Skip to content

Commit

Permalink
Merge pull request #216 from portagenetwork/integration
Browse files Browse the repository at this point in the history
3.0.4+portage-3.0.13 release
  • Loading branch information
pengyin-shan authored Jul 13, 2022
2 parents da9f7c2 + fa57c99 commit 6e78e09
Show file tree
Hide file tree
Showing 8 changed files with 146 additions and 54 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/brakeman.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ jobs:
- name: Brakeman
uses: artplan1/[email protected]
with:
flags: "--color"
flags: "--no-exit-on-warn" # OPTIONAL: change this no-exit-on-warn flag to avoid complaining of EOL security warning
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
30 changes: 30 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,35 @@
# Changelog

## [3.0.4+portage-3.0.13] - 2022-07-13

### Changed

- Upgraded Rails to 5.2.8.1 to fix the Possible RCE escalation bug with Serialized Columns in Active Record in Rails 5.2.6 (https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U/m/q9axtXheAQAJ)

- Along with the Rails upgrade, upgraded activejob, activeview, activemodal, activestorage, activepack, activerecord, activesupport, actioncable, actionmailer, actionjob, actionview and railsties to 5.2.8.1

- Along with the Rails upgrade, upgraded i18n to 1.8.11

- Along with the Rails upgrade, upgraded rack to 2.2.4

- Along with the Rails upgrade, upgraded sprockets to 4.0.3

- Along with the Rails upgrade, upgraded marcel to 1.0.2

- Along with the Rails upgrade, upgraded mini_mine to 1.1.2

- Along with the Rails upgrade, upgraded concurrent-ruby to 1.1.10

### Added

- Added contributors to the plan's cover page (if there is any) [#202](https://github.com/portagenetwork/roadmap/issues/202)

- Added plan title to CSV exported file

### Fixed

- Added bootstrap-select stylesheet back after version 3 upgrade to fix the option-picker UI bug [#195](https://github.com/portagenetwork/roadmap/issues/195)

## [3.0.4+portage-3.0.12] - 2022-05-12

### Added
Expand Down
90 changes: 45 additions & 45 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -9,45 +9,45 @@ GIT
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.6)
actionpack (= 5.2.6)
actioncable (5.2.8.1)
actionpack (= 5.2.8.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
actionmailer (5.2.8.1)
actionpack (= 5.2.8.1)
actionview (= 5.2.8.1)
activejob (= 5.2.8.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.6)
actionview (= 5.2.6)
activesupport (= 5.2.6)
actionpack (5.2.8.1)
actionview (= 5.2.8.1)
activesupport (= 5.2.8.1)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.6)
activesupport (= 5.2.6)
actionview (5.2.8.1)
activesupport (= 5.2.8.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.6)
activesupport (= 5.2.6)
activejob (5.2.8.1)
activesupport (= 5.2.8.1)
globalid (>= 0.3.6)
activemodel (5.2.6)
activesupport (= 5.2.6)
activerecord (5.2.6)
activemodel (= 5.2.6)
activesupport (= 5.2.6)
activemodel (5.2.8.1)
activesupport (= 5.2.8.1)
activerecord (5.2.8.1)
activemodel (= 5.2.8.1)
activesupport (= 5.2.8.1)
arel (>= 9.0)
activerecord-nulldb-adapter (0.7.0)
activerecord (>= 5.2.0, < 6.3)
activestorage (5.2.6)
actionpack (= 5.2.6)
activerecord (= 5.2.6)
activestorage (5.2.8.1)
actionpack (= 5.2.8.1)
activerecord (= 5.2.8.1)
marcel (~> 1.0.0)
activesupport (5.2.6)
activesupport (5.2.8.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
Expand Down Expand Up @@ -111,7 +111,7 @@ GEM
open4 (~> 1.3)
coderay (1.1.3)
colored2 (3.1.2)
concurrent-ruby (1.1.9)
concurrent-ruby (1.1.10)
contact_us (1.2.0)
rails (>= 4.2.0)
cork (0.3.0)
Expand Down Expand Up @@ -247,7 +247,7 @@ GEM
httparty (0.18.1)
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
i18n (1.8.10)
i18n (1.8.11)
concurrent-ruby (~> 1.0)
ipaddress (0.8.3)
jbuilder (2.11.2)
Expand Down Expand Up @@ -284,16 +284,16 @@ GEM
lumberjack (1.2.8)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.1)
marcel (1.0.2)
method_source (1.0.0)
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2021.0704)
mimemagic (0.3.10)
nokogiri (~> 1)
rake
mini_mime (1.1.0)
mini_portile2 (2.8.0)
mini_mime (1.1.2)
mini_portile2 (2.5.3)
minitest (5.14.4)
mocha (1.13.0)
msgpack (1.4.2)
Expand Down Expand Up @@ -355,8 +355,8 @@ GEM
activesupport (>= 3.0.0)
pundit-matchers (1.7.0)
rspec-rails (>= 3.0.0)
racc (1.6.0)
rack (2.2.3.1)
racc (1.5.2)
rack (2.2.4)
rack-mini-profiler (2.3.2)
rack (>= 1.2.0)
rack-protection (2.1.0)
Expand All @@ -365,18 +365,18 @@ GEM
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.6)
actioncable (= 5.2.6)
actionmailer (= 5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
activemodel (= 5.2.6)
activerecord (= 5.2.6)
activestorage (= 5.2.6)
activesupport (= 5.2.6)
rails (5.2.8.1)
actioncable (= 5.2.8.1)
actionmailer (= 5.2.8.1)
actionpack (= 5.2.8.1)
actionview (= 5.2.8.1)
activejob (= 5.2.8.1)
activemodel (= 5.2.8.1)
activerecord (= 5.2.8.1)
activestorage (= 5.2.8.1)
activesupport (= 5.2.8.1)
bundler (>= 1.3.0)
railties (= 5.2.6)
railties (= 5.2.8.1)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
Expand All @@ -387,9 +387,9 @@ GEM
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.3)
loofah (~> 2.3)
railties (5.2.6)
actionpack (= 5.2.6)
activesupport (= 5.2.6)
railties (5.2.8.1)
actionpack (= 5.2.8.1)
activesupport (= 5.2.8.1)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
Expand Down Expand Up @@ -508,7 +508,7 @@ GEM
spring-watcher-listen (2.0.1)
listen (>= 2.7, < 4.0)
spring (>= 1.2, < 3.0)
sprockets (4.0.2)
sprockets (4.0.3)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.2)
Expand Down Expand Up @@ -653,4 +653,4 @@ RUBY VERSION
ruby 2.6.3p62

