diff options
| author | erdgeist <erdgeist@erdgeist.org> | 2026-06-30 03:55:42 +0200 |
|---|---|---|
| committer | erdgeist <erdgeist@erdgeist.org> | 2026-06-30 19:22:24 +0200 |
| commit | 51629c5c42270a346885057a441095c964101cc1 (patch) | |
| tree | c2eaf148feb443ef51b20d3147fc9e368239ab12 | |
| parent | 4705ef970469a852c7bdb4c097ba748e972c8f63 (diff) | |
Fix events CRUD for standalone events and add events to admin menu
- event_params now permits title, description, is_primary
- event_information helper lists all node.events, not just the first
- Occurrence.generate handles nil node (standalone events)
- Page.aggregate order_by title uses correlated subquery to avoid
GROUP BY conflict with tag-filter path; order_direction whitelisted
to ASC/DESC to prevent SQL injection
- Events link added to admin menu bar
- events/index shows title, is_primary; drops latitude/longitude columns
| -rw-r--r-- | app/controllers/events_controller.rb | 2 | ||||
| -rw-r--r-- | app/helpers/nodes_helper.rb | 20 | ||||
| -rw-r--r-- | app/models/occurrence.rb | 2 | ||||
| -rw-r--r-- | app/models/page.rb | 8 | ||||
| -rw-r--r-- | app/views/admin/_menu.html.erb | 1 | ||||
| -rw-r--r-- | app/views/events/index.html.erb | 8 |
6 files changed, 20 insertions, 21 deletions
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb index f50da3e..3a60cf9 100644 --- a/app/controllers/events_controller.rb +++ b/app/controllers/events_controller.rb | |||
| @@ -94,6 +94,6 @@ class EventsController < ApplicationController | |||
| 94 | private | 94 | private |
| 95 | 95 | ||
| 96 | def event_params | 96 | def event_params |
| 97 | params.require(:event).permit(:start_time, :end_time, :rrule, :custom_rrule, :allday, :url, :latitude, :longitude, :node_id, :location) | 97 | params.require(:event).permit(:title, :description, :is_primary, :start_time, :end_time, :rrule, :custom_rrule, :allday, :url, :latitude, :longitude, :node_id, :location) |
| 98 | end | 98 | end |
| 99 | end | 99 | end |
diff --git a/app/helpers/nodes_helper.rb b/app/helpers/nodes_helper.rb index d88d12a..4293628 100644 --- a/app/helpers/nodes_helper.rb +++ b/app/helpers/nodes_helper.rb | |||
| @@ -30,19 +30,17 @@ module NodesHelper | |||
| 30 | end | 30 | end |
| 31 | 31 | ||
| 32 | def event_information | 32 | def event_information |
| 33 | if @node.events.first | 33 | events = @node.events.order(:start_time) |
| 34 | event = @node.events.first | 34 | items = events.map do |event| |
| 35 | safe_join([ | 35 | safe_join([ |
| 36 | "#{event.start_time.to_fs(:db)} - #{event.end_time.to_fs(:db)} > ", | 36 | "#{event.start_time&.to_fs(:db)} - #{event.end_time&.to_fs(:db)} > ", |
| 37 | link_to('show', event_path(event)), | 37 | link_to('edit', edit_event_path(event)), |
| 38 | ' > ', | ||
| 39 | link_to('edit', edit_event_path(event)) | ||
| 40 | ]) | ||
| 41 | else | ||
| 42 | safe_join([ | ||
| 43 | 'no event attached > ', | ||
| 44 | link_to('add', new_event_path(:node_id => @node.id)) | ||
| 45 | ]) | 38 | ]) |
| 46 | end | 39 | end |
| 40 | safe_join([ | ||
| 41 | safe_join(items, ' | '), | ||
| 42 | ' > ', | ||
| 43 | link_to('add event', new_event_path(:node_id => @node.id)) | ||
| 44 | ]) | ||
| 47 | end | 45 | end |
| 48 | end | 46 | end |
diff --git a/app/models/occurrence.rb b/app/models/occurrence.rb index 143124f..777be24 100644 --- a/app/models/occurrence.rb +++ b/app/models/occurrence.rb | |||
| @@ -35,7 +35,7 @@ class Occurrence < ApplicationRecord | |||
| 35 | self.create( | 35 | self.create( |
| 36 | :start_time => occurrence, | 36 | :start_time => occurrence, |
| 37 | :end_time => (occurrence + duration), | 37 | :end_time => (occurrence + duration), |
| 38 | :node_id => node.id, | 38 | :node_id => node&.id, |
| 39 | :event_id => event.id | 39 | :event_id => event.id |
| 40 | ) | 40 | ) |
| 41 | end | 41 | end |
diff --git a/app/models/page.rb b/app/models/page.rb index 385b3f6..c982c2e 100644 --- a/app/models/page.rb +++ b/app/models/page.rb | |||
