If you are the application owner check the logs for more information.
64 |Maybe you tried to change something you didn't have access to.
63 |If you are the application owner check the logs for more information.
65 |You may have mistyped the address or the page may have moved.
63 |If you are the application owner check the logs for more information.
65 |Some test content
32 | - slug: authors 33 | name: Authors 34 | type: resource 35 | model: Author 36 | collection_actions: 37 | - sample_col: SampleCollectionAction 38 | member_actions: 39 | - sample_mem: SampleMemberAction 40 | index: 41 | attributes: 42 | - id 43 | - name 44 | - email 45 | links: 46 | - show 47 | - sample_mem 48 | - slug: posts 49 | name: Posts 50 | type: resource 51 | model: Post 52 | index: 53 | pagination: 5 54 | attributes: 55 | - id 56 | - title: call, downcase, capitalize 57 | - field: author_id 58 | link_to: authors 59 | - category: upcase 60 | - state: downcase 61 | - published 62 | - position: round, 1 63 | - dt: to_date 64 | - field: created_at 65 | converter: AdminUtils 66 | method: datetime_formatter 67 | - updated_at: strftime, %Y%m%d %H:%M 68 | filters: 69 | - title 70 | - author_id 71 | - field: category 72 | type: select 73 | values: 74 | - news 75 | - sport 76 | - tech 77 | - published 78 | - dt 79 | - created_at 80 | show: 81 | attributes: 82 | - id 83 | - title 84 | - description 85 | - field: author_id 86 | link_to: authors 87 | call: author, name 88 | - category 89 | - published 90 | - position: format, %f 91 | - dt 92 | - created_at 93 | style_links: 94 | - href: /bootstrap.min.css 95 | rel: stylesheet 96 | scripts: 97 | - src: /bootstrap.bundle.min.js 98 | extra_styles: > 99 | .navbar { 100 | background-color: var(--bs-cyan); 101 | } 102 | .main-content { 103 | background-color: var(--bs-gray-100); 104 | } 105 | .main-content a { 106 | text-decoration: none; 107 | } 108 | -------------------------------------------------------------------------------- /lib/tiny_admin/views/components/filters_form.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | module TinyAdmin 4 | module Views 5 | module Components 6 | class FiltersForm < BasicComponent 7 | attr_accessor :filters, :section_path 8 | 9 | def view_template 10 | form(class: 'form_filters', method: 'get') { 11 | filters.each do |field, filter| 12 | name = field.name 13 | filter_data = filter[:filter] 14 | div(class: 'mb-3') { 15 | label(for: "filter-#{name}", class: 'form-label') { field.title } 16 | case filter_data[:type]&.to_sym || field.type 17 | when :boolean 18 | select(class: 'form-select', id: "filter-#{name}", name: "q[#{name}]") { 19 | option(value: '') { '-' } 20 | option(value: '0', selected: filter[:value] == '0') { 21 | TinyAdmin.settings.helper_class.label_for('false', options: ['components.filters_form.boolean.false']) 22 | } 23 | option(value: '1', selected: filter[:value] == '1') { 24 | TinyAdmin.settings.helper_class.label_for('true', options: ['components.filters_form.boolean.true']) 25 | } 26 | } 27 | when :date 28 | input(type: 'date', class: 'form-control', id: "filter-#{name}", name: "q[#{name}]", value: filter[:value]) 29 | when :datetime 30 | input(type: 'datetime-local', class: 'form-control', id: "filter-#{name}", name: "q[#{name}]", value: filter[:value]) 31 | when :integer 32 | input(type: 'number', class: 'form-control', id: "filter-#{name}", name: "q[#{name}]", value: filter[:value]) 33 | when :select 34 | select(class: 'form-select', id: "filter-#{name}", name: "q[#{name}]") { 35 | option(value: '') { '-' } 36 | filter_data[:values].each do |value| 37 | option(selected: filter[:value] == value) { value } 38 | end 39 | } 40 | else 41 | input(type: 'text', class: 'form-control', id: "filter-#{name}", name: "q[#{name}]", value: filter[:value]) 42 | end 43 | } 44 | end 45 | 46 | div(class: 'mt-3') { 47 | a(href: section_path, class: 'button_clear btn btn-secondary text-white') { 48 | TinyAdmin.settings.helper_class.label_for('Clear', options: ['components.filters_form.buttons.clear']) 49 | } 50 | whitespace 51 | button(type: 'submit', class: 'button_filter btn btn-secondary') { 52 | TinyAdmin.settings.helper_class.label_for('Filter', options: ['components.filters_form.buttons.submit']) 53 | } 54 | } 55 | } 56 | end 57 | end 58 | end 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /lib/tiny_admin/settings.