From 2faada7f14ac35aaf24c6d30cd7c1b976506327e Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 10 Jul 2015 17:37:28 +0100 Subject: [PATCH 01/31] Find interesting crops using DB queries --- app/models/crop.rb | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/app/models/crop.rb b/app/models/crop.rb index 2773bbe38..08d4f127f 100644 --- a/app/models/crop.rb +++ b/app/models/crop.rb @@ -29,6 +29,12 @@ class Crop < ActiveRecord::Base scope :pending_approval, -> { where(:approval_status => "pending") } scope :approved, -> { where(:approval_status => "approved") } scope :rejected, -> { where(:approval_status => "rejected") } + # Crops with enough plantings and photos + # ActiveRecord wizardry copied from + # http://stackoverflow.com/questions/13226913/how-do-i-select-all-records-with-more-than-n-child-records + scope :has_plantings, ->(min_plantings) { select("crops.*").joins(:plantings).group("crops.id").having("count(crops.id) >= ?", min_plantings) } + scope :has_photos, ->(min_photos) { select("crops.*").joins(:photos).group("crops.id").having("count(crops.id) >= ?", min_photos) } + scope :interesting, -> { has_plantings(3).has_photos(3).randomized.limit(12) } ## Wikipedia urls are only necessary when approving a crop validates :en_wikipedia_url, @@ -174,14 +180,6 @@ class Crop < ActiveRecord::Base return popular_plant_parts end - def interesting? - min_plantings = 3 # needs this many plantings to be interesting - min_photos = 3 # needs this many photos to be interesting - return false unless photos.size >= min_photos - return false unless plantings_count >= min_plantings - return true - end - def pending? approval_status == "pending" end @@ -202,19 +200,6 @@ class Crop < ActiveRecord::Base [ "already in database", "not edible", "not enough information", "other" ] end - # Crop.interesting - # returns a list of interesting crops, for use on the homepage etc - def Crop.interesting - howmany = 12 # max number to find - interesting_crops = Array.new - Crop.randomized.each do |c| - break if interesting_crops.size == howmany - next unless c.interesting? - interesting_crops.push(c) - end - return interesting_crops - end - # Crop.create_from_csv(row) # used by db/seeds.rb and rake growstuff:import_crops # CSV fields: From 07c976b1fc2637e3179c415742700f9d4e66ccc1 Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 10 Jul 2015 17:54:53 +0100 Subject: [PATCH 02/31] Filter plantings-with-photos in the DB, not Ruby. --- app/models/planting.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models/planting.rb b/app/models/planting.rb index f06ccf9ac..70d65e4d2 100644 --- a/app/models/planting.rb +++ b/app/models/planting.rb @@ -116,11 +116,13 @@ class Planting < ActiveRecord::Base interesting_plantings = Array.new seen_owners = Hash.new(false) # keep track of which owners we've seen already - Planting.all.each do |p| + if require_photo then + candidates = Planting.joins(:photos).uniq + else + candidates = Planting + end + candidates.each do |p| break if interesting_plantings.size == howmany # got enough yet? - if require_photo - next unless p.photos.present? # skip those without photos, if required - end next if seen_owners[p.owner] # skip if we already have one from this owner seen_owners[p.owner] = true # we've seen this owner interesting_plantings.push(p) From 492bdd915f249790c3d97d22f49ba77a28e335e4 Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 10 Jul 2015 18:51:55 +0100 Subject: [PATCH 03/31] Move the rest of Planting.interesting into the DB We could maybe make it a scope at this point... --- app/models/planting.rb | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/app/models/planting.rb b/app/models/planting.rb index 70d65e4d2..e2ce8ee4c 100644 --- a/app/models/planting.rb +++ b/app/models/planting.rb @@ -113,21 +113,15 @@ class Planting < ActiveRecord::Base # we can't do this via a scope (as far as we know) so sadly we have to # do it this way. def Planting.interesting(howmany=12, require_photo=true) - interesting_plantings = Array.new - seen_owners = Hash.new(false) # keep track of which owners we've seen already - if require_photo then candidates = Planting.joins(:photos).uniq else candidates = Planting end - candidates.each do |p| - break if interesting_plantings.size == howmany # got enough yet? - next if seen_owners[p.owner] # skip if we already have one from this owner - seen_owners[p.owner] = true # we've seen this owner - interesting_plantings.push(p) - end - - return interesting_plantings + # Find the most recent acceptable planting for each member + most_recent_ids = candidates.select("max(plantings.id)") + .unscope(:order) + .group("plantings.owner_id") + return candidates.where(id: most_recent_ids).limit(howmany) end end From 9e7957709d1b239954747eb2163ce0d445c9d95d Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 10 Jul 2015 19:03:18 +0100 Subject: [PATCH 04/31] Remove BUNDLED BY line from Gemfile.lock This keeps getting removed by some automatic process, and it's cluttering up my `git diff` output. --- Gemfile.lock | 3 --- 1 file changed, 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7e3b4aa92..fef7b8258 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -458,6 +458,3 @@ DEPENDENCIES unicorn webrat will_paginate (~> 3.0) - -BUNDLED WITH - 1.10.3 From fc1dc0e4c37b74258a64d95fb9d286f21bfb757c Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 10 Jul 2015 19:13:32 +0100 Subject: [PATCH 05/31] Remove unused Planting#interesting? method. --- app/models/planting.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/app/models/planting.rb b/app/models/planting.rb index e2ce8ee4c..c9ba22398 100644 --- a/app/models/planting.rb +++ b/app/models/planting.rb @@ -90,10 +90,6 @@ class Planting < ActiveRecord::Base return photos.first end - def interesting? - return photos.present? - end - def calculate_days_before_maturity(planting, crop) p_crop = Planting.where(:crop_id => crop).where.not(:id => planting) differences = p_crop.collect do |p| From 96b0198d4130a2b02045db7d805ffdb5325632ff Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Thu, 23 Jul 2015 23:05:39 +0100 Subject: [PATCH 06/31] Replace remaining calls to count() with size() The couple that aren't removed are required: for instance, there's a Crop.count method, but no Crop.size method. --- app/views/gardens/_thumbnail.html.haml | 4 ++-- app/views/home/_stats.html.haml | 4 ++-- spec/controllers/photos_controller_spec.rb | 4 ++-- spec/models/member_spec.rb | 6 +++--- spec/models/photo_spec.rb | 12 ++++++------ .../activemerchant-1.33.0/lib/support/ssl_verify.rb | 2 +- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/app/views/gardens/_thumbnail.html.haml b/app/views/gardens/_thumbnail.html.haml index c622098c9..bd3fc7eb1 100644 --- a/app/views/gardens/_thumbnail.html.haml +++ b/app/views/gardens/_thumbnail.html.haml @@ -25,9 +25,9 @@ %dd= garden.active ? "Yes" : "No" .col-md-12 %b - = "#{pluralize(garden.plantings.count, "Planting")} : " + = "#{pluralize(garden.plantings.size, "Planting")} : " = display_garden_plantings(garden.plantings.current) - - if garden.plantings.count > 2 + - if garden.plantings.size > 2 %br = link_to "See more plantings >>", garden_path(garden) .panel-footer diff --git a/app/views/home/_stats.html.haml b/app/views/home/_stats.html.haml index e13f74719..53ffd2492 100644 --- a/app/views/home/_stats.html.haml +++ b/app/views/home/_stats.html.haml @@ -1,7 +1,7 @@ - cache("homepage_stats") do %p.stats - = t('.message_html', { member: link_to(t('.member_linktext', count: Member.confirmed.count.to_i), members_path), - number_crops: link_to(t('.number_crops_linktext', count: Crop.count.to_i), crops_path), + = t('.message_html', { member: link_to(t('.member_linktext', count: Member.confirmed.size.to_i), members_path), + number_crops: link_to(t('.number_crops_linktext', count: Crop.count.to_i), crops_path), number_plantings: link_to(t('.number_plantings_linktext', count: Planting.count.to_i), plantings_path), number_gardens: link_to(t('.number_gardens_linktext', count: Garden.count.to_i), gardens_path) }) diff --git a/spec/controllers/photos_controller_spec.rb b/spec/controllers/photos_controller_spec.rb index 286b23b64..603959b46 100644 --- a/spec/controllers/photos_controller_spec.rb +++ b/spec/controllers/photos_controller_spec.rb @@ -115,7 +115,7 @@ describe PhotosController do post :create, {:photo => { :flickr_photo_id => photo.flickr_photo_id }, :type => "planting", :id => planting.id } - Photo.last.plantings.count.should eq 1 + Photo.last.plantings.size.should eq 1 end it "attaches the photo to a harvest" do @@ -140,7 +140,7 @@ describe PhotosController do post :create, {:photo => { :flickr_photo_id => photo.flickr_photo_id }, :type => "harvest", :id => harvest.id } - Photo.last.harvests.count.should eq 1 + Photo.last.harvests.size.should eq 1 end end diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb index b91584953..66ea5a597 100644 --- a/spec/models/member_spec.rb +++ b/spec/models/member_spec.rb @@ -23,7 +23,7 @@ describe 'member' do end it 'should have a default garden' do - member.gardens.count.should == 1 + member.gardens.size.should == 1 end it 'should have a accounts entry' do @@ -221,12 +221,12 @@ describe 'member' do end it 'sees confirmed members' do - Member.confirmed.count.should == 2 + Member.confirmed.size.should == 2 end it 'ignores unconfirmed members' do @member3 = FactoryGirl.create(:unconfirmed_member) - Member.confirmed.count.should == 2 + Member.confirmed.size.should == 2 end end diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb index 650f0f57c..36a9eb068 100644 --- a/spec/models/photo_spec.rb +++ b/spec/models/photo_spec.rb @@ -11,19 +11,19 @@ describe Photo do context "adds photos" do it 'to a planting' do planting.photos << photo - expect(planting.photos.count).to eq 1 + expect(planting.photos.size).to eq 1 expect(planting.photos.first).to eq photo end it 'to a harvest' do harvest.photos << photo - expect(harvest.photos.count).to eq 1 + expect(harvest.photos.size).to eq 1 expect(harvest.photos.first).to eq photo end it 'to a garden' do garden.photos << photo - expect(garden.photos.count).to eq 1 + expect(garden.photos.size).to eq 1 expect(garden.photos.first).to eq photo end end @@ -32,19 +32,19 @@ describe Photo do it 'from a planting' do planting.photos << photo photo.destroy - expect(planting.photos.count).to eq 0 + expect(planting.photos.size).to eq 0 end it 'from a harvest' do harvest.photos << photo photo.destroy - expect(harvest.photos.count).to eq 0 + expect(harvest.photos.size).to eq 0 end it 'from a garden' do garden.photos << photo photo.destroy - expect(garden.photos.count).to eq 0 + expect(garden.photos.size).to eq 0 end it "automatically if unused" do diff --git a/vendor/gems/activemerchant-1.33.0/lib/support/ssl_verify.rb b/vendor/gems/activemerchant-1.33.0/lib/support/ssl_verify.rb index 1ba28878a..ccb6650d5 100644 --- a/vendor/gems/activemerchant-1.33.0/lib/support/ssl_verify.rb +++ b/vendor/gems/activemerchant-1.33.0/lib/support/ssl_verify.rb @@ -10,7 +10,7 @@ class SSLVerify def test_gateways success, failed, missing, errored, disabled = [], [], [], [], [] - puts "Verifying #{@gateways.count} SSL certificates\n\n" + puts "Verifying #{@gateways.size} SSL certificates\n\n" @gateways.each do |g| if !g.live_url From f29c0ad08520ede88b2de2306729dcc6fafa6cdc Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Thu, 23 Jul 2015 23:21:55 +0100 Subject: [PATCH 07/31] Replace .length calls with .size --- app/models/planting.rb | 2 +- spec/models/crop_spec.rb | 6 +++--- spec/models/forum_spec.rb | 2 +- spec/models/garden_spec.rb | 2 +- spec/models/member_spec.rb | 4 ++-- spec/models/planting_spec.rb | 2 +- spec/models/post_spec.rb | 6 +++--- spec/models/seed_spec.rb | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/app/models/planting.rb b/app/models/planting.rb index f06ccf9ac..900156b2a 100644 --- a/app/models/planting.rb +++ b/app/models/planting.rb @@ -105,7 +105,7 @@ class Planting < ActiveRecord::Base if differences.compact.empty? nil else - differences.compact.sum/differences.compact.length + differences.compact.sum/differences.compact.size end end diff --git a/spec/models/crop_spec.rb b/spec/models/crop_spec.rb index 724567626..90e02c5fc 100644 --- a/spec/models/crop_spec.rb +++ b/spec/models/crop_spec.rb @@ -232,7 +232,7 @@ describe Crop do Crop.interesting.should include @crop1 Crop.interesting.should include @crop2 - Crop.interesting.length.should == 2 + Crop.interesting.size.should == 2 end it 'ignores crops without plantings' do @@ -254,7 +254,7 @@ describe Crop do Crop.interesting.should include @crop1 Crop.interesting.should_not include @crop2 - Crop.interesting.length.should == 1 + Crop.interesting.size.should == 1 end @@ -280,7 +280,7 @@ describe Crop do Crop.interesting.should include @crop1 Crop.interesting.should_not include @crop2 - Crop.interesting.length.should == 1 + Crop.interesting.size.should == 1 end end diff --git a/spec/models/forum_spec.rb b/spec/models/forum_spec.rb index dfebfa356..7c26c8f4b 100644 --- a/spec/models/forum_spec.rb +++ b/spec/models/forum_spec.rb @@ -19,7 +19,7 @@ describe Forum do it "has many posts" do @post1 = FactoryGirl.create(:forum_post, :forum => forum) @post2 = FactoryGirl.create(:forum_post, :forum => forum) - forum.posts.length.should == 2 + forum.posts.size.should == 2 end it "orders posts in reverse chron order" do diff --git a/spec/models/garden_spec.rb b/spec/models/garden_spec.rb index 6eebba460..ab52e2fac 100644 --- a/spec/models/garden_spec.rb +++ b/spec/models/garden_spec.rb @@ -88,7 +88,7 @@ describe Garden do garden = FactoryGirl.create(:garden, :owner => owner) @planting1 = FactoryGirl.create(:planting, :garden => garden) @planting2 = FactoryGirl.create(:planting, :garden => garden) - garden.plantings.length.should == 2 + garden.plantings.size.should == 2 all = Planting.count garden.destroy Planting.count.should == all - 2 diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb index 66ea5a597..93760a904 100644 --- a/spec/models/member_spec.rb +++ b/spec/models/member_spec.rb @@ -61,13 +61,13 @@ describe 'member' do it "has many comments" do @comment1 = FactoryGirl.create(:comment, :author => member) @comment2 = FactoryGirl.create(:comment, :author => member) - member.comments.length.should == 2 + member.comments.size.should == 2 end it "has many forums" do @forum1 = FactoryGirl.create(:forum, :owner => member) @forum2 = FactoryGirl.create(:forum, :owner => member) - member.forums.length.should == 2 + member.forums.size.should == 2 end it 'has location and lat/long fields' do diff --git a/spec/models/planting_spec.rb b/spec/models/planting_spec.rb index 16bb8b613..659636c5e 100644 --- a/spec/models/planting_spec.rb +++ b/spec/models/planting_spec.rb @@ -229,7 +229,7 @@ describe Planting do context "with howmany argument" do it "only returns the number asked for" do @plantings = FactoryGirl.create_list(:planting, 10) - Planting.interesting(3, false).length.should eq 3 + Planting.interesting(3, false).size.should eq 3 end end diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb index cb9324d3f..c56a5b301 100644 --- a/spec/models/post_spec.rb +++ b/spec/models/post_spec.rb @@ -24,7 +24,7 @@ describe Post do @datestr = @time.strftime("%Y%m%d") # 2 digit day and month, full-length years # Counting digits using Math.log is not precise enough! - @datestr.length.should == 4 + @time.year.to_s.size + @datestr.size.should == 4 + @time.year.to_s.size @post.slug.should == "#{member.login_name}-#{@datestr}-a-post" end @@ -32,14 +32,14 @@ describe Post do @post = FactoryGirl.create(:post, :author => member) @comment1 = FactoryGirl.create(:comment, :post => @post) @comment2 = FactoryGirl.create(:comment, :post => @post) - @post.comments.length.should == 2 + @post.comments.size.should == 2 end it "destroys comments when deleted" do @post = FactoryGirl.create(:post, :author => member) @comment1 = FactoryGirl.create(:comment, :post => @post) @comment2 = FactoryGirl.create(:comment, :post => @post) - @post.comments.length.should == 2 + @post.comments.size.should == 2 all = Comment.count @post.destroy Comment.count.should == all - 2 diff --git a/spec/models/seed_spec.rb b/spec/models/seed_spec.rb index 58ae56ea7..65008adcc 100644 --- a/spec/models/seed_spec.rb +++ b/spec/models/seed_spec.rb @@ -146,7 +146,7 @@ describe Seed do Seed.interesting.should_not include @seed2 Seed.interesting.should_not include @seed3 Seed.interesting.should_not include @seed4 - Seed.interesting.length.should == 1 + Seed.interesting.size.should == 1 end end From 40b5a47aae4162ad813e89a40e38160a357fa83c Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Thu, 23 Jul 2015 23:22:45 +0100 Subject: [PATCH 08/31] Remove trailing whitespace --- app/assets/javascripts/finish_planting.js.coffee | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/finish_planting.js.coffee b/app/assets/javascripts/finish_planting.js.coffee index b8139b7fe..f52409a66 100644 --- a/app/assets/javascripts/finish_planting.js.coffee +++ b/app/assets/javascripts/finish_planting.js.coffee @@ -9,11 +9,11 @@ jQuery -> finished = $('#planting_finished_at') if @checked if previousValue.length - date = previousValue + date = previousValue finished.val(date) else finished.trigger('focus') else previousValue = finished.val() finished.val('') - ) \ No newline at end of file + ) From 91a128ae7eb8b2ba400e7c4efd5520acf499cf6e Mon Sep 17 00:00:00 2001 From: Miles Gould Date: Fri, 24 Jul 2015 15:09:54 +0100 Subject: [PATCH 09/31] Check existence of secret token before using it. People were forgetting to create config/environment.yml, which meant that RAILS_SECRET_TOKEN wasn't being set, which meant that all tests involving notifications failed. Unfortunately, the resulting wall of error messages (https://gist.github.com/sha1sum/5debae6b700ff8fc0c76) did not make the root cause remotely clear, leading to much confusion and head-scratching all round. This commit checks for the existence of RAILS_SECRET_TOKEN and fails with an informative error message if it's missing. --- app/mailers/notifier.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/mailers/notifier.rb b/app/mailers/notifier.rb index a37d65d67..5ffb862d6 100644 --- a/app/mailers/notifier.rb +++ b/app/mailers/notifier.rb @@ -2,12 +2,19 @@ class Notifier < ActionMailer::Base include NotificationsHelper default from: "Growstuff " + def verifier() + if ENV['RAILS_SECRET_TOKEN'] + return ActiveSupport::MessageVerifier.new(ENV['RAILS_SECRET_TOKEN']) + else + raise "RAILS_SECRET_TOKEN environment variable not set - have you created config/application.yml?" + end + end + def notify(notification) @notification = notification @reply_link = reply_link(@notification) # Encrypting - verifier = ActiveSupport::MessageVerifier.new(ENV['RAILS_SECRET_TOKEN']) @signed_message = verifier.generate ({ member_id: @notification.recipient.id, type: :send_notification_email }) mail(:to => @notification.recipient.email, @@ -21,7 +28,6 @@ class Notifier < ActionMailer::Base @harvests = @member.harvests.first(5) # Encrypting - verifier = ActiveSupport::MessageVerifier.new(ENV['RAILS_SECRET_TOKEN']) @signed_message = verifier.generate ({ member_id: @member.id, type: :send_planting_reminder }) if @member.send_planting_reminder From cbb50df8d04a414699f06eb190a25e40b53b85dd Mon Sep 17 00:00:00 2001 From: Anthony Atkinson Date: Sat, 25 Jul 2015 13:18:30 -0400 Subject: [PATCH 10/31] Resolved #562 - Pagination of notifications. --- Gemfile | 3 +++ Gemfile.lock | 8 ++++++++ app/controllers/notifications_controller.rb | 2 +- app/views/notifications/index.html.haml | 2 ++ spec/features/notifications_spec.rb | 21 +++++++++++++++++++++ 5 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index bb774b703..ffd1da341 100644 --- a/Gemfile +++ b/Gemfile @@ -35,6 +35,9 @@ gem 'ruby-units' # for unit conversion