From 678633715548a06f7e0f01f029bf2843f81f0bb2 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Wed, 30 Apr 2025 17:33:38 -0400 Subject: [PATCH 01/20] Add security middleware and rate limiting configuration This commit introduces a custom Rack middleware, Rack::Defense, to enhance application security by blocking PHP-related requests, suspicious headers, and known malicious IPs. Additionally, it configures rate limiting for incoming requests, allowing a maximum of 300 requests every 5 minutes per IP address. These changes improve the overall security posture of the application and help mitigate potential attacks. --- config/application.rb | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/config/application.rb b/config/application.rb index 5d48da55..7efcabf2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -43,5 +43,51 @@ class Application < Rails::Application # rubocop:disable Style/Documentation # config.eager_load_paths << Rails.root.join("extras") # Don't generate system test files. config.generators.system_tests = nil + + # Add security middleware + config.middleware.use Rack::Defense + + # Configure rate limiting + config.action_dispatch.rate_limiter = { + limit: 300, + period: 5.minutes, + store: :redis, + key: ->(request) { request.ip } + } + end +end + +# Custom middleware to block PHP-related requests +class Rack::Defense + def initialize(app) + @app = app + end + + def call(env) + request = Rack::Request.new(env) + + # Block requests with PHP-related content + if request.post? && ( + request.path.include?('.php') || + request.query_string.include?('php') || + request.content_type.to_s.include?('php') || + request.body.read.to_s.include?('php') + ) + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + # Block requests with suspicious headers + if request.headers['User-Agent'].to_s.include?('Custom-AsyncHttpClient') || + request.headers['X-Request-Id'].to_s.include?('cve_2024_4577') + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + # Block known malicious IPs + suspicious_ips = ['91.99.22.81'] # Add more IPs as needed + if suspicious_ips.include?(request.ip) + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + @app.call(env) end end From eabbeb2cb778b205f270f0d530a9d7eb8d91915c Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 10:56:29 -0400 Subject: [PATCH 02/20] Update test output message for SHOW_BROWSER environment variable This commit modifies the output message in the Rails helper file to clarify the display of the SHOW_BROWSER environment variable. The change enhances readability by adding a question mark to the message, improving the clarity of the test environment output. --- spec/rails_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index ffa61979..b8835fd8 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -19,7 +19,7 @@ require 'selenium-webdriver' puts "!*!*!*! Running in environment: #{Rails.env} !*!*!*!" -puts "!*!*!*! Running SHOW_BROWSER: #{ENV['SHOW_BROWSER'].present? ? '✅' : '🙈'} !*!*!*!" +puts "!*!*!*! Running SHOW_BROWSER?: #{ENV['SHOW_BROWSER'].present? ? '✅' : '🙈'} !*!*!*!" Rails.root.glob('spec/support/**/*.rb').sort.each { |f| require f } # Checks for pending migrations and applies them before tests are run. From 0b8b321696cc572485340e36add7734a16b414f2 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 10:56:39 -0400 Subject: [PATCH 03/20] Refactor editable content system tests for clarity and consistency This commit updates the editable content system tests to use a more descriptive test type and improves the setup for user roles. The test now utilizes a headless browser for better performance and modifies the expectations for the edit link to enhance readability. These changes contribute to clearer and more maintainable test code. --- spec/features/editable_content_link_spec.rb | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/spec/features/editable_content_link_spec.rb b/spec/features/editable_content_link_spec.rb index e2ad4e85..92ec630a 100644 --- a/spec/features/editable_content_link_spec.rb +++ b/spec/features/editable_content_link_spec.rb @@ -2,18 +2,19 @@ require 'rails_helper' -RSpec.describe 'EditableContent' do +RSpec.describe 'EditableContent', type: :system do + before do + driven_by(:selenium_chrome_headless) + end + let!