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | module TinyAdmin 4 | class Settings 5 | include Singleton 6 | 7 | DEFAULTS = { 8 | %i[authentication plugin] => Plugins::NoAuth, 9 | %i[authentication login] => Views::Pages::SimpleAuthLogin, 10 | %i[authorization_class] => Plugins::Authorization, 11 | %i[components field_value] => Views::Components::FieldValue, 12 | %i[components flash] => Views::Components::Flash, 13 | %i[components head] => Views::Components::Head, 14 | %i[components navbar] => Views::Components::Navbar, 15 | %i[components pagination] => Views::Components::Pagination, 16 | %i[content_page] => Views::Pages::Content, 17 | %i[helper_class] => Support, 18 | %i[page_not_allowed] => Views::Pages::PageNotAllowed, 19 | %i[page_not_found] => Views::Pages::PageNotFound, 20 | %i[record_not_found] => Views::Pages::RecordNotFound, 21 | %i[repository] => Plugins::ActiveRecordRepository, 22 | %i[root_path] => '/admin', 23 | %i[root page] => Views::Pages::Root, 24 | %i[root title] => 'TinyAdmin', 25 | %i[sections] => [] 26 | }.freeze 27 | 28 | OPTIONS = %i[ 29 | authentication 30 | authorization_class 31 | components 32 | content_page 33 | extra_styles 34 | helper_class 35 | page_not_allowed 36 | page_not_found 37 | record_not_found 38 | repository 39 | root 40 | root_path 41 | sections 42 | scripts 43 | style_links 44 | ].freeze 45 | 46 | attr_reader :store 47 | 48 | OPTIONS.each do |option| 49 | define_method(option) do 50 | self[option] 51 | end 52 | 53 | define_method("#{option}=") do |value| 54 | self[option] = value 55 | end 56 | end 57 | 58 | def [](*path) 59 | key, option = fetch_setting(path) 60 | option[key] 61 | end 62 | 63 | def []=(*path, value) 64 | key, option = fetch_setting(path) 65 | option[key] = value 66 | convert_value(key, value) 67 | end 68 | 69 | def load_settings 70 | # default values 71 | DEFAULTS.each do |(option, param), default| 72 | if param 73 | self[option] ||= {} 74 | self[option][param] ||= default 75 | else 76 | self[option] ||= default 77 | end 78 | end 79 | 80 | @store ||= TinyAdmin::Store.new(self) 81 | self.root_path = '/' if root_path == '' 82 | 83 | if authentication[:plugin] <= Plugins::SimpleAuth 84 | logout_path = "#{root_path}/auth/logout" 85 | authentication[:logout] ||= TinyAdmin::Section.new(name: 'logout', slug: 'logout', path: logout_path) 86 | end 87 | store.prepare_sections(sections, logout: authentication[:logout]) 88 | end 89 | 90 | def reset! 91 | @options = {} 92 | end 93 | 94 | private 95 | 96 | def fetch_setting(path) 97 | @options ||= {} 98 | *parts, last = path.map(&:to_sym) 99 | [last, parts.inject(@options) { |result, part| result[part] ||= {} }] 100 | end 101 | 102 | def convert_value(key, value) 103 | if value.is_a?(Hash) 104 | value.each_key do |key2| 105 | path = [key, key2] 106 | if (DEFAULTS[path].is_a?(Class) || DEFAULTS[path].is_a?(Module)) && self[key][key2].is_a?(String) 107 | self[key][key2] = Object.const_get(self[key][key2]) 108 | end 109 | end 110 | elsif value.is_a?(String) && (DEFAULTS[[key]].is_a?(Class) || DEFAULTS[[key]].is_a?(Module)) 111 | self[key] = Object.const_get(self[key]) 112 | end 113 | end 114 | end 115 | end 116 | -------------------------------------------------------------------------------- /spec/features/resources_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'dummy_rails_app' 4 | require 'rails_helper' 5 | 6 | RSpec.describe 'Resources', type: :feature do 7 | before { setup_data } 8 | 9 | context 'when clicking on Authors menu item' do 10 | before do 11 | visit '/admin' 12 | log_in 13 | click_link('Authors') 14 | end 15 | 16 | it 'loads the index page', :aggregate_failures do 17 | author = Author.last 18 | 19 | expect(page).to have_current_path('/admin/authors') 20 | expect(page).to have_css('h1.title', text: 'Authors') 21 | expect(page).to have_css('td', text: author.name) 22 | expect(page).to have_css('td', text: author.email) 23 | expect(page).to have_link('Show', href: "/admin/authors/#{author.id}") 24 | end 25 | end 26 | 27 | context "when clicking on an author's show link" do 28 | let(:author) { Author.first } 29 | 30 | before do 31 | visit '/admin' 32 | log_in 33 | click_link('Authors') 34 | find('tr.row_1 a', text: 'Show').click 35 | end 36 | 37 | it 'loads the show page', :aggregate_failures do 38 | expect(page).to have_css('h1.title', text: "Author ##{author.id}") 39 | expect(page).to have_css('div', text: author.email) 40 | expect(page).to have_css('div', text: author.name) 41 | end 42 | end 43 | 44 | context "when filtering by title in the post's listing page" do 45 | before do 46 | setup_data(posts_count: 15) 47 | visit '/admin/posts?some_var=1' 48 | log_in 49 | end 50 | 51 | it 'shows the filtered index page', :aggregate_failures do 52 | expect(page).not_to have_css('td', text: Post.last.title) 53 | fill_in('q[title]', with: Post.last.title) 54 | fill_in('q[author_id]', with: Post.last.author_id) 55 | page.find('form.form_filters .button_filter').click 56 | expect(page).to have_css('td', text: Post.last.title) 57 | end 58 | end 59 | 60 | context "when clicking on a post's show link" do 61 | let(:post) { Post.first } 62 | 63 | before do 64 | visit '/admin' 65 | log_in 66 | click_link('Posts') 67 | find('tr.row_1 a', text: 'Show').click 68 | end 69 | 70 | it 'loads the show page', :aggregate_failures do 71 | expect(page).to have_css('h1.title', text: "Post ##{post.id}") 72 | expect(page).to have_css('div', text: post.title) 73 | end 74 | end 75 | 76 | context 'when the url of a missing author is loaded' do 77 | before do 78 | visit '/admin/authors/0123456789' 79 | log_in 80 | end 81 | 82 | it 'loads the record not found page', :aggregate_failures do 83 | expect(page).to have_current_path('/admin/authors/0123456789') 84 | expect(page).to have_css('h1.title', text: 'Record not found') 85 | end 86 | end 87 | 88 | context 