gem 'comfortable_mexican_sofa', '~> 1.12.0' # content management system +gem 'kaminari' # pagination +gem 'bootstrap-kaminari-views' # bootstrap views for kaminari + # vendored activemerchant for testing- needed for bogus paypal # gateway monkeypatch gem 'activemerchant', '1.33.0', diff --git a/Gemfile.lock b/Gemfile.lock index fef7b8258..261a40185 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,6 +64,9 @@ GEM bonsai-elasticsearch-rails (0.0.4) bootstrap-datepicker-rails (1.3.0.2) railties (>= 3.0) + bootstrap-kaminari-views (0.0.5) + kaminari (>= 0.13) + rails (>= 3.1) bootstrap-sass (3.3.3) autoprefixer-rails (>= 5.0.0.1) sass (>= 3.2.19) @@ -216,6 +219,9 @@ GEM railties (>= 3.2) sprockets-rails json (1.8.2) + kaminari (0.16.3) + actionpack (>= 3.0.0) + activesupport (>= 3.0.0) kgio (2.9.2) kramdown (1.5.0) launchy (2.4.3) @@ -402,6 +408,7 @@ DEPENDENCIES bluecloth bonsai-elasticsearch-rails bootstrap-datepicker-rails + bootstrap-kaminari-views bundler (>= 1.1.5) byebug cancancan (~> 1.9) @@ -430,6 +437,7 @@ DEPENDENCIES jquery-rails jquery-ui-rails (~> 5.0.2) js-routes + kaminari leaflet-markercluster-rails leaflet-rails less (~> 2.5.0) diff --git a/app/controllers/notifications_controller.rb b/app/controllers/notifications_controller.rb index 4608d3f99..f1934ded3 100644 --- a/app/controllers/notifications_controller.rb +++ b/app/controllers/notifications_controller.rb @@ -5,7 +5,7 @@ class NotificationsController < ApplicationController # GET /notifications def index - @notifications = Notification.where(recipient_id: current_member) + @notifications = Notification.where(recipient_id: current_member).page(params[:page]) respond_to do |format| format.html # index.html.erb diff --git a/app/views/notifications/index.html.haml b/app/views/notifications/index.html.haml index d5b373606..e5352ad26 100644 --- a/app/views/notifications/index.html.haml +++ b/app/views/notifications/index.html.haml @@ -1,6 +1,7 @@ - content_for :title, "Inbox" - if @notifications.size > 0 + = paginate @notifications, theme: 'twitter-bootstrap-3' %table.table.table-striped %tr %th From @@ -28,5 +29,6 @@ %strong= n.created_at %td = link_to 'Delete', n, method: :delete, data: { confirm: 'Are you sure?' }, :class => 'btn btn-default btn-xs' + = paginate @notifications, theme: 'twitter-bootstrap-3' - else You have no messages. diff --git a/spec/features/notifications_spec.rb b/spec/features/notifications_spec.rb index 5135a1c72..bb1be5907 100644 --- a/spec/features/notifications_spec.rb +++ b/spec/features/notifications_spec.rb @@ -22,4 +22,25 @@ feature "Notifications", :js => true do expect(page).to have_content "Message was successfully sent" end end + + describe 'pagination' do + before do + 34.times { FactoryGirl.create :notification, recipient: recipient } + login_as recipient + visit notifications_path + end + + it 'has page navigation' do + expect(page).to have_selector 'a[rel="next"]' + end + + it 'paginates at 30 notifications per page' do + expect(page).to have_selector 'tr', count: 31 + end + + it 'navigates pages' do + first('a[rel="next"]').click + expect(page).to have_selector 'tr', count: 5 + end + end end \ No newline at end of file From 9d62c012f1088f3d6417092ecd33f3c4ea613f8f Mon Sep 17 00:00:00 2001 From: Anthony Atkinson Date: Sat, 25 Jul 2015 13:34:16 -0400 Subject: [PATCH 11/31] Resolves #617 - Open Service graphic link in footer --- app/views/layouts/_footer.html.haml | 3 +++ spec/features/footer_spec.rb | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/views/layouts/_footer.html.haml b/app/views/layouts/_footer.html.haml index 946f45529..75e93f27f 100644 --- a/app/views/layouts/_footer.html.haml +++ b/app/views/layouts/_footer.html.haml @@ -7,3 +7,6 @@ != cms_snippet_content(:footer2) .col-md-4#footer3 != cms_snippet_content(:footer3) + %div(style="float: right;") + %a(href="http://opendefinition.org/ossd/") + %img(src="http://assets.okfn.org/images/ok_buttons/os_80x15_blue.png" alt="") diff --git a/spec/features/footer_spec.rb b/spec/features/footer_spec.rb index 400b153a4..6c0c7cead 100644 --- a/spec/features/footer_spec.rb +++ b/spec/features/footer_spec.rb @@ -2,11 +2,16 @@ require 'rails_helper' feature "footer" do + before { visit root_path } + scenario "footer is on home page" do - visit root_path expect(page).to have_css 'footer' end + it 'has the Open Service link and graphic' do + expect(page).to have_selector 'a[href="http://opendefinition.org/ossd/"]' + end + # NB: not testing specific content in the footer since I'm going to put them # in the CMS and they'll be variable. end From 29f3cc323881ddee59600a3d9b6b0a8d0a2f3b58 Mon Sep 17 00:00:00 2001 From: Anthony Atkinson Date: Sat, 1 Aug 2015 11:39:51 -0400 Subject: [PATCH 12/31] Updating new test additions and edits to features/harvests with Rspec3 Ruby2 syntax. --- spec/features/harvests/harvesting_a_crop_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/features/harvests/harvesting_a_crop_spec.rb b/spec/features/harvests/harvesting_a_crop_spec.rb index 1508feaa5..802f67a4d 100644 --- a/spec/features/harvests/harvesting_a_crop_spec.rb +++ b/spec/features/harvests/harvesting_a_crop_spec.rb @@ -23,8 +23,8 @@ feature "Harvesting a crop", :js do expect(page).to have_selector 'textarea#harvest_description[placeholder="optional"]' end - scenario "Creating a new harvest", :js => true do - fill_autocomplete "crop", :with => "mai" + scenario "Creating a new harvest", :js do + fill_autocomplete "crop", with: "mai" select_from_autocomplete "maize" within "form#new_harvest" do fill_in "When?", with: "2014-06-15" @@ -38,7 +38,7 @@ feature "Harvesting a crop", :js do end context "Clicking edit from the index page" do - let!(:harvest) { FactoryGirl.create(:harvest, :crop => maize, :owner => member) } + let!(:harvest) { create :harvest, crop: maize, owner: member } background do visit harvests_path From 919c25ca674d3f90155409ab77a43d66223867f7 Mon Sep 17 00:00:00 2001 From: Anthony Atkinson Date: Sat, 1 Aug 2015 11:58:13 -0400 Subject: [PATCH 13/31] Fixing notifications index view spec to be compatible with new Kaminari pagination. --- spec/views/notifications/index.html.haml_spec.