(:instructions) do - create(:editable_content, page: 'home', section: 'instructions', - content: 'A short paragraph explaining LSA Evaluate.') + create(:editable_content, page: 'home', section: 'instructions') end let!(:user) { create(:user) } - let!(:admin) { create(:user) } - let!(:role) { create(:role, kind: 'Axis mundi') } + let!(:admin) { create(:user, :axis_mundi) } context 'when axis_mundi is logged in' do before do - admin.roles << role login_as(admin) visit root_path end @@ -23,7 +24,7 @@ end it 'displays a pencil icon within the edit link' do - expect(page).to have_css('a[href="' + edit_editable_content_path(instructions) + '"] .bi.bi-pencil') + expect(page).to have_css('a.edit-link i.bi.bi-pencil') end end @@ -38,7 +39,7 @@ end it 'does not display a pencil icon within the edit link' do - expect(page).to have_no_css('a[href="' + edit_editable_content_path(instructions) + '"] .bi.bi-pencil') + expect(page).to have_no_css('a.edit-link i.bi.bi-pencil') end end From 737a4ee63efe3c7bc4c5e8fb685704fa1a0a7ec2 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 10:56:55 -0400 Subject: [PATCH 04/20] Add custom Rack middleware for enhanced security measures This commit introduces a custom Rack middleware, Rack::Defense, to block PHP-related requests, suspicious headers, and known malicious IPs. The middleware enhances the application's security posture by preventing potential attacks and ensuring that only legitimate requests are processed. This change builds upon previous security enhancements and contributes to a more robust defense against common vulnerabilities. --- config/application.rb | 70 +++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/config/application.rb b/config/application.rb index 7efcabf2..c2a90691 100644 --- a/config/application.rb +++ b/config/application.rb @@ -20,6 +20,41 @@ # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) +# Custom middleware to block PHP-related requests +class Rack::Defense + def initialize(app) + @app = app + end + + def call(env) + request = Rack::Request.new(env) + + # Block requests with PHP-related content + if request.post? && ( + request.path.include?('.php') || + request.query_string.include?('php') || + request.content_type.to_s.include?('php') || + request.body.read.to_s.include?('php') + ) + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + # Block requests with suspicious headers + if request.env['HTTP_USER_AGENT'].to_s.include?('Custom-AsyncHttpClient') || + request.env['HTTP_X_REQUEST_ID'].to_s.include?('cve_2024_4577') + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + # Block known malicious IPs + suspicious_ips = ['91.99.22.81'] # Add more IPs as needed + if suspicious_ips.include?(request.ip) + return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] + end + + @app.call(env) + end +end + module LsaEvaluate class Application < Rails::Application # rubocop:disable Style/Documentation # Initialize configuration defaults for originally generated Rails version. @@ -56,38 +91,3 @@ class Application < Rails::Application # rubocop:disable Style/Documentation } end end - -# Custom middleware to block PHP-related requests -class Rack::Defense - def initialize(app) - @app = app - end - - def call(env) - request = Rack::Request.new(env) - - # Block requests with PHP-related content - if request.post? && ( - request.path.include?('.php') || - request.query_string.include?('php') || - request.content_type.to_s.include?('php') || - request.body.read.to_s.include?('php') - ) - return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] - end - - # Block requests with suspicious headers - if request.headers['User-Agent'].to_s.include?('Custom-AsyncHttpClient') || - request.headers['X-Request-Id'].to_s.include?('cve_2024_4577') - return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] - end - - # Block known malicious IPs - suspicious_ips = ['91.99.22.81'] # Add more IPs as needed - if suspicious_ips.include?