'when opening a custom collection action url' do 89 | before do 90 | visit '/admin' 91 | log_in 92 | visit '/admin/authors/sample_col' 93 | end 94 | 95 | it 'loads the custom action page', :aggregate_failures do 96 | expect(page).to have_current_path('/admin/authors/sample_col') 97 | expect(page).to have_content('Custom collection action') 98 | end 99 | end 100 | 101 | context 'when opening a custom member action url' do 102 | let(:author) { Author.first } 103 | 104 | before do 105 | visit '/admin' 106 | log_in 107 | visit "/admin/authors/#{author.id}/sample_mem" 108 | end 109 | 110 | it 'loads the custom action page', :aggregate_failures do 111 | expect(page).to have_current_path("/admin/authors/#{author.id}/sample_mem") 112 | expect(page).to have_content('Custom member action') 113 | end 114 | end 115 | end 116 | -------------------------------------------------------------------------------- /spec/features/plugins/authorization_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'dummy_rails_app' 4 | require 'rails_helper' 5 | 6 | RSpec.describe 'Authorization plugin', type: :feature do 7 | let(:root_content) { "Latest authors\nLatest posts" } 8 | 9 | around do |example| 10 | prev_value = TinyAdmin.settings.authorization_class 11 | TinyAdmin.settings.authorization_class = some_class 12 | example.run 13 | TinyAdmin.settings.authorization_class = prev_value 14 | end 15 | 16 | before do 17 | visit '/admin' 18 | log_in 19 | end 20 | 21 | context 'with an Authorization class that restrict the root page' do 22 | let(:some_class) do 23 | Class.new(TinyAdmin::Plugins::Authorization) do 24 | class << self 25 | def allowed?(_user, action, _param = nil) 26 | return false if action == :root 27 | 28 | true 29 | end 30 | end 31 | end 32 | end 33 | 34 | it 'disallows the access to the root page when opened', :aggregate_failures do 35 | expect(page).to have_content 'Page not allowed' 36 | expect { click_on 'Sample page' } 37 | .to change { page.find('.main-content').text }.to("Sample page\nThis is just a sample page") 38 | end 39 | end 40 | 41 | context 'with an Authorization class that restrict a specific page' do 42 | let(:some_class) do 43 | Class.new(TinyAdmin::Plugins::Authorization) do 44 | class << self 45 | def allowed?(_user, action, param = nil) 46 | return false if action == :page && param == 'sample' 47 | 48 | true 49 | end 50 | end 51 | end 52 | end 53 | 54 | it 'disallows the access to the page when opened' do 55 | expect { click_on 'Sample page' } 56 | .to change { page.find('.main-content').text }.from(root_content).to('Page not allowed') 57 | end 58 | end 59 | 60 | context 'with an Authorization class that restrict resource index' do 61 | let(:some_class) do 62 | Class.new(TinyAdmin::Plugins::Authorization) do 63 | class << self 64 | def allowed?(_user, action, _param = nil) 65 | return false if action == :resource_index 66 | 67 | true 68 | end 69 | end 70 | end 71 | end 72 | 73 | it 'disallows the access to the page when opened' do 74 | expect { click_on 'Posts' } 75 | .to change { page.find('.main-content').text }.from(root_content).to('Page not allowed') 76 | end 77 | end 78 | 79 | context 'with an Authorization class that restrict resource show' do 80 | let(:some_class) do 81 | Class.new(TinyAdmin::Plugins::Authorization) do 82 | class << self 83 | def allowed?(_user, action, _param = nil) 84 | return false if action == :resource_show 85 | 86 | true 87 | end 88 | end 89 | end 90 | end 91 | 92 | before { setup_data(posts_count: 1) } 93 | 94 | it 'disallows the access to the page when opened' do 95 | click_on 'Posts' 96 | expect { click_on 'Show' } 97 | .to change { page.find('.main-content').text }.to('Page not allowed') 98 | end 99 | end 100 | 101 | context 'with an Authorization class that restrict a specific custom action' do 102 | let(:some_class) do 103 | Class.new(TinyAdmin::Plugins::Authorization) do 104 | class << self 105 | def allowed?(_user, action, param = nil) 106 | return false if action == :custom_action && param == 'sample_col' 107 | 108 | true 109 | end 110 | end 111 | end 112 | end 113 | 114 | it 'disallows the access to the page when opened' do 115 | click_on 'Authors' 116 | expect { click_on 'sample_col' } 117 | .to change { page.find('.main-content').text }.to('Page not allowed') 118 | end 119 | end 120 | end 121 | -------------------------------------------------------------------------------- /spec/dummy_rails/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | require "active_support/core_ext/integer/time" 2 | 3 | Rails.application.configure do 4 | # Settings specified here will take precedence over those in config/application.rb. 5 | 6 | # Code is not reloaded between requests. 7 | config.cache_classes = true 8 | 9 | # Eager load code on boot. This eager loads most of Rails and 10 | # your application in memory, allowing both threaded web servers 11 | # and those relying on copy on write to perform better. 12 | # Rake tasks automatically ignore this option for performance. 