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/spec/views/notifications/index.html.haml_spec.rb b/spec/views/notifications/index.html.haml_spec.rb index 04ecdd176..362037cce 100644 --- a/spec/views/notifications/index.html.haml_spec.rb +++ b/spec/views/notifications/index.html.haml_spec.rb @@ -26,10 +26,11 @@ describe "notifications/index" do before(:each) do @notification = FactoryGirl.create(:notification, :sender => @member, :recipient => @member) - assign(:notifications, [ @notification, @notification ]) + assign(:notifications, Kaminari.paginate_array([ @notification, @notification ]).page(1)) render end + it "renders a list of notifications" do assert_select "table" assert_select "tr>td", :text => @notification.sender.to_s, :count => 2 @@ -45,7 +46,7 @@ describe "notifications/index" do it "shows (no subject)" do @notification = FactoryGirl.create(:notification, :sender => @member, :recipient => @member, :subject => nil) - assign(:notifications, [@notification]) + assign(:notifications, Kaminari.paginate_array([@notification]).page(1)) render rendered.should have_content "(no subject)" end @@ -55,7 +56,7 @@ describe "notifications/index" do it "shows (no subject)" do @notification = FactoryGirl.create(:notification, :sender => @member, :recipient => @member, :subject => " ") - assign(:notifications, [@notification]) + assign(:notifications, Kaminari.paginate_array([@notification]).page(1)) render rendered.should have_content "(no subject)" end From 43fe29f113f1cec09334c2b8d90c14c9b6458181 Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 09:18:32 +0000 Subject: [PATCH 14/31] Fixing relative caching of post summary on homepage, fixed #789 --- app/views/posts/_summary.html.haml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/app/views/posts/_summary.html.haml b/app/views/posts/_summary.html.haml index 65fdeb567..9a2a479e1 100644 --- a/app/views/posts/_summary.html.haml +++ b/app/views/posts/_summary.html.haml @@ -15,7 +15,8 @@ %td.hidden-xs =link_to post.author, post.author %td - = distance_of_time_in_words(post.recent_activity, Time.zone.now) - ago + = post.recent_activity.to_date.to_formatted_s(:short) + // once the site gets more active, can change this to include time as well + // can't make it relative (distance_time as it's cached %td.hidden-xs = post.comments.size.to_s From 6f95f1fecf17e4c9fbed9cb1449a3cac424d8708 Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 09:20:06 +0000 Subject: [PATCH 15/31] Clarifying comment --- app/views/posts/_summary.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/posts/_summary.html.haml b/app/views/posts/_summary.html.haml index 9a2a479e1..59a58dd47 100644 --- a/app/views/posts/_summary.html.haml +++ b/app/views/posts/_summary.html.haml @@ -17,6 +17,6 @@ %td = post.recent_activity.to_date.to_formatted_s(:short) // once the site gets more active, can change this to include time as well - // can't make it relative (distance_time as it's cached + // can't make it relative (distance_of_time_in_words) as it's cached %td.hidden-xs = post.comments.size.to_s From 0681fac4069a223e04aa1eaad6f9704dffddab62 Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 09:51:14 +0000 Subject: [PATCH 16/31] Correcting view test for posts --- spec/views/forums/index.html.haml_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/views/forums/index.html.haml_spec.rb b/spec/views/forums/index.html.haml_spec.rb index 93d7090a9..9e7ef6f7e 100644 --- a/spec/views/forums/index.html.haml_spec.rb +++ b/spec/views/forums/index.html.haml_spec.rb @@ -45,7 +45,7 @@ describe "forums/index" do it "displays posts" do assert_select "table" rendered.should have_content @post.subject - rendered.should have_content "less than a minute ago" + rendered.should have_content Date.today.to_s(:short) end it "displays comment count" do From de981689fcf9c1ae7fb1edbda52caf334666d8fe Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 10:56:46 +0000 Subject: [PATCH 17/31] Revert "Merge pull request #775 from pozorvlak/speed_up_homepage" This reverts commit fa50ff47bb105cd9bd18a67d0c77109d19d65bc8, reversing changes made to 5b19d236d002cb13f511c06f6f31a55a4153e4b7. Once fixed, please read https://www.kernel.org/pub/software/scm/git/docs/howto/revert-a-faulty-merge.html carefully to get it back in properly. --- app/models/crop.rb | 27 +++++++++++++++++++++------ app/models/planting.rb | 26 +++++++++++++++++--------- 2 files changed, 38 insertions(+), 15 deletions(-) diff --git a/app/models/crop.rb b/app/models/crop.rb index af8aad4a4..2000ebfbb 100644 --- a/app/models/crop.rb +++ b/app/models/crop.rb @@ -29,12 +29,6 @@ class Crop < ActiveRecord::Base scope :pending_approval, -> { where(:approval_status => "pending") } scope :approved, -> { where(:approval_status => "approved") } scope :rejected, -> { where(:approval_status => "rejected") } - # Crops with enough plantings and photos - # ActiveRecord wizardry copied from - # http://stackoverflow.com/questions/13226913/how-do-i-select-all-records-with-more-than-n-child-records - scope :has_plantings, ->(min_plantings) { select("crops.*").joins(:plantings).group("crops.id").having("count(crops.id) >= ?", min_plantings) } - scope :has_photos, ->(min_photos) { select("crops.*").joins(:photos).group("crops.id").having("count(crops.id) >= ?", min_photos) } - scope :interesting, -> { has_plantings(3).has_photos(3).randomized.limit(12) } ## Wikipedia urls are only necessary when approving a crop validates :en_wikipedia_url, @@ -180,6 +174,14 @@ class Crop < ActiveRecord::Base return popular_plant_parts end + def interesting? + min_plantings = 3 # needs this many plantings to be interesting + min_photos = 3 # needs this many photos to be interesting + return false unless photos.size >= min_photos + return false unless plantings_count >= min_plantings + return true + end + def pending? approval_status == "pending" end @@ -200,6 +202,19 @@ class Crop < ActiveRecord::Base [ "already in database", "not edible", "not enough information", "other" ] end + # Crop.interesting + # returns a list of interesting crops, for use on the homepage etc + def Crop.interesting + howmany = 12 # max number to find + interesting_crops = Array.new + Crop.randomized.each do |c| + break if interesting_crops.size == howmany + next unless c.interesting? + interesting_crops.push(c) + end + return interesting_crops + end + # Crop.create_from_csv(row) # used by db/seeds.rb and rake growstuff:import_crops # CSV fields: diff --git a/app/models/planting.rb b/app/models/planting.rb index 2ce05f6e7..900156b2a 100644 --- a/app/models/planting.rb +++ b/app/models/planting.rb @@ -90,6 +90,10 @@ class Planting < ActiveRecord::Base return photos.first end + def interesting? + return photos.present? + end + def calculate_days_before_maturity(planting, crop) p_crop = Planting.where(:crop_id => crop).where.not(:id => planting) differences = p_crop.collect do |p| @@ -109,15 +113,19 @@ class Planting < ActiveRecord::Base # we can't do this via a scope (as far as we know) so sadly we have to # do it this way. def