From df53aab2d3c9e89081f283f48b3bd3bdd38206fa Mon Sep 17 00:00:00 2001 From: Xiaoming Hu Date: Fri, 29 Nov 2024 12:51:19 +0100 Subject: [PATCH 01/14] update deprecated method --- lib/tasks/seek_dev.rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tasks/seek_dev.rake b/lib/tasks/seek_dev.rake index 5753cf6fd4..9fbf68f588 100644 --- a/lib/tasks/seek_dev.rake +++ b/lib/tasks/seek_dev.rake @@ -413,7 +413,7 @@ namespace :seek_dev do pub_ids = Project.find(project_id).publications.map(&:id) pub_ids.each do |id| permission = Publication.find(id).policy.permissions.where(contributor_type: "Person", contributor_id: person_id).first_or_initialize - permission.update_attributes(access_type: Policy::MANAGING) + permission.update(access_type: Policy::MANAGING) end end From f2ebb6a6a4655f019da610f35445a1f430e06f5f Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Thu, 28 Nov 2024 14:28:21 +0000 Subject: [PATCH 02/14] add nofollow to filter option links #2078 --- app/helpers/filtering_helper.rb | 1 + test/functional/documents_controller_test.rb | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/app/helpers/filtering_helper.rb b/app/helpers/filtering_helper.rb index fe634d149a..760facc6ce 100644 --- a/app/helpers/filtering_helper.rb +++ b/app/helpers/filtering_helper.rb @@ -2,6 +2,7 @@ module FilteringHelper def filter_link(key, filter, hidden: false, replace: false) link_to(page_and_sort_params.merge({ page: nil, filter: filter.active ? without_filter(key, filter.value) : with_filter(key, filter.value, replace: replace) }), title: filter.label, + rel: 'nofollow', class: "filter-option#{' filter-option-active' if filter.active}#{' filter-option-hidden' if hidden}") do content_tag(:span, filter.label, class: 'filter-option-label') + content_tag(:span, filter.count, class: 'filter-option-count') diff --git a/test/functional/documents_controller_test.rb b/test/functional/documents_controller_test.rb index 219e484cec..5714c0cec1 100644 --- a/test/functional/documents_controller_test.rb +++ b/test/functional/documents_controller_test.rb @@ -711,7 +711,7 @@ class DocumentsControllerTest < ActionController::TestCase assert_select '.filter-category[data-filter-category="project"]' do assert_select '.filter-category-title', text: 'Project' - assert_select '.filter-option', count: 2 + assert_select ".filter-option[rel='nofollow']", count: 2 assert_select '.filter-option.filter-option-active', count: 0 assert_select ".filter-option[title='#{project.title}']" do assert_select '[href=?]', documents_path(filter: { project: project.id }) @@ -728,7 +728,7 @@ class DocumentsControllerTest < ActionController::TestCase assert_select '.filter-category[data-filter-category="contributor"]' do assert_select '.filter-category-title', text: 'Submitter' - assert_select '.filter-option', href: /documents\?filter\[contributor\]=\d+/, count: 8 + assert_select ".filter-option[rel='nofollow']", href: /documents\?filter\[contributor\]=\d+/, count: 8 assert_select '.filter-option.filter-option-active', count: 0 # Should show 6 options and hide the rest assert_select '.filter-option.filter-option-hidden', count: 2 @@ -737,7 +737,7 @@ class DocumentsControllerTest < ActionController::TestCase assert_select '.filter-category[data-filter-category="tag"]' do assert_select '.filter-category-title', text: 'Tag' - assert_select '.filter-option', count: 1 + assert_select ".filter-option[rel='nofollow']", count: 1 assert_select '.filter-option.filter-option-active', count: 0 assert_select ".filter-option[title='awkward&id=1unsafe[]tag !']" do assert_select '.filter-option-label', text: 'awkward&id=1unsafe[]tag !' @@ -772,14 +772,14 @@ class DocumentsControllerTest < ActionController::TestCase # Should show other project in projects category assert_select '.filter-category[data-filter-category="project"]' do assert_select '.filter-category-title', text: 'Project' - assert_select '.filter-option.filter-option-active', count: 1 - assert_select '.filter-option', count: 2 - assert_select ".filter-option[title='#{project.title}']" do + assert_select ".filter-option[rel='nofollow'].filter-option-active", count: 1 + assert_select ".filter-option[rel='nofollow']", count: 2 + assert_select ".filter-option[title='#{project.title}'][rel='nofollow']" do assert_select '[href=?]', documents_path(filter: { programme: programme.id, project: [other_project.id, project.id] }) assert_select '.filter-option-label', text: project.title assert_select '.filter-option-count', text: '7' end - assert_select ".filter-option[title='#{other_project.title}'].filter-option-active" do + assert_select ".filter-option[title='#{other_project.title}'][rel='nofollow'].filter-option-active" do assert_select '[href=?]', documents_path(filter: { programme: programme.id }) assert_select '.filter-option-label', text: other_project.title assert_select '.filter-option-count', text: '1' @@ -789,7 +789,7 @@ class DocumentsControllerTest < ActionController::TestCase assert_select '.filter-category[data-filter-category="contributor"]' do assert_select '.filter-category-title', text: 'Submitter' - assert_select '.filter-option', count: 1 + assert_select ".filter-option[rel='nofollow']", count: 1 assert_select '.filter-option.filter-option-active', count: 0 assert_select '.filter-option.filter-option-hidden', count: 0 assert_select ".filter-option[title='#{other_project_doc.contributor.name}']" do @@ -808,11 +808,11 @@ class DocumentsControllerTest < ActionController::TestCase assert_select '.active-filters' do assert_select '.active-filter-category-title', count: 2 - assert_select ".filter-option[title='#{programme.title}'].filter-option-active" do + assert_select ".filter-option[title='#{programme.title}'][rel='nofollow'].filter-option-active" do assert_select '[href=?]', documents_path(filter: { project: other_project.id }) assert_select '.filter-option-label', text: programme.title end - assert_select ".filter-option[title='#{other_project.title}'].filter-option-active" do + assert_select ".filter-option[title='#{other_project.title}'][rel='nofollow'].filter-option-active" do assert_select '[href=?]', documents_path(filter: { programme: programme.id }) assert_select '.filter-option-label', text: other_project.title end From a6be662263c9267d89dbecc3b775169c3be0bcda Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Mon, 2 Dec 2024 10:37:13 +0000 Subject: [PATCH 03/14] override some acts_as_asset and make a sample type neither an asset or downloadable? #2084 --- app/models/sample_type.rb | 17 +++++++++++++---- test/unit/sample_type_test.rb | 7 +++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/app/models/sample_type.rb b/app/models/sample_type.rb index d4b009245d..30c5f4a3cb 100644 --- a/app/models/sample_type.rb +++ b/app/models/sample_type.rb @@ -200,6 +200,19 @@ def can_see_hidden_item?(user) can_view?