Rails 4 diff with all compatible changes in develop

Gemfile

@@ -4,31 +4,34 @@ require File.expand_path('../lib/regexp_extensions', FOREMAN_GEMFILE)
 
 source 'https://rubygems.org'
 
-gem 'rails', '3.2.21'
+gem 'rails', '4.1.5'
 gem 'rack-cache', '< 1.3.0'
 gem 'json', '~> 1.5'
 gem 'rest-client', '~> 1.6.0', :require => 'rest_client'
-gem 'audited-activerecord', '3.0.0'
+gem 'audited-activerecord', '~> 4.0'
 gem 'will_paginate', '~> 3.0'
 gem 'ancestry', '~> 2.0'
-gem 'scoped_search', '~> 3.0'
+gem 'scoped_search', '>= 3.2.2'
 gem 'ldap_fluff', '>= 0.3.5', '< 1.0'
 gem 'net-ldap', '>= 0.8.0'
-gem 'apipie-rails', '~> 0.2.5'
+gem 'apipie-rails', '~> 0.3.4'
 gem 'rabl', '~> 0.11'
 gem 'oauth', '~> 0.4'
 gem 'deep_cloneable', '~> 2.0'
 gem 'foreigner', '~> 1.4'
 gem 'validates_lengths_from_database',  '~> 0.2'
-gem 'friendly_id', '~> 4.0'
+gem 'friendly_id', '~> 5.0'
 gem 'secure_headers', '~> 1.3'
 gem 'safemode', '~> 1.2'
 gem 'fast_gettext', '~> 0.8'
 gem 'gettext_i18n_rails', '~> 1.0'
 gem 'i18n', '~> 0.6.4'
-gem 'rails-i18n', '~> 3.0.0'
+gem 'rails-i18n', '~> 4.0.0'
 gem 'turbolinks', '~> 2.5'
 gem 'logging', '>= 1.8.0', '< 3.0.0'
+gem 'activerecord-session_store'
+gem 'rails-observers'
+gem 'protected_attributes'
 
 Dir["#{File.dirname(FOREMAN_GEMFILE)}/bundler.d/*.rb"].each do |bundle|
   self.instance_eval(Bundler.read_file(bundle))

app/controllers/api/v1/reports_controller.rb

@@ -35,7 +35,7 @@ def destroy
       param :id, :identifier, :required => true
 
       def last
-        conditions = { :host_id => Host.authorized(:view_hosts).find(params[:host_id]).try(:id) } if params[:host_id].present?
+        conditions = { :host_id => Host.authorized(:view_hosts).friendly.find(params[:host_id]).try(:id) } if params[:host_id].present?
         max_id = resource_scope.where(conditions).maximum(:id)
         @report = resource_scope.includes(:logs => [:message, :source]).find(max_id)
         render :show

app/controllers/api/v2/host_classes_controller.rb

@@ -35,7 +35,7 @@ def destroy
       # overwrite resource_name so it's host and and not host_class, since we want to return @host
       def find_host
         not_found and return false if params[:host_id].blank?
-        @host = Host.find(params[:host_id]) if Host::Managed.respond_to?(:authorized) &&
+        @host = Host.friendly.find(params[:host_id]) if Host::Managed.respond_to?(:authorized) &&
                                                Host::Managed.authorized("view_host", Host::Managed)
       end
     end

app/controllers/api/v2/models_controller.rb

@@ -47,6 +47,12 @@ def update
       def destroy
         process_response @model.destroy
       end
+
+      private
+
+      def find_resource
+        @model = Model.friendly.find(params[:id]) || super
+      end
     end
   end
 end

app/controllers/api/v2/parameters_controller.rb

@@ -165,8 +165,10 @@ def allowed_nested_id
       def find_parameter
         # nested_obj is required, so no need to check here
         @parameters  = nested_obj.send(parameters_method)
-        @parameter   = @parameters.find(params[:id])
-        return @parameter if @parameter
+        @parameter   = @parameters.from_param(params[:id])
+      rescue
+        @parameter = @parameters.friendly.find(params[:id])
+        return @parameter if @parameter.present?
         not_found
       end
     end

app/controllers/api/v2/reports_controller.rb

@@ -54,7 +54,7 @@ def destroy
       param :id, :identifier, :required => true
 
       def last
-        conditions = { :host_id => Host.authorized(:view_hosts).find(params[:host_id]).try(:id) } if params[:host_id].present?
+        conditions = { :host_id => Host.authorized(:view_hosts).friendly.find(params[:host_id]).try(:id) } if params[:host_id].present?
         max_id = resource_scope.where(conditions).maximum(:id)
         @report = resource_scope.includes(:logs => [:message, :source]).find(max_id)
         render :show