Planting.interesting(howmany=12, require_photo=true) - if require_photo then - candidates = Planting.joins(:photos).uniq - else - candidates = Planting + interesting_plantings = Array.new + seen_owners = Hash.new(false) # keep track of which owners we've seen already + + Planting.all.each do |p| + break if interesting_plantings.size == howmany # got enough yet? + if require_photo + next unless p.photos.present? # skip those without photos, if required + end + next if seen_owners[p.owner] # skip if we already have one from this owner + seen_owners[p.owner] = true # we've seen this owner + interesting_plantings.push(p) end - # Find the most recent acceptable planting for each member - most_recent_ids = candidates.select("max(plantings.id)") - .unscope(:order) - .group("plantings.owner_id") - return candidates.where(id: most_recent_ids).limit(howmany) + + return interesting_plantings end end From 1ec188c79348ad0ce875f06d64e002ea873ab8c7 Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 12:36:21 +0100 Subject: [PATCH 18/31] Revert "Fixing relative caching of post summary on homepage, fixed #789" --- app/views/posts/_summary.html.haml | 5 ++--- spec/views/forums/index.html.haml_spec.rb | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/app/views/posts/_summary.html.haml b/app/views/posts/_summary.html.haml index 59a58dd47..65fdeb567 100644 --- a/app/views/posts/_summary.html.haml +++ b/app/views/posts/_summary.html.haml @@ -15,8 +15,7 @@ %td.hidden-xs =link_to post.author, post.author %td - = post.recent_activity.to_date.to_formatted_s(:short) - // once the site gets more active, can change this to include time as well - // can't make it relative (distance_of_time_in_words) as it's cached + = distance_of_time_in_words(post.recent_activity, Time.zone.now) + ago %td.hidden-xs = post.comments.size.to_s diff --git a/spec/views/forums/index.html.haml_spec.rb b/spec/views/forums/index.html.haml_spec.rb index 9e7ef6f7e..93d7090a9 100644 --- a/spec/views/forums/index.html.haml_spec.rb +++ b/spec/views/forums/index.html.haml_spec.rb @@ -45,7 +45,7 @@ describe "forums/index" do it "displays posts" do assert_select "table" rendered.should have_content @post.subject - rendered.should have_content Date.today.to_s(:short) + rendered.should have_content "less than a minute ago" end it "displays comment count" do From 5a12b47c7cdd653ce369080eb947df4ceec396fb Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 12:37:59 +0100 Subject: [PATCH 19/31] Revert "Revert "Fixing relative caching of post summary on homepage, fixed #789"" --- app/views/posts/_summary.html.haml | 5 +++-- spec/views/forums/index.html.haml_spec.rb | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/views/posts/_summary.html.haml b/app/views/posts/_summary.html.haml index 65fdeb567..59a58dd47 100644 --- a/app/views/posts/_summary.html.haml +++ b/app/views/posts/_summary.html.haml @@ -15,7 +15,8 @@ %td.hidden-xs =link_to post.author, post.author %td - = distance_of_time_in_words(post.recent_activity, Time.zone.now) - ago + = post.recent_activity.to_date.to_formatted_s(:short) + // once the site gets more active, can change this to include time as well + // can't make it relative (distance_of_time_in_words) as it's cached %td.hidden-xs = post.comments.size.to_s diff --git a/spec/views/forums/index.html.haml_spec.rb b/spec/views/forums/index.html.haml_spec.rb index 93d7090a9..9e7ef6f7e 100644 --- a/spec/views/forums/index.html.haml_spec.rb +++ b/spec/views/forums/index.html.haml_spec.rb @@ -45,7 +45,7 @@ describe "forums/index" do it "displays posts" do assert_select "table" rendered.should have_content @post.subject - rendered.should have_content "less than a minute ago" + rendered.should have_content Date.today.to_s(:short) end it "displays comment count" do From 44b8500fa81888998db5ed3d3eb7166c30f9fe9a Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 12:12:29 +0000 Subject: [PATCH 20/31] Fix issue #788 with uncaught nil --- app/views/plantings/_planting_progress.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/plantings/_planting_progress.html.haml b/app/views/plantings/_planting_progress.html.haml index 86ba5d1a5..eea698c82 100644 --- a/app/views/plantings/_planting_progress.html.haml +++ b/app/views/plantings/_planting_progress.html.haml @@ -1,4 +1,4 @@ -- if DateTime.now.to_date < planting.planted_at +- if (planting.planted_at.nil? || DateTime.now.to_date < planting.planted_at) = "Progress: 0% - not planted yet" = render partial: "plantings/progress_bar", locals: {status: "warning", progress: "100%"} - elsif planting.finished? From 17c5fd61a3aa88196584122c4583724fe4faef58 Mon Sep 17 00:00:00 2001 From: Cesy Date: Thu, 6 Aug 2015 12:23:00 +0000 Subject: [PATCH 21/31] Fix #677 by adding organic/GMO/heirloom to CSV and RSS --- app/views/seeds/index.csv.shaper | 6 ++++++ app/views/seeds/index.rss.haml | 3 +++ 2 files changed, 9 insertions(+) diff --git a/app/views/seeds/index.csv.shaper b/app/views/seeds/index.csv.shaper index 818e68909..68f5664d3 100644 --- a/app/views/seeds/index.csv.shaper +++ b/app/views/seeds/index.csv.shaper @@ -11,6 +11,9 @@ csv.headers :id, :latitude, :longitude, :description, + :organic, + :gmo, + :heirloom, :date_added, :last_modified, :license @@ -37,6 +40,9 @@ csv.headers :id, csv.cell :longitude, s.owner.longitude csv.cell :description + csv.cell :organic + csv.cell :gmo + csv.cell :heirloom csv.cell :date_added, s.created_at.to_s(:db) csv.cell :last_modified, s.updated_at.to_s(:db) diff --git a/app/views/seeds/index.rss.haml b/app/views/seeds/index.rss.haml index 30cec02af..c35bc0d74 100644 --- a/app/views/seeds/index.rss.haml +++ b/app/views/seeds/index.rss.haml @@ -12,6 +12,9 @@ :escaped

Quantity: #{seed.quantity ? seed.quantity : 'unknown' }

Plant before: #{seed.plant_before ? seed.plant_before : 'unknown' }

+

Organic? #{seed.organic}

+

GMO? #{seed.gmo}

+

Heirloom? #{seed.heirloom}

- if seed.tradable? :escaped

Will trade #{seed.tradable_to} from #{seed.owner.location ? seed.owner.location : 'unknown location'}

