t(".source_code"), "code-braces", source_code_url %>
<%= image_link_to t(".issue_tracker"), "bug-outline", issue_tracker_url, <%= image_link_to t(".issue_tracker"), "bug-outline", issue_tracker_url,
class: "rextend" %> class: "extendedright" %>
<% if user_signed_in? %> <% if user_signed_in? %>
<%= image_link_to_unless_current(current_user, "account-wrench-outline", <%= image_link_to_unless_current(current_user, "account-wrench-outline",
edit_user_registration_path) %> edit_user_registration_path) %>

51
app/views/measurements/_form.html.erb
View File

@@ -1,37 +1,28 @@
<%= tabular_form_with model: Measurement.new, id: :measurement_form, <%= tabular_form_with model: Measurement.new, id: :measurement_form,
class: 'topside-area flex vertical center', class: 'topside-area vflex', html: {onkeydown: 'formProcessKey(event)'} do |form| %>
html: {onkeydown: 'formProcessKey(event)'} do |form| %> <table class="items centered">
<tbody id="readouts"></tbody>
<table class="items-table center">
<tbody id="readouts">
<%= tabular_fields_for @measurement do |form| %>
<tr class="italic">
<td class="hexpand hmin50"><%= t '.taken_at_html' %></td>
<td colspan="3" class="ralign">
<%= form.datetime_field :taken_at, required: true, value: Time.current.strftime('%Y-%m-%dT%H:%M') %>
</td>
</tr>
<% end %>
</tbody>
</table> </table>
<%# TODO: right-click selection; unnecessary with hierarchical tags? %> <div class="hflex">
<details id="quantity_select" class="center hexpand" open <%# TODO: right-click selection %>
onkeydown="detailsProcessKey(event)"> <details id="quantity_select" class="hexpand" open
<summary autofocus> onkeydown="detailsProcessKey(event)">
<!-- TODO: Set content with CSS when span empty to avoid duplication --> <summary autofocus>
<span data-prompt="<%= t('.select_quantity') %>"> <!-- TODO: Set content with CSS when span empty to avoid duplication -->
<%= t('.select_quantity') %> <span data-prompt="<%= t('.select_quantity') %>">
</span> <%= t('.select_quantity') %>
<%= image_button_tag t(:apply), "update", name: nil, disabled: true, </span>
formaction: new_readout_path, formmethod: :get, formnovalidate: true, <%= image_button_tag t(:apply), "update", name: nil, disabled: true,
data: {turbo_stream: true} %> formaction: new_readout_path, formmethod: :get, formnovalidate: true,
</summary> data: {turbo_stream: true} %>
<ul><%= quantities_check_boxes(@quantities) %></ul> </summary>
</details> <ul><%= quantities_check_boxes %></ul>
</details>
<div class="flex reverse">
<%= form.button id: :create_measurement_button, disabled: true -%> <%= form.button id: :create_measurement_button, disabled: true -%>
</div>
<div class="hflex reverse">
<%= image_link_to t(:cancel), "close-outline", measurements_path, name: :cancel, <%= image_link_to t(:cancel), "close-outline", measurements_path, name: :cancel,
class: 'dangerous', onclick: render_turbo_stream('form_close') %> class: 'dangerous', onclick: render_turbo_stream('form_close') %>
</div> </div>

7
app/views/quantities/_form.html.erb
View File

@@ -8,13 +8,8 @@
<td> <td>
<%= form.text_area :description, cols: 30, rows: 1, escape: false %> <%= form.text_area :description, cols: 30, rows: 1, escape: false %>
</td> </td>
<td>
<%= form.collection_select :default_unit_id, @user_units, :id,
->(u){ sanitize('&emsp;' * (u.base_id? ? 1 : 0) + u.symbol) },
{include_blank: true}, onchange: "this.dataset.changed = ''" %>
</td>
<td class="flex"> <td class="actions">
<%= form.button %> <%= form.button %>
<%= image_link_to t(:cancel), "close-outline", quantities_path, class: 'dangerous', <%= image_link_to t(:cancel), "close-outline", quantities_path, class: 'dangerous',
name: :cancel, onclick: render_turbo_stream('form_close', {row: row}) %> name: :cancel, onclick: render_turbo_stream('form_close', {row: row}) %>

9
app/views/quantities/_quantity.html.erb
View File

@@ -5,15 +5,14 @@
data: {drag_path: reparent_quantity_path(quantity), drop_id: dom_id(quantity), data: {drag_path: reparent_quantity_path(quantity), drop_id: dom_id(quantity),
drop_id_param: "quantity[parent_id]"} do %> drop_id_param: "quantity[parent_id]"} do %>
<td style="--depth:<%= quantity.depth %>"> <td class="link" style="--depth:<%= quantity.depth %>">
<%= link_to quantity, edit_quantity_path(quantity), class: 'link', <%= link_to quantity, edit_quantity_path(quantity), onclick: 'this.blur();',
onclick: 'this.blur();', data: {turbo_stream: true} %> data: {turbo_stream: true} %>
</td> </td>
<td><%= quantity.description %></td> <td><%= quantity.description %></td>
<td><%= quantity.default_unit&.symbol %></td>
<% if current_user.at_least(:active) %> <% if current_user.at_least(:active) %>
<td class="flex"> <td class="actions">
<%= image_link_to t('.new_subquantity'), 'plus-outline', new_quantity_path(quantity), <%= image_link_to t('.new_subquantity'), 'plus-outline', new_quantity_path(quantity),
id: dom_id(quantity, :new, :link), onclick: 'this.blur();', data: {turbo_stream: true} %> id: dom_id(quantity, :new, :link), onclick: 'this.blur();', data: {turbo_stream: true} %>

