summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorerdgeist <erdgeist@erdgeist.org>2026-06-30 03:55:42 +0200
committererdgeist <erdgeist@erdgeist.org>2026-06-30 19:22:24 +0200
commit51629c5c42270a346885057a441095c964101cc1 (patch)
treec2eaf148feb443ef51b20d3147fc9e368239ab12 /app
parent4705ef970469a852c7bdb4c097ba748e972c8f63 (diff)
Fix events CRUD for standalone events and add events to admin menu
- event_params now permits title, description, is_primary - event_information helper lists all node.events, not just the first - Occurrence.generate handles nil node (standalone events) - Page.aggregate order_by title uses correlated subquery to avoid GROUP BY conflict with tag-filter path; order_direction whitelisted to ASC/DESC to prevent SQL injection - Events link added to admin menu bar - events/index shows title, is_primary; drops latitude/longitude columns
Diffstat (limited to 'app')
-rw-r--r--app/controllers/events_controller.rb2
-rw-r--r--app/helpers/nodes_helper.rb20
-rw-r--r--app/models/occurrence.rb2
-rw-r--r--app/models/page.rb8
-rw-r--r--app/views/admin/_menu.html.erb1
-rw-r--r--app/views/events/index.html.erb8
6 files changed, 20 insertions, 21 deletions
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
index f50da3e..3a60cf9 100644
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -94,6 +94,6 @@ class EventsController < ApplicationController
94 private 94 private
95 95
96 def event_params 96 def event_params
97 params.require(:event).permit(:start_time, :end_time, :rrule, :custom_rrule, :allday, :url, :latitude, :longitude, :node_id, :location) 97 params.require(:event).permit(:title, :description, :is_primary, :start_time, :end_time, :rrule, :custom_rrule, :allday, :url, :latitude, :longitude, :node_id, :location)
98 end 98 end
99end 99end
diff --git a/app/helpers/nodes_helper.rb b/app/helpers/nodes_helper.rb
index d88d12a..4293628 100644
--- a/app/helpers/nodes_helper.rb
+++ b/app/helpers/nodes_helper.rb
@@ -30,19 +30,17 @@ module NodesHelper
30 end 30 end
31 31
32 def event_information 32 def event_information
33 if @node.events.first 33 events = @node.events.order(:start_time)
34 event = @node.events.first 34 items = events.map do |event|
35 safe_join([ 35 safe_join([
36 "#{event.start_time.to_fs(:db)} - #{event.end_time.to_fs(:db)} > ", 36 "#{event.start_time&.to_fs(:db)} - #{event.end_time&.to_fs(:db)} > ",
37 link_to('show', event_path(event)), 37 link_to('edit', edit_event_path(event)),
38 ' > ',
39 link_to('edit', edit_event_path(event))
40 ])
41 else
42 safe_join([
43 'no event attached > ',
44 link_to('add', new_event_path(:node_id => @node.id))
45 ]) 38 ])
46 end 39 end
40 safe_join([
41 safe_join(items, ' | '),
42 ' > ',
43 link_to('add event', new_event_path(:node_id => @node.id))
44 ])
47 end 45 end
48end 46end
diff --git a/app/models/occurrence.rb b/app/models/occurrence.rb
index 143124f..777be24 100644
--- a/app/models/occurrence.rb
+++ b/app/models/occurrence.rb
@@ -35,7 +35,7 @@ class Occurrence < ApplicationRecord
35 self.create( 35 self.create(
36 :start_time => occurrence, 36 :start_time => occurrence,
37 :end_time => (occurrence + duration), 37 :end_time => (occurrence + duration),
38 :node_id => node.id, 38 :node_id => node&.id,
39 :event_id => event.id 39 :event_id => event.id
40 ) 40 )
41 end 41 end
diff --git a/app/models/page.rb b/app/models/page.rb
index 385b3f6..c982c2e 100644
--- a/app/models/page.rb
+++ b/app/models/page.rb