13 | config.eager_load = true 14 | 15 | # Full error reports are disabled and caching is turned on. 16 | config.consider_all_requests_local = false 17 | config.action_controller.perform_caching = true 18 | 19 | # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] 20 | # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). 21 | # config.require_master_key = true 22 | 23 | # Disable serving static files from the `/public` folder by default since 24 | # Apache or NGINX already handles this. 25 | config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? 26 | 27 | # Compress CSS using a preprocessor. 28 | # config.assets.css_compressor = :sass 29 | 30 | # Do not fallback to assets pipeline if a precompiled asset is missed. 31 | config.assets.compile = false 32 | 33 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 34 | # config.asset_host = "http://assets.example.com" 35 | 36 | # Specifies the header that your server uses for sending files. 37 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache 38 | # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX 39 | 40 | # Store uploaded files on the local file system (see config/storage.yml for options). 41 | #config.active_storage.service = :local 42 | config.active_storage.service = :db 43 | 44 | # Mount Action Cable outside main process or domain. 45 | # config.action_cable.mount_path = nil 46 | # config.action_cable.url = "wss://example.com/cable" 47 | # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] 48 | 49 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 50 | # config.force_ssl = true 51 | 52 | # Include generic and useful information about system operation, but avoid logging too much 53 | # information to avoid inadvertent exposure of personally identifiable information (PII). 54 | config.log_level = :info 55 | 56 | # Prepend all log lines with the following tags. 57 | config.log_tags = [ :request_id ] 58 | 59 | # Use a different cache store in production. 60 | # config.cache_store = :mem_cache_store 61 | 62 | # Use a real queuing backend for Active Job (and separate queues per environment). 63 | # config.active_job.queue_adapter = :resque 64 | # config.active_job.queue_name_prefix = "dummy_production" 65 | 66 | config.action_mailer.perform_caching = false 67 | 68 | # Ignore bad email addresses and do not raise email delivery errors. 69 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 70 | # config.action_mailer.raise_delivery_errors = false 71 | 72 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 73 | # the I18n.default_locale when a translation cannot be found). 74 | config.i18n.fallbacks = true 75 | 76 | # Don't log any deprecations. 77 | config.active_support.report_deprecations = false 78 | 79 | # Use default logging formatter so that PID and timestamp are not suppressed. 80 | config.log_formatter = ::Logger::Formatter.new 81 | 82 | # Use a different logger for distributed setups. 83 | # require "syslog/logger" 84 | # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") 85 | 86 | if ENV["RAILS_LOG_TO_STDOUT"].present? 87 | logger = ActiveSupport::Logger.new(STDOUT) 88 | logger.formatter = config.log_formatter 89 | config.logger = ActiveSupport::TaggedLogging.new(logger) 90 | end 91 | 92 | # Do not dump schema after migrations. 93 | config.active_record.dump_schema_after_migration = false 94 | end 95 | -------------------------------------------------------------------------------- /lib/tiny_admin/views/actions/index.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | module TinyAdmin 4 | module Views 5 | module Actions 6 | class Index < DefaultLayout 7 | attr_accessor :actions, 8 | :fields, 9 | :filters, 10 | :links, 11 | :pagination_component, 12 | :prepare_record, 13 | :records, 14 | :slug 15 | 16 | def view_template 17 | super do 18 | div(class: 'index') { 19 | div(class: 'row') { 20 | div(class: 'col-4') { 21 | h1(class: 'title') { 22 | title 23 | } 24 | } 25 | div(class: 'col-8') { 26 | actions_buttons 27 | } 28 | } 29 | 30 | div(class: 'row') { 31 | div_class = filters&.any? ? 'col-9' : 'col-12' 32 | div(class: div_class) { 33 | table(class: 'table') { 34 | table_header if fields.any? 35 | 36 | table_body 37 | } 38 | 39 | render pagination_component if pagination_component 40 | } 41 | 42 | if filters&.any? 43 | div(class: 'col-3') { 44 | filters_form = TinyAdmin::Views::Components::FiltersForm.new 45 | filters_form.update_attributes(section_path: TinyAdmin.route_for(slug), filters: filters) 46 | render filters_form 47 | } 48 | end 49 | } 50 | 51 | render TinyAdmin::Views::Components::Widgets.new(widgets) 52 | } 53 | end 54 | end 55 | 56 | private 57 | 58 | def table_header 59 | thead { 60 | tr { 61 | fields.each_value do |field| 62 | td(class: "field-header-#{field.name} field-header-type-#{field.type}") { 63 | field.options[:header] || field.title 64 | } 65 | end 66 | td { whitespace } 67 | } 68 | } 69 | end 70 | 71 | def table_body 72 | tbody { 73 | records.each_with_index do |record, index| 74 | tr(class: "row_#{index + 1}") { 75 | attributes = prepare_record.call(record) 76 | attributes.each do |key, value| 77 | field = fields[key] 78 | td(class: "field-value-#{field.name} field-value-type-#{field.type}") { 79 | render TinyAdmin.settings.components[:field_value].new(field, value, record: record) 80 | } 81 | end 82 | 83 | td(class: 'actions p-1') { 84 | div(class: 'btn-group btn-group-sm') { 85 | link_class = 'btn btn-outline-secondary' 86 | if links 87 | links.each do |link| 88 | whitespace 89 | if link == 'show' 90 | a(href: TinyAdmin.route_for(slug, reference: record.id), class: link_class) { 91 | label_for('Show', options: ['actions.index.links.show']) 92 | } 93 | else 94 | a(href: TinyAdmin.route_for(slug, reference: record.id, action: link), class: link_class) { 95 | fallback = humanize(link) 96 | label_for(fallback, options: ["actions.index.links.