8
app/views/quantities/index.html.erb
View File

@@ -8,15 +8,13 @@
class: 'tools-area' %> class: 'tools-area' %>
</div> </div>
<%# TODO: remove? form can be inserted directly, e.g. at the end of index %>
<%= tag.div class: 'main-area', id: :quantity_form %> <%= tag.div class: 'main-area', id: :quantity_form %>
<table class="main-area items-table"> <table class="main-area items">
<thead> <thead>
<tr> <tr>
<th><%= Quantity.human_attribute_name(:name) %></th> <th><%= Quantity.human_attribute_name(:name) %></th>
<th class="hexpand"><%= Quantity.human_attribute_name(:description) %></th> <th><%= Quantity.human_attribute_name(:description) %></th>
<th><%= Quantity.human_attribute_name(:default_unit) %></th>
<% if current_user.at_least(:active) %> <% if current_user.at_least(:active) %>
<th><%= t :actions %></th> <th><%= t :actions %></th>
<th></th> <th></th>
@@ -26,7 +24,7 @@
ondragover: "dragOver(event)", ondrop: "drop(event)", ondragover: "dragOver(event)", ondrop: "drop(event)",
ondragenter: "dragEnter(event)", ondragleave: "dragLeave(event)", ondragenter: "dragEnter(event)", ondragleave: "dragLeave(event)",
data: {drop_id: "quantity_", drop_id_param: "quantity[parent_id]"} do %> data: {drop_id: "quantity_", drop_id_param: "quantity[parent_id]"} do %>
<th colspan="5"><%= t '.top_level_drop' %></th> <th colspan="4"><%= t '.top_level_drop' %></th>
<% end %> <% end %>
</thead> </thead>
<tbody id="quantities"> <tbody id="quantities">

36
app/views/readouts/_form.html.erb
View File

@@ -1,31 +1,25 @@
<%# TODO: add readout reordering by dragging %> <%# TODO: add readout reordering by dragging %>
<%= tabular_fields_for 'readouts[]', readout do |form| %> <%= tabular_fields_for 'readouts[]', readout do |form| %>
<%- tag.tr id: dom_id(readout.quantity, :new, :readout) do %> <%- tag.tr id: dom_id(readout.quantity, :new, :readout) do %>
<td> <td class="actions">
<%# TODO: add grayed readout index (in separate column?) %>
<%= readout.quantity.relative_pathname(@superquantity) %>
<%= form.hidden_field :quantity_id %>
</td>
<td>
<%= form.number_field :value, required: true, autofocus: readout_counter == 0 %>
</td>
<td>
<%= form.collection_select :unit_id, @user_units, :id,
->(u){ sanitize('&emsp;' * (u.base_id ? 1 : 0) + u.symbol) },
{prompt: '', disabled: '', selected: readout.quantity.default_unit_id || ''}, required: true,
data: {default_unit_id: readout.quantity.default_unit_id || ''},
onchange: "readoutUnitChanged(this)" %>
</td>
<td class="flex">
<%# TODO: change to _link_ after giving up displaying relative paths %> <%# TODO: change to _link_ after giving up displaying relative paths %>
<%= image_button_tag '', 'check-circle-outline',
class: 'set-default-unit', name: nil, type: 'button', disabled: true,
title: t('readouts.form.set_default_unit'),
data: {path: quantity_path(readout.quantity)},
onclick: 'setDefaultUnit(this)' %>
<%= image_button_tag '', 'delete-outline', class: 'dangerous', name: nil, <%= image_button_tag '', 'delete-outline', class: 'dangerous', name: nil,
formaction: discard_readouts_path(readout.quantity), formaction: discard_readouts_path(readout.quantity),
formmethod: :get, formnovalidate: true, data: {turbo_stream: true} %> formmethod: :get, formnovalidate: true, data: {turbo_stream: true} %>
</td> </td>
<td>
<%= readout.quantity.relative_pathname(@superquantity) %>
</td>
<td>
<%= form.number_field :value, required: true,
size: readout.type_for_attribute(:value).precision / 2,
autofocus: readout_counter == 0 %>
</td>
<td>
<%= form.hidden_field :quantity_id %>
<%= form.collection_select :unit_id, @user_units, :id,
->(u){ sanitize('&emsp;' * (u.base_id ? 1 : 0) + u.symbol) },
{prompt: t('.select_unit'), disabled: '', selected: ''}, required: true %>
</td>
<% end %> <% end %>
<% end %> <% end %>

39
app/views/setup/new.html.erb Normal file
View File

@@ -0,0 +1,39 @@
<%= form_with url: setup_path, method: :post, class: "labeled-form main-area" do %>
<h3 style="grid-column: 1 / -1; text-align: left; margin: 0;">
<%= t(".admin_account") %>
</h3>
<label for="admin_email"><%= t(".admin_email") %></label>
<%= email_field_tag :admin_email, params[:admin_email],
id: "admin_email", required: true, size: 30, autofocus: true,
autocomplete: "email" %>
<label for="admin_password"><%= t(".admin_password") %></label>
<%= password_field_tag :admin_password, nil,
id: "admin_password", required: true, size: 30,
autocomplete: "new-password" %>
<label for="admin_password_confirmation"><%= t(".admin_password_confirmation") %></label>
<%= password_field_tag :admin_password_confirmation, nil,
id: "admin_password_confirmation", required: true, size: 30,
autocomplete: "off" %>
<h3 style="grid-column: 1 / -1; text-align: left; margin: 0.5em 0 0 0;">
<%= t(".options") %>
</h3>
<label for="skip_email_confirmation" style="grid-column: 1 / 3; text-align: left;">
<%= check_box_tag :skip_email_confirmation, "1",
params[:skip_email_confirmation] == "1",
id: "skip_email_confirmation" %>
<%= t(".skip_email_confirmation") %>
</label>
<label for="seed_units" style="grid-column: 1 / 3; text-align: left;">
<%= check_box_tag :seed_units, "1", true, id: "seed_units" %>
<%= t(".seed_units") %>
</label>
<%= submit_tag t(".submit") %>
<% end %>

4
app/views/units/_form.html.erb
View File

@@ -8,11 +8,11 @@
<td> <td>
<%= form.text_area :description, cols: 30, rows: 1, escape: false %> <%= form.text_area :description, cols: 30, rows: 1, escape: false %>
</td> </td>
<td> <td class="number">
<%= form.number_field :multiplier, required: true, size: 10, min: :step if @unit.base_id? %> <%= form.number_field :multiplier, required: true, size: 10, min: :step if @unit.base_id? %>
</td> </td>
<td class="flex"> <td class="actions">
<%= form.button %> <%= form.button %>
<%= image_link_to t(:cancel), "close-outline", units_path, class: 'dangerous', <%= image_link_to t(:cancel), "close-outline", units_path, class: 'dangerous',
name: :cancel, onclick: render_turbo_stream('form_close', {row: row}) %> name: :cancel, onclick: render_turbo_stream('form_close', {row: row}) %>