(user) end + def self.is_asset? + false + end + + # although has a downloadable template, it doesn't have the full downloadable behaviour of an asset with data and it's own accessible permissions + def is_downloadable? + false + end + + def self.supports_extended_metadata? + false + end + private # whether the referring sample is valid and gives permission to view @@ -292,9 +305,5 @@ def validate_title_is_not_type_of_seek_sample_multi end end - def self.supports_extended_metadata? - false - end - class UnknownAttributeException < RuntimeError; end end diff --git a/test/unit/sample_type_test.rb b/test/unit/sample_type_test.rb index f5b7f93817..ab6d3b6979 100644 --- a/test/unit/sample_type_test.rb +++ b/test/unit/sample_type_test.rb @@ -114,6 +114,13 @@ def setup end end + test 'not an asset or downloadable' do + st = FactoryBot.create(:simple_sample_type) + refute st.is_asset? + refute st.is_downloadable? + refute st.is_downloadable_asset? + end + test 'validate title and decription length' do long_desc = ('a' * 65536).freeze ok_desc = ('a' * 65535).freeze From 3aa4cb180e3743474dd7fef86d40ebf4f5400d3a Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Mon, 2 Dec 2024 13:54:32 +0000 Subject: [PATCH 04/14] update upgrade task to set to accessible #2084 also a only once task to fix the previously updated permissions --- lib/tasks/seek_upgrades.rake | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/lib/tasks/seek_upgrades.rake b/lib/tasks/seek_upgrades.rake index d7b4717488..743be5d09d 100644 --- a/lib/tasks/seek_upgrades.rake +++ b/lib/tasks/seek_upgrades.rake @@ -13,6 +13,7 @@ namespace :seek do update_observation_unit_policies fix_xlsx_marked_as_zip add_policies_to_existing_sample_types + fix_previous_sample_type_permissions ] # these are the tasks that are executes for each upgrade as standard, and rarely change @@ -104,13 +105,13 @@ namespace :seek do # Visible if linked to public samples if st.samples.any? { |sample| sample.is_published? } - policy.access_type = Policy::VISIBLE + policy.access_type = Policy::ACCESSIBLE else policy.access_type = Policy::NO_ACCESS end # Visible to each project st.projects.map do |project| - policy.permissions << Permission.new(contributor_type: Permission::PROJECT, contributor_id: project.id, access_type: Policy::VISIBLE) + policy.permissions << Permission.new(contributor_type: Permission::PROJECT, contributor_id: project.id, access_type: Policy::ACCESSIBLE) end # Project admins can manage project_admins = st.projects.map(&:project_administrators).flatten @@ -125,7 +126,22 @@ namespace :seek do counter += 1 end end - puts "...Added policies to #{counter} sample types" + puts "... Added policies to #{counter} sample types" + end + + task(fix_previous_sample_type_permissions: [:environment]) do + only_once('fix_previous_sample_type_permissions 1.16.0') do + puts '... Updating previous sample type permissions ...' + SampleType.includes(:policy).where.not(policy_id: nil).each do |sample_type| + policy = sample_type.policy + if policy.access_type == Policy::VISIBLE + policy.update_column(:access_type, Policy::ACCESSIBLE) + end + policy.permissions.where(access_type: Policy::VISIBLE).where(contributor_type: Permission::PROJECT).update_all(access_type: Policy::ACCESSIBLE) + putc('.') + end + puts '... Finished updating previous sample type permissions' + end end private From ad3eb186a7533beaff3a969da8f72e435f62f949 Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Mon, 2 Dec 2024 15:05:25 +0000 Subject: [PATCH 05/14] ensure the template details and download link only shown if accessible #2084 --- app/views/sample_types/_template.html.erb | 2 ++ app/views/sample_types/show.html.erb | 2 +- .../sample_types_controller_test.rb | 25 +++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/app/views/sample_types/_template.html.erb b/app/views/sample_types/_template.html.erb index 3fc87d9b24..4e85a2bcb4 100644 --- a/app/views/sample_types/_template.html.erb +++ b/app/views/sample_types/_template.html.erb @@ -1,3 +1,5 @@ +<% return unless @sample_type.can_download? %> +