@@ -63,15 +63,15 @@ class Page < ApplicationRecord
63 end 63 end
64 end 64 end
65 65
66 direction = %w[ASC DESC].include?(options[:order_direction]&.upcase) ? options[:order_direction].upcase : "ASC"
67
66 if options[:order_by] == "title" 68 if options[:order_by] == "title"
67 return scope 69 return scope
68 .joins(:translations) 70 .order(Arel.sql("(SELECT pt.title FROM page_translations pt WHERE pt.page_id = pages.id AND pt.locale = #{ActiveRecord::Base.connection.quote(I18n.locale.to_s)}) #{direction}"))
69 .where(page_translations: { locale: I18n.locale })
70 .order("page_translations.title #{options[:order_direction]}")
71 .paginate(:page => page, :per_page => options[:limit]) 71 .paginate(:page => page, :per_page => options[:limit])
72 end 72 end
73 73
74 scope.order("#{options[:order_by]} #{options[:order_direction]}") 74 scope.order("#{options[:order_by]} #{direction}")
75 .paginate(:page => page, :per_page => options[:limit]) 75 .paginate(:page => page, :per_page => options[:limit])
76 end 76 end
77 77
diff --git a/app/views/admin/_menu.html.erb b/app/views/admin/_menu.html.erb
index 6dba085..c87c5f7 100644
--- a/app/views/admin/_menu.html.erb
+++ b/app/views/admin/_menu.html.erb
@@ -4,5 +4,6 @@
4<a href="#" onclick="admin_search.display_toggle(); return false;">search</a> 4<a href="#" onclick="admin_search.display_toggle(); return false;">search</a>
5<%= link_to 'Nodes', nodes_path, selected?('nodes') %> 5<%= link_to 'Nodes', nodes_path, selected?('nodes') %>
6<%= link_to 'Assets', assets_path, selected?('assets') %> 6<%= link_to 'Assets', assets_path, selected?('assets') %>
7<%= link_to 'Events', events_path, selected?('events') %>
7<%= link_to 'User', users_path, selected?('users') %> 8<%= link_to 'User', users_path, selected?('users') %>
8<%= link_to 'Navigation', menu_items_path, selected?('menu_items') %> &gt;&nbsp; 9<%= link_to 'Navigation', menu_items_path, selected?('menu_items') %> &gt;&nbsp;
diff --git a/app/views/events/index.html.erb b/app/views/events/index.html.erb
index 19b21ce..064fa86 100644
--- a/app/views/events/index.html.erb
+++ b/app/views/events/index.html.erb
@@ -2,27 +2,27 @@
2 2
3<table> 3<table>
4 <tr> 4 <tr>
5 <th>Title</th>
6 <th>Is primary</th>
5 <th>Start time</th> 7 <th>Start time</th>
6 <th>End time</th> 8 <th>End time</th>
7 <th>Rrule</th> 9 <th>Rrule</th>
8 <th>Custom rrule</th> 10 <th>Custom rrule</th>
9 <th>Allday</th> 11 <th>Allday</th>
10 <th>Url</th> 12 <th>Url</th>
11 <th>Latitude</th>
12 <th>Longitude</th>
13 <th>Node</th> 13 <th>Node</th>
14 </tr> 14 </tr>
15 15
16<% @events.each do |event| %> 16<% @events.each do |event| %>
17 <tr> 17 <tr>
18 <td><%=h event.display_title %></td>
19 <td><%=h event.is_primary %></td>
18 <td><%=h event.start_time %></td> 20 <td><%=h event.start_time %></td>
19 <td><%=h event.end_time %></td> 21 <td><%=h event.end_time %></td>
20 <td><%=h event.rrule %></td> 22 <td><%=h event.rrule %></td>
21 <td><%=h event.custom_rrule %></td> 23 <td><%=h event.custom_rrule %></td>
22 <td><%=h event.allday %></td> 24 <td><%=h event.allday %></td>
23 <td><%=h event.url %></td> 25 <td><%=h event.url %></td>
24 <td><%=h event.latitude %></td>
25 <td><%=h event.longitude %></td>
26 <td><%=h event.node_id %></td> 26 <td><%=h event.node_id %></td>
27 <td><%= link_to 'Show', event %></td> 27 <td><%= link_to 'Show', event %></td>
28 <td><%= link_to 'Edit', edit_event_path(event) %></td> 28 <td><%= link_to 'Edit', edit_event_path(event) %></td>