(request.ip) - return [403, { 'Content-Type' => 'text/plain' }, ['Forbidden']] - end - - @app.call(env) - end -end From 1915d09de4d711741d935ea7de067189c9e1234e Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 11:28:31 -0400 Subject: [PATCH 05/20] Update entry retrieval in profile authorization to use policy scope This commit modifies the `set_entry_for_profile` method in the `EntriesController` to utilize `policy_scope` for fetching entries. This change ensures that entry retrieval adheres to the defined authorization policies, enhancing security and access control within the application. --- app/controllers/entries_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/entries_controller.rb b/app/controllers/entries_controller.rb index 7135969f..6f18b400 100644 --- a/app/controllers/entries_controller.rb +++ b/app/controllers/entries_controller.rb @@ -139,7 +139,7 @@ def set_entry # For applicant_profile, we want to find the entry first, then authorize it def set_entry_for_profile - @entry = Entry.find(params[:id]) + @entry = policy_scope(Entry).find(params[:id]) end def authorize_entry From 1c3ff2983f8014219de3780084962262ca083c5a Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 11:28:39 -0400 Subject: [PATCH 06/20] Refactor user role setup in profile access system tests This commit updates the user role setup in the profile access system tests to utilize traits for creating users with specific roles. The changes enhance the clarity and maintainability of the test code by streamlining user creation and ensuring that roles are assigned correctly. This refactor contributes to a more efficient testing process and aligns with best practices for test setup. --- spec/system/profile_access_spec.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/spec/system/profile_access_spec.rb b/spec/system/profile_access_spec.rb index 2f1dabfc..142af47a 100644 --- a/spec/system/profile_access_spec.rb +++ b/spec/system/profile_access_spec.rb @@ -9,12 +9,11 @@ let(:axis_mundi_role) { create(:role, kind: 'Axis mundi') } let(:collection_admin_role) { create(:role, kind: 'Collection Administrator') } let(:regular_user) { create(:user) } - let(:axis_mundi_user) { create(:user) } - let(:collection_admin) { create(:user) } + let(:axis_mundi_user) { create(:user, :axis_mundi) } + let(:collection_admin) { create(:user, :with_collection_admin_role) } let(:entry) { create(:entry, profile: profile, contest_instance: contest_instance) } before do - create(:user_role, user: axis_mundi_user, role: axis_mundi_role) create(:assignment, user: collection_admin, container: container, role: collection_admin_role) entry end From e437a1bd32583bce2504e9b03faa7892ba64c06e Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 15:35:07 -0400 Subject: [PATCH 07/20] Update round judge assignment controller to use policy scope for container retrieval This commit modifies the `set_judging_round` method in the `RoundJudgeAssignmentsController` to utilize `policy_scope` when fetching the container. This change enhances security by ensuring that the retrieval of containers adheres to defined authorization policies. Additionally, it removes unnecessary whitespace in the `create` method for improved code cleanliness. --- app/controllers/round_judge_assignments_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/round_judge_assignments_controller.rb b/app/controllers/round_judge_assignments_controller.rb index c3927068..91c3c845 100644 --- a/app/controllers/round_judge_assignments_controller.rb +++ b/app/controllers/round_judge_assignments_controller.rb @@ -11,7 +11,7 @@ def index def create @round_judge_assignment = @judging_round.round_judge_assignments.build(round_judge_assignment_params) - + if @round_judge_assignment.save redirect_to container_contest_description_contest_instance_judging_round_round_judge_assignments_path( @container, @contest_description, @contest_instance, @judging_round @@ -33,7 +33,7 @@ def destroy private def set_judging_round - @container = Container.find(params[:container_id]) + @container = policy_scope(Container).find(params[:container_id]) @contest_description = @container.contest_descriptions.find(params[:contest_description_id]) @contest_instance = @contest_description.contest_instances.find(params[:contest_instance_id]) @judging_round = @contest_instance.judging_rounds.find(params[:judging_round_id]) From 02af4a8746dcea09d08f6693314ff6b6dd67ff4d Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Tue, 6 May 2025 15:38:47 -0400 Subject: [PATCH 08/20] Update user role retrieval in UserRolesController to use policy scope This commit modifies the `set_user_role` method in the `UserRolesController` to utilize `policy_scope` when fetching user roles. This change enhances security by ensuring that user role retrieval adheres to defined authorization policies, aligning with best practices for access control within the application. --- app/controllers/user_roles_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/user_roles_controller.rb b/app/controllers/user_roles_controller.rb index 16613709..f98b3f8f 100644 --- a/app/controllers/user_roles_controller.rb +++ b/app/controllers/user_roles_controller.rb @@ -54,7 +54,7 @@ def destroy private def set_user_role - @user_role = UserRole.find(params[:id]) + @user_role = policy_scope(UserRole).find(params[:id]) end def user_role_params From eb510c5b40ce0918b50702da7e3d7151b321252e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 May 2025 14:51:28 +0000 Subject: [PATCH 09/20] Bump rack from 3.1.12 to 3.1.14 in the bundler group across 1 directory Bumps the bundler group with 1 update in the / directory: [rack](https://github.com/rack/rack). Updates `rack` from 3.1.12 to 3.1.14 - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/v3.1.12...v3.1.14) --- updated-dependencies: - dependency-name: rack dependency-version: 3.1.14 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index de8fa8eb..6132ffa2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -317,7 +317,7 @@ GEM rspec-mocks (~> 3.12) rspec-support (~> 3.12) racc (1.8.1) - rack (3.1.12) + rack (3.1.14) rack-accept (0.4.5) rack (>= 0.4) rack-protection (4.1.1) From 20d658097cd051b5051314d02d407cb9719f31b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 May 2025 14:59:52 +0000 Subject: [PATCH 10/20] Bump trix in the npm_and_yarn group across 1 directory Bumps the npm_and_yarn group with 1 update in the / directory: [trix](https://github.com/basecamp/trix). Updates `trix` from 2.1.12 to 2.1.15 - [Release notes](https://github.com/basecamp/trix/releases) - [Commits](https://github.com/basecamp/trix/compare/v2.1.12...v2.1.15) --- updated-dependencies: - dependency-name: trix dependency-version: 2.1.15 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index a109d128..784eb6e1 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "postcss-cli": "^11.0.0", "sass": "^1.70.0", "sortablejs": "^1.15.6", - "trix": "^2.1.12" + "trix": "^2.1.15" }, "scripts": { "build": "esbuild app/javascript/*.* --bundle --sourcemap --format=esm --outdir=app/assets/builds --public-path=/assets", diff --git a/yarn.lock b/yarn.lock index 1753922a..f70789ac 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2000,10 +2000,10 @@ domexception@^4.0.0: dependencies: webidl-conversions "^7.0.0" -dompurify@^3.2.3: - version "3.2.4" - resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.4.tgz#af5a5a11407524431456cf18836c55d13441cd8e" - integrity sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg== +dompurify@^3.2.5: + version "3.2.5" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.5.tgz#11b108656a5fb72b24d916df17a1421663d7129c" + integrity sha512-mLPd29uoRe9HpvwP2TxClGQBzGXeEC/we/q+bFlmPPmj2p2Ugl3r6ATu/UU1v77DXNcehiBg9zsr1dREyA/dJQ== optionalDependencies: "@types/trusted-types" "^2.0.7" @@ -3771,12 +3771,12 @@ tr46@^3.0.0: dependencies: punycode "^2.1.1" -trix@^2.1.12: - version "2.1.12" - resolved "https://registry.yarnpkg.com/trix/-/trix-2.1.12.tgz#102306c3a90afcc5b66815ce8d631ee43048a477" - integrity sha512-0hQvJdy257XuzRdCzSQ/QvcqyTp+8ixMxVLWxSbWvEzD2kgKFlcrMjgWZbtVkJENaod+jm2sBTOWAZVNWK+DMA== +trix@^2.1.15: + version "2.1.15" + resolved "https://registry.yarnpkg.com/trix/-/trix-2.1.15.tgz#fabad796ea779a8ae96522402fbc214cbfc4015f" + integrity