| @@ -63,15 +63,15 @@ class Page < ApplicationRecord | |||
| 63 | end | 63 | end |
| 64 | end | 64 | end |
| 65 | 65 | ||
| 66 | direction = %w[ASC DESC].include?(options[:order_direction]&.upcase) ? options[:order_direction].upcase : "ASC" | ||
| 67 | |||
| 66 | if options[:order_by] == "title" | 68 | if options[:order_by] == "title" |
| 67 | return scope | 69 | return scope |
| 68 | .joins(:translations) | 70 | .order(Arel.sql("(SELECT pt.title FROM page_translations pt WHERE pt.page_id = pages.id AND pt.locale = #{ActiveRecord::Base.connection.quote(I18n.locale.to_s)}) #{direction}")) |
| 69 | .where(page_translations: { locale: I18n.locale }) | ||
| 70 | .order("page_translations.title #{options[:order_direction]}") | ||
| 71 | .paginate(:page => page, :per_page => options[:limit]) | 71 | .paginate(:page => page, :per_page => options[:limit]) |
| 72 | end | 72 | end |
| 73 | 73 | ||
| 74 | scope.order("#{options[:order_by]} #{options[:order_direction]}") | 74 | scope.order("#{options[:order_by]} #{direction}") |
| 75 | .paginate(:page => page, :per_page => options[:limit]) | 75 | .paginate(:page => page, :per_page => options[:limit]) |
| 76 | end | 76 | end |
| 77 | 77 | ||
diff --git a/app/views/admin/_menu.html.erb b/app/views/admin/_menu.html.erb index 6dba085..c87c5f7 100644 --- a/app/views/admin/_menu.html.erb +++ b/app/views/admin/_menu.html.erb | |||
| @@ -4,5 +4,6 @@ | |||
| 4 | <a href="#" onclick="admin_search.display_toggle(); return false;">search</a> | 4 | <a href="#" onclick="admin_search.display_toggle(); return false;">search</a> |
| 5 | <%= link_to 'Nodes', nodes_path, selected?('nodes') %> | 5 | <%= link_to 'Nodes', nodes_path, selected?('nodes') %> |
| 6 | <%= link_to 'Assets', assets_path, selected?('assets') %> | 6 | <%= link_to 'Assets', assets_path, selected?('assets') %> |
| 7 | <%= link_to 'Events', events_path, selected?('events') %> | ||
| 7 | <%= link_to 'User', users_path, selected?('users') %> | 8 | <%= link_to 'User', users_path, selected?('users') %> |
| 8 | <%= link_to 'Navigation', menu_items_path, selected?('menu_items') %> > | 9 | <%= link_to 'Navigation', menu_items_path, selected?('menu_items') %> > |
diff --git a/app/views/events/index.html.erb b/app/views/events/index.html.erb index 19b21ce..064fa86 100644 --- a/app/views/events/index.html.erb +++ b/app/views/events/index.html.erb | |||
| @@ -2,27 +2,27 @@ | |||
| 2 | 2 | ||
| 3 | <table> | 3 | <table> |
| 4 | <tr> | 4 | <tr> |
| 5 | <th>Title</th> | ||
| 6 | <th>Is primary</th> | ||
| 5 | <th>Start time</th> | 7 | <th>Start time</th> |
| 6 | <th>End time</th> | 8 | <th>End time</th> |
| 7 | <th>Rrule</th> | 9 | <th>Rrule</th> |
| 8 | <th>Custom rrule</th> | 10 | <th>Custom rrule</th> |
| 9 | <th>Allday</th> | 11 | <th>Allday</th> |
| 10 | <th>Url</th> | 12 | <th>Url</th> |
| 11 | <th>Latitude</th> | ||
| 12 | <th>Longitude</th> | ||
| 13 | <th>Node</th> | 13 | <th>Node</th> |
| 14 | </tr> | 14 | </tr> |
| 15 | 15 | ||
| 16 | <% @events.each do |event| %> | 16 | <% @events.each do |event| %> |
| 17 | <tr> | 17 | <tr> |
| 18 | <td><%=h event.display_title %></td> | ||
| 19 | <td><%=h event.is_primary %></td> | ||
| 18 | <td><%=h event.start_time %></td> | 20 | <td><%=h event.start_time %></td> |
| 19 | <td><%=h event.end_time %></td> | 21 | <td><%=h event.end_time %></td> |
| 20 | <td><%=h event.rrule %></td> | 22 | <td><%=h event.rrule %></td> |
| 21 | <td><%=h event.custom_rrule %></td> | 23 | <td><%=h event.custom_rrule %></td> |
| 22 | <td><%=h event.allday %></td> | 24 | <td><%=h event.allday %></td> |
| 23 | <td><%=h event.url %></td> | 25 | <td><%=h event.url %></td> |
| 24 | <td><%=h event.latitude %></td> | ||
| 25 | <td><%=h event.longitude %></td> | ||
| 26 | <td><%=h event.node_id %></td> | 26 | <td><%=h event.node_id %></td> |
| 27 | <td><%= link_to 'Show', event %></td> | 27 | <td><%= link_to 'Show', event %></td> |
| 28 | <td><%= link_to 'Edit', edit_event_path(event) %></td> | 28 | <td><%= link_to 'Edit', edit_event_path(event) %></td> |