9
app/views/units/_unit.html.erb
View File

@@ -6,15 +6,14 @@
drop_id: dom_id(unit.base || unit), drop_id: dom_id(unit.base || unit),
drop_id_param: "unit[base_id]"} do %> drop_id_param: "unit[base_id]"} do %>
<td style="--depth:<%= unit.base_id? ? 1 : 0 %>"> <td class="link" style="--depth:<%= unit.base_id? ? 1 : 0 %>">
<%= link_to unit, edit_unit_path(unit), class: 'link', onclick: 'this.blur();', <%= link_to unit, edit_unit_path(unit), onclick: 'this.blur();', data: {turbo_stream: true} %>
data: {turbo_stream: true} %>
</td> </td>
<td><%= unit.description %></td> <td><%= unit.description %></td>
<td class="ralign"><%= unit.multiplier.to_html %></td> <td class="number"><%= unit.multiplier.to_html %></td>
<% if current_user.at_least(:active) %> <% if current_user.at_least(:active) %>
<td class="flex"> <td class="actions">
<% unless unit.base_id? %> <% unless unit.base_id? %>
<%= image_link_to t('.new_subunit'), 'plus-outline', new_unit_path(unit), <%= image_link_to t('.new_subunit'), 'plus-outline', new_unit_path(unit),
id: dom_id(unit, :new, :link), onclick: 'this.blur();', data: {turbo_stream: true} %> id: dom_id(unit, :new, :link), onclick: 'this.blur();', data: {turbo_stream: true} %>

5
app/views/units/index.html.erb
View File

@@ -7,14 +7,13 @@
class: 'tools-area' %> class: 'tools-area' %>
</div> </div>
<%# TODO: remove? form can be inserted directly, e.g. at the end of index %>
<%= tag.div id: :unit_form %> <%= tag.div id: :unit_form %>
<table class="main-area items-table"> <table class="main-area items">
<thead> <thead>
<tr> <tr>
<th><%= Unit.human_attribute_name(:symbol) %></th> <th><%= Unit.human_attribute_name(:symbol) %></th>
<th class="hexpand"><%= Unit.human_attribute_name(:description) %></th> <th><%= Unit.human_attribute_name(:description) %></th>
<th><%= Unit.human_attribute_name(:multiplier) %></th> <th><%= Unit.human_attribute_name(:multiplier) %></th>
<% if current_user.at_least(:active) %> <% if current_user.at_least(:active) %>
<th><%= t :actions %></th> <th><%= t :actions %></th>

1
app/views/users/confirmations/create.turbo_stream.erb
View File

@@ -1 +0,0 @@
<% flash.discard %>

9
app/views/users/confirmations/new.html.erb Normal file
View File

@@ -0,0 +1,9 @@
<%= labeled_form_for resource, url: user_confirmation_path,
html: {class: 'main-area'} do |f| %>
<%= f.email_field :email, required: true, size: 30, autofocus: true,
autocomplete: 'email', value:
resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email %>
<%= f.submit t(:resend_confirmation) %>
<% end %>

8
app/views/users/index.html.erb
View File

@@ -1,4 +1,4 @@
<table class="main-area items-table" id="users"> <table class="main-area items" id="users">
<thead> <thead>
<tr> <tr>
<th><%= User.human_attribute_name(:email) %></th> <th><%= User.human_attribute_name(:email) %></th>
@@ -11,7 +11,7 @@
<tbody> <tbody>
<% @users.each do |user| %> <% @users.each do |user| %>
<tr> <tr>
<td><%= link_to user, user_path(user), class: 'link' %></td> <td class="link"><%= link_to user, user_path(user) %></td>
<td> <td>
<% if user == current_user %> <% if user == current_user %>
<%= user.status %> <%= user.status %>
@@ -22,11 +22,11 @@
<% end %> <% end %>
<% end %> <% end %>
</td> </td>
<td> <td class="svg">
<%= svg_tag 'pictograms/checkbox-marked-outline' if user.confirmed_at.present? %> <%= svg_tag 'pictograms/checkbox-marked-outline' if user.confirmed_at.present? %>
</td> </td>
<td><%= l user.created_at, format: :without_tz %></td> <td><%= l user.created_at, format: :without_tz %></td>
<td class="flex"> <td class="actions">
<% if allow_disguise?(user) %> <% if allow_disguise?(user) %>
<%= image_link_to t('.disguise'), 'incognito', disguise_user_path(user) %> <%= image_link_to t('.disguise'), 'incognito', disguise_user_path(user) %>
<% end %> <% end %>

2
app/views/users/passwords/create.turbo_stream.erb
View File

@@ -1,2 +0,0 @@
<%# For some reason flash messages are duplicated in bot flash and flash.now %>
<% flash.discard %>

2
app/views/users/passwords/edit.html.erb
View File

@@ -1,5 +1,5 @@
<%= labeled_form_for resource, url: user_password_path, <%= labeled_form_for resource, url: user_password_path,
html: {method: :put, class: 'main-area', data: {turbo: false}} do |f| %> html: {method: :put, class: 'main-area'} do |f| %>
<%= f.hidden_field :reset_password_token %> <%= f.hidden_field :reset_password_token %>

8
app/views/users/passwords/new.html.erb Normal file
View File

@@ -0,0 +1,8 @@
<%= labeled_form_for resource, url: user_password_path,
html: {class: 'main-area'} do |f| %>
<%= f.email_field :email, required: true, size: 30, autofocus: true,
autocomplete: 'email' %>
<%= f.submit t(:recover_password) %>
<% end %>

16
app/views/users/profiles/new.html.erb
View File

@@ -1,16 +0,0 @@
<%= labeled_form_for resource, url: user_registration_path,
html: {class: 'main-area', onsubmit: 'formValidate(event)'} do |f| %>
<%= f.email_field :email, required: true, size: 30, autofocus: true,
autocomplete: 'email' %>
<%= f.password_field :password, required: true, size: 30,
minlength: @minimum_password_length, autocomplete: 'new-password' %>
<%= f.password_field :password_confirmation, required: true, size: 30,
minlength: @minimum_password_length, autocomplete: 'off' %>
<%= f.submit t(:register), data: {turbo: false} %>
<%= image_button_tag t(:resend_confirmation), 'email-sync-outline',
class: 'auxiliary', formaction: user_confirmation_path, formnovalidate: true,
data: {validate: f.field_id(:email)} %>
<% end %>