Template

<% if @sample_type.template %> diff --git a/app/views/sample_types/show.html.erb b/app/views/sample_types/show.html.erb index 53c5740fe2..b3d622d902 100644 --- a/app/views/sample_types/show.html.erb +++ b/app/views/sample_types/show.html.erb @@ -11,7 +11,7 @@
<%= item_description h(@sample_type.description) -%> -

Template

+ <%= render :partial => "template" %>

Attributes

diff --git a/test/functional/sample_types_controller_test.rb b/test/functional/sample_types_controller_test.rb index 2c7ca980c0..b90e5259b2 100644 --- a/test/functional/sample_types_controller_test.rb +++ b/test/functional/sample_types_controller_test.rb @@ -255,6 +255,31 @@ class SampleTypesControllerTest < ActionController::TestCase assert_equal 'update', ActivityLog.last.action end + test 'template download link visibility' do + person = FactoryBot.create(:person) + sample_type = SampleType.new title: 'testing download', + uploaded_template: true, + project_ids: person.projects.collect(&:id), + contributor: person, + content_blob: FactoryBot.create(:sample_type_template_content_blob), + policy: FactoryBot.create(:downloadable_public_policy) + sample_type.build_attributes_from_template + disable_authorization_checks { sample_type.save! } + assert sample_type.can_view? + assert sample_type.can_download? + get :show, params: { id: sample_type } + assert_response :success + assert_select 'a[href=?]',download_sample_type_content_blob_path(sample_type,sample_type.template), text:'Download' + + sample_type.policy = FactoryBot.create(:publicly_viewable_policy) + disable_authorization_checks { sample_type.save! } + assert sample_type.can_view? + refute sample_type.can_download? + get :show, params: { id: sample_type } + assert_response :success + assert_select 'a[href=?]',download_sample_type_content_blob_path(sample_type,sample_type.template), text:'Download', count:0 + end + test 'update changing from a CV attribute' do sample_type = FactoryBot.create(:apples_controlled_vocab_sample_type, project_ids: @project_ids, contributor: @person) From 8139c54960e75271e36cf7478102f962c7944565 Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Tue, 3 Dec 2024 13:00:43 +0000 Subject: [PATCH 06/14] queue sample type authlookup jobs when fixing permissions #2084 --- lib/tasks/seek_upgrades.rake | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/tasks/seek_upgrades.rake b/lib/tasks/seek_upgrades.rake index 743be5d09d..c08bf5f80c 100644 --- a/lib/tasks/seek_upgrades.rake +++ b/lib/tasks/seek_upgrades.rake @@ -140,6 +140,7 @@ namespace :seek do policy.permissions.where(access_type: Policy::VISIBLE).where(contributor_type: Permission::PROJECT).update_all(access_type: Policy::ACCESSIBLE) putc('.') end + AuthLookupUpdateQueue.enqueue(SampleType.all) puts '... Finished updating previous sample type permissions' end end From 51409e4e90c1c55a044818dc149c7ad93a3290c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 22:19:16 +0000 Subject: [PATCH 07/14] Bump rails-html-sanitizer from 1.6.0 to 1.6.1 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/main/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: rails-html-sanitizer dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index a96deb5eee..d9f1c72416 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -460,7 +460,7 @@ GEM nokogiri (~> 1) rake mini_mime (1.1.5) - mini_portile2 (2.8.7) + mini_portile2 (2.8.8) minitest (5.25.1) minitest-reporters (1.5.0) ansi @@ -492,7 +492,7 @@ GEM net-protocol netrc (0.11.0) nio4r (2.7.4) - nokogiri (1.16.7) + nokogiri (1.16.8) mini_portile2 (~> 2.8.2) racc (~> 1.4) nori (1.1.5) @@ -607,9 +607,9 @@ GEM activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) + rails-html-sanitizer (1.6.1) loofah (~> 2.21) - nokogiri (~> 1.14) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) rails-observers (0.1.5) activemodel (>= 4.0) rails-perftest (0.0.7) From 3958ab5a073e6a84943ea994b3b850c631dda128 Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Tue, 3 Dec 2024 13:45:29 +0000 Subject: [PATCH 08/14] updated help links for extended metadata to point to the website #2080 --- config/help_links.