Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3.0.4+portage-3.0.13 release #216

Merged
merged 13 commits into from
Jul 13, 2022
Merged
2 changes: 1 addition & 1 deletion .github/workflows/brakeman.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ jobs:
- name: Brakeman
uses: artplan1/[email protected]
with:
flags: "--color"
flags: "--no-exit-on-warn" # OPTIONAL: change this no-exit-on-warn flag to avoid complaining of EOL security warning
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
30 changes: 30 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,35 @@
# Changelog

## [3.0.4+portage-3.0.13] - 2022-07-13

### Changed

- Upgraded Rails to 5.2.8.1 to fix the Possible RCE escalation bug with Serialized Columns in Active Record in Rails 5.2.6 (https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U/m/q9axtXheAQAJ)

- Along with the Rails upgrade, upgraded activejob, activeview, activemodal, activestorage, activepack, activerecord, activesupport, actioncable, actionmailer, actionjob, actionview and railsties to 5.2.8.1

- Along with the Rails upgrade, upgraded i18n to 1.8.11

- Along with the Rails upgrade, upgraded rack to 2.2.4

- Along with the Rails upgrade, upgraded sprockets to 4.0.3

- Along with the Rails upgrade, upgraded marcel to 1.0.2

- Along with the Rails upgrade, upgraded mini_mine to 1.1.2

- Along with the Rails upgrade, upgraded concurrent-ruby to 1.1.10

### Added

- Added contributors to the plan's cover page (if there is any) [#202](https://github.com/portagenetwork/roadmap/issues/202)

- Added plan title to CSV exported file

### Fixed

- Added bootstrap-select stylesheet back after version 3 upgrade to fix the option-picker UI bug [#195](https://github.com/portagenetwork/roadmap/issues/195)

## [3.0.4+portage-3.0.12] - 2022-05-12

### Added
Expand Down
90 changes: 45 additions & 45 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -9,45 +9,45 @@ GIT
GEM
remote: https://rubygems.org/
specs:
actioncable (5.2.6)
actionpack (= 5.2.6)
actioncable (5.2.8.1)
actionpack (= 5.2.8.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailer (5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
actionmailer (5.2.8.1)
actionpack (= 5.2.8.1)
actionview (= 5.2.8.1)
activejob (= 5.2.8.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (5.2.6)
actionview (= 5.2.6)
activesupport (= 5.2.6)
actionpack (5.2.8.1)
actionview (= 5.2.8.1)
activesupport (= 5.2.8.1)
rack (~> 2.0, >= 2.0.8)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionview (5.2.6)
activesupport (= 5.2.6)
actionview (5.2.8.1)
activesupport (= 5.2.8.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
activejob (5.2.6)
activesupport (= 5.2.6)
activejob (5.2.8.1)
activesupport (= 5.2.8.1)
globalid (>= 0.3.6)
activemodel (5.2.6)
activesupport (= 5.2.6)
activerecord (5.2.6)
activemodel (= 5.2.6)
activesupport (= 5.2.6)
activemodel (5.2.8.1)
activesupport (= 5.2.8.1)
activerecord (5.2.8.1)
activemodel (= 5.2.8.1)
activesupport (= 5.2.8.1)
arel (>= 9.0)
activerecord-nulldb-adapter (0.7.0)
activerecord (>= 5.2.0, < 6.3)
activestorage (5.2.6)
actionpack (= 5.2.6)
activerecord (= 5.2.6)
activestorage (5.2.8.1)
actionpack (= 5.2.8.1)
activerecord (= 5.2.8.1)
marcel (~> 1.0.0)
activesupport (5.2.6)
activesupport (5.2.8.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
Expand Down Expand Up @@ -111,7 +111,7 @@ GEM
open4 (~> 1.3)
coderay (1.1.3)
colored2 (3.1.2)
concurrent-ruby (1.1.9)
concurrent-ruby (1.1.10)
contact_us (1.2.0)
rails (>= 4.2.0)
cork (0.3.0)
Expand Down Expand Up @@ -247,7 +247,7 @@ GEM
httparty (0.18.1)
mime-types (~> 3.0)
multi_xml (>= 0.5.2)
i18n (1.8.10)
i18n (1.8.11)
concurrent-ruby (~> 1.0)
ipaddress (0.8.3)
jbuilder (2.11.2)
Expand Down Expand Up @@ -284,16 +284,16 @@ GEM
lumberjack (1.2.8)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.1)
marcel (1.0.2)
method_source (1.0.0)
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2021.0704)
mimemagic (0.3.10)
nokogiri (~> 1)
rake
mini_mime (1.1.0)
mini_portile2 (2.8.0)
mini_mime (1.1.2)
mini_portile2 (2.5.3)
minitest (5.14.4)
mocha (1.13.0)
msgpack (1.4.2)
Expand Down Expand Up @@ -355,8 +355,8 @@ GEM
activesupport (>= 3.0.0)
pundit-matchers (1.7.0)
rspec-rails (>= 3.0.0)
racc (1.6.0)
rack (2.2.3.1)
racc (1.5.2)
rack (2.2.4)
rack-mini-profiler (2.3.2)
rack (>= 1.2.0)
rack-protection (2.1.0)
Expand All @@ -365,18 +365,18 @@ GEM
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
rails (5.2.6)
actioncable (= 5.2.6)
actionmailer (= 5.2.6)
actionpack (= 5.2.6)
actionview (= 5.2.6)
activejob (= 5.2.6)
activemodel (= 5.2.6)
activerecord (= 5.2.6)
activestorage (= 5.2.6)
activesupport (= 5.2.6)
rails (5.2.8.1)
actioncable (= 5.2.8.1)
actionmailer (= 5.2.8.1)
actionpack (= 5.2.8.1)
actionview (= 5.2.8.1)
activejob (= 5.2.8.1)
activemodel (= 5.2.8.1)
activerecord (= 5.2.8.1)
activestorage (= 5.2.8.1)
activesupport (= 5.2.8.1)
bundler (>= 1.3.0)
railties (= 5.2.6)
railties (= 5.2.8.1)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
Expand All @@ -387,9 +387,9 @@ GEM
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.3)
loofah (~> 2.3)
railties (5.2.6)
actionpack (= 5.2.6)
activesupport (= 5.2.6)
railties (5.2.8.1)
actionpack (= 5.2.8.1)
activesupport (= 5.2.8.1)
method_source
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
Expand Down Expand Up @@ -508,7 +508,7 @@ GEM
spring-watcher-listen (2.0.1)
listen (>= 2.7, < 4.0)
spring (>= 1.2, < 3.0)
sprockets (4.0.2)
sprockets (4.0.3)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.2.2)
Expand Down Expand Up @@ -653,4 +653,4 @@ RUBY VERSION
ruby 2.6.3p62