5
app/views/users/profiles/edit.html.erb → app/views/users/registrations/edit.html.erb
View File

@@ -4,9 +4,8 @@
<% end %> <% end %>
<div class="rightside-area buttongrid"> <div class="rightside-area buttongrid">
<%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %> <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
<%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path, user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
form_class: 'tools-area', method: :delete, data: {turbo: false},
onclick: {confirm: t('.confirm_delete')} %> onclick: {confirm: t('.confirm_delete')} %>
</div> </div>

16
app/views/users/registrations/new.html.erb Normal file
View File

@@ -0,0 +1,16 @@
<div class="main-area">
<%= labeled_form_for resource, url: user_registration_path do |f| %>
<%= f.email_field :email, required: true, size: 30, autofocus: true,
autocomplete: 'email' %>
<%= f.password_field :password, required: true, size: 30,
minlength: @minimum_password_length, autocomplete: 'new-password' %>
<%= f.password_field :password_confirmation, required: true, size: 30,
minlength: @minimum_password_length, autocomplete: 'off' %>
<%= f.submit t(:register) %>
<% end %>
<%= content_tag :p, t(:or), style: 'text-align: center;' %>
<%= image_link_to t(:resend_confirmation), 'email-sync-outline',
new_user_confirmation_path, class: 'centered' %>
</div>

29
app/views/users/sessions/new.html.erb
View File

@@ -1,19 +1,18 @@
<%= labeled_form_for resource, url: user_session_path, <div class="main-area">
html: {class: 'main-area', onsubmit: 'formValidate(event)'} do |f| %> <%= labeled_form_for resource, url: user_session_path do |f| %>
<%= f.email_field :email, required: true, size: 30, autofocus: true,
autocomplete: 'email' %>
<%= f.password_field :password, required: true, size: 30,
minlength: @minimum_password_length, autocomplete: 'current-password' %>
<%= f.email_field :email, required: true, size: 30, autofocus: true, <% if devise_mapping.rememberable? %>
autocomplete: 'email' %> <%= f.check_box :remember_me %>
<%= f.password_field :password, required: true, size: 30, <% end %>
autocomplete: 'current-password' %>
<% if devise_mapping.rememberable? %> <%= f.submit t(:sign_in) %>
<%= f.check_box :remember_me %>
<% end %> <% end %>
<%# /sign_in as HTML; /password as TURBO_STREAM %> <%= content_tag :p, t(:or), style: 'text-align: center;' %>
<%= f.submit t(:sign_in), data: {turbo: false} %> <%= image_link_to t(:recover_password), 'lock-reset', new_user_password_path,
class: 'centered' %>
<%= image_button_tag t(:recover_password), 'lock-reset', class: 'auxiliary', </div>
formaction: user_password_path, formnovalidate: true,
data: {validate: f.field_id(:email)} %>
<% end %>

2
app/views/users/unlocks/new.html.erb
View File

@@ -8,7 +8,7 @@
<%= f.email_field :email, autofocus: true, autocomplete: "email" %> <%= f.email_field :email, autofocus: true, autocomplete: "email" %>
</div> </div>
<div class="flex"> <div class="actions">
<%= f.submit "Resend unlock instructions" %> <%= f.submit "Resend unlock instructions" %>
</div> </div>
<% end %> <% end %>

4
config/application.rb.dist
View File

@@ -54,5 +54,9 @@ module FixinMe
# Sender address of account registration-related messages # Sender address of account registration-related messages
Devise.mailer_sender = 'noreply@localhost' Devise.mailer_sender = 'noreply@localhost'
# Whether to skip e-mail confirmation for new registrations is configured
# through the web setup wizard and stored in the database (Setting model),
# so it does not need to be set here.
end end
end end

3
config/environments/test.rb
View File

@@ -58,7 +58,4 @@ Rails.application.configure do
# config.action_view.annotate_rendered_view_with_filenames = true # config.action_view.annotate_rendered_view_with_filenames = true
config.log_level = :info config.log_level = :info
# Allow Capybara's dynamic test server host (127.0.0.1:<random_port>)
config.hosts << '127.0.0.1'
end end

2
config/initializers/devise.rb
View File

@@ -91,7 +91,7 @@ Devise.setup do |config|
# It will change confirmation, password recovery and other workflows # It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong. # to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable. # Does not affect registerable.
config.paranoid = true # config.paranoid = true
# By default Devise will store the user in session. You can skip storage for # By default Devise will store the user in session. You can skip storage for
# particular strategies by setting this option. # particular strategies by setting this option.

14
config/locales/devise.en.yml
View File

@@ -4,15 +4,15 @@ en:
devise: devise:
confirmations: confirmations:
confirmed: "Your email address has been successfully confirmed." confirmed: "Your email address has been successfully confirmed."
send_paranoid_instructions: > send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
If your email address is in our database, a message with instructions on how send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
to confirm your email address has been sent to you.
failure: failure:
already_authenticated: "You are already signed in." already_authenticated: "You are already signed in."
inactive: "Your account is not activated yet." inactive: "Your account is not activated yet."
invalid: "Invalid <b>%{authentication_keys}</b> or <b>password</b>." invalid: "Invalid %{authentication_keys} or password."
locked: "Your account is locked." locked: "Your account is locked."
last_attempt: "You have one more attempt before your account is locked." last_attempt: "You have one more attempt before your account is locked."
not_found_in_database: "Invalid %{authentication_keys} or password."
timeout: "Your session expired. Please sign in again to continue." timeout: "Your session expired. Please sign in again to continue."
unauthenticated: "You need to sign in or sign up before continuing." unauthenticated: "You need to sign in or sign up before continuing."
unconfirmed: "You have to confirm your email address before continuing." unconfirmed: "You have to confirm your email address before continuing."
@@ -32,9 +32,8 @@ en:
success: "Successfully authenticated from %{kind} account." success: "Successfully authenticated from %{kind} account."
passwords: passwords:
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
send_paranoid_instructions: > send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
If your email address is in our database, the password recovery link has been send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
sent to you.
updated: "Your password has been changed successfully. You are now signed in." updated: "Your password has been changed successfully. You are now signed in."
updated_not_active: "Your password has been changed successfully." updated_not_active: "Your password has been changed successfully."
registrations: registrations:
@@ -51,6 +50,7 @@ en:
signed_out: "Signed out successfully." signed_out: "Signed out successfully."
already_signed_out: "Signed out successfully." already_signed_out: "Signed out successfully."
unlocks: unlocks:
send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
unlocked: "Your account has been unlocked successfully. Please sign in to continue." unlocked: "Your account has been unlocked successfully. Please sign in to continue."
errors: errors:

46
config/locales/en.yml
View File

@@ -11,13 +11,8 @@ en:
activerecord: activerecord:
attributes: attributes:
quantity: quantity:
default_unit: Default unit
description: Description description: Description
name: Name name: Name
readout:
created_at: Recorded at
taken_at: Taken at
value: Value
unit: unit:
base: Base unit base: Base unit
description: Description description: Description
@@ -86,26 +81,16 @@ en:
revert: Revert revert: Revert
sign_out: Sign out sign_out: Sign out
source_code: Get code source_code: Get code
readouts:
form:
set_default_unit: Set as default unit
measurements: measurements:
navigation: Measurements navigation: Measurements
no_items: There are no measurements taken. You can Add some now. no_items: There are no measurements taken. You can Add some now.
form: form:
select_quantity: select quantities... select_quantity: select the measured quantities...
taken_at_html: Measurement taken at&emsp;
index: index:
new_measurement: Add measurement new_measurement: Add measurement
readout: readouts:
destroy: Delete form:
create: select_unit: ...
success:
one: Recorded 1 measurement.
other: Recorded %{count} measurements.
no_readouts: No readouts selected.
destroy:
success: Measurement deleted.
quantities: quantities:
navigation: Quantities navigation: Quantities
no_items: There are no configured quantities. You can Add some or Import from defaults. no_items: There are no configured quantities. You can Add some or Import from defaults.
@@ -165,7 +150,7 @@ en:
edit: edit:
password_html: 'New password:%{password_length_hint_html}' password_html: 'New password:%{password_length_hint_html}'
update_password: Update password update_password: Update password
profiles: registrations:
new: new:
password_html: 'Password:%{password_length_hint_html}' password_html: 'Password:%{password_length_hint_html}'
password_confirmation: 'Retype password:' password_confirmation: 'Retype password:'
@@ -177,13 +162,34 @@ en:
New password: New password:
<br><em>leave blank to keep unchanged</em> <br><em>leave blank to keep unchanged</em>
%{password_length_hint_html} %{password_length_hint_html}
registrations:
destroy:
sole_admin: You cannot delete the only admin account.
actions: Actions actions: Actions
setup:
new:
admin_account: Admin account
admin_email: 'E-mail:'
admin_password: 'Password:'
admin_password_confirmation: 'Retype password:'
options: Options
skip_email_confirmation: Skip e-mail confirmation for new registrations
seed_units: Seed built-in default units
submit: Set up
create:
email_blank: E-mail cannot be blank.
password_blank: Password cannot be blank.
password_mismatch: Passwords do not match.
success: >
Installation complete. You can now sign in with the admin account you
just created.
add: Add add: Add
apply: Apply apply: Apply
back: Back back: Back
cancel: Cancel cancel: Cancel
delete: Delete delete: Delete
:no: 'no' :no: 'no'
or: or
register: Register register: Register
sign_in: Sign in sign_in: Sign in
recover_password: Recover password recover_password: Recover password

10
config/routes.rb
View File

@@ -1,4 +1,7 @@
Rails.application.routes.draw do Rails.application.routes.draw do
# Web-based installation wizard — only reachable when no admin exists yet.
resource :setup, only: [:new, :create], controller: :setup
resources :measurements resources :measurements
resources :readouts, only: [:new] do resources :readouts, only: [:new] do
@@ -24,9 +27,8 @@ Rails.application.routes.draw do
# https://github.com/heartcombo/devise/issues/5786 # https://github.com/heartcombo/devise/issues/5786
connection = ActiveRecord::Base.connection connection = ActiveRecord::Base.connection
if connection.schema_version && connection.table_exists?(:users) if connection.schema_version && connection.table_exists?(:users)
# NOTE: change helper prefix from *_registration to *_profile once possible
devise_for :users, path: '', path_names: {registration: 'profile'}, devise_for :users, path: '', path_names: {registration: 'profile'},
controllers: {registrations: 'user/profiles'} controllers: {registrations: :registrations}
end end
resources :users, only: [:index, :show, :update] do resources :users, only: [:index, :show, :update] do
@@ -35,7 +37,9 @@ Rails.application.routes.draw do
end end
unauthenticated do unauthenticated do
root to: redirect('/sign_in') as :user do
root to: redirect('/sign_in')
end
end end
root to: redirect('/units'), as: :user_root root to: redirect('/units'), as: :user_root

8
db/migrate/20250121230456_create_readouts.rb
View File

@@ -1,14 +1,10 @@
class CreateReadouts < ActiveRecord::Migration[7.2] class CreateReadouts < ActiveRecord::Migration[7.2]
def change def change
create_table :readouts do |t| create_table :readouts do |t|
# Reference :user through :quantity (:measurement may be NULL). t.references :user, null: false, foreign_key: true
t.references :measurement, foreign_key: true
t.references :quantity, null: false, foreign_key: true t.references :quantity, null: false, foreign_key: true
# :category + :value + :unit as a separate table? (NumericValue, TextValue)
t.integer :category, null: false, default: 0
t.float :value, null: false, limit: Float::MANT_DIG
t.references :unit, foreign_key: true t.references :unit, foreign_key: true
# Move to Measurement? t.decimal :value, null: false, precision: 30, scale: 15
#t.references :collector, foreign_key: true #t.references :collector, foreign_key: true
#t.references :device, foreign_key: true #t.references :device, foreign_key: true

12
db/migrate/20260228171524_create_settings.rb Normal file
View File

@@ -0,0 +1,12 @@
class CreateSettings < ActiveRecord::Migration[7.2]
def change
create_table :settings do |t|
t.string :key, null: false
t.string :value
t.timestamps
end
add_index :settings, :key, unique: true
end
end

6
db/migrate/20260402000000_add_taken_at_to_readouts.rb
View File

@@ -1,6 +0,0 @@
class AddTakenAtToReadouts < ActiveRecord::Migration[7.2]
def change
add_column :readouts, :taken_at, :datetime
add_index :readouts, [:user_id, :taken_at]
end
end

5
db/migrate/20260403000000_add_default_unit_to_quantities.rb
View File

@@ -1,5 +0,0 @@
class AddDefaultUnitToQuantities < ActiveRecord::Migration[7.2]
def change
add_reference :quantities, :default_unit, foreign_key: {to_table: :units}, null: true
end
end

7
db/schema.rb
View File

@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[7.2].define(version: 2026_04_03_000000) do ActiveRecord::Schema[7.2].define(version: 2025_01_21_230456) do
create_table "quantities", charset: "utf8mb4", collation: "utf8mb4_0900_as_ci", force: :cascade do |t| create_table "quantities", charset: "utf8mb4", collation: "utf8mb4_0900_as_ci", force: :cascade do |t|
t.bigint "user_id" t.bigint "user_id"
t.string "name", limit: 31, null: false t.string "name", limit: 31, null: false
@@ -20,8 +20,6 @@ ActiveRecord::Schema[7.2].define(version: 2026_04_03_000000) do
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.integer "depth", default: 0, null: false t.integer "depth", default: 0, null: false
t.string "pathname", limit: 511, null: false t.string "pathname", limit: 511, null: false
t.bigint "default_unit_id"
t.index ["default_unit_id"], name: "index_quantities_on_default_unit_id"
t.index ["parent_id"], name: "index_quantities_on_parent_id" t.index ["parent_id"], name: "index_quantities_on_parent_id"
t.index ["user_id", "parent_id", "name"], name: "index_quantities_on_user_id_and_parent_id_and_name", unique: true t.index ["user_id", "parent_id", "name"], name: "index_quantities_on_user_id_and_parent_id_and_name", unique: true
t.index ["user_id"], name: "index_quantities_on_user_id" t.index ["user_id"], name: "index_quantities_on_user_id"
@@ -34,12 +32,10 @@ ActiveRecord::Schema[7.2].define(version: 2026_04_03_000000) do
t.decimal "value", precision: 30, scale: 15, null: false t.decimal "value", precision: 30, scale: 15, null: false
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.datetime "taken_at"
t.index ["quantity_id", "created_at"], name: "index_readouts_on_quantity_id_and_created_at", unique: true t.index ["quantity_id", "created_at"], name: "index_readouts_on_quantity_id_and_created_at", unique: true
t.index ["quantity_id"], name: "index_readouts_on_quantity_id" t.index ["quantity_id"], name: "index_readouts_on_quantity_id"
t.index ["unit_id"], name: "index_readouts_on_unit_id" t.index ["unit_id"], name: "index_readouts_on_unit_id"
t.index ["user_id"], name: "index_readouts_on_user_id" t.index ["user_id"], name: "index_readouts_on_user_id"
t.index ["user_id", "taken_at"], name: "index_readouts_on_user_id_and_taken_at"
end end
create_table "units", charset: "utf8mb4", collation: "utf8mb4_0900_as_ci", force: :cascade do |t| create_table "units", charset: "utf8mb4", collation: "utf8mb4_0900_as_ci", force: :cascade do |t|
@@ -74,7 +70,6 @@ ActiveRecord::Schema[7.2].define(version: 2026_04_03_000000) do
end end
add_foreign_key "quantities", "quantities", column: "parent_id", on_delete: :cascade add_foreign_key "quantities", "quantities", column: "parent_id", on_delete: :cascade
add_foreign_key "quantities", "units", column: "default_unit_id"
add_foreign_key "quantities", "users" add_foreign_key "quantities", "users"
add_foreign_key "readouts", "quantities" add_foreign_key "readouts", "quantities"
add_foreign_key "readouts", "units" add_foreign_key "readouts", "units"

16
db/seeds.rb
View File

@@ -3,13 +3,25 @@
# bin/rails db:seed # bin/rails db:seed
# command (or created alongside the database with db:setup). # command (or created alongside the database with db:setup).
# Seeding process should be idempotent. # Seeding process should be idempotent.
#
# Admin account setup
# -------------------
# The preferred way to create the first admin account is through the web setup
# wizard, which is shown automatically on the first visit when no admin exists.
# The wizard also lets you configure runtime options (e.g. skip e-mail
# confirmation) and seed the default units without using the command line.
#
# The block below provides an alternative CLI path for headless / automated
# deployments. It is skipped when an admin account already exists (e.g. after
# the web wizard has run).
User.transaction do User.transaction do
break if User.find_by status: :admin break if User.find_by status: :admin
User.create! email: Rails.configuration.admin, password: 'admin', status: :admin do |user| password = SecureRandom.alphanumeric(12)
User.create! email: Rails.configuration.admin, password: password, status: :admin do |user|
user.skip_confirmation! user.skip_confirmation!
print "Creating #{user.status} account '#{user.email}' with password '#{user.password}'..." print "Creating #{user.status} account '#{user.email}' with password '#{password}'..."
end end
puts "done." puts "done."

4
test/application_system_test_case.rb
View File

@@ -1,7 +1,6 @@
require "test_helper" require "test_helper"
class ApplicationSystemTestCase < ActionDispatch::SystemTestCase class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
include ActionView::Helpers::SanitizeHelper
include ActionView::Helpers::UrlHelper include ActionView::Helpers::UrlHelper
# NOTE: geckodriver installed with Firefox, ignore incompatibility warning # NOTE: geckodriver installed with Firefox, ignore incompatibility warning
@@ -33,8 +32,7 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
# Allow skipping interpolations when translating for testing purposes # Allow skipping interpolations when translating for testing purposes
INTERPOLATION_PATTERNS = Regexp.union(I18n.config.interpolation_patterns) INTERPOLATION_PATTERNS = Regexp.union(I18n.config.interpolation_patterns)
def translate(key, **options) def translate(key, **options)
translation = options.empty? ? super.split(INTERPOLATION_PATTERNS, 2).first : super options.empty? ? super.split(INTERPOLATION_PATTERNS, 2).first : super
sanitize(translation, tags: [])
end end
alias :t :translate alias :t :translate

18
test/controllers/registrations_controller_test.rb Normal file
View File

@@ -0,0 +1,18 @@
require "test_helper"
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
test "sole admin cannot delete account" do
sign_in users(:admin)
delete user_registration_path
assert_redirected_to edit_user_registration_path
assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
assert User.exists?(users(:admin).id)
end
test "non-admin can delete account" do
sign_in users(:alice)
assert_difference ->{ User.count }, -1 do
delete user_registration_path
end
end
end

45
test/system/quantities_test.rb
View File

@@ -1,45 +0,0 @@
require "application_system_test_case"
class QuantitiesTest < ApplicationSystemTestCase
setup do
@user = sign_in(user: users(:alice))
@unit = @user.units.create!(symbol: 'kg')
@quantity = @user.quantities.create!(name: 'Weight')
visit quantities_path
end
test "update button turns red when default unit changes" do
click_on 'Weight'
button = find('button[name=button]')
initial_color = evaluate_script("getComputedStyle(arguments[0]).backgroundColor", button)
select 'kg', from: 'quantity[default_unit_id]'
changed_color = evaluate_script("getComputedStyle(arguments[0]).backgroundColor", button)
refute_equal initial_color, changed_color, "Button color should change when default unit is altered"
end
test "saving default unit pre-selects it in measurements form" do
click_on 'Weight'
select 'kg', from: 'quantity[default_unit_id]'
click_on t('helpers.submit.update')
assert_selector '.flash.notice'
@quantity.reload
assert_equal @unit.id, @quantity.default_unit_id
visit measurements_path
find(:link_or_button, t('measurements.index.new_measurement')).click
assert_selector '#measurement_form'
within '#quantity_select' do
check 'Weight'
end
find('button[formaction]').click
within 'tbody#readouts' do
assert_selector "option[value='#{@unit.id}'][selected]"
end
end
end

146
test/system/users_test.rb
View File

@@ -5,8 +5,8 @@ class UsersTest < ApplicationSystemTestCase
@admin = users(:admin) @admin = users(:admin)
end end
test 'sign in' do test "sign in" do
visit root_url visit new_user_session_path
assert find_link(href: new_user_session_path)[:disabled] assert find_link(href: new_user_session_path)[:disabled]
sign_in sign_in
@@ -14,23 +14,16 @@ class UsersTest < ApplicationSystemTestCase
assert_text t('devise.sessions.signed_in') assert_text t('devise.sessions.signed_in')
end end
test 'sign in fails with invalid credentials' do test 'sign in fails with invalid password' do
label = User.human_attribute_name(:email) sign_in password: random_password
# Both: valid and invalid emails should give the same (paranoid) error message.
email = [users.sample.email, random_email].sample
visit root_url
fill_in label, with: email
fill_in User.human_attribute_name(:password), with: random_password
click_on t(:sign_in)
assert_current_path new_user_session_path assert_current_path new_user_session_path
assert_text t('devise.failure.invalid', authentication_keys: label.downcase_first) assert_text t('devise.failure.not_found_in_database',
authentication_keys: User.human_attribute_name(:email))
assert find_link(href: new_user_session_path)[:disabled] assert find_link(href: new_user_session_path)[:disabled]
assert has_field?(label, with: email) assert_not_empty find_field(User.human_attribute_name(:email)).value
end end
test 'sign out' do test "sign out" do
sign_in sign_in
visit root_url visit root_url
click_on t("layouts.application.sign_out") click_on t("layouts.application.sign_out")
@@ -38,106 +31,79 @@ class UsersTest < ApplicationSystemTestCase
assert_text t("devise.sessions.signed_out") assert_text t("devise.sessions.signed_out")
end end
test 'recover password' do test "recover password" do
label = User.human_attribute_name(:email) visit new_user_session_url
email = users.select(&:confirmed?).sample.email click_on t(:recover_password)
visit root_url
fill_in label, with: email
# Form validations should allow empty password.
assert has_field?(User.human_attribute_name(:password), with: nil)
fill_in User.human_attribute_name(:email),
with: users.select(&:confirmed?).sample.email
assert_emails 1 do assert_emails 1 do
click_on t(:recover_password) click_on t(:recover_password)
# Wait until redirected to make sure async request has been processed
assert_current_path new_user_session_path assert_current_path new_user_session_path
# Wait for flash message to make sure async request has been processed.
assert_text t("devise.passwords.send_paranoid_instructions")
end end
assert has_field?(label, with: email) assert_text t("devise.passwords.send_instructions")
with_last_email do |mail| with_last_email do |mail|
visit Capybara.string(mail.body.to_s).find_link("Change my password")[:href] visit Capybara.string(mail.body.to_s).find_link("Change my password")[:href]
assert_current_path edit_user_password_path, ignore_query: true
# Make sure flash message is not displayed twice.
assert_no_text t("devise.passwords.send_paranoid_instructions")
end end
new_password = random_password new_password = random_password
fill_in t("users.passwords.edit.password_html"), with: new_password fill_in t("users.passwords.edit.password_html"), with: new_password
fill_in t("helpers.label.user.password_confirmation"), with: new_password fill_in t("helpers.label.user.password_confirmation"), with: new_password
assert_emails 1 do assert_emails 1 do
click_on t("users.passwords.edit.update_password") click_on t("users.passwords.edit.update_password")
# Wait until redirected to make sure async request has been processed
assert_current_path units_path assert_current_path units_path
assert_text t("devise.passwords.updated")
end end
assert_text t("devise.passwords.updated")
end end
test 'recover password for nonexistent user' do test "register" do
label = User.human_attribute_name(:email) visit new_user_session_url
email = random_email
visit root_url
fill_in label, with: email
assert_no_emails do
click_on t(:recover_password)
assert_current_path new_user_session_path
assert_text t("devise.passwords.send_paranoid_instructions")
end
end
test 'register' do
visit root_url
click_on t(:register) click_on t(:register)
assert find_link(href: new_user_registration_path)[:disabled]
fill_in User.human_attribute_name(:email), with: random_email fill_in User.human_attribute_name(:email), with: random_email
password = random_password password = random_password
fill_in User.human_attribute_name(:password), with: password fill_in User.human_attribute_name(:password), with: password
fill_in t("users.profiles.new.password_confirmation"), with: password fill_in t("users.registrations.new.password_confirmation"), with: password
assert_difference ->{ User.count }, 1 do assert_difference ->{User.count}, 1 do
assert_emails 1 do assert_emails 1 do
click_on t(:register) click_on t(:register)
# Wait until redirected to make sure async request has been processed
assert_current_path new_user_session_path assert_current_path new_user_session_path
assert_text t("devise.registrations.signed_up_but_unconfirmed")
end end
end end
assert_text t("devise.registrations.signed_up_but_unconfirmed")
assert_changes ->{ User.last.confirmed? }, from: false, to: true do with_last_email do |mail|
with_last_email do |mail| visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
assert_current_path new_user_session_path
assert_text t("devise.confirmations.confirmed")
end
end end
assert_current_path new_user_session_path
assert_text t("devise.confirmations.confirmed")
assert User.last.confirmed?
end end
test 'resend confirmation' do test "resend confirmation" do
label = User.human_attribute_name(:email) visit new_user_session_url
user = users.reject(&:confirmed?).sample
visit root_url
click_on t(:register) click_on t(:register)
fill_in label, with: user.email click_on t(:resend_confirmation)
assert has_field?(User.human_attribute_name(:password), with: nil)
fill_in User.human_attribute_name(:email),
with: users.reject(&:confirmed?).sample.email
assert_emails 1 do assert_emails 1 do
click_on t(:resend_confirmation) click_on t(:resend_confirmation)
assert_current_path new_user_registration_path # Wait until redirected to make sure async request has been processed
assert_text t("devise.confirmations.send_paranoid_instructions") assert_current_path new_user_session_path
end end
assert has_field?(label, with: user.email) assert_current_path new_user_session_path
assert_text t("devise.confirmations.send_instructions")
assert_changes ->{ user.reload.confirmed? }, from: false, to: true do with_last_email do |mail|
with_last_email do |mail| visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
visit Capybara.string(mail.body.to_s).find_link("Confirm my account")[:href]
assert_current_path new_user_session_path
assert_no_text t("devise.confirmations.send_paranoid_instructions")
assert_text t("devise.confirmations.confirmed")
end
end end
end end
test 'show profile' do test "show profile" do
sign_in user: users.select(&:admin?).select(&:confirmed?).sample sign_in user: users.select(&:admin?).select(&:confirmed?).sample
click_on t("users.navigation") click_on t("users.navigation")
within all('tr').drop(1).sample do |tr| within all('tr').drop(1).sample do |tr|
@@ -147,7 +113,7 @@ class UsersTest < ApplicationSystemTestCase
end end
end end
test 'disguise' do test "disguise" do
user = users.select(&:admin?).select(&:confirmed?).sample user = users.select(&:admin?).select(&:confirmed?).sample
sign_in user: user sign_in user: user
@@ -163,7 +129,7 @@ class UsersTest < ApplicationSystemTestCase
assert_link user.email assert_link user.email
end end
test 'disguise fails for admin when disallowed' do test "disguise fails for admin when disallowed" do
user = users.select(&:admin?).select(&:confirmed?).sample user = users.select(&:admin?).select(&:confirmed?).sample
sign_in user: user sign_in user: user
@@ -176,37 +142,45 @@ class UsersTest < ApplicationSystemTestCase
assert_title 'The change you wanted was rejected (422)' assert_title 'The change you wanted was rejected (422)'
end end
test 'disguise forbidden for non admin' do test "disguise forbidden for non admin" do
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
visit disguise_user_path(User.all.sample) visit disguise_user_path(User.all.sample)
assert_title 'Access is forbidden to this page (403)' assert_title 'Access is forbidden to this page (403)'
end end
test 'delete profile' do test "delete profile" do
user = sign_in user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
# TODO: remove condition after root_url changed to different path than # TODO: remove condition after root_url changed to different path than
# profile in routes.rb # profile in routes.rb
unless has_current_path?(edit_user_registration_path) unless has_current_path?(edit_user_registration_path)
first(:link_or_button, user.email).click first(:link_or_button, user.email).click
end end
assert_difference ->{ User.count }, -1 do assert_difference ->{ User.count }, -1 do
accept_confirm { click_on t("users.profiles.edit.delete") } accept_confirm { click_on t("users.registrations.edit.delete") }
assert_current_path new_user_session_path assert_current_path new_user_session_path
end end
assert_text t("devise.registrations.destroyed") assert_text t("devise.registrations.destroyed")
end end
test 'index forbidden for non admin' do test "sole admin cannot delete profile" do
sign_in user: users(:admin)
unless has_current_path?(edit_user_registration_path)
first(:link_or_button, users(:admin).email).click
end
assert find(:button, t("users.registrations.edit.delete"))[:disabled]
end
test "index forbidden for non admin" do
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
visit users_path visit users_path
assert_title "Access is forbidden to this page (403)" assert_title "Access is forbidden to this page (403)"
end end
test 'update profile' do test "update profile" do
# TODO # TODO
end end
test 'update status' do test "update status" do
sign_in user: users.select(&:admin?).select(&:confirmed?).sample sign_in user: users.select(&:admin?).select(&:confirmed?).sample
visit users_path visit users_path
@@ -221,7 +195,7 @@ class UsersTest < ApplicationSystemTestCase
assert_current_path users_path assert_current_path users_path
end end
test 'update status fails for admin when disallowed' do test "update status fails for admin when disallowed" do
sign_in user: users.select(&:admin?).select(&:confirmed?).sample sign_in user: users.select(&:admin?).select(&:confirmed?).sample
visit users_path visit users_path
@@ -229,12 +203,12 @@ class UsersTest < ApplicationSystemTestCase
user = User.find_by_email!(first(:link).text) user = User.find_by_email!(first(:link).text)
inject_button_to first('td:not(.link)'), "update status", user_path(user), method: :patch, inject_button_to first('td:not(.link)'), "update status", user_path(user), method: :patch,
params: {user: {status: User.statuses.keys.sample}}, data: {turbo: false} params: {user: {status: User.statuses.keys.sample}}, data: {turbo: false}
execute_script("arguments[0].click()", find_button("update status")) click_on "update status"
end end
assert_title 'The change you wanted was rejected (422)' assert_title 'The change you wanted was rejected (422)'
end end
test 'update status forbidden for non admin' do test "update status forbidden for non admin" do
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
visit units_path visit units_path
inject_button_to find('body'), "update status", user_path(User.all.sample), method: :patch, inject_button_to find('body'), "update status", user_path(User.all.sample), method: :patch,