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/help_links.yml b/config/help_links.yml index a89de441cd..fa4529d68f 100644 --- a/config/help_links.yml +++ b/config/help_links.yml @@ -31,7 +31,7 @@ Document: https://docs.seek4science.org/help/user-guide/adding-assets.html Presentation: https://docs.seek4science.org/help/user-guide/adding-assets.html Event: https://docs.seek4science.org/help/user-guide/general-attributes.html#events clipboard_api_mozilla: https://developer.mozilla.org/en-US/docs/Web/API/Clipboard_API -ExtendedMetadataType: https://docs.seek4science.org/tech/extended-metadata -extended_metadata_technical_overview: https://github.com/seek4science/seek-documentation/blob/gh-pages-extended_metadata-type/tech/extended_metadata/extended-metadata-type.md -extended_metadata_type_json_schema: https://github.com/seek4science/seek-documentation/blob/gh-pages-extended_metadata-type/tech/extended_metadata/extended_metadata_type_schema.json -extended_metadata_type_example: https://github.com/seek4science/seek-documentation/blob/gh-pages-extended_metadata-type/tech/extended_metadata/a-complete-example.md \ No newline at end of file +ExtendedMetadataType: https://docs.seek4science.org/tech/extended-metadata/extended-metadata-type.html +extended_metadata_technical_overview: https://docs.seek4science.org/tech/extended-metadata/extended-metadata-type.html +extended_metadata_type_json_schema: https://docs.seek4science.org/tech/extended-metadata/extended-metadata-type-schema.json +extended_metadata_type_example: https://docs.seek4science.org/tech/extended-metadata/a-complete-example.html \ No newline at end of file From 69035753616de84896cb6cc01b2cde707ccfe9a2 Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Fri, 6 Dec 2024 09:39:34 +0000 Subject: [PATCH 09/14] update versions for 1.16.0 --- config/version.yml | 2 +- docker-compose-relative-root.yml | 4 ++-- docker-compose-virtuoso.yml | 4 ++-- docker-compose-with-email.yml | 4 ++-- docker-compose.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/config/version.yml b/config/version.yml index bf8dffd835..ed772484f9 100644 --- a/config/version.yml +++ b/config/version.yml @@ -9,4 +9,4 @@ major: 1 minor: 16 -patch: 0-pre +patch: 0 diff --git a/docker-compose-relative-root.yml b/docker-compose-relative-root.yml index 621085516c..48ebc41fab 100644 --- a/docker-compose-relative-root.yml +++ b/docker-compose-relative-root.yml @@ -13,7 +13,7 @@ services: seek: # The SEEK application #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek command: docker/entrypoint.sh @@ -42,7 +42,7 @@ services: seek_workers: # The SEEK delayed job workers #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek-workers command: docker/start_workers.sh restart: always diff --git a/docker-compose-virtuoso.yml b/docker-compose-virtuoso.yml index 693f4f83d7..d30abc3fd5 100644 --- a/docker-compose-virtuoso.yml +++ b/docker-compose-virtuoso.yml @@ -11,7 +11,7 @@ services: seek: # The SEEK application #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek command: docker/entrypoint.sh restart: always @@ -38,7 +38,7 @@ services: seek_workers: # The SEEK delayed job workers #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek-workers command: docker/start_workers.sh restart: always diff --git a/docker-compose-with-email.yml b/docker-compose-with-email.yml index 43e9b3c771..5dd7d7f779 100644 --- a/docker-compose-with-email.yml +++ b/docker-compose-with-email.yml @@ -13,7 +13,7 @@ services: seek: # The SEEK application #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek command: docker/entrypoint.sh @@ -42,7 +42,7 @@ services: seek_workers: # The SEEK delayed job workers #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek-workers command: docker/start_workers.sh restart: always diff --git a/docker-compose.yml b/docker-compose.yml index dc96dd69cf..3ff795a728 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: seek: # The SEEK application #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek command: docker/entrypoint.sh @@ -41,7 +41,7 @@ services: seek_workers: # The SEEK delayed job workers #build: . - image: fairdom/seek:1.16-dev + image: fairdom/seek:1.16 container_name: seek-workers command: docker/start_workers.sh restart: always From 50562608fd2944bea730b7e899cd12a1fcf5f09d Mon Sep 17 00:00:00 2001 From: Stuart Owen Date: Tue, 10 Dec 2024 13:53:05 +0000 Subject: [PATCH 10/14] Removed rogue %>. erb syntax characters that shouldn't be there --- app/views/projects/import_from_fairdata_station.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/projects/import_from_fairdata_station.html.erb b/app/views/projects/import_from_fairdata_station.html.erb index 0bffd127e2..d3ff3b1fa9 100644 --- a/app/views/projects/import_from_fairdata_station.html.erb +++ b/app/views/projects/import_from_fairdata_station.html.erb @@ -31,7 +31,7 @@ <%= panel('Sharing permissions') do %>