#{link}"]) 97 | } 98 | end 99 | end 100 | else 101 | a(href: TinyAdmin.route_for(slug, reference: record.id), class: link_class) { 102 | label_for('Show', options: ['actions.index.links.show']) 103 | } 104 | end 105 | } 106 | } 107 | } 108 | end 109 | } 110 | end 111 | 112 | def actions_buttons 113 | ul(class: 'nav justify-content-end') { 114 | (actions || {}).each do |action, action_class| 115 | li(class: 'nav-item mx-1') { 116 | href = TinyAdmin.route_for(slug, action: action) 117 | a(href: href, class: 'nav-link btn btn-outline-secondary') { 118 | action_class.respond_to?(:title) ? action_class.title : action 119 | } 120 | } 121 | end 122 | } 123 | end 124 | end 125 | end 126 | end 127 | end 128 | -------------------------------------------------------------------------------- /lib/tiny_admin/router.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | module TinyAdmin 4 | class Router < BasicApp 5 | extend Forwardable 6 | 7 | def_delegator TinyAdmin, :route_for 8 | 9 | route do |r| 10 | TinyAdmin.settings.load_settings 11 | 12 | r.on 'auth' do 13 | r.run Authentication 14 | end 15 | 16 | authenticate_user! 17 | 18 | r.root do 19 | root_route(r) 20 | end 21 | 22 | r.is do 23 | # :nocov: 24 | root_route(r) 25 | # :nocov: 26 | end 27 | 28 | r.post '' do 29 | r.redirect TinyAdmin.settings.root_path 30 | end 31 | 32 | store.pages.each do |slug, page_data| 33 | setup_page_route(r, slug, page_data) 34 | end 35 | 36 | store.resources.each do |slug, options| 37 | setup_resource_routes(r, slug, options: options || {}) 38 | end 39 | 40 | nil # NOTE: needed to skip the last line (each) return value 41 | end 42 | 43 | private 44 | 45 | def store 46 | @store ||= TinyAdmin.settings.store 47 | end 48 | 49 | def render_page(page) 50 | if page.respond_to?(:messages=) 51 | page.messages = { notices: flash['notices'], warnings: flash['warnings'], errors: flash['errors'] } 52 | end 53 | render(inline: page.call) 54 | end 55 | 56 | def root_route(req) 57 | if authorization.allowed?(current_user, :root) 58 | if TinyAdmin.settings.root[:redirect] 59 | req.redirect route_for(TinyAdmin.settings.root[:redirect]) 60 | else 61 | page_class = to_class(TinyAdmin.settings.root[:page]) 62 | attributes = TinyAdmin.settings.root.slice(:content, :title, :widgets) 63 | render_page prepare_page(page_class, attributes: attributes, params: request.params) 64 | end 65 | else 66 | render_page prepare_page(TinyAdmin.settings.page_not_allowed) 67 | end 68 | end 69 | 70 | def setup_page_route(req, slug, page_data) 71 | req.get slug do 72 | if authorization.allowed?(current_user, :page, slug) 73 | attributes = page_data.slice(:content, :title, :widgets) 74 | render_page prepare_page(page_data[:class], slug: slug, attributes: attributes, params: request.params) 75 | else 76 | render_page prepare_page(TinyAdmin.settings.page_not_allowed) 77 | end 78 | end 79 | end 80 | 81 | def setup_resource_routes(req, slug, options:) 82 | req.on slug do 83 | setup_collection_routes(req, slug, options: options) 84 | setup_member_routes(req, slug, options: options) 85 | end 86 | end 87 | 88 | def setup_collection_routes(req, slug, options:) 89 | repository = options[:repository].new(options[:model]) 90 | action_options = options[:index] || {} 91 | 92 | # Custom actions 93 | custom_actions = setup_custom_actions( 94 | req, 95 | options[:collection_actions], 96 | options: action_options, 97 | repository: repository, 98 | slug: slug 99 | ) 100 | 101 | # Index 102 | if options[:only].include?(:index) || options[:only].include?('index') 103 | req.is do 104 | if authorization.allowed?(current_user, :resource_index, slug) 105 | context = Context.new( 106 | actions: custom_actions, 107 | repository: repository, 108 | request: request, 109 | router: req, 110 | slug: slug 111 | ) 112 | index_action = TinyAdmin::Actions::Index.new 113 | render_page index_action.call(app: self, context: context, options: action_options) 114 | else 115 | render_page prepare_page(TinyAdmin.settings.page_not_allowed) 116 | end 117 | end 118 | end 119 | end 120 | 121 | def setup_member_routes(req, slug, options:) 122 | repository = options[:repository].new(options[:model]) 123 | action_options = (options[:show] || {}).merge(record_not_found_page: TinyAdmin.settings.record_not_found) 124 | 125 | req.on String do |reference| 126 | # Custom actions 127 | custom_actions = setup_custom_actions( 128 | req, 129 | options[:member_actions], 130 | options: action_options, 131 | repository: repository, 132 | slug: slug, 133 | reference: reference 134 | ) 135 | 136 | # Show 137 | if options[:only].include?