sha512-LoaXWczdTUV8+3Box92B9b1iaDVbxD14dYemZRxi3PwY+AuDm97BUJV2aHLBUFPuDABhxp0wzcbf0CxHCVmXiw== dependencies: - dompurify "^3.2.3" + dompurify "^3.2.5" type-detect@4.0.8: version "4.0.8" From 9504ef2342335342086d46e2e088b84063e112b7 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:24:37 -0400 Subject: [PATCH 11/20] Add stackprof gem for performance profiling This commit adds the `stackprof` gem to the Gemfile and updates the Gemfile.lock accordingly. The inclusion of this gem will facilitate performance profiling, allowing for better insights into application performance and potential optimizations. --- Gemfile | 1 + Gemfile.lock | 2 ++ 2 files changed, 3 insertions(+) diff --git a/Gemfile b/Gemfile index e9cf98b0..7823727f 100644 --- a/Gemfile +++ b/Gemfile @@ -25,6 +25,7 @@ gem 'pundit' gem 'redis', '~> 5.0' gem 'sentry-ruby' gem 'sentry-rails' +gem 'stackprof' gem 'sidekiq', '~> 7.3' gem 'sassc-rails' gem 'simple_form', '~> 5.3' diff --git a/Gemfile.lock b/Gemfile.lock index de8fa8eb..465f871e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -500,6 +500,7 @@ GEM net-scp (>= 1.1.2) net-sftp (>= 2.1.2) net-ssh (>= 2.8.0) + stackprof (0.2.27) stimulus-rails (1.3.4) railties (>= 6.0.0) stringio (3.1.1) @@ -600,6 +601,7 @@ DEPENDENCIES simple_form (~> 5.3) simplecov skylight + stackprof stimulus-rails turbo-rails turnout2024 From 820c5696bb4674064baf80df402184a01ee213c6 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:24:52 -0400 Subject: [PATCH 12/20] Update Bootstrap dependency to version 5.3.3 in package.json and yarn.lock This commit updates the Bootstrap dependency in both package.json and yarn.lock to version 5.3.3. This change ensures that the application utilizes the latest features and fixes provided by the Bootstrap framework, contributing to improved UI and styling consistency. --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index a109d128..de8e0f5e 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "@popperjs/core": "^2.11.8", "@rails/actiontext": "^7.0.8-3", "autoprefixer": "^10.4.17", - "bootstrap": "^5.3.2", + "bootstrap": "^5.3.3", "bootstrap-icons": "^1.11.3", "esbuild": "^0.25.0", "mac-ca": "^3.1.0", diff --git a/yarn.lock b/yarn.lock index 1753922a..c989f6f2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1703,10 +1703,10 @@ bootstrap-icons@^1.11.3: resolved "https://registry.yarnpkg.com/bootstrap-icons/-/bootstrap-icons-1.11.3.tgz#03f9cb754ec005c52f9ee616e2e84a82cab3084b" integrity sha512-+3lpHrCw/it2/7lBL15VR0HEumaBss0+f/Lb6ZvHISn1mlK83jjFpooTLsMWbIjJMDjDjOExMsTxnXSIT4k4ww== -bootstrap@^5.3.2: - version "5.3.2" - resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.3.2.tgz#97226583f27aae93b2b28ab23f4c114757ff16ae" - integrity sha512-D32nmNWiQHo94BKHLmOrdjlL05q1c8oxbtBphQFb9Z5to6eGRDCm0QgeaZ4zFBHzfg2++rqa2JkqCcxDy0sH0g== +bootstrap@^5.3.3: + version "5.3.6" + resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-5.3.6.tgz#fbd91ebaff093f5b191a1c01a8c866d24f9fa6e1" + integrity sha512-jX0GAcRzvdwISuvArXn3m7KZscWWFAf1MKBcnzaN02qWMb3jpMoUX4/qgeiGzqyIb4ojulRzs89UCUmGcFSzTA== brace-expansion@^1.1.7: version "1.1.11" From 5436343e4bcc5de455e82feb13f1a436008891c8 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:27:46 -0400 Subject: [PATCH 13/20] Refactor footer links for improved layout and accessibility This commit updates the footer partial to enhance the layout of user-specific links by wrapping them in a flex container. It also replaces icon classes with filled variants for better visibility and adds a new link to the departments page. These changes improve the user interface and accessibility of the footer section. --- app/views/shared/_footer.html.erb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/app/views/shared/_footer.html.erb b/app/views/shared/_footer.html.erb index aab6ed09..64056fcc 100644 --- a/app/views/shared/_footer.html.erb +++ b/app/views/shared/_footer.html.erb @@ -4,13 +4,19 @@