app/controllers/api/v2/smart_variables_controller.rb

@@ -43,7 +43,7 @@ def show
       param_group :smart_variable, :as => :create
 
       def create
-        @smart_variable   = LookupKey.new(params[:smart_variable]) unless @puppetclass
+        @smart_variable   = VariableLookupKey.new(params[:smart_variable]) unless @puppetclass
         @smart_variable ||= @puppetclass.lookup_keys.build(params[:smart_variable])
         process_response @smart_variable.save
       end

app/controllers/concerns/find_common.rb

@@ -5,8 +5,25 @@
 module FindCommon
   # example: @host = Host.find(params[:id])
   def find_resource
-    not_found and return if params[:id].blank?
-    instance_variable_set("@#{resource_name}", resource_scope.find(params[:id]))
+    not_found and return if params[:id].blank? || finder.nil?
+    instance_variable_set("@#{resource_name}", finder)
+  end
+
+  def finder
+    return nil if resource_scope.empty?
+    if resource_scope.respond_to? :from_param
+      resource_scope.from_param(params[:id])
+    elsif resource_scope.respond_to? :friendly
+      resource_scope.friendly.find(params[:id])
+    else
+      resource_scope.find(params[:id])
+    end
+  rescue
+    if resource_scope.respond_to? :friendly
+      resource_scope.friendly.find(params[:id]) || raise(ActiveRecord::RecordNotFound)
+    else
+      resource_scope.find(params[:id]) || raise(ActiveRecord::RecordNotFound)
+    end
   end
 
   def resource_name(resource = controller_name)

app/controllers/hosts_controller.rb

@@ -169,7 +169,7 @@ def puppetclass_parameters
   def externalNodes
     certname = params[:name]
     @host ||= resource_base.find_by_certname certname
-    @host ||= resource_base.find certname
+    @host ||= resource_base.friendly.find certname
     not_found and return unless @host
 
     begin
@@ -352,7 +352,7 @@ def update_multiple_parameters
       skipped = []
       params[:name].each do |name, value|
         next if value.empty?
-        if (host_param = host.host_parameters.find(name))
+        if (host_param = host.host_parameters.friendly.find(name))
           counter += 1 if host_param.update_attribute(:value, value)
         else
           skipped << name
@@ -676,7 +676,7 @@ def taxonomy_scope
   # overwrite application_controller
   def find_resource
     not_found and return false if (id = params[:id]).blank?
-    @host   = resource_base.find(id)
+    @host   = resource_base.friendly.find(id)
     @host ||= resource_base.find_by_mac params[:host][:mac] if params[:host] && params[:host][:mac]
 
     not_found and return(false) unless @host

app/controllers/reports_controller.rb

@@ -10,7 +10,7 @@ def index
   def show
     # are we searching for the last report?
     if params[:id] == "last"
-      conditions = { :host_id => Host.authorized(:view_hosts).find(params[:host_id]).try(:id) } if params[:host_id].present?
+      conditions = { :host_id => Host.authorized(:view_hosts).friendly.find(params[:host_id]).try(:id) } if params[:host_id].present?
       params[:id] = resource_base.where(conditions).maximum(:id)
     end
     @report = resource_base.includes(:logs => [:message, :source]).find(params[:id])

app/controllers/settings_controller.rb

@@ -9,11 +9,11 @@ class SettingsController < ApplicationController
   end
 
   def index
-    @settings = Setting.live_descendants.search_for(params[:search])
+    @settings = Setting.live_descendants.search_for(params[:search]).where(nil)
   end
 
   def update
-    @setting = Setting.find(params[:id])
+    @setting = Setting.friendly.find(params[:id])
     if @setting.parse_string_value(params[:setting][:value]) && @setting.save
       render :json => @setting
     else

app/controllers/unattended_controller.rb

@@ -45,8 +45,8 @@ def built
   def template
     return head(:not_found) unless (params.has_key?("id") and params.has_key?(:hostgroup))
 
