Skip to content

bring in changes from master into nz-justice-development #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tmfrnz merged 14 commits into from
Aug 14, 2025
Merged

bring in changes from master into nz-justice-development #454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
f590583
update/cleanup seeds
tmfrnz Jun 2, 2025
81ea603
Bump rack from 3.1.14 to 3.1.16 (#446)
dependabot[bot] Jun 23, 2025
0d64c0d
change hr fw title
tmfrnz Jul 2, 2025
14c01b7
add custom validation
tmfrnz Jul 3, 2025
1ea659d
Merge remote-tracking branch 'origin/master'
tmfrnz Jul 3, 2025
c3902f0
check for CLIENT_URL in s3controller
tmfrnz Jul 4, 2025
74a6d88
create validations to allow import with relationships, cleanup routes…
tmfrnz Jul 28, 2025
32055d1
Bump nokogiri from 1.18.8 to 1.18.9 (#448)
dependabot[bot] Jul 28, 2025
2fac61c
Merge branch 'nz-justice-development' into master
tmfrnz Jul 28, 2025
7bede96
fixup! Merge branch 'nz-justice-development' into master
tmfrnz Jul 28, 2025
1cd95fc
update bundler-audit to update thor (1.4.0) to address https://github…
tmfrnz Jul 28, 2025
8b6699c
merge origin master
tmfrnz Jul 28, 2025
106bf3a
Potential fix for code scanning alert no. 2: Workflow does not contai…
tmfrnz Jul 28, 2025
4375f7e
Bump activerecord from 8.0.2 to 8.0.2.1 (#452)
dependabot[bot] Aug 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
- master
pull_request:

