All Files (73.64% covered at 0.78 hits/line)
39 files in total.
330 relevant lines.
243 lines covered and
87 lines missed
- 1
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
- 1
protect_from_forgery with: :exception
- 1
ensure_security_headers # See more: https://github.com/twitter/secureheaders
end
- 1
class CategoriesController < ApplicationController
- 1
before_action :set_category, only: [:show, :edit, :update, :destroy]
# GET /categories
- 1
def index
@categories = Category.all
end
# GET /categories/1
- 1
def show
end
# GET /categories/new
- 1
def new
@category = Category.new
end
# GET /categories/1/edit
- 1
def edit
end
# POST /categories
- 1
def create
@category = Category.new(category_params)
if @category.save
redirect_to @category, notice: 'Category was successfully created.'
else
render :new
end
end
# PATCH/PUT /categories/1
- 1
def update
if @category.update(category_params)
redirect_to @category, notice: 'Category was successfully updated.'
else
render :edit
end
end
# DELETE /categories/1
- 1
def destroy
@category.destroy
redirect_to categories_url, notice: 'Category was successfully destroyed.'
end
- 1
private
# Use callbacks to share common setup or constraints between actions.
- 1
def set_category
@category = Category.find(params[:id])
end
# Only allow a trusted parameter "white list" through.
- 1
def category_params
params.require(:category).permit(:name)
end
end
- 1
class CommentsController < ApplicationController
- 1
before_action :set_post
- 1
before_action :set_comment, only: [:show, :edit, :update, :destroy]
# GET /comments
- 1
def index
@comments = @post.comments.all
end
# GET /comments/1
- 1
def show
end
# GET /comments/new
- 1
def new
@comment = @post.comments.new
end
# GET /comments/1/edit
- 1
def edit
end
# POST /comments
- 2
def create
- 1
@comment = Comment.new(comment_params.merge(post: @post))
- 1
if @comment.save
- 1
redirect_to @post, notice: 'Comment was successfully created.'
else
- 1
render 'site/show'
end
- 1
end
# PATCH/PUT /comments/1
- 1
def update
if @comment.update(comment_params)
redirect_to @comment, notice: 'Comment was successfully updated.'
else
render :edit
end
end
# DELETE /comments/1
- 1
def destroy
@comment.destroy
redirect_to comments_url, notice: 'Comment was successfully destroyed.'
end
- 1
private
# Use callbacks to share common setup or constraints between actions.
- 1
def set_comment
@comment = @post.comments.find(params[:id])
end
- 2
def set_post
- 1
@post = Post.find(params[:post_id])
- 1
end
# Only allow a trusted parameter "white list" through.
- 2
def comment_params
- 1
params.require(:comment).permit(:author, :body)
- 1
end
end
- 1
class PostsController < ApplicationController
- 1
before_action :set_post, only: [:show, :edit, :update, :destroy]
# GET /posts
- 2
def index
- 1
@posts = Post.all
- 1
end
# GET /posts/1
- 2
def show
- 1
end
# GET /posts/new
- 2
def new
- 1
@post = Post.new
- 1
end
# GET /posts/1/edit
- 2
def edit
- 1
end
# POST /posts
- 2
def create
- 1
@post = Post.new(post_params)
- 1
if @post.save
- 1
redirect_to [:admin, @post], notice: 'Post was successfully created.'
else
- 1
render :new
end
- 1
end
# PATCH/PUT /posts/1
- 2
def update
- 1
if @post.update(post_params)
- 1
redirect_to [:admin, @post], notice: 'Post was successfully updated.'
else
- 1
render :edit
end
- 1
end
# DELETE /posts/1
- 2
def destroy
- 1
@post.destroy
- 1
redirect_to admin_posts_url, notice: 'Post was successfully destroyed.'
- 1
end
- 1
private
# Use callbacks to share common setup or constraints between actions.
- 2
def set_post
- 1
@post = Post.find(params[:id])