<%= image_tag 'LSA_Technology_logo.svg', alt: 'LSA Technology Logo', class: "img-fluid" %> <% if user_signed_in? && current_user.axis_mundi? %> - <%= link_to editable_contents_path, class: "edit-icon", data: { bs_toggle: "tooltip", bs_placement: "top" }, title: "Edit the text blocks in the application" do %> - - <% end %> - | - <%= link_to users_dashboard_index_path, class: "profile-icon", data: { bs_toggle: "tooltip", bs_placement: "top" }, title: "Users Dashboard" do %> - - <% end %> +

+ <%= link_to editable_contents_path, class: "edit-icon", data: { bs_toggle: "tooltip", bs_placement: "top" }, title: "Edit the text blocks in the application" do %> + + <% end %> + | + <%= link_to users_dashboard_index_path, class: "profile-icon", data: { bs_toggle: "tooltip", bs_placement: "top" }, title: "Users Dashboard" do %> + + <% end %> + | + <%= link_to departments_path, class: "profile-icon", data: { bs_toggle: "tooltip", bs_placement: "top" }, title: "Departments" do %> + + <% end %> +
<% end %>

From 50cd354b63f2c23761ef76e6450ee05d585cb6bd Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:28:09 -0400 Subject: [PATCH 14/20] Fix whitespace issues in available contests partial for improved readability This commit removes unnecessary whitespace in the `_available_contests.html.erb` partial, enhancing the overall readability of the code. Additionally, it ensures proper formatting of the displayed contest information, contributing to a cleaner and more maintainable view structure. --- app/views/applicant_dashboard/_available_contests.html.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/applicant_dashboard/_available_contests.html.erb b/app/views/applicant_dashboard/_available_contests.html.erb index c61a665c..634f552a 100644 --- a/app/views/applicant_dashboard/_available_contests.html.erb +++ b/app/views/applicant_dashboard/_available_contests.html.erb @@ -3,7 +3,7 @@ <% if params[:filter] && (params[:filter][:department_id].present? || params[:filter][:container_id].present?) %>

Filtered Contests

- Showing contests for + Showing contests for <% if params[:filter][:department_id].present? %> <% department = Department.find_by(id: params[:filter][:department_id]) %> <% if department %> @@ -44,7 +44,7 @@ <% end %> <% end %> - + <% if @active_contests_by_container.any? %> <% @active_contests_by_container.each do |container, contests| %> <%= render partial: 'applicant_dashboard/contest_table', locals: { container: container, contests: contests } %> @@ -52,4 +52,4 @@ <% else %>

No active contests available for your class level.

<% end %> - \ No newline at end of file + From a74deb893919cc453b919da7e5ca648389687e21 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:28:26 -0400 Subject: [PATCH 15/20] Update contest entry icon in applicant dashboard for improved clarity This commit replaces the pencil icon with a send arrow-up icon in the contest table partial of the applicant dashboard. This change enhances the visual representation of the action, making it clearer for users to understand the purpose of the button. Additionally, a newline is added at the end of the file for proper formatting. --- app/views/applicant_dashboard/_contest_table.html.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/applicant_dashboard/_contest_table.html.erb b/app/views/applicant_dashboard/_contest_table.html.erb index 1488d63c..2ade7082 100644 --- a/app/views/applicant_dashboard/_contest_table.html.erb +++ b/app/views/applicant_dashboard/_contest_table.html.erb @@ -24,7 +24,7 @@ data: { 'bs-toggle': 'tooltip' }, title: 'Enter contest', aria: { label: 'Enter contest' } do %> - + <% end %> @@ -33,4 +33,4 @@ - \ No newline at end of file + From cfb29e3d1337b574fa7c7def916609b7fbc8714c Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:28:37 -0400 Subject: [PATCH 16/20] Add inactive submissions summary partial to applicant dashboard This commit introduces a new partial, `_inactive_submissions_summary.html.erb`, to the applicant dashboard. The partial displays a summary of past contest entries, including contest details, submission titles, types, and submission dates. It also provides options to view or download attached entry files, enhancing the user experience by allowing easy access to historical submissions. --- .../_inactive_submissions_summary.html.erb | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 app/views/applicant_dashboard/_inactive_submissions_summary.html.erb diff --git a/app/views/applicant_dashboard/_inactive_submissions_summary.html.erb b/app/views/applicant_dashboard/_inactive_submissions_summary.html.erb new file mode 100644 index 00000000..8192283b --- /dev/null +++ b/app/views/applicant_dashboard/_inactive_submissions_summary.html.erb @@ -0,0 +1,56 @@ +