From f61e2438e81dd95c71edfa14c9555674ddb9cde6 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Mon, 10 Aug 2015 16:08:09 +0930 Subject: [PATCH 22/31] Style checkbox for 'remember me' and allow it to be clickable (minor usability/mobile UI annoyance) --- app/views/devise/sessions/new.html.haml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index 51d7b6845..1930d2043 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -15,9 +15,10 @@ - if devise_mapping.rememberable? .form-group - .col-md-8.col-md-offset-2 - = f.check_box :remember_me - Remember me + .col-md-8.col-md-offset-2.checkbox + label + = f.check_box :remember_me + Remember me .form-group .form-actions.col-md-8.col-md-offset-2 From b788cb44efd6bdab2d15fa31c7c6e3557c0d4c63 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 10:23:50 +0930 Subject: [PATCH 23/31] Remember that we're working in haml, not slim. --- app/views/devise/sessions/new.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml index 1930d2043..4fdef08be 100644 --- a/app/views/devise/sessions/new.html.haml +++ b/app/views/devise/sessions/new.html.haml @@ -16,7 +16,7 @@ - if devise_mapping.rememberable? .form-group .col-md-8.col-md-offset-2.checkbox - label + %label = f.check_box :remember_me Remember me From 7b30c4237b429854d37c1867a9f12c7329e90626 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 10:28:07 +0930 Subject: [PATCH 24/31] Name: activesupport Version: 4.1.9 Advisory: CVE-2015-3227 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk Title: Possible Denial of Service attack in Active Support Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22 Name: activesupport Version: 4.1.9 Advisory: CVE-2015-3226 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU Title: XSS Vulnerability in ActiveSupport::JSON.encode Solution: upgrade to >= 4.2.2, ~> 4.1.11 --- Gemfile | 2 +- Gemfile.lock | 68 ++++++++++++++++++++++++++-------------------------- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/Gemfile b/Gemfile index 0cd47ce40..8a26f1058 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' ruby '2.1.5' -gem 'rails', '4.1.9' +gem 'rails', '4.1.11' gem 'bundler', '>=1.1.5' diff --git a/Gemfile.lock b/Gemfile.lock index a0d524eac..e9a80a0a4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,29 +20,29 @@ PATH GEM remote: https://rubygems.org/ specs: - actionmailer (4.1.9) - actionpack (= 4.1.9) - actionview (= 4.1.9) + actionmailer (4.1.11) + actionpack (= 4.1.11) + actionview (= 4.1.11) mail (~> 2.5, >= 2.5.4) - actionpack (4.1.9) - actionview (= 4.1.9) - activesupport (= 4.1.9) + actionpack (4.1.11) + actionview (= 4.1.11) + activesupport (= 4.1.11) rack (~> 1.5.2) rack-test (~> 0.6.2) - actionview (4.1.9) - activesupport (= 4.1.9) + actionview (4.1.11) + activesupport (= 4.1.11) builder (~> 3.1) erubis (~> 2.7.0) active_link_to (1.0.2) actionpack - activemodel (4.1.9) - activesupport (= 4.1.9) + activemodel (4.1.11) + activesupport (= 4.1.11) builder (~> 3.1) - activerecord (4.1.9) - activemodel (= 4.1.9) - activesupport (= 4.1.9) + activerecord (4.1.11) + activemodel (= 4.1.11) + activesupport (= 4.1.11) arel (~> 5.0.0) - activesupport (4.1.9) + activesupport (4.1.11) i18n (~> 0.6, >= 0.6.9) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -234,7 +234,7 @@ GEM js-routes (0.9.9) railties (>= 3.2) sprockets-rails - json (1.8.2) + json (1.8.3) kaminari (0.16.3) actionpack (>= 3.0.0) activesupport (>= 3.0.0) @@ -263,10 +263,10 @@ GEM mime-types (>= 1.16, < 3) memcachier (0.0.2) method_source (0.8.2) - mime-types (2.4.3) + mime-types (2.6.1) mini_portile (0.6.1) - minitest (5.5.1) - multi_json (1.10.1) + minitest (5.8.0) + multi_json (1.11.2) multi_xml (0.5.5) multipart-post (2.0.0) nenv (0.2.0) @@ -309,18 +309,18 @@ GEM slop (~> 3.4) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) - rack (1.5.2) + rack (1.5.5) rack-test (0.6.3) rack (>= 1.0) - rails (4.1.9) - actionmailer (= 4.1.9) - actionpack (= 4.1.9) - actionview (= 4.1.9) - activemodel (= 4.1.9) - activerecord (= 4.1.9) - activesupport (= 4.1.9) + rails (4.1.11) + actionmailer (= 4.1.11) + actionpack (= 4.1.11) + actionview (= 4.1.11) + activemodel (= 4.1.11) + activerecord (= 4.1.11) + activesupport (= 4.1.11) bundler (>= 1.3.0, < 2.0) - railties (= 4.1.9) + railties (= 4.1.11) sprockets-rails (~> 2.0) rails-i18n (4.0.3) i18n (~> 0.6) @@ -330,9 +330,9 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.2) rails_stdout_logging (0.0.3) - railties (4.1.9) - actionpack (= 4.1.9) - activesupport (= 4.1.9) + railties (4.1.11) + actionpack (= 4.1.11) + activesupport (= 4.1.11) rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.13.0) @@ -387,12 +387,12 @@ GEM simplecov-html (~> 0.8.0) simplecov-html (0.8.0) slop (3.6.0) - sprockets (2.12.3) + sprockets (2.12.4) hike (~> 1.2) multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) - sprockets-rails (2.2.2) + sprockets-rails (2.3.2) actionpack (>= 3.0) activesupport (>= 3.0) sprockets (>= 2.8, < 4.0) @@ -404,7 +404,7 @@ GEM ref thor (0.19.1) thread (0.1.4) - thread_safe (0.3.4) + thread_safe (0.3.5) tilt (1.4.1) tins (1.3.3) tzinfo (1.2.2) @@ -488,7 +488,7 @@ DEPENDENCIES poltergeist (~> 1.6) pry quiet_assets - rails (= 4.1.9) + rails (= 4.1.11) rails_12factor rake (>= 10.0.0) rspec-activemodel-mocks From e765387e22e8e128cf8a13e972c975fe48fe2e95 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 10:31:43 +0930 Subject: [PATCH 25/31] Update CONTRIBUTORS.md --- CONTRIBUTORS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 3fb5b66f6..066d267cd 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -63,4 +63,5 @@ submit the change with your pull request. - Gabrielle DeWitt / [gabrielle27](https://github.com/gabrielle27) - Manmeet Singh / [manmeetsingh](https://github.com/manmeetsingh) - Jym Paul Carandang / [jacarandang](https://github.com/jacarandang) -- Anthony Atkinson / [sha1sum](https://github.com/sha1sum) \ No newline at end of file +- Anthony Atkinson / [sha1sum](https://github.com/sha1sum) +- Daniel O'Connor / [CloCkWeRX](https://github.com/CloCkWeRX) From 367e298d4870e7453b4f5140ab086789495552b3 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 13:44:17 +0930 Subject: [PATCH 26/31] Fix clickable area for checkboxes in registration --- app/views/devise/registrations/new.html.haml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/app/views/devise/registrations/new.html.haml b/app/views/devise/registrations/new.html.haml index 268fc3e45..f15142bb0 100644 --- a/app/views/devise/registrations/new.html.haml +++ b/app/views/devise/registrations/new.html.haml @@ -26,15 +26,17 @@ .col-md-8= f.password_field :password_confirmation, :class => 'form-control' .form-group - .col-md-offset-2.col-md-8 - = f.check_box :tos_agreement - I agree to the - = succeed "." do - = link_to 'Terms of Service', url_for(:action => 'tos', :controller => '/policy') + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :tos_agreement + I agree to the + = succeed "." do + = link_to 'Terms of Service', url_for(:action => 'tos', :controller => '/policy') .form-group - .col-md-offset-2.col-md-8 - = f.check_box :newsletter, :checked => true - Subscribe to the #{ENV['GROWSTUFF_SITE_NAME']} newsletter + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :newsletter, :checked => true + Subscribe to the #{ENV['GROWSTUFF_SITE_NAME']} newsletter .help-inline = render :partial => 'newsletter_blurb' From 97cf1347d5e2d9cd9cd22a9fc032aa6b07f3c710 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Tue, 11 Aug 2015 13:45:47 +0930 Subject: [PATCH 27/31] Fix clickable area for checkboxes in email editing --- .../registrations/_edit_email.html.haml | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/app/views/devise/registrations/_edit_email.html.haml b/app/views/devise/registrations/_edit_email.html.haml index 1ea863e2a..a44fbc3c8 100644 --- a/app/views/devise/registrations/_edit_email.html.haml +++ b/app/views/devise/registrations/_edit_email.html.haml @@ -9,24 +9,28 @@ %span.help-block If you change your email address you will have to reconfirm. .form-group - .col-md-offset-2.col-md-8 - = f.check_box :show_email - Show email publicly on your profile page. + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :show_email + Show email publicly on your profile page. .form-group - .col-md-offset-2.col-md-8 - = f.check_box :send_notification_email - Receive emailed copies of Inbox notifications (eg. private messages). + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :send_notification_email + Receive emailed copies of Inbox notifications (eg. private messages). .form-group - .col-md-offset-2.col-md-8 - = f.check_box :send_planting_reminder - Receive regular reminders to track your planting and harvesting. + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :send_planting_reminder + Receive regular reminders to track your planting and harvesting. .form-group - .col-md-offset-2.col-md-8 - = f.check_box :newsletter - Subscribe to the #{ENV['GROWSTUFF_SITE_NAME']} newsletter + .col-md-offset-2.col-md-8.checkbox + %label + = f.check_box :newsletter + Subscribe to the #{ENV['GROWSTUFF_SITE_NAME']} newsletter .help-block = render :partial => 'newsletter_blurb' From 00ae4ed49fb6c286f77de31a694c33752cbd780e Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 12 Aug 2015 16:23:48 +0930 Subject: [PATCH 28/31] Name: paperclip Version: 4.2.1 Advisory: CVE-2015-2963 Criticality: Medium URL: https://robots.thoughtbot.com/paperclip-security-release Title: Paperclip Gem for Ruby vulnerable to content type spoofing Solution: upgrade to >= 4.2.2 --- Gemfile.lock | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index e9a80a0a4..1598f2ed9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -89,7 +89,7 @@ GEM climate_control (0.0.3) activesupport (>= 3.0) cliver (0.3.2) - cocaine (0.5.5) + cocaine (0.5.7) climate_control (>= 0.0.3, < 1.0) codemirror-rails (4.8) railties (>= 3.0, < 5) @@ -264,6 +264,7 @@ GEM memcachier (0.0.2) method_source (0.8.2) mime-types (2.6.1) + mimemagic (0.3.0) mini_portile (0.6.1) minitest (5.8.0) multi_json (1.11.2) @@ -290,11 +291,12 @@ GEM multi_json (~> 1.3) omniauth-oauth (~> 1.0) orm_adapter (0.5.0) - paperclip (4.2.1) - activemodel (>= 3.0.0) - activesupport (>= 3.0.0) - cocaine (~> 0.5.3) + paperclip (4.3.0) + activemodel (>= 3.2.0) + activesupport (>= 3.2.0) + cocaine (~> 0.5.5) mime-types + mimemagic (= 0.3.0) pg (0.17.1) plupload-rails (1.2.1) rails (>= 3.1) From 7c7c66348c4d97c10ee3fd6692893c7fe2bef0b8 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 12 Aug 2015 16:57:58 +0930 Subject: [PATCH 29/31] Name: rest-client Version: 1.7.2 Advisory: CVE-2015-3448 Criticality: Unknown URL: http://www.osvdb.org/show/osvdb/117461 Title: Rest-Client Gem for Ruby logs password information in plaintext Solution: upgrade to >= 1.7.3 Name: rest-client Version: 1.7.2 Advisory: CVE-2015-1820 Criticality: Unknown URL: https://github.com/rest-client/rest-client/issues/369 Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses Solution: upgrade to >= 1.8.0 --- Gemfile.lock | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1598f2ed9..1fa1bc703 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -139,6 +139,8 @@ GEM warden (~> 1.2.3) diff-lcs (1.2.5) docile (1.1.5) + domain_name (0.5.24) + unf (>= 0.0.5, < 1.0.0) easy_translate (0.5.0) json thread @@ -213,6 +215,8 @@ GEM haml (>= 4.0.0.rc.1) hpricot (~> 0.8.6) ruby_parser (~> 3.1.1) + http-cookie (1.0.2) + domain_name (~> 0.5) httparty (0.13.3) json (~> 1.8) multi_xml (>= 0.5.2) @@ -271,7 +275,7 @@ GEM multi_xml (0.5.5) multipart-post (2.0.0) nenv (0.2.0) - netrc (0.10.0) + netrc (0.10.3) newrelic_rpm (3.9.8.273) nokogiri (1.6.5) mini_portile (~> 0.6.0) @@ -345,7 +349,8 @@ GEM ref (1.0.5) responders (1.1.2) railties (>= 3.2, < 4.2) - rest-client (1.7.2) + rest-client (1.8.0) + http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) netrc (~> 0.7) rspec (3.1.0) @@ -414,6 +419,9 @@ GEM uglifier (2.5.3) execjs (>= 0.3.0) json (>= 1.8.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.1) unicorn (4.8.3) kgio (~> 2.6) rack From cafd49c143300c84a14030a02f90180e6df8b8e1 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 12 Aug 2015 16:59:14 +0930 Subject: [PATCH 30/31] Name: jquery-rails Version: 3.1.2 Advisory: CVE-2015-1840 Criticality: Unknown URL: https://groups.google.com/forum/#!topic/ruby-security-ann/XIZPbobuwaY Title: CSRF Vulnerability in jquery-ujs and jquery-rails Solution: upgrade to >= 4.0.4, ~> 3.1.3 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1fa1bc703..b68e62dbe 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -230,7 +230,7 @@ GEM slop (>= 3.5.0) term-ansicolor terminal-table - jquery-rails (3.1.2) + jquery-rails (3.1.3) railties (>= 3.0, < 5.0) thor (>= 0.14, < 2.0) jquery-ui-rails (5.0.3) From 5cac8743f84b370b0f3554b06baf8ebea8f368ea Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Thu, 13 Aug 2015 15:06:56 +1000 Subject: [PATCH 31/31] Upgrade to ruby 2.1.6 for CVE-2015-1855: Ruby OpenSSL Hostname Verification --- .ruby-version | 2 +- .travis.yml | 2 +- Gemfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.ruby-version b/.ruby-version index cd57a8b95..399088bf4 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.1.5 +2.1.6 diff --git a/.travis.yml b/.travis.yml index 8b8d9a6b0..04a6dabec 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ env: secure: "Z5TpM2jEX4UCvNePnk/LwltQX48U2u9BRc+Iypr1x9QW2o228QJhPIOH39a8RMUrepGnkQIq9q3ZRUn98RfrJz1yThtlNFL3NmzdQ57gKgjGwfpa0e4Dwj/ZJqV2D84tDGjvdVYLP7zzaYZxQcwk/cgNpzKf/jq97HLNP7CYuf4=" bundler_args: "--without development production staging" rvm: -- 2.1.5 +- 2.1.6 before_script: - psql -c 'create database growstuff_test;' -U postgres script: diff --git a/Gemfile b/Gemfile index 8a26f1058..0f712add6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -ruby '2.1.5' +ruby '2.1.6' gem 'rails', '4.1.11'