(:show) || options[:only].include?('show') 138 | req.is do 139 | if authorization.allowed?(current_user, :resource_show, slug) 140 | context = Context.new( 141 | actions: custom_actions, 142 | reference: reference, 143 | repository: repository, 144 | request: request, 145 | router: req, 146 | slug: slug 147 | ) 148 | show_action = TinyAdmin::Actions::Show.new 149 | render_page show_action.call(app: self, context: context, options: action_options) 150 | else 151 | render_page prepare_page(TinyAdmin.settings.page_not_allowed) 152 | end 153 | end 154 | end 155 | end 156 | end 157 | 158 | def setup_custom_actions(req, custom_actions = nil, options:, repository:, slug:, reference: nil) 159 | (custom_actions || []).each_with_object({}) do |custom_action, result| 160 | action_slug, action = custom_action.first 161 | action_class = to_class(action) 162 | 163 | req.get action_slug.to_s do 164 | if authorization.allowed?(current_user, :custom_action, action_slug.to_s) 165 | context = Context.new( 166 | actions: {}, 167 | reference: reference, 168 | repository: repository, 169 | request: request, 170 | router: req, 171 | slug: slug 172 | ) 173 | custom_action = action_class.new 174 | render_page custom_action.call(app: self, context: context, options: options) 175 | else 176 | render_page prepare_page(TinyAdmin.settings.page_not_allowed) 177 | end 178 | end 179 | 180 | result[action_slug.to_s] = action_class 181 | end 182 | end 183 | 184 | def authorization 185 | TinyAdmin.settings.authorization_class 186 | end 187 | end 188 | end 189 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tiny Admin 2 | 3 | [](https://badge.fury.io/rb/tiny_admin) 4 | [](https://rubygems.org/gems/tiny_admin) 5 | [](https://github.com/blocknotes/tiny_admin/actions/workflows/linters.yml) 6 | [](https://github.com/blocknotes/tiny_admin/actions/workflows/tests.yml) 7 | 8 | A compact and composable dashboard component for Ruby. 9 | 10 | Main features: 11 | - a Rack app that can be mounted in any Rack-enabled framework or used standalone; 12 | - structured with plugins also for main components that can be replaced with little effort; 13 | - routing is provided by Roda which is small and performant; 14 | - views are Phlex components, so plain Ruby objects for views, no assets are needed. 15 | 16 | Please ⭐ if you like it. 17 | 18 |  19 | 20 | ## Install 21 | 22 | - Add to your Gemfile: `gem 'tiny_admin', '~> 0.10'` 23 | - Mount the app in a route (check some examples with: Hanami, Rails, Roda and standalone in [extra](extra)) 24 | + in Rails, update _config/routes.rb_: `mount TinyAdmin::Router => '/admin'` 25 | - Configure the dashboard using `TinyAdmin.configure` and/or `TinyAdmin.configure_from_file` with a YAML config file (see [configuration](#configuration) below): 26 | 27 | ```rb 28 | TinyAdmin.configure do |settings| 29 | settings.root = { 30 | title: 'Home', 31 | page: Admin::PageRoot 32 | } 33 | end 34 | ``` 35 | 36 | ## Plugins and components 37 | 38 | ### Authentication 39 | 40 | Plugins available: 41 | 42 | - **SimpleAuth**: a session authentication based on Warden (`warden` gem must be included in the Gemfile) using a password hash provided via config or via environment variable (`ADMIN_PASSWORD_HASH`). _Disclaimer: this plugin is provided as example, if you need a secure authentication I suggest to create your own._ 43 | 44 | - **NoAuth**: no authentication. 45 | 46 | ### Authorization 47 | 48 | Plugins available: 49 | 50 | - **Authorization**: base class to provide an authorization per action, the host application should inherit from it and override the class method `allowed?`. 51 | 52 | ### Repository 53 | 54 | Plugin available: 55 | 56 | - **ActiveRecordRepository**: isolates the query layer to expose the resources in the admin interface. 57 | 58 | ### View pages 59 | 60 | Pages available: 61 | 62 | - **Root**: define how to present the content in the main page of the interface; 63 | - **Content**: define how to present page with inline content; 64 | - **PageNotFound**: define how to present pages not found; 65 | - **RecordNotFound**: define how to present record not found page; 66 | - **SimpleAuthLogin**: define how to present the login form for SimpleAuth plugin; 67 | - **Index**: define how to present a collection of items; 68 | - **Show**: define how to present the details of an item. 69 | 70 | ### View components 71 | 72 | Components available: 73 | 74 | - **FiltersForm**: define how to present the filters form in the resource collection pages; 75 | - **Flash**: define how to present the flash messages; 76 | - **Head**: define how to present the Head tag; 77 | - **Navbar**: define how to present the navbar (the default one uses the Bootstrap structure); 78 | - **Pagination**: define how to present the pagination of a collection. 79 | 80 | ## Configuration 81 | 82 | TinyAdmin can be configured using a YAML file and/or programmatically. 83 | See [extra](extra) folder for some usage examples. 