- 1
end
# Only allow a trusted parameter "white list" through.
- 2
def post_params
- 1
params.require(:post).permit(:title, :body, :category_id, :highlight)
- 1
end
end
- 1
class SiteController < ApplicationController
- 2
def index
- 1
@posts = Post.all
- 1
end
- 2
def show
- 1
@post = Post.find(params[:id])
- 1
@comment = Comment.new(post: @post)
- 1
end
end
- 1
module ApplicationHelper
- 1
def post_excerpt(post)
post.body[0..100]
end
end
- 1
class Category < ActiveRecord::Base
- 1
validates :name, presence: true
# Crazy stuff, just to bring coverage down
- 1
before_save do
self.name = self.name.mb_chars.upcase
end
end
- 1
class Comment < ActiveRecord::Base
- 1
belongs_to :post
- 1
validates :author, :body, presence: true
end
- 1
class Post < ActiveRecord::Base
- 1
belongs_to :category
- 1
has_many :comments, dependent: :destroy
- 1
validates :title, :body, presence: true
# This will look like it has been used
- 1
scope :not_highlighted, -> { where(highlighted: false) }
# But this won't because there is a line break
- 1
scope :highlighted, -> {
where(highlighted: true)
}
- 1
def excerpt
body[0..100]
end
end
- 1
- flash.each do |key, value|
- 1
div id="flash_#{key}"
- 1
= value
- 1
doctype 5
html lang="pt"
head
meta charset="utf-8"
meta name="keywords" content=""
meta name="description" content=""
title
- 1
= page_title(app_name: 'example')
- 1
link href="/favicon.ico" rel=("shortcut icon")
link rel="author" href="/humans.txt"
- 1
= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true
- 1
= javascript_include_tag 'application', 'data-turbolinks-track' => true
- 1
= csrf_meta_tags
- 1
/![if lt IE 9]
script src="http://html5shim.googlecode.com/svn/trunk/html5.js"
- 1
body class=body_class
- 1
= render 'flash_messages'
- 1
h1 My awesome blog!
hr
- 1
= yield
- 1
= simple_form_for([:admin, @post]) do |f|
- 1
= f.error_notification
- 1
.form-inputs
- 1
= f.input :title
- 1
= f.input :body
- 1
.form-actions
- 1
= f.button :submit
- 1
h1 Editing post
- 1
== render 'form'
- 1
= link_to 'Show', [:admin, @post]
- 1
'|
- 1
= link_to 'Back', admin_posts_path
- 1
h1 Listing posts
table
thead
tr
th Title
th Body
th
th
th
tbody
- 1
- @posts.each do |post|
- 1
tr
- 1
td = post.title
- 1
td = post.body
- 1
td = link_to 'Show', [:admin, post]
- 1
td = link_to 'Edit', edit_admin_post_path(post)
- 1
td = link_to 'Destroy', [:admin, post], data: {:confirm => 'Are you sure?'}, :method => :delete
- 1
br
- 1
= link_to 'New Post', new_admin_post_path
- 1
h1 New post
- 1
== render 'form'
- 1
= link_to 'Back', admin_posts_path
- 1
p
strong Title:
- 1
= @post.title
- 1
p
strong Body:
- 1
= @post.body
- 1
= link_to 'Edit', edit_admin_post_path(@post)
- 1
'|
- 1
= link_to 'Back', admin_posts_path
- 1
li
- 1
strong By #{comment.author}:
- 1
= simple_format(comment.body)
- 1
h5 Leave a comment!
- 1
= simple_form_for([post, comment]) do |f|
- 1
= f.error_notification
- 1
.form-inputs
- 1
= f.input :author, placeholder: 'Your name', label: false
- 1
= f.input :body, placeholder: 'Your comment', label: false
- 1
.form-actions
- 1
= f.button :submit
- 1
tr
- 1
td = post.title
- 1
td = l post.created_at
- 1
td = link_to 'View', post
- 1
table
thead
tr
th Title
th Date
th
tbody
- 1
- @posts.each do |post|
- 1
- if post.highlight?
= render 'highlighted_post', post: post
- else
- 1
= render 'regular_post', post: post
- 1
h2 Post: #{@post.title}
- 1
= simple_format(@post.body)
- 1
hr
h3 Comments
- 1
- if @post.comments.any?
- 1
ul
- 1
= render partial: 'site/comment', collection: @post.comments, as: :comment
- 1
- else
- 1
p No comments found!
- 1
hr
- 1
= render 'site/comment_form', post: @post, comment: @comment
- 1
hr
- 1
= link_to 'Back', posts_path
# Load the Rails application.
- 1
require File.expand_path('../application', __FILE__)
# Initialize the Rails application.
- 1
Rails.application.initialize!
- 1
Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# Code is not reloaded between requests.