permissions:
contents: read

jobs:
test:
strategy:
Expand Down
126 changes: 63 additions & 63 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,65 +1,65 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (8.0.2)
actionpack (= 8.0.2)
activesupport (= 8.0.2)
actioncable (8.0.2.1)
actionpack (= 8.0.2.1)
activesupport (= 8.0.2.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
zeitwerk (~> 2.6)
actionmailbox (8.0.2)
actionpack (= 8.0.2)
activejob (= 8.0.2)
activerecord (= 8.0.2)
activestorage (= 8.0.2)
activesupport (= 8.0.2)
actionmailbox (8.0.2.1)
actionpack (= 8.0.2.1)
activejob (= 8.0.2.1)
activerecord (= 8.0.2.1)
activestorage (= 8.0.2.1)
activesupport (= 8.0.2.1)
mail (>= 2.8.0)
actionmailer (8.0.2)
actionpack (= 8.0.2)
actionview (= 8.0.2)
activejob (= 8.0.2)
activesupport (= 8.0.2)
actionmailer (8.0.2.1)
actionpack (= 8.0.2.1)
actionview (= 8.0.2.1)
activejob (= 8.0.2.1)
activesupport (= 8.0.2.1)
mail (>= 2.8.0)
rails-dom-testing (~> 2.2)
actionpack (8.0.2)
actionview (= 8.0.2)
activesupport (= 8.0.2)
actionpack (8.0.2.1)
actionview (= 8.0.2.1)
activesupport (= 8.0.2.1)
nokogiri (>= 1.8.5)
rack (>= 2.2.4)
rack-session (>= 1.0.1)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
useragent (~> 0.16)
actiontext (8.0.2)
actionpack (= 8.0.2)
activerecord (= 8.0.2)
activestorage (= 8.0.2)
activesupport (= 8.0.2)
actiontext (8.0.2.1)
actionpack (= 8.0.2.1)
activerecord (= 8.0.2.1)
activestorage (= 8.0.2.1)
activesupport (= 8.0.2.1)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
actionview (8.0.2)
activesupport (= 8.0.2)
actionview (8.0.2.1)
activesupport (= 8.0.2.1)
builder (~> 3.1)
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
activejob (8.0.2)
activesupport (= 8.0.2)
activejob (8.0.2.1)
activesupport (= 8.0.2.1)
globalid (>= 0.3.6)
activemodel (8.0.2)
activesupport (= 8.0.2)
activerecord (8.0.2)
activemodel (= 8.0.2)
activesupport (= 8.0.2)
activemodel (8.0.2.1)
activesupport (= 8.0.2.1)
activerecord (8.0.2.1)
activemodel (= 8.0.2.1)
activesupport (= 8.0.2.1)
timeout (>= 0.4.0)
activestorage (8.0.2)
actionpack (= 8.0.2)
activejob (= 8.0.2)
activerecord (= 8.0.2)
activesupport (= 8.0.2)
activestorage (8.0.2.1)
actionpack (= 8.0.2.1)
activejob (= 8.0.2.1)
activerecord (= 8.0.2.1)
activesupport (= 8.0.2.1)
marcel (~> 1.0)
activesupport (8.0.2)
activesupport (8.0.2.1)
base64
benchmark (>= 0.3)
bigdecimal
Expand All @@ -76,23 +76,23 @@ GEM
public_suffix (>= 2.0.2, < 6.0)
ast (2.4.3)
awesome_print (1.9.2)
base64 (0.2.0)
base64 (0.3.0)
batch_api (0.3.0)
middleware
bcrypt (3.1.20)
benchmark (0.4.0)
benchmark (0.4.1)
better_errors (2.10.1)
erubi (>= 1.0.0)
rack (>= 0.9.0)
rouge (>= 1.0.0)
bigdecimal (3.1.9)
bigdecimal (3.2.2)
bindex (0.8.1)
binding_of_caller (1.0.0)
debug_inspector (>= 0.0.1)
brakeman (6.1.1)
racc
builder (3.3.0)
bundler-audit (0.9.1)
bundler-audit (0.9.2)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
byebug (11.1.3)
Expand Down Expand Up @@ -135,7 +135,7 @@ GEM
dotenv-rails (2.8.1)
dotenv (= 2.8.1)
railties (>= 3.2)
drb (2.2.1)
drb (2.2.3)
erubi (1.13.1)
excon (0.109.0)
factory_bot (6.4.5)
Expand Down Expand Up @@ -250,9 +250,9 @@ GEM
net-smtp (0.5.1)
net-protocol
nio4r (2.7.4)
nokogiri (1.18.8-arm64-darwin)
nokogiri (1.18.9-arm64-darwin)
racc (~> 1.4)
nokogiri (1.18.8-x86_64-linux-gnu)
nokogiri (1.18.9-x86_64-linux-gnu)
racc (~> 1.4)
oauth2 (2.0.9)
faraday (>= 0.17.3, < 3.0)
Expand Down Expand Up @@ -301,7 +301,7 @@ GEM
pundit (2.3.1)
activesupport (>= 3.0.0)
racc (1.8.1)
rack (3.1.14)
rack (3.1.16)
rack-cors (2.0.2)
rack (>= 2.0.0)
rack-protection (4.1.1)
Expand All @@ -315,20 +315,20 @@ GEM
rack (>= 1.3)
rackup (2.2.1)
rack (>= 3)
rails (8.0.2)
actioncable (= 8.0.2)
actionmailbox (= 8.0.2)
actionmailer (= 8.0.2)
actionpack (= 8.0.2)
actiontext (= 8.0.2)
actionview (= 8.0.2)
activejob (= 8.0.2)
activemodel (= 8.0.2)
activerecord (= 8.0.2)
activestorage (= 8.0.2)
activesupport (= 8.0.2)
rails (8.0.2.1)
actioncable (= 8.0.2.1)
actionmailbox (= 8.0.2.1)
actionmailer (= 8.0.2.1)
actionpack (= 8.0.2.1)
actiontext (= 8.0.2.1)
actionview (= 8.0.2.1)
activejob (= 8.0.2.1)
activemodel (= 8.0.2.1)
activerecord (= 8.0.2.1)
activestorage (= 8.0.2.1)
activesupport (= 8.0.2.1)
bundler (>= 1.15.0)
railties (= 8.0.2)
railties (= 8.0.2.1)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
Expand All @@ -339,9 +339,9 @@ GEM
rails-i18n (8.0.1)
i18n (>= 0.7, < 2)
railties (>= 8.0.0, < 9)
railties (8.0.2)
actionpack (= 8.0.2)
activesupport (= 8.0.2)
railties (8.0.2.1)
actionpack (= 8.0.2.1)
activesupport (= 8.0.2.1)
irb (~> 1.13)
rackup (>= 1.0.0)
rake (>= 12.2)
Expand Down Expand Up @@ -429,15 +429,15 @@ GEM
stringio (3.1.6)
terminal-table (4.0.0)
unicode-display_width (>= 1.1.1, < 4)
thor (1.3.2)
thor (1.4.0)
timecop (0.9.8)
timeout (0.4.3)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (3.1.4)
unicode-emoji (~> 4.0, >= 4.0.4)
unicode-emoji (4.0.4)
uri (0.13.2)
uri (1.0.3)
useragent (0.16.11)
version_gem (1.1.3)
warden (1.2.9)
Expand Down
30 changes: 19 additions & 11 deletions app/controllers/measure_categories_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class MeasureCategoriesController < ApplicationController
before_action :set_and_authorize_measure_category, only: [:show, :update, :destroy]
before_action :set_and_authorize_measure_category, only: [:show, :destroy]
skip_before_action :authenticate_user!, only: [:update]