84 | 85 | The following options are supported: 86 | 87 | `root` (Hash): define the root section of the admin, properties: 88 | 89 | - `title` (String): root section's title; 90 | - `page` (String): a view object to render; 91 | - `redirect` (String): alternative to _page_ option - redirects to a specific slug; 92 | - `widgets` (Array): list of widgets (as View components) to present. 93 | 94 | > 📚 [Wiki Root page](https://github.com/blocknotes/tiny_admin/wiki/Root) available 95 | 96 | Example: 97 | 98 | ```yml 99 | root: 100 | title: MyAdmin 101 | redirect: posts 102 | widgets: 103 | - LatestAuthorsWidget 104 | - LatestPostsWidget 105 | ``` 106 | 107 | `helper_class` (String): class or module with helper methods, used for attributes' formatters. 108 | 109 | > 📚 [Wiki Helper methods page](https://github.com/blocknotes/tiny_admin/wiki/Helper-methods) available 110 | 111 | `page_not_found` (String): a view object to render when a missing page is requested. 112 | 113 | `record_not_found` (String): a view object to render when a missing record is requested. 114 | 115 | `style_links` (Array of hashes): list of styles files to include, properties: 116 | 117 | - `href` (String): URL for the style file; 118 | - `rel` (String): type of style file. 119 | 120 | `scripts` (Array of hashes): list of scripts to include, properties: 121 | 122 | - `src` (String): source URL for the script. 123 | 124 | `extra_styles` (String): inline CSS styles. 125 | 126 | > 📚 [Wiki Styles and scripts page](https://github.com/blocknotes/tiny_admin/wiki/Styles-and-scripts) available 127 | 128 | `authentication` (Hash): define the authentication method, properties: 129 | 130 | - `plugin` (String): a plugin class to use (ex. `TinyAdmin::Plugins::SimpleAuth`); 131 | - `password` (String): a password hash used by _SimpleAuth_ plugin (generated with `Digest::SHA512.hexdigest("some password")`). 132 | 133 | > 📚 [Wiki Authentication page](https://github.com/blocknotes/tiny_admin/wiki/Authentication) available 134 | 135 | Example: 136 | 137 | ```yml 138 | authentication: 139 | plugin: TinyAdmin::Plugins::SimpleAuth 140 | password: 'f1891cea80fc05e433c943254c6bdabc159577a02a7395dfebbfbc4f7661d4af56f2d372131a45936de40160007368a56ef216a30cb202c66d3145fd24380906' 141 | ``` 142 | 143 | `authorization_class` (String): a plugin class to use; 144 | 145 | > 📚 [Wiki Authentication page](https://github.com/blocknotes/tiny_admin/wiki/Authorization) available 146 | 147 | `sections` (Array of hashes): define the admin sections, properties: 148 | 149 | - `slug` (String): section reference identifier; 150 | - `name` (String): section's title; 151 | - `type` (String): the type of section: `content`, `page`, `resource` or `url`; 152 | - `widgets` (Array): list of widgets (as View components) to present; 153 | - other properties depends on the section's type. 154 | 155 | > 📚 [Wiki Pages page](https://github.com/blocknotes/tiny_admin/wiki/Pages) available 156 | 157 | For _content_ sections: 158 | 159 | - `content` (String): the HTML content to present. 160 | 161 | Example: 162 | 163 | ```yml 164 | slug: test-content 165 | name: Test content 166 | type: content 167 | content: > 168 |Some test content
170 | widgets: 171 | - LatestAuthorsWidget 172 | - LatestPostsWidget 173 | ``` 174 | 175 | For _url_ sections: 176 | 177 | - `url` (String): the URL to load when clicking on the section's menu item; 178 | - `options` (Hash): properties: 179 | + `target` (String): link _target_ attributes (ex. `_blank`). 180 | 181 | Example: 182 | 183 | ```yml 184 | slug: google 185 | name: Google.it 186 | type: url 187 | url: https://www.google.it 188 | options: 189 | target: '_blank' 190 | ``` 191 | 192 | For _page_ sections: 193 | 194 | - `page` (String): a view object to render. 195 | 196 | Example: 197 | 198 | ```yml 199 | slug: stats 200 | name: Stats 201 | type: page 202 | page: Admin::Stats 203 | ``` 204 | 205 | For _resource_ sections: 206 | 207 | - `model` (String): the class to use to fetch the data on an item of a collection; 208 | - `repository` (String): the class to get the properties related to the model; 209 | 210 | > 📚 [Wiki Repository page](https://github.com/blocknotes/tiny_admin/wiki/Repository) available 211 | 212 | - `index` (Hash): collection's action options (see below); 213 | - `show` (Hash): detail's action options (see below); 214 | - `collection_actions` (Array of hashes): custom collection's actions; 215 | - `member_actions` (Array of hashes): custom details's actions; 216 | - `widgets` (Array): list of widgets (as View components) to present; 217 | - `only` (Array of strings): list of supported actions (ex. `index`); 218 | - `options` (Array of strings): resource options (ex. `hidden`). 219 | 220 | Example: 221 | 222 | ```yml 223 | slug: posts 224 | name: Posts 225 | type: resource 226 | model: Post 227 | ``` 228 | 229 | #### Resource index options 230 | 231 | > 📚 [Wiki Resource index page](https://github.com/blocknotes/tiny_admin/wiki/Resource-index) available 232 | 233 | The Index hash supports the following options: 234 | 235 | - `attributes` (Array): fields to expose in the resource list page; 236 | - `filters` (Array): filter the current listing; 237 | - `links` (Array): custom member actions to expose for each list's entry (defined in _member_actions_); 238 | - `pagination` (Integer): max pages size; 239 | - `sort` (Array): sort options to pass to the listing query. 