- The following sharing permissions will be applied to all the items created. It is possible to change them individually after they have been created. %>. + The following sharing permissions will be applied to all the items created. It is possible to change them individually after they have been created.

Note that Download is shown but only applicable to some types. Where not applicable, then View will be applied. From 1cac060c9fe82d4165fef95b84c5dc1f7a933c7f Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Wed, 11 Dec 2024 18:46:20 +0000 Subject: [PATCH 11/14] Allow `` and related tags in markdown descriptions. Fixes #2091 --- app/helpers/application_helper.rb | 11 ++++++++--- test/unit/helpers/application_helper_test.rb | 8 ++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 327ecc6b9f..675134140b 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -8,6 +8,9 @@ module ApplicationHelper include ImagesHelper include SessionsHelper + ALLOWED_HTML_WITH_TABLES = Rails::HTML::Concern::Scrubber::SafeList::DEFAULT_ALLOWED_TAGS.dup + + Set.new(%w(table thead tbody tfoot tr th td)) + def no_items_to_list_text content_tag :div, id: 'no-index-items-text' do "There are no #{resource_text_from_controller.pluralize} found that are visible to you." @@ -224,7 +227,7 @@ def text_or_not_specified(text, options = {}) else text.capitalize! if options[:capitalize] res = text.html_safe - res = sanitized_text(res) + res = sanitized_text(res, allow_tables: options[:markdown]) res = truncate_without_splitting_words(res, options[:length]) if options[:length] if options[:markdown] # Convert `>` etc. back to `>` so markdown blockquotes can be used. @@ -428,8 +431,10 @@ def using_docker? Seek::Docker.using_docker? end - def sanitized_text(text) - Rails::Html::SafeListSanitizer.new.sanitize(text) + def sanitized_text(text, allow_tables: false) + opts = {} + opts[:tags] = ALLOWED_HTML_WITH_TABLES if allow_tables + Rails::Html::SafeListSanitizer.new.sanitize(text, opts) end # whether manage attributes should be shown, dont show if editing (rather than new or managing) diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb index 689af1141c..83fec75026 100644 --- a/test/unit/helpers/application_helper_test.rb +++ b/test/unit/helpers/application_helper_test.rb @@ -403,4 +403,12 @@ def test_join_with_and assert_equal "

&& "" < >\n&&

\n", text_or_not_specified("&& \"\" < >\n```&&```\n\n", markdown: true).to_s assert_equal "&& \"\" < >\n```&&```\n\n", text_or_not_specified("&& \"\" < >\n```&&```\n\n", markdown: false).to_s end + + test 'markdown generation allows tables without compromising HTML sanitization' do + assert_equal "
hey
\n", + text_or_not_specified("
hey
", markdown: true).to_s + assert_equal "
\nalert('hi');hey
\n", + text_or_not_specified("
hey
", markdown: true).to_s + end + end From ae8ee40586b2a838be4df7732315707313b85906 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Thu, 12 Dec 2024 10:53:41 +0000 Subject: [PATCH 12/14] Fix diagram exception breaking page layout. Fixes #2087 --- app/views/workflows/show.html.erb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/views/workflows/show.html.erb b/app/views/workflows/show.html.erb index a7cd771cfb..d414d34c44 100644 --- a/app/views/workflows/show.html.erb +++ b/app/views/workflows/show.html.erb @@ -29,11 +29,12 @@ <% begin %> <% if @display_workflow.diagram_exists? || @display_workflow.can_render_diagram? %> + <% diagram_path = diagram_workflow_path(@workflow, version: @display_workflow.version) %> + <% is_svg = @display_workflow&.diagram.extension == 'svg' %>