# GET /measure_categories
def index
Expand Down Expand Up @@ -27,28 +28,35 @@ def create
end
end

# PATCH/PUT /measure_categories/1
def update
if @measure_category.update!(permitted_attributes(@measure_category))
set_and_authorize_measure_category
render json: serialize(@measure_category)
end
end

# DELETE /measure_categories/1
def destroy
@measure_category.destroy
end

def update
head :not_implemented
end

private

# Use callbacks to share common setup or constraints between actions.
def set_and_authorize_measure_category
@measure_category = policy_scope(base_object).find(params[:id])
authorize @measure_category
rescue ActiveRecord::RecordNotFound
raise unless action_name == "destroy"
head :no_content
if action_name == "destroy"
record = base_object.find_by(id: params[:id])

if record.present?
# Record exists but is out of scope — test authorization anyway
authorize record
end

# If we got here, it's okay to respond as deleted
head :no_content
else
raise
end
end

def base_object
Expand Down
29 changes: 20 additions & 9 deletions app/controllers/measure_indicators_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class MeasureIndicatorsController < ApplicationController
before_action :set_and_authorize_measure_indicator, only: [:show, :update, :destroy]
before_action :set_and_authorize_measure_indicator, only: [:show, :destroy]
skip_before_action :authenticate_user!, only: [:update]

# GET /measure_indicators
def index
Expand Down Expand Up @@ -27,25 +28,35 @@ def create
end
end

# PATCH/PUT /measure_indicators/1
def update
if @measure_indicator.update!(permitted_attributes(@measure_indicator))
set_and_authorize_measure_indicator
render json: serialize(@measure_indicator)
end
end

# DELETE /measure_indicators/1
def destroy
@measure_indicator.destroy
end

def update
head :not_implemented
end

private

# Use callbacks to share common setup or constraints between actions.
def set_and_authorize_measure_indicator
@measure_indicator = policy_scope(base_object).find(params[:id])
authorize @measure_indicator
rescue ActiveRecord::RecordNotFound
if action_name == "destroy"
record = base_object.find_by(id: params[:id])

if record.present?
# Record exists but is out of scope — test authorization anyway
authorize record
end

# If we got here, it's okay to respond as deleted
head :no_content
else
raise
end
end

def base_object
Expand Down
29 changes: 19 additions & 10 deletions app/controllers/recommendation_categories_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
class RecommendationCategoriesController < ApplicationController
before_action :set_and_authorize_recommendation_category, only: [:show, :update, :destroy]
before_action :set_and_authorize_recommendation_category, only: [:show, :destroy]
skip_before_action :authenticate_user!, only: [:update]

# GET /recommendation_categories
def index
Expand Down Expand Up @@ -27,27 +28,35 @@ def create
end
end

# PATCH/PUT /recommendation_categories/1
def update
if @recommendation_category.update!(permitted_attributes(@recommendation_category))
render json: serialize(@recommendation_category)
end
end

# DELETE /recommendation_categories/1
def destroy
@recommendation_category.destroy
end

def update
head :not_implemented
end

private

# Use callbacks to share common setup or constraints between actions.
def set_and_authorize_recommendation_category
@recommendation_category = policy_scope(base_object).find(params[:id])
authorize @recommendation_category
rescue ActiveRecord::RecordNotFound
raise unless action_name == "destroy"
head :no_content
if action_name == "destroy"
record = base_object.find_by(id: params[:id])

if record.present?
# Record exists but is out of scope — test authorization anyway
authorize record
end

# If we got here, it's okay to respond as deleted
head :no_content
else
raise
end
end

def base_object
Expand Down
Loading