BUNDLED WITH
2.3.6
2.3.12
2 changes: 1 addition & 1 deletion app/assets/stylesheets/application.scss
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

// Pull in the webpacker managed copy of Bootstrap Stylesheets
@import "../../../node_modules/bootstrap-sass/assets/stylesheets/_bootstrap.scss";
// @import "../../../node_modules/bootstrap-select/sass/bootstrap-select.scss";
@import "../../../node_modules/bootstrap-select/sass/bootstrap-select.scss";

@import "blocks/*";
@import "utils/*";
Expand Down
20 changes: 14 additions & 6 deletions app/controllers/plan_exports_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ def show

@hash = @plan.as_pdf(current_user, @show_coversheet)
@formatting = export_params[:formatting] || @plan.settings(:export).formatting
if params.key?(:phase_id) && params[:phase_id].length > 0

if params.key?(:phase_id) && params[:phase_id].length.positive?
# order phases by phase number asc
@hash[:phases] = @hash[:phases].sort_by{|phase| phase[:number]}
if (params[:phase_id] == "All")
@hash[:phases] = @hash[:phases].sort_by { |phase| phase[:number] }
if params[:phase_id] == "All"
@hash[:all_phases] = true
else
@selected_phase = @plan.phases.find(params[:phase_id])
Expand All @@ -46,6 +46,14 @@ def show
@selected_phase = @plan.phases.order("phases.updated_at DESC")
.detect { |p| p.visibility_allowed?(@plan) }
end

# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled
@hash[:data_curation] = Contributor.where(plan_id: @plan.id).data_curation
@hash[:investigation] = Contributor.where(plan_id: @plan.id).investigation
@hash[:pa] = Contributor.where(plan_id: @plan.id).project_administration
@hash[:other] = Contributor.where(plan_id: @plan.id).other

respond_to do |format|
format.html { show_html }
format.csv { show_csv }
Expand Down Expand Up @@ -93,8 +101,8 @@ def show_pdf
date: l(@plan.updated_at.to_date, format: :readable)
},
font_size: 8,
spacing: (Integer(@formatting[:margin][:bottom]) / 2) - 4,
right: _("[page] of [topage]"),
spacing: (Integer(@formatting[:margin][:bottom]) / 2) - 4,
right: _("[page] of [topage]"),
encoding: "UTF-8"
}
end
Expand Down
24 changes: 23 additions & 1 deletion app/models/concerns/exportable_plan.rb
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,13 @@ def prepare_coversheet
end
hash[:attribution] = attribution

# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled
hash[:data_curation] = Contributor.where(plan_id: id).data_curation
hash[:investigation] = Contributor.where(plan_id: id).investigation
hash[:pa] = Contributor.where(plan_id: id).project_administration
hash[:other] = Contributor.where(plan_id: id).other

# Org name of plan owner's org
hash[:affiliation] = owner.present? ? owner.org.name : ""

Expand All @@ -127,12 +134,27 @@ def prepare_coversheet

# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
def prepare_coversheet_for_csv(csv, _headings, hash)
csv << [_("Title: "), _("%{title}") % { title: title }]
csv << [if hash[:attribution].many?
_("Creators: ")
else
_("Creator:")
end, _("%{authors}") % { authors: hash[:attribution].join(", ") }]
csv << ["Affiliation: ", _("%{affiliation}") % { affiliation: hash[:affiliation] }]
if hash[:investigation].present?
csv << [_("Principal Investigator: "),
_("%{investigation}") % { investigation: hash[:investigation].map(&:name).join(", ") }]
end
if hash[:data_curation].present?
csv << [_("Date Manager: "),
_("%{data_curation}") % { data_curation: hash[:data_curation].map(&:name).join(", ") }]
end
if hash[:pa].present?
csv << [_("Project Administrator: "), _("%{pa}") % { pa: hash[:pa].map(&:name).join(", ") }]
end
if hash[:other].present?
csv << [_("Contributor: "), _("%{other}") % { other: hash[:other].map(&:name).join(", ") }]
end
csv << [_("Affiliation: "), _("%{affiliation}") % { affiliation: hash[:affiliation] }]
csv << if hash[:funder].present?
[_("Template: "), _("%{funder}") % { funder: hash[:funder] }]
else
Expand Down
16 changes: 16 additions & 0 deletions app/views/shared/export/_plan_coversheet.erb
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,22 @@
<%# Allow raw html (==) for plan_attribution as it has <b> tags %>
<p><%== plan_attribution(@hash[:attribution]) %></p><br>

<%# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled %>
<%# Roles are ranked by PI -> DM -> PA -> Other (if any) %>
<% if @hash[:investigation].present? %>
<p><b><%= _("Principal Investigator: ") %></b><%= @hash[:investigation].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:data_curation].present? %>
<p><b><%= _("Data Manager: ") %></b><%= @hash[:data_curation].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:pa].present? %>
<p><b><%= _("Project Administrator: ") %></b><%= @hash[:pa].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:other].present? %>
<p><b><%= _("Contributor: ") %></b><%= @hash[:other].map(&:name).join(', ') %></p><br>
<% end %>

<p><b><%= _("Affiliation: ") %></b><%= @hash[:affiliation] %></p><br>

<% if @hash[:funder].present? %>
Expand Down
16 changes: 16 additions & 0 deletions app/views/shared/export/_plan_txt.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,23 @@
<%= "#{@plan.title}" %>
<%= "----------------------------------------------------------\n" %>
<% if @show_coversheet %>
<%= @hash[:attribution].many? ? _("Creators: ") : _('Creator:') %> <%= @hash[:attribution].join(', ') %>
<%# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled %>
<%# Roles are ranked by PI -> DM -> PA -> Other (if any) %>
<% if @hash[:investigation].present? %>
<%= _("Principal Investigator: ") + @hash[:investigation].map(&:name).join(', ') %>
<% end %>
<% if @hash[:data_curation].present? %>
<%= _("Data Manager: ") + @hash[:data_curation].map(&:name).join(', ') %>
<% end %>
<% if @hash[:pa].present? %>
<%= _("Project Administrator: ") + @hash[:pa].map(&:name).join(', ') %>
<% end %>
<% if @hash[:other].present? %>
<%= _("Contributor: ") + @hash[:other].map(&:name).join(', ') %>
<% end %>
<%= _("Affiliation: ") + @hash[:affiliation] %>
<% if @hash[:funder].present? %>
<%= _("Template: ") + @hash[:funder] %>
Expand Down

0 comments on commit 6e78e09

Please sign in to comment.