- 1
config.cache_classes = true
# Eager load code on boot. This eager loads most of Rails and
# your application in memory, allowing both threaded web servers
# and those relying on copy on write to perform better.
# Rake tasks automatically ignore this option for performance.
- 1
config.eager_load = true
# Full error reports are disabled and caching is turned on.
- 1
config.consider_all_requests_local = false
- 1
config.action_controller.perform_caching = true
# Enable Rack::Cache to put a simple HTTP cache in front of your application
# Add `rack-cache` to your Gemfile before enabling this.
# For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
# config.action_dispatch.rack_cache = true
# Disable Rails's static asset server (Apache or nginx will already do this).
- 1
config.serve_static_assets = false
# Compress JavaScripts and CSS.
- 1
config.assets.js_compressor = :uglifier
# config.assets.css_compressor = :sass
# Do not fallback to assets pipeline if a precompiled asset is missed.
- 1
config.assets.compile = false
# Generate digests for assets URLs.
- 1
config.assets.digest = true
# `config.assets.precompile` has moved to config/initializers/assets.rb
# Specifies the header that your server uses for sending files.
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
# Set to :debug to see everything in the log.
- 1
config.log_level = :info
# Prepend all log lines with the following tags.
# config.log_tags = [ :subdomain, :uuid ]
# Use a different logger for distributed setups.
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
# Use a different cache store in production.
# config.cache_store = :mem_cache_store
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
# config.action_controller.asset_host = "http://assets.example.com"
# Precompile additional assets.
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
# config.assets.precompile += %w( search.js )
# Ignore bad email addresses and do not raise email delivery errors.
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
# config.action_mailer.raise_delivery_errors = false
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
# the I18n.default_locale when a translation cannot be found).
- 1
config.i18n.fallbacks = true
# Send deprecation notices to registered listeners.
- 1
config.active_support.deprecation = :notify
# Disable automatic flushing of the log to improve performance.
# config.autoflush_log = false
# Use default logging formatter so that PID and timestamp are not suppressed.
- 1
config.log_formatter = ::Logger::Formatter.new
# Do not dump schema after migrations.
- 1
config.active_record.dump_schema_after_migration = false
# SendGrid config
- 1
config.action_mailer.default_url_options = { host: ENV['CANONICAL_HOST'] }
- 1
config.action_mailer.smtp_settings = {
address: 'smtp.sendgrid.net',
port: '587',
authentication: :plain,
user_name: ENV['SENDGRID_USERNAME'],
password: ENV['SENDGRID_PASSWORD'],
domain: 'heroku.com',
enable_starttls_auto: true
}
end
# Be sure to restart your server when you modify this file.
# Version of your assets, change this if you want to expire all your assets.
- 1
Rails.application.config.assets.version = '1.0'
# Precompile additional assets.
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
# Rails.application.config.assets.precompile += %w( search.js )
# Be sure to restart your server when you modify this file.
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
# Rails.backtrace_cleaner.remove_silencers!
- 1
if defined? Bullet
Bullet.enable = true
Bullet.rails_logger = true
Bullet.console = true
Bullet.add_footer = true
# Bullet.alert = true
# Bullet.bullet_logger = true
# Bullet.growl = true
# Bullet.xmpp = { :account => 'bullets_account@jabber.org',
# :password => 'bullets_password_for_jabber',
# :receiver => 'your_account@jabber.org',
# :show_online_status => true }
# Bullet.airbrake = true
end
# Be sure to restart your server when you modify this file.
- 1
Rails.application.config.action_dispatch.cookies_serializer = :json
# https://devcenter.heroku.com/articles/concurrency-and-database-connections
- 1
Rails.application.config.after_initialize do
- 1
ActiveRecord::Base.connection_pool.disconnect!
- 1
ActiveSupport.on_load(:active_record) do
- 1
config = ActiveRecord::Base.configurations[Rails.env] ||
Rails.application.config.database_configuration[Rails.env]
- 1
config['reaping_frequency'] = ENV['DB_REAP_FREQ'] || 10 # seconds
- 1
config['pool'] = ENV['DB_POOL'] || ENV['MAX_THREADS'] || 5
- 1
ActiveRecord::Base.establish_connection(config)
end
end
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
- 1
Rails.application.config.filter_parameters += [:password]
# Be sure to restart your server when you modify this file.
# Add new inflection rules using the following format. Inflections
# are locale specific, and you may define rules for as many different
# locales as you wish. All of these examples are active by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.plural /^(ox)$/i, '\1en'
# inflect.singular /^(ox)en/i, '\1'
# inflect.irregular 'person', 'people'
# inflect.uncountable %w( fish sheep )
# end
# These inflection rules are supported but not enabled by default:
# ActiveSupport::Inflector.inflections(:en) do |inflect|
# inflect.acronym 'RESTful'
# end
Jumpup::Heroku.configure do |config|
config.app = 'legacy-blog-app'
- 1
end if Rails.env.development?
