Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require Ransack v4 #8009

Merged
merged 1 commit into from
Jul 12, 2023
Merged

Require Ransack v4 #8009

merged 1 commit into from
Jul 12, 2023

Conversation

javierjulio
Copy link
Member

@javierjulio javierjulio commented Jul 11, 2023
edited
Loading

As part of a major ActiveAdmin release, we'll now require Ransack v4 which in turn requires users to declare an allowlist of attributes and associations on their models.

Closes #7809

@javierjulio javierjulio self-assigned this Jul 11, 2023
@javierjulio javierjulio mentioned this pull request Jul 11, 2023
Merged
@codecov
Copy link

codecov bot commented Jul 11, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.02 ⚠️

Comparison is base (c1fe7a4) 99.11% compared to head (6c14325) 99.09%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8009      +/-   ##
==========================================
- Coverage   99.11%   99.09%   -0.02%     
==========================================
  Files         197      197              
  Lines        4945     4949       +4     
==========================================
+ Hits         4901     4904       +3     
- Misses         44       45       +1
Impacted Files Coverage Δ
...active_admin/orm/active_record/comments/comment.rb 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@javierjulio javierjulio force-pushed the ransack-v4 branch 2 times, most recently from 72c4891 to 6994c7a Compare July 12, 2023 00:08
@javierjulio javierjulio merged commit c3a2dfd into master Jul 12, 2023
18 checks passed
@javierjulio javierjulio deleted the ransack-v4 branch July 12, 2023 23:54
@Fire-Dragon-DoL
Copy link
Contributor

Fire-Dragon-DoL commented Jul 13, 2023
edited
Loading

Should activeadmin website documentation be updated too? It seems like it will "naturally " become public API.

Notice that activeadmin could build this list out of filter and provide an API to add more/remove

@javierjulio
Copy link
Member Author

What would be updated in our documentation? That is a public API in Ransack v4. It is expected that users update their models with an allowlist. It's not something that ActiveAdmin configures.

javierjulio added a commit that referenced this pull request Jul 13, 2023
@javierjulio
Fix bug report template with Ransack allowlist
001ff4c 
I missed this while working on #8009 since we only run the bug report template script in CI if the script itself is changing to optimize CI workflow which we want to maintain for now.
@Fire-Dragon-DoL
Copy link
Contributor

What would be updated in our documentation? That is a public API in Ransack v4. It is expected that users update their models with an allowlist. It's not something that ActiveAdmin configures.

Oh it's at the model level, sorry did not realize that. Thank you.

I would mention in the filter documentation at least a reference to "you must allow attributes you want to enable filter for" and link to the ransack documentation relevant section

@javierjulio
Copy link
Member Author

@Fire-Dragon-DoL yes, I think a simple mention wouldn't hurt. It will be obvious to a user once running the app since they will get a Ransack warning displayed with all the details on what to change.

Will you create a PR to update the docs? I would accept a PR that adds a line mentioning that models now require an allowlist for Ransack with a link to the specific Ransack PR.

@Fire-Dragon-DoL
Copy link
Contributor

@Fire-Dragon-DoL yes, I think a simple mention wouldn't hurt. It will be obvious to a user once running the app since they will get a Ransack warning displayed with all the details on what to change.

Will you create a PR to update the docs? I would accept a PR that adds a line mentioning that models now require an allowlist for Ransack with a link to the specific Ransack PR.

Yes! I would be happy to do that

@alexplatteeuw alexplatteeuw mentioned this pull request Jul 17, 2023
Merged
@Fire-Dragon-DoL Fire-Dragon-DoL mentioned this pull request Aug 3, 2023
Merged
@Fire-Dragon-DoL
Copy link
Contributor

@Fire-Dragon-DoL yes, I think a simple mention wouldn't hurt. It will be obvious to a user once running the app since they will get a Ransack warning displayed with all the details on what to change.

Will you create a PR to update the docs? I would accept a PR that adds a line mentioning that models now require an allowlist for Ransack with a link to the specific Ransack PR.

Wrote the PR:
#8043

Please let me know if you'd like me to work a bit more on the language, I tried to be terse, but there are a lot of concepts to talk about the allowlist (activeadmin, ransack, model, authorization, attributes)

@Fire-Dragon-DoL
Copy link
Contributor

Proceeded to upgrade my own version to activeadmin 3 today and was looking for documentation on the topic. Very happy to discover it was there, just in time to remember I wrote it 🤦‍♂️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@javierjulio javierjulio

Labels
type breaking change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ransack 4 support
2 participants
@javierjulio @Fire-Dragon-DoL