240 | 241 | Example: 242 | 243 | ```yml 244 | index: 245 | sort: 246 | - id DESC 247 | pagination: 10 248 | attributes: 249 | - id 250 | - author: call, name 251 | - position: round, 1 252 | - field: author_id 253 | header: The author 254 | link_to: authors 255 | call: author, name 256 | filters: 257 | - title 258 | - field: state 259 | type: select 260 | values: 261 | - published 262 | - draft 263 | - archived 264 | links: 265 | - show 266 | - author_posts 267 | - csv_export 268 | ``` 269 | 270 | #### Resource show options 271 | 272 | > 📚 [Wiki Resource show page](https://github.com/blocknotes/tiny_admin/wiki/Resource-show) available 273 | 274 | The Show hash supports the following options: 275 | 276 | - `attributes` (Array): fields to expose in the resource details page. 277 | 278 | Example: 279 | 280 | ```yml 281 | show: 282 | attributes: 283 | # Expose the id column 284 | - id 285 | # Expose the title column, calling `downcase` support method 286 | - title: downcase 287 | # Expose the category column, calling `upcase` support method 288 | - category: upcase 289 | # Expose the position column, calling `format` support method with argument %f 290 | - position: format, %f 291 | # Expose the position created_at, calling `strftime` support method with argument %Y%m%d %H:%M 292 | - created_at: strftime, %Y%m%d %H:%M 293 | # Expose the author_id column, with a custom header label, linked to authors section and calling author.name to get the value 294 | - field: author_id 295 | header: The author 296 | link_to: authors 297 | call: author, name 298 | widgets: 299 | - LatestAuthorsWidget 300 | - LatestPostsWidget 301 | ``` 302 | 303 | ### Sample 304 | 305 | ```rb 306 | # config/initializers/tiny_admin.rb 307 | 308 | config = Rails.root.join('config/tiny_admin.yml').to_s 309 | TinyAdmin.configure_from_file(config) 310 | 311 | # Change some settings programmatically 312 | TinyAdmin.configure do |settings| 313 | settings.authentication[:password] = Digest::SHA512.hexdigest('changeme') 314 | end 315 | ``` 316 | 317 | ```yml 318 | # config/tiny_admin.yml 319 | --- 320 | authentication: 321 | plugin: TinyAdmin::Plugins::SimpleAuth 322 | # password: 'f1891cea80fc05e433c943254c6bdabc159577a02a7395dfebbfbc4f7661d4af56f2d372131a45936de40160007368a56ef216a30cb202c66d3145fd24380906' 323 | root: 324 | title: Test Admin 325 | widgets: 326 | - LatestAuthorsWidget 327 | - LatestPostsWidget 328 | # page: RootPage 329 | helper_class: AdminHelper 330 | page_not_found: PageNotFound 331 | record_not_found: RecordNotFound 332 | sections: 333 | - slug: google 334 | name: Google.it 335 | type: url 336 | url: https://www.google.it 337 | options: 338 | target: _blank 339 | - slug: sample 340 | name: Sample page 341 | type: page 342 | page: SamplePage 343 | - slug: authors 344 | name: Authors 345 | type: resource 346 | model: Author 347 | collection_actions: 348 | - sample_col: SampleCollectionAction 349 | member_actions: 350 | - sample_mem: SampleMemberAction 351 | - slug: posts 352 | name: Posts 353 | type: resource 354 | model: Post 355 | index: 356 | pagination: 5 357 | attributes: 358 | - id 359 | - title 360 | - field: author_id 361 | link_to: authors 362 | - category: upcase 363 | - state: downcase 364 | - published 365 | - position: round, 1 366 | - dt: to_date 367 | - field: created_at 368 | converter: AdminUtils 369 | method: datetime_formatter 370 | - updated_at: strftime, %Y%m%d %H:%M 371 | filters: 372 | - title 373 | - author_id 374 | - field: category 375 | type: select 376 | values: 377 | - news 378 | - sport 379 | - tech 380 | - published 381 | - dt 382 | - created_at 383 | show: 384 | attributes: 385 | - id 386 | - title 387 | - description 388 | - field: author_id 389 | link_to: authors 390 | - category 391 | - published 392 | - position: format, %f 393 | - dt 394 | - created_at 395 | style_links: 396 | - href: /bootstrap.min.css 397 | rel: stylesheet 398 | scripts: 399 | - src: /bootstrap.bundle.min.js 400 | extra_styles: > 401 | .navbar { 402 | background-color: var(--bs-cyan); 403 | } 404 | .main-content { 405 | background-color: var(--bs-gray-100); 406 | } 407 | .main-content a { 408 | text-decoration: none; 409 | } 410 | ``` 411 | 412 | ## Do you like it? Star it! 413 | 414 | If you use this component just star it. A developer is more motivated to improve a project when there is some interest. 415 | 416 | Or consider offering me a coffee, it's a small thing but it is greatly appreciated: [about me](https://www.blocknot.es/about-me). 417 | 418 | ## Contributors 419 | 420 | - [Mattia Roccoberton](https://blocknot.es/): author 421 | 422 | ## License 423 | 424 | The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). 425 | --------------------------------------------------------------------------------