From 21d74575154b7e5ce3c9673f1affc410b66704b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 17:47:04 -0400 Subject: [PATCH 1/4] Bump jquery-ui-rails and apparition (#307) * Bump jquery-ui-rails and apparition Bumps [jquery-ui-rails](https://github.com/joliss/jquery-ui-rails) and [apparition](https://github.com/twalpole/apparition). These dependencies needed to be updated together. Updates `jquery-ui-rails` from 5.0.5 to 6.0.1 - [Release notes](https://github.com/joliss/jquery-ui-rails/releases) - [Changelog](https://github.com/jquery-ui-rails/jquery-ui-rails/blob/master/History.md) - [Commits](https://github.com/joliss/jquery-ui-rails/compare/v5.0.5...v6.0.1) Updates `apparition` from `7db58cc` to 0.4.0 - [Commits](https://github.com/twalpole/apparition/compare/7db58cc6b0e4ca4141b074ff27d5936a1b8874bf...v0.4.0) --- updated-dependencies: - dependency-name: jquery-ui-rails dependency-type: direct:production - dependency-name: apparition dependency-type: direct:development ... Signed-off-by: dependabot[bot] * Fix new syntax --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Juan Vasquez --- Gemfile | 2 +- Gemfile.lock | 47 +++++++++++++++------------ app/assets/javascripts/application.js | 2 +- 3 files changed, 28 insertions(+), 23 deletions(-) diff --git a/Gemfile b/Gemfile index 5a5afc4a..5751d452 100644 --- a/Gemfile +++ b/Gemfile @@ -54,7 +54,7 @@ gem "jquery-rails" gem "pg" -gem "jquery-ui-rails", "~> 5.0", ">= 5.0.5" +gem "jquery-ui-rails", "~> 6.0" gem "acts_as_list" gem "mimemagic", "~> 0.3.8" diff --git a/Gemfile.lock b/Gemfile.lock index 78dbbd78..a732409c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -77,7 +77,7 @@ GEM tzinfo (~> 2.0) acts_as_list (1.1.0) activerecord (>= 4.2) - addressable (2.8.1) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) autoprefixer-rails (10.4.13.0) @@ -146,7 +146,7 @@ GEM globalid (1.1.0) activesupport (>= 5.0) hashie (5.0.0) - i18n (1.12.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) jbuilder (2.11.5) actionview (>= 5.0.0) @@ -155,7 +155,7 @@ GEM rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - jquery-ui-rails (5.0.5) + jquery-ui-rails (6.0.1) railties (>= 3.2.16) json (2.6.3) jwt (2.7.0) @@ -165,9 +165,9 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - loofah (2.19.1) + loofah (2.21.3) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) madmin (1.2.7) pagy (>= 3.5, < 6.0) rails (>= 6.0.3) @@ -182,8 +182,8 @@ GEM mimemagic (0.3.10) nokogiri (~> 1) rake - mini_mime (1.1.2) - minitest (5.18.0) + mini_mime (1.1.5) + minitest (5.20.0) multi_xml (0.6.0) net-imap (0.3.4) date @@ -198,9 +198,11 @@ GEM next_rails (1.2.2) colorize (>= 0.8.1) nio4r (2.5.9) - nokogiri (1.14.3-x86_64-darwin) + nokogiri (1.15.4-arm64-darwin) racc (~> 1.4) - nokogiri (1.14.3-x86_64-linux) + nokogiri (1.15.4-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.15.4-x86_64-linux) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -235,13 +237,13 @@ GEM parser (3.2.1.1) ast (~> 2.4.1) pg (1.4.6) - public_suffix (5.0.1) + public_suffix (5.0.3) puma (6.3.1) nio4r (~> 2.0) pundit (2.3.0) activesupport (>= 3.0.0) - racc (1.6.2) - rack (2.2.6.4) + racc (1.7.1) + rack (2.2.8) rack-mini-profiler (3.0.0) rack (>= 1.2.0) rack-protection (3.0.5) @@ -266,11 +268,13 @@ GEM actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.5.0) - loofah (~> 2.19, >= 2.19.1) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) railties (7.0.4.3) actionpack (= 7.0.4.3) activesupport (= 7.0.4.3) @@ -285,7 +289,7 @@ GEM ffi (~> 1.0) recursive-open-struct (1.1.3) redcarpet (3.5.1) - regexp_parser (2.7.0) + regexp_parser (2.8.1) responders (3.1.0) actionpack (>= 5.2) railties (>= 5.2) @@ -367,7 +371,7 @@ GEM rubocop-performance (~> 1.16.0) standardrb (1.0.1) standard - thor (1.2.1) + thor (1.2.2) tilt (2.1.0) timeout (0.3.2) turbolinks (5.2.1) @@ -391,14 +395,15 @@ GEM rubyzip (>= 1.3.0) selenium-webdriver (~> 4.0) websocket (1.2.9) - websocket-driver (0.7.5) + websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.7) + zeitwerk (2.6.12) PLATFORMS + arm64-darwin-22 x86_64-darwin-21 x86_64-linux @@ -417,7 +422,7 @@ DEPENDENCIES faker jbuilder (~> 2.5) jquery-rails - jquery-ui-rails (~> 5.0, >= 5.0.5) + jquery-ui-rails (~> 6.0) listen (~> 3.7) madmin (~> 1.2) matrix diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js index 6ededb59..b8ed8646 100644 --- a/app/assets/javascripts/application.js +++ b/app/assets/javascripts/application.js @@ -14,7 +14,7 @@ //= require jquery //= require bootstrap-sprockets //= require jquery-ui/widget -//= require jquery-ui/sortable +//= require jquery-ui/widgets/sortable //= require turbolinks //= require clipboard.min //= require sortable_list From 5018044872c054b06ae6071599c54b2c78fe4f94 Mon Sep 17 00:00:00 2001 From: "Brian E. McElaney" Date: Tue, 10 Oct 2023 11:52:28 -0400 Subject: [PATCH 2/4] Move copy story url to clipboard button to the story dropdown menu (#232) * Move copy story url to clipboard button to the story dropdown menu * Fix copy-to-clipboard popup alert position * Shift location of popup * fix css of the copy link message * fixed the options under the menu on the project show page --------- Co-authored-by: rishijain --- app/assets/stylesheets/project.scss | 19 +------------------ app/assets/stylesheets/stories.scss | 4 ++-- app/views/projects/show.html.erb | 14 +++++--------- 3 files changed, 8 insertions(+), 29 deletions(-) diff --git a/app/assets/stylesheets/project.scss b/app/assets/stylesheets/project.scss index d470e8d6..1a128dd9 100644 --- a/app/assets/stylesheets/project.scss +++ b/app/assets/stylesheets/project.scss @@ -267,24 +267,7 @@ i { position: relative; border-radius: 50%; - padding: 5px; - opacity: 0; - transition: transform 0.5s, opacity 0.5s; - transform: translateX(-100%); - } - - &:hover { - i { - opacity: 1; - transform: translateX(0); - } - } - - &:active { - i { - background: #f70a7c; - color: white; - } + padding-right: 5px; } } diff --git a/app/assets/stylesheets/stories.scss b/app/assets/stylesheets/stories.scss index 0a18c5c2..8f94a7b1 100644 --- a/app/assets/stylesheets/stories.scss +++ b/app/assets/stylesheets/stories.scss @@ -118,8 +118,8 @@ .popup { display: none; position: absolute; - top: 5px; - left: 30px; + right: 30px; + z-index: 50; background: #d9f1f1; height: 30px; width: 140px; diff --git a/app/views/projects/show.html.erb b/app/views/projects/show.html.erb index 1bb4c6bb..bf0f7174 100644 --- a/app/views/projects/show.html.erb +++ b/app/views/projects/show.html.erb @@ -27,9 +27,9 @@ <% @stories.each do | story | %> + Copied to clipboard <%= link_to "#{story.id} - #{story.title}", [story.project, story] %> - <%= story.estimate_for(current_user)&.best_case_points %> <%= story.estimate_for(current_user)&.worst_case_points %> @@ -46,6 +46,10 @@ @@ -102,11 +100,9 @@
<%= link_to 'Return to Projects Page', projects_path, id: :back, class: "button" %> - <% if current_user.admin? %> <%= button_to is_unlocked?(@project) ? 'Lock Project' : 'Unlock Project', toggle_locked_project_path(@project.id), method: :patch, class: "button magenta", id: "lock-btn", remote: true %> <% end %> - <%= link_to 'Clone Project', new_clone_project_path(@project.id), class: "button green" %> <%= link_to 'Edit Project', edit_project_path(@project.id), class: "button green" %> From 1be286f923f62528556549dce518cfda5648120c Mon Sep 17 00:00:00 2001 From: Henrique <45046146+hmdros@users.noreply.github.com> Date: Tue, 10 Oct 2023 16:40:23 -0300 Subject: [PATCH 3/4] Remove test case using js: true (#313) --- spec/features/projects_manage_spec.rb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/spec/features/projects_manage_spec.rb