BUNDLED WITH
2.3.6
2.3.12
2 changes: 1 addition & 1 deletion app/assets/stylesheets/application.scss
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

// Pull in the webpacker managed copy of Bootstrap Stylesheets
@import "../../../node_modules/bootstrap-sass/assets/stylesheets/_bootstrap.scss";
// @import "../../../node_modules/bootstrap-select/sass/bootstrap-select.scss";
@import "../../../node_modules/bootstrap-select/sass/bootstrap-select.scss";

@import "blocks/*";
@import "utils/*";
Expand Down
20 changes: 14 additions & 6 deletions app/controllers/plan_exports_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ def show

@hash = @plan.as_pdf(current_user, @show_coversheet)
@formatting = export_params[:formatting] || @plan.settings(:export).formatting
if params.key?(:phase_id) && params[:phase_id].length > 0

if params.key?(:phase_id) && params[:phase_id].length.positive?
# order phases by phase number asc
@hash[:phases] = @hash[:phases].sort_by{|phase| phase[:number]}
if (params[:phase_id] == "All")
@hash[:phases] = @hash[:phases].sort_by { |phase| phase[:number] }
if params[:phase_id] == "All"
@hash[:all_phases] = true
else
@selected_phase = @plan.phases.find(params[:phase_id])
Expand All @@ -46,6 +46,14 @@ def show
@selected_phase = @plan.phases.order("phases.updated_at DESC")
.detect { |p| p.visibility_allowed?(@plan) }
end

# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled
@hash[:data_curation] = Contributor.where(plan_id: @plan.id).data_curation
@hash[:investigation] = Contributor.where(plan_id: @plan.id).investigation
@hash[:pa] = Contributor.where(plan_id: @plan.id).project_administration
@hash[:other] = Contributor.where(plan_id: @plan.id).other

respond_to do |format|
format.html { show_html }
format.csv { show_csv }
Expand Down Expand Up @@ -93,8 +101,8 @@ def show_pdf
date: l(@plan.updated_at.to_date, format: :readable)
},
font_size: 8,
spacing: (Integer(@formatting[:margin][:bottom]) / 2) - 4,
right: _("[page] of [topage]"),
spacing: (Integer(@formatting[:margin][:bottom]) / 2) - 4,
right: _("[page] of [topage]"),
encoding: "UTF-8"
}
end
Expand Down
24 changes: 23 additions & 1 deletion app/models/concerns/exportable_plan.rb
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,13 @@ def prepare_coversheet
end
hash[:attribution] = attribution

# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled
hash[:data_curation] = Contributor.where(plan_id: id).data_curation
hash[:investigation] = Contributor.where(plan_id: id).investigation
hash[:pa] = Contributor.where(plan_id: id).project_administration
hash[:other] = Contributor.where(plan_id: id).other

# Org name of plan owner's org
hash[:affiliation] = owner.present? ? owner.org.name : ""

Expand All @@ -127,12 +134,27 @@ def prepare_coversheet

# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
def prepare_coversheet_for_csv(csv, _headings, hash)
csv << [_("Title: "), _("%{title}") % { title: title }]
csv << [if hash[:attribution].many?
_("Creators: ")
else
_("Creator:")
end, _("%{authors}") % { authors: hash[:attribution].join(", ") }]
csv << ["Affiliation: ", _("%{affiliation}") % { affiliation: hash[:affiliation] }]
if hash[:investigation].present?
csv << [_("Principal Investigator: "),
_("%{investigation}") % { investigation: hash[:investigation].map(&:name).join(", ") }]
end
if hash[:data_curation].present?
csv << [_("Date Manager: "),
_("%{data_curation}") % { data_curation: hash[:data_curation].map(&:name).join(", ") }]
end
if hash[:pa].present?
csv << [_("Project Administrator: "), _("%{pa}") % { pa: hash[:pa].map(&:name).join(", ") }]
end
if hash[:other].present?
csv << [_("Contributor: "), _("%{other}") % { other: hash[:other].map(&:name).join(", ") }]
end
csv << [_("Affiliation: "), _("%{affiliation}") % { affiliation: hash[:affiliation] }]
csv << if hash[:funder].present?
[_("Template: "), _("%{funder}") % { funder: hash[:funder] }]
else
Expand Down
16 changes: 16 additions & 0 deletions app/views/shared/export/_plan_coversheet.erb
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,22 @@
<%# Allow raw html (==) for plan_attribution as it has <b> tags %>
<p><%== plan_attribution(@hash[:attribution]) %></p><br>

<%# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled %>
<%# Roles are ranked by PI -> DM -> PA -> Other (if any) %>
<% if @hash[:investigation].present? %>
<p><b><%= _("Principal Investigator: ") %></b><%= @hash[:investigation].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:data_curation].present? %>
<p><b><%= _("Data Manager: ") %></b><%= @hash[:data_curation].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:pa].present? %>
<p><b><%= _("Project Administrator: ") %></b><%= @hash[:pa].map(&:name).join(', ') %></p><br>
<% end %>
<% if @hash[:other].present? %>
<p><b><%= _("Contributor: ") %></b><%= @hash[:other].map(&:name).join(', ') %></p><br>
<% end %>

<p><b><%= _("Affiliation: ") %></b><%= @hash[:affiliation] %></p><br>

<% if @hash[:funder].present? %>
Expand Down
16 changes: 16 additions & 0 deletions app/views/shared/export/_plan_txt.erb
Original file line number Diff line number Diff line change
@@ -1,7 +1,23 @@
<%= "#{@plan.title}" %>
<%= "----------------------------------------------------------\n" %>
<% if @show_coversheet %>

<%= @hash[:attribution].many? ? _("Creators: ") : _('Creator:') %> <%= @hash[:attribution].join(', ') %>
<%# Added contributors to coverage of plans.
# Users will see both roles and contributor names if the role is filled %>
<%# Roles are ranked by PI -> DM -> PA -> Other (if any) %>
<% if @hash[:investigation].present? %>
<%= _("Principal Investigator: ") + @hash[:investigation].map(&:name).join(', ') %>
<% end %>
<% if @hash[:data_curation].present? %>
<%= _("Data Manager: ") + @hash[:data_curation].map(&:name).join(', ') %>
<% end %>
<% if @hash[:pa].present? %>
<%= _("Project Administrator: ") + @hash[:pa].map(&:name).join(', ') %>
<% end %>
<% if @hash[:other].present? %>
<%= _("Contributor: ") + @hash[:other].map(&:name).join(', ') %>
<% end %>
<%= _("Affiliation: ") + @hash[:affiliation] %>
<% if @hash[:funder].present? %>
<%= _("Template: ") + @hash[:funder] %>
Expand Down