-    template = ProvisioningTemplate.find(params['id'])
-    @host = Hostgroup.find(params['hostgroup'])
+    template = ProvisioningTemplate.friendly.find(params['id'])
+    @host = Hostgroup.friendly.find(params['hostgroup'])
 
     return head(:not_found) unless template and @host
 
@@ -108,7 +108,7 @@ def get_host_details
 
   def find_host_by_spoof
     host = Nic::Base.primary.find_by_ip(params.delete('spoof')).try(:host) if params['spoof'].present?
-    host ||= Host.find(params.delete('hostname')) if params['hostname'].present?
+    host ||= Host.friendly.find(params.delete('hostname')) if params['hostname'].present?
     @spoof = host.present?
     host
   end

app/controllers/usergroups_controller.rb

@@ -51,7 +51,7 @@ def find_by_id(permission = :view_usergroups)
 
   def get_external_usergroups_to_refresh
     # we need to load current status, so we call all explicitly
-    @external_usergroups = @usergroup.external_usergroups.all
+    @external_usergroups = @usergroup.external_usergroups.to_a
   end
 
   def external_usergroups

app/helpers/application_helper.rb

@@ -32,6 +32,13 @@ def link_to(*args, &block)
     end
   end
 
+  def link_to_function(name, function, html_options = {})
+    onclick = "#{"#{html_options[:onclick]}; " if html_options[:onclick]}#{function}; return false;"
+    href = html_options[:href] || '#'
+
+    content_tag(:a, name, html_options.merge(:href => href, :onclick => onclick))
+  end
+
   protected
 
   def contract(model)

app/models/architecture.rb

@@ -11,6 +11,7 @@ class Architecture < ActiveRecord::Base
   has_many :hostgroups
   has_many :images, :dependent => :destroy
   has_and_belongs_to_many :operatingsystems
+  include AccessibleAttributes
   validates :name, :presence => true, :uniqueness => true, :no_whitespace => true
   audited :allow_mass_assignment => true, :except => [:hosts_count, :hostgroups_count]
 

app/models/auth_source.rb

@@ -17,12 +17,15 @@
 
 class AuthSource < ActiveRecord::Base
   include Authorizable
+
   audited :allow_mass_assignment => true
 
   validates_lengths_from_database :except => [:name, :account_password, :host, :attr_login, :attr_firstname, :attr_lastname, :attr_mail]
   before_destroy EnsureNotUsedBy.new(:users)
   has_many :users
   has_many :external_usergroups, :dependent => :destroy
+  attr_protected :type
+  include AccessibleAttributes
 
   validates :name, :presence => true, :uniqueness => true, :length => { :maximum => 60 }
 

app/models/bookmark.rb

@@ -7,7 +7,6 @@ class Bookmark < ActiveRecord::Base
   validates_lengths_from_database
 
   belongs_to :owner, :polymorphic => true
-  attr_accessible :name, :controller, :query, :public
   audited :allow_mass_assignment => true
 
   validates :name, :uniqueness => {:scope => :controller}, :unless => Proc.new{|b| Bookmark.my_bookmarks.where(:name => b.name).empty?}
@@ -16,6 +15,7 @@ class Bookmark < ActiveRecord::Base
                          :inclusion => {
                            :in => ["dashboard"] + ActiveRecord::Base.connection.tables.map(&:to_s),
                            :message => _("%{value} is not a valid controller") }
+  include AccessibleAttributes
   default_scope -> { order(:name) }
   before_validation :set_default_user
 

app/models/cached_user_role.rb

@@ -1,9 +1,8 @@
 class CachedUserRole < ActiveRecord::Base
-  attr_accessible :role_id, :user_id, :user_role_id, :role, :user, :user_role
-
   belongs_to :user
   belongs_to :role
 
   # this UserRole created this cache
   belongs_to :user_role
+  include AccessibleAttributes
 end

app/models/cached_usergroup_member.rb

@@ -1,6 +1,5 @@
 class CachedUsergroupMember < ActiveRecord::Base
-  attr_accessible :user_id, :usergroup_id, :user, :usergroup
-
   belongs_to :user
   belongs_to :usergroup
+  include AccessibleAttributes
 end

app/models/compute_attribute.rb

@@ -1,9 +1,9 @@
 class ComputeAttribute < ActiveRecord::Base
-  attr_accessible :compute_profile_id, :compute_resource_id, :vm_attrs
   audited :associated_with => :compute_profile
 
   belongs_to :compute_resource
   belongs_to :compute_profile
+  include AccessibleAttributes
 