- <% diagram_path = diagram_workflow_path(@workflow, version: @display_workflow.version) %> - <% if @display_workflow&.diagram.extension == 'svg' %> + <% if is_svg %> <%= content_tag(:embed, '', type: 'image/svg+xml', src: diagram_path, class: 'svg-pan-zoom', width: 1000, height: 500) %>

Click and drag the diagram to pan, double click or use the controls to zoom.

<% else %> @@ -44,7 +45,7 @@
<% end %> <% rescue StandardError => e %> - <% raise e if Rails.env.development? %> + <% raise e unless Rails.env.production? %> <% Rails.logger.error(e.inspect) %> <% Rails.logger.error(e.backtrace.join("\n")) %>
Could not render the workflow diagram.
From 6ea5057e75c001d8a5f19fe7585c5a32da9c9bc1 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Fri, 13 Dec 2024 14:26:37 +0000 Subject: [PATCH 13/14] Fix nil slipping through --- app/views/workflows/show.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/workflows/show.html.erb b/app/views/workflows/show.html.erb index d414d34c44..6bd3d6d2cc 100644 --- a/app/views/workflows/show.html.erb +++ b/app/views/workflows/show.html.erb @@ -30,7 +30,7 @@ <% begin %> <% if @display_workflow.diagram_exists? || @display_workflow.can_render_diagram? %> <% diagram_path = diagram_workflow_path(@workflow, version: @display_workflow.version) %> - <% is_svg = @display_workflow&.diagram.extension == 'svg' %> + <% is_svg = @display_workflow&.diagram&.extension == 'svg' %>
From 3c9033171edf27083f1bc007b0b57c4fbb5ed393 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Mon, 16 Dec 2024 14:28:47 +0000 Subject: [PATCH 14/14] Upgrade pip to fix `pip install` timeout (#2097) Try upgrading pip to fix slow backtracking --- .github/workflows/tests.yml | 1 + Dockerfile | 1 + script/ansible/Deploy-SEEK.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 89749953e6..41d2979228 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -86,6 +86,7 @@ jobs: ${{ runner.os }}- - name: Install Python dependencies run: | + python3.9 -m pip install --upgrade pip python3.9 -m pip install setuptools==58 python3.9 -m pip install -r requirements.txt - name: Create test database diff --git a/Dockerfile b/Dockerfile index 66c608fa3c..dbf5dbdf1c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,6 +46,7 @@ RUN touch config/using-docker #allows us to see within SEEK we are running in a # Python dependencies from requirements.txt ENV PATH="/var/www/.local/bin:$PATH" +RUN python3.9 -m pip install --upgrade pip RUN python3.9 -m pip install setuptools==58 RUN python3.9 -m pip install -r requirements.txt diff --git a/script/ansible/Deploy-SEEK.yml b/script/ansible/Deploy-SEEK.yml index 3473c74f4c..0679fca450 100644 --- a/script/ansible/Deploy-SEEK.yml +++ b/script/ansible/Deploy-SEEK.yml @@ -192,6 +192,7 @@ - name: Install SEEK's python requirements shell: bash -lc "{{ item }}" with_items: + - python3.9 -m pip install --upgrade pip - python3.9 -m pip install setuptools==58 - python3.9 -m pip install -r requirements.txt args: