-
-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require Ransack v4 #8009
Require Ransack v4 #8009
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #8009 +/- ##
==========================================
- Coverage 99.11% 99.09% -0.02%
==========================================
Files 197 197
Lines 4945 4949 +4
==========================================
+ Hits 4901 4904 +3
- Misses 44 45 +1
☔ View full report in Codecov by Sentry. |
72c4891
to
6994c7a
Compare
Should activeadmin website documentation be updated too? It seems like it will "naturally " become public API. Notice that activeadmin could build this list out of |
What would be updated in our documentation? That is a public API in Ransack v4. It is expected that users update their models with an allowlist. It's not something that ActiveAdmin configures. |
I missed this while working on #8009 since we only run the bug report template script in CI if the script itself is changing to optimize CI workflow which we want to maintain for now.
Oh it's at the model level, sorry did not realize that. Thank you. I would mention in the filter documentation at least a reference to "you must allow attributes you want to enable filter for" and link to the ransack documentation relevant section |
@Fire-Dragon-DoL yes, I think a simple mention wouldn't hurt. It will be obvious to a user once running the app since they will get a Ransack warning displayed with all the details on what to change. Will you create a PR to update the docs? I would accept a PR that adds a line mentioning that models now require an allowlist for Ransack with a link to the specific Ransack PR. |
Yes! I would be happy to do that |
Wrote the PR: Please let me know if you'd like me to work a bit more on the language, I tried to be terse, but there are a lot of concepts to talk about the allowlist (activeadmin, ransack, model, authorization, attributes) |
Proceeded to upgrade my own version to activeadmin 3 today and was looking for documentation on the topic. Very happy to discover it was there, just in time to remember I wrote it 🤦♂️ |
As part of a major ActiveAdmin release, we'll now require Ransack v4 which in turn requires users to declare an allowlist of attributes and associations on their models.
Closes #7809