   validates :compute_profile_id, :presence => true, :uniqueness => {:scope => :compute_resource_id}
   validates :compute_resource_id, :presence => true, :uniqueness => {:scope => :compute_profile_id}
@@ -12,6 +12,8 @@ class ComputeAttribute < ActiveRecord::Base
   before_save :update_name
 
   def method_missing(method, *args, &block)
+    return super if method.to_s[-1]=="="
+    return super unless respond_to?(:vm_attrs)
     return vm_attrs["#{method}"] if vm_attrs.keys.include?(method.to_s)
     raise Foreman::Exception.new(N_('%s is an unknown attribute'), method)
   end

app/models/compute_profile.rb

@@ -5,7 +5,6 @@ class ComputeProfile < ActiveRecord::Base
   include Parameterizable::ByIdName
 
   validates_lengths_from_database
-  attr_accessible :name
   audited
   has_associated_audits
 
@@ -14,6 +13,7 @@ class ComputeProfile < ActiveRecord::Base
   has_many :compute_resources, :through => :compute_attributes
   has_many_hosts :dependent => :nullify
   has_many :hostgroups
+  include AccessibleAttributes
 
   validates :name, :presence => true, :uniqueness => true
 

app/models/compute_resource.rb

@@ -37,6 +37,8 @@ class ComputeResource < ActiveRecord::Base
   before_validation :set_attributes_hash
   has_many :compute_attributes, :dependent => :destroy
   has_many :compute_profiles, :through => :compute_attributes
+  include AccessibleAttributes
+  attr_accessible :provider, :set_console_password, :display_type
 
   # The DB may contain compute resource from disabled plugins - filter them out here
   scope :live_descendants, -> { where(:type => self.descendants.map(&:to_s)) unless Rails.env.development? }

app/models/compute_resources/foreman/model/ec2.rb

@@ -11,6 +11,7 @@ class EC2 < ComputeResource
 
     alias_attribute :access_key, :user
     alias_attribute :region, :url
+    attr_accessible :access_key, :region
 
     def to_label
       "#{name} (#{region}-#{provider_friendly_name})"

app/models/compute_resources/foreman/model/gce.rb

@@ -4,6 +4,7 @@ class GCE < ComputeResource
     before_create :setup_key_pair
     validate :check_google_key_path
     validates :key_path, :project, :email, :presence => true
+    attr_accessible :key_pair, :key_path
 
     delegate :flavors, :to => :client
 

app/models/compute_resources/foreman/model/openstack.rb

@@ -7,6 +7,7 @@ class Openstack < ComputeResource
     delegate :flavors, :to => :client
     delegate :tenants, :to => :client
     delegate :security_groups, :to => :client
+    attr_accessible :key_pair, :tenant
 
     validates :user, :password, :presence => true
 

app/models/compute_resources/foreman/model/ovirt.rb

@@ -8,6 +8,7 @@ class Ovirt < ComputeResource
     before_create :update_public_key
 
     alias_attribute :datacenter, :uuid
+    attr_accessible :datacenter, :ovirt_quota, :public_key
 
     delegate :clusters, :quotas, :templates, :to => :client
 

app/models/compute_resources/foreman/model/vmware.rb

@@ -7,6 +7,7 @@ class Vmware < ComputeResource
 
     validates :user, :password, :server, :datacenter, :presence => true
     before_create :update_public_key
+    attr_accessible :pubkey_hash
 
     def self.model_name
       ComputeResource.model_name

app/models/concerns/accessible_attributes.rb

@@ -0,0 +1,11 @@
+module AccessibleAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    attr_accessible *((self.attribute_names + ['audit_comment'] +
+                      self.reflect_on_all_associations.map { |a| [a.name.to_s, "#{a.name.to_s.singularize}_ids"] }.flatten -
+                      ['id', 'created_at', 'updated_at'] -
+                      self.protected_attributes.to_a).map(&:to_sym))
+  end
+end
+

app/models/concerns/has_many_common.rb

@@ -41,8 +41,9 @@ class << self; self end
     end
 
     #### has_many ####
-    def has_many(association, options = {})
-      has_many_names_for(association, options)
+    def has_many(*args)
+      options = args.last.is_a?(Hash) ? args.last : {}
+      has_many_names_for(args.first, options)
       super
     end
 

app/models/concerns/nested_ancestry_common.rb

@@ -17,6 +17,7 @@ module NestedAncestryCommon
 
     # attribute used by *_names and *_name methods.  default is :name
     attr_name :title
+    attr_accessible :parent, :parent_id
   end
 
   # override title getter