# Be sure to restart your server when you modify this file.
# Add new mime types for use in respond_to blocks:
# Mime::Type.register "text/richtext", :rtf
- 1
if defined? Rack::Timeout
- 1
Rack::Timeout.timeout = Integer(ENV['RACK_TIMEOUT'] || 10) # seconds
end
- 1
require 'rollbar/rails'
- 1
Rollbar.configure do |config|
# Without configuration, Rollbar is enabled in all environments.
# To disable in specific environments, set config.enabled=false.
- 1
config.access_token = ENV['ROLLBAR_ACCESS_TOKEN']
- 1
config.enabled = Rails.env.production? || Rails.env.staging?
# By default, Rollbar will try to call the `current_user` controller method
# to fetch the logged-in user object, and then call that object's `id`,
# `username`, and `email` methods to fetch those properties. To customize:
# config.person_method = "my_current_user"
# config.person_id_method = "my_id"
# config.person_username_method = "my_username"
# config.person_email_method = "my_email"
# If you want to attach custom data to all exception and message reports,
# provide a lambda like the following. It should return a hash.
# config.custom_data_method = lambda { {:some_key => "some_value" } }
# Add exception class names to the exception_level_filters hash to
# change the level that exception is reported at. Note that if an exception
# has already been reported and logged the level will need to be changed
# via the rollbar interface.
# Valid levels: 'critical', 'error', 'warning', 'info', 'debug', 'ignore'
# 'ignore' will cause the exception to not be reported at all.
# config.exception_level_filters.merge!('MyCriticalException' => 'critical')
#
# You can also specify a callable, which will be called with the exception instance.
# config.exception_level_filters.merge!('MyCriticalException' => lambda { |e| 'critical' })
# Enable asynchronous reporting (uses girl_friday or Threading if girl_friday
# is not installed)
# config.use_async = true
# Supply your own async handler:
# config.async_handler = Proc.new { |payload|
# Thread.new { Rollbar.process_payload(payload) }
# }
# Enable asynchronous reporting (using sucker_punch)
# config.use_sucker_punch
# Enable delayed reporting (using Sidekiq)
# config.use_sidekiq
# You can supply custom Sidekiq options:
# config.use_sidekiq 'queue' => 'my_queue'
end
- 1
::SecureHeaders::Configuration.configure do |config|
- 1
config.hsts = {:max_age => 20.years.to_i, :include_subdomains => true}
- 1
config.x_frame_options = 'DENY'
- 1
config.x_content_type_options = "nosniff"
- 1
config.x_xss_protection = {:value => 1, :mode => 'block'}
- 1
config.csp = false
end
# Be sure to restart your server when you modify this file.
- 1
Rails.application.config.session_store :cookie_store, key: '_legacy-blog-app_session'