b/spec/features/projects_manage_spec.rb index ac4bb97f..f0f96899 100644 --- a/spec/features/projects_manage_spec.rb +++ b/spec/features/projects_manage_spec.rb @@ -145,14 +145,6 @@ expect(page.source).to include("php upgrade") end - it "allows me to export a CSV" do - visit project_path(id: project.id) - find("#import-export").click - - click_on "Export" - expect(page.source).to include("php upgrade") - end - it "allows me to import a CSV" do visit project_path(id: project.id) find("#import-export").click From f6bc1540c4574794a49b91ef0c7a409544f29b90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20V=C3=A1squez?= Date: Tue, 10 Oct 2023 14:14:16 -0600 Subject: [PATCH 4/4] [MKT-575] Prevent accidental deletion in points (#310) * [MKT-575] Prevent accidental deletion in points https://ombulabs.atlassian.net/browse/MKT-575 * added spec for checking destroy when title does not match --------- Co-authored-by: rishijain --- app/assets/stylesheets/stories.scss | 4 +++ app/controllers/projects_controller.rb | 15 ++++++++--- app/views/projects/_delete_form.html.erb | 12 +++++++++ app/views/projects/open_delete_modal.js.erb | 3 +++ app/views/projects/show.html.erb | 2 +- config/routes.rb | 1 + spec/controllers/projects_controller_spec.rb | 28 +++++++++++++++++++- spec/features/projects_manage_spec.rb | 22 ++++++++++----- 8 files changed, 75 insertions(+), 12 deletions(-) create mode 100644 app/views/projects/_delete_form.html.erb create mode 100644 app/views/projects/open_delete_modal.js.erb diff --git a/app/assets/stylesheets/stories.scss b/app/assets/stylesheets/stories.scss index 8f94a7b1..c9dc1431 100644 --- a/app/assets/stylesheets/stories.scss +++ b/app/assets/stylesheets/stories.scss @@ -60,6 +60,10 @@ padding-bottom: 1.3em; } +.modal strong { + font-weight: bold; +} + .new_story, .edit_story { display: grid; diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 84537228..b9c352bd 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -1,6 +1,6 @@ class ProjectsController < ApplicationController before_action :authenticate_user! - before_action :find_project, only: [:show, :edit, :update, :sort, :sort_stories, :destroy, :new_sub_project, :toggle_archive, :toggle_locked] + before_action :find_project, only: [:show, :edit, :update, :sort, :sort_stories, :destroy, :new_sub_project, :toggle_archive, :toggle_locked, :open_delete_modal] before_action :ensure_unarchived!, only: [:edit, :new_sub_project, :update] def index @@ -70,9 +70,14 @@ def create end def destroy - @project.destroy respond_to do |format| - format.html { redirect_to projects_path, notice: "Project was successfully destroyed." } + if @project.title.strip.eql?(params.dig(:project, :title)&.strip) + @project.destroy + flash[:success] = "Project was successfully destroyed." + else + flash[:error] = "Make sure you added the correct project's title" + end + format.html { redirect_to projects_path } end end @@ -104,6 +109,10 @@ def new_sub_project @sub = Project.new(parent_id: @project) end + # GET /projects/1/open_delete_modal.js + def open_delete_modal + end + private def find_project diff --git a/app/views/projects/_delete_form.html.erb b/app/views/projects/_delete_form.html.erb new file mode 100644 index 00000000..ec2694bd --- /dev/null +++ b/app/views/projects/_delete_form.html.erb @@ -0,0 +1,12 @@ +<%= form_with(model: project, method: :delete) do |f| %> + This action cannot be undone. + This will permanently delete the <%= project.title %> project, + stories, and associated estimations. + +
+ <%= f.label :title, raw("Please type #{project.title} to confirm.") %> + <%= f.text_field :title, value: "", placeholder: "Project's title", autofocus: true, required: true %> +
+ + <%= f.submit "I understand the consequences, delete this project", class: "button magenta" %> +<% end %> diff --git a/app/views/projects/open_delete_modal.js.erb b/app/views/projects/open_delete_modal.js.erb new file mode 100644 index 00000000..a2887254 --- /dev/null +++ b/app/views/projects/open_delete_modal.js.erb @@ -0,0 +1,3 @@ +(function(){ + showModal("Are you absolutely sure?", "<%= j(render('delete_form', project: @project)) %>") +})() diff --git a/app/views/projects/show.html.erb b/app/views/projects/show.html.erb index bf0f7174..9620c314 100644 --- a/app/views/projects/show.html.erb +++ b/app/views/projects/show.html.erb @@ -108,7 +108,7 @@ <% if is_unlocked?(@project) %> <%= link_unless_archived(@project, "Add Sub-Project", project_new_sub_project_path(@project), classes: :green) unless @project.parent_id.present? %> - <%= link_unless_archived(@project, "Delete Project", project_path(@project.id), classes: "delete magenta", method: :delete, remote: true, data_attr: { confirm: 'Are you sure?' }, id: "delete") %> + <%= link_unless_archived(@project, "Delete Project", open_delete_modal_project_path(@project.id), classes: "delete magenta", remote: true) %> <% end %> <% unless @project.parent_id %> diff --git a/config/routes.rb b/config/routes.rb index 42297c54..b1565639 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -24,6 +24,7 @@ patch :toggle_locked get :new_clone post :clone + get :open_delete_modal end get :new_sub_project diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index ffe9b248..ca1a0e4e 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -124,9 +124,35 @@ describe "#destroy" do it "deletes the project" do expect { - delete :destroy, params: {id: project.id} + delete :destroy, params: {id: project.id, project: {title: project.title}} + }.to change(Project, :count).by(-1) + end + + it "deletes stripped project's title" do + project.update(title: " foo bar ") + expect { + delete :destroy, params: {id: project.id, project: {title: "foo bar"}} + }.to change(Project, :count).by(-1) + end + + it "deletes stripped project's params" do + project.update(title: "foo bar") + expect { + delete :destroy, params: {id: project.id, project: {title: "foo bar "}} }.to change(Project, :count).by(-1) end + + it "does not delete the project" do + expect { + delete :destroy, params: {id: project.id} + }.not_to change(Project, :count) + end + + it "does not delete the project when the title does not match" do + expect { + delete :destroy, params: {id: project.id, project: {title: "random title"}} + }.not_to change(Project, :count) + end end describe "#show" do diff --git a/spec/features/projects_manage_spec.rb b/spec/features/projects_manage_spec.rb index f0f96899..1db8e1c2 100644 --- a/spec/features/projects_manage_spec.rb +++ b/spec/features/projects_manage_spec.rb @@ -50,19 +50,27 @@ end context "when the project is unarchived" do - it "allows me to delete a project", js: false do + it "does not delete a project" do + project.update(title: "Awesome Project's Title") visit project_path(id: project.id) + click_link "Delete Project" - expect(Project.count).to eq 0 + expect(page).to have_content "Are you absolutely sure?" + fill_in "project_title", with: "Random Project's Title" + click_button "I understand the consequences, delete this project" + + expect(page).to have_content "Make sure you added the correct project's title" end it "allows me to delete a project" do visit project_path(id: project.id) - accept_confirm do - click_link "Delete Project" - end - expect(page).not_to have_content "Delete Project" - expect(Project.count).to eq 0 + + click_link "Delete Project" + expect(page).to have_content "Are you absolutely sure?" + fill_in "project_title", with: project.title + click_button "I understand the consequences, delete this project" + + expect(page).to have_content "Project was successfully destroyed." end it "allows editing the project's title inline" do