# Use this setup block to configure all options available in SimpleForm.
- 1
SimpleForm.setup do |config|
# Wrappers are used by the form builder to generate a
# complete input. You can remove any component from the
# wrapper, change the order or even add your own to the
# stack. The options given below are used to wrap the
# whole input.
- 1
config.wrappers :default, class: :input,
hint_class: :field_with_hint, error_class: :field_with_errors do |b|
## Extensions enabled by default
# Any of these extensions can be disabled for a
# given input by passing: `f.input EXTENSION_NAME => false`.
# You can make any of these extensions optional by
# renaming `b.use` to `b.optional`.
# Determines whether to use HTML5 (:email, :url, ...)
# and required attributes
- 1
b.use :html5
# Calculates placeholders automatically from I18n
# You can also pass a string as f.input placeholder: "Placeholder"
- 1
b.use :placeholder
## Optional extensions
# They are disabled unless you pass `f.input EXTENSION_NAME => :lookup`
# to the input. If so, they will retrieve the values from the model
# if any exists. If you want to enable the lookup for any of those
# extensions by default, you can change `b.optional` to `b.use`.
# Calculates maxlength from length validations for string inputs
- 1
b.optional :maxlength
# Calculates pattern from format validations for string inputs
- 1
b.optional :pattern
# Calculates min and max from length validations for numeric inputs
- 1
b.optional :min_max
# Calculates readonly automatically from readonly attributes
- 1
b.optional :readonly
## Inputs
- 1
b.use :label_input
- 1
b.use :hint, wrap_with: { tag: :span, class: :hint }
- 1
b.use :error, wrap_with: { tag: :span, class: :error }
## full_messages_for
# If you want to display the full error message for the attribute, you can
# use the component :full_error, like:
#
# b.use :full_error, wrap_with: { tag: :span, class: :error }
end
# The default wrapper to be used by the FormBuilder.
- 1
config.default_wrapper = :default
# Define the way to render check boxes / radio buttons with labels.
# Defaults to :nested for bootstrap config.
# inline: input + label
# nested: label > input
- 1
config.boolean_style = :nested
# Default class for buttons
- 1
config.button_class = 'btn'
# Method used to tidy up errors. Specify any Rails Array method.
# :first lists the first message for each field.
# Use :to_sentence to list all errors for each field.
# config.error_method = :first
# Default tag used for error notification helper.
- 1
config.error_notification_tag = :div
# CSS class to add for error notification helper.
- 1
config.error_notification_class = 'error_notification'
# ID to add for error notification helper.
# config.error_notification_id = nil
# Series of attempts to detect a default label method for collection.
# config.collection_label_methods = [ :to_label, :name, :title, :to_s ]
# Series of attempts to detect a default value method for collection.
# config.collection_value_methods = [ :id, :to_s ]
# You can wrap a collection of radio/check boxes in a pre-defined tag, defaulting to none.
# config.collection_wrapper_tag = nil
# You can define the class to use on all collection wrappers. Defaulting to none.
# config.collection_wrapper_class = nil
# You can wrap each item in a collection of radio/check boxes with a tag,
# defaulting to :span. Please note that when using :boolean_style = :nested,
# SimpleForm will force this option to be a label.
# config.item_wrapper_tag = :span
# You can define a class to use in all item wrappers. Defaulting to none.
# config.item_wrapper_class = nil
# How the label text should be generated altogether with the required text.
# config.label_text = lambda { |label, required, explicit_label| "#{required} #{label}" }
# You can define the class to use on all labels. Default is nil.
# config.label_class = nil
# You can define the class to use on all forms. Default is simple_form.
# config.form_class = :simple_form
# You can define which elements should obtain additional classes
# config.generate_additional_classes_for = [:wrapper, :label, :input]
# Whether attributes are required by default (or not). Default is true.
# config.required_by_default = true
# Tell browsers whether to use the native HTML5 validations (novalidate form option).
# These validations are enabled in SimpleForm's internal config but disabled by default
# in this configuration, which is recommended due to some quirks from different browsers.
# To stop SimpleForm from generating the novalidate option, enabling the HTML5 validations,
# change this configuration to true.
- 1
config.browser_validations = false
# Collection of methods to detect if a file type was given.
# config.file_methods = [ :mounted_as, :file?, :public_filename ]
# Custom mappings for input types. This should be a hash containing a regexp
# to match as key, and the input type that will be used when the field name
# matches the regexp as value.
# config.input_mappings = { /count/ => :integer }
# Custom wrappers for input types. This should be a hash containing an input
# type as key and the wrapper that will be used for all inputs with specified type.
# config.wrapper_mappings = { string: :prepend }
# Default priority for time_zone inputs.
# config.time_zone_priority = nil
# Default priority for country inputs.
# config.country_priority = nil
# When false, do not use translations for labels.
# config.translate_labels = true
# Automatically discover new inputs in Rails' autoload path.
# config.inputs_discovery = true
# Cache SimpleForm inputs discovery
# config.cache_discovery = !Rails.env.development?
# Default class for inputs
# config.input_class = nil
# Define the default class of the input wrapper of the boolean input.
- 1
config.boolean_label_class = 'checkbox'
# Defines if the default input wrapper class should be included in radio
# collection wrappers.
# config.include_default_input_wrapper_class = true
# Defines which i18n scope will be used in Simple Form.
# config.i18n_scope = 'simple_form'
end
# Be sure to restart your server when you modify this file.
# This file contains settings for ActionController::ParamsWrapper which
# is enabled by default.
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
- 1
ActiveSupport.on_load(:action_controller) do
- 1
wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
end
# To enable root element in JSON for ActiveRecord objects.
# ActiveSupport.on_load(:active_record) do
# self.include_root_in_json = true
# end
- 1
Rails.application.routes.draw do
- 1
scope '/admin', as: :admin do
- 1
resources :posts
# This is intentionally not being used
- 1
resources :categories
end
- 1
resources :posts, only: [:index, :show], controller: 'site' do
- 1
resources :comments
end
# This is the only route that will be marked as not used
- 1
get '/legacy-route', to: redirect { |path_params, req|
"/"
}
- 1
root 'site#index'
end