+
+
+ +
Past Contest Entries
+
+
+
+ <% if (content = render_editable_content('applicant_dashboard', 'inactivesubmission_summary')) %> +
+ <%= content %> +
+ <% end %> +
+ + + + + + + + + + + + <% @entries.joins(:contest_instance).where(contest_instances: { active: false }).each do |entry| %> + + + + + + + + <% end %> + +
ContestTitleTypeSubmittedEntry
<%= "#{entry.contest_instance.contest_description.name } - #{entry.contest_instance.date_open.year}" %><%= entry.title %><%= entry.category.kind %><%= entry.created_at.strftime("%b %d, %Y") %> + <% if entry.entry_file.attached? %> +
+ <%= link_to rails_blob_path(entry.entry_file, disposition: "inline"), + target: "_blank", rel: "noopener", class: "me-2", + title: "View in new tab", aria: { label: "View file" } do %> + + <% end %> + <%= link_to rails_blob_path(entry.entry_file, disposition: "attachment"), + download: "", class: "me-2", + title: "Download file", aria: { label: "Download file" } do %> + + <% end %> +
+ <% else %> + No file + <% end %> +
+
+
+
From 761e45c1b1f4aea480f04104edd510cb8819c995 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:28:47 -0400 Subject: [PATCH 17/20] Enhance submissions summary in applicant dashboard to display only active contests This commit updates the submissions summary partial to reflect only active contests entered by the applicant. The heading is modified for clarity, and the entries are filtered to include only those associated with active contest instances. Additionally, the layout of the file attachment links is improved for better accessibility and user experience. --- .../_submissions_summary.html.erb | 26 +++++++++++-------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/app/views/applicant_dashboard/_submissions_summary.html.erb b/app/views/applicant_dashboard/_submissions_summary.html.erb index 96ef7164..f9aaad7e 100644 --- a/app/views/applicant_dashboard/_submissions_summary.html.erb +++ b/app/views/applicant_dashboard/_submissions_summary.html.erb @@ -1,6 +1,6 @@
-

Contests You Have Entered:

+

Active Contests You Have Entered:

<% if (content = render_editable_content('applicant_dashboard', 'submission_summary')) %> <%= content %> <% end %> @@ -18,7 +18,7 @@ - <% @entries.each do |entry| %> + <% @entries.joins(:contest_instance).where(contest_instances: { active: true }).each do |entry| %> <%= "#{entry.contest_instance.contest_description.name } - #{entry.contest_instance.date_open.year}" %> <%= entry.title %> @@ -26,14 +26,18 @@ <%= entry.created_at.strftime("%B %d, %Y") %> <% if entry.entry_file.attached? %> - <%= link_to rails_blob_path(entry.entry_file, disposition: "inline"), target: "_blank", rel: "noopener", class: "me-2", title: "View in new tab" do %> - - - <% end %> - <%= link_to rails_blob_path(entry.entry_file, disposition: "attachment"), download: "", class: "me-2", title: "Download file" do %> - - - <% end %> +
+ <%= link_to rails_blob_path(entry.entry_file, disposition: "inline"), + target: "_blank", rel: "noopener", class: "me-2", + title: "View in new tab", aria: { label: "View file" } do %> + + <% end %> + <%= link_to rails_blob_path(entry.entry_file, disposition: "attachment"), + download: "", class: "me-2", + title: "Download file", aria: { label: "Download file" } do %> + + <% end %> +
<% else %> No file attached <% end %> @@ -61,4 +65,4 @@
-
\ No newline at end of file + From fa4ba95ae46a169f024316d42de3d2dfc870e616 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:28:58 -0400 Subject: [PATCH 18/20] Update applicant dashboard layout to include inactive submissions summary and available contests This commit modifies the applicant dashboard view to enhance the layout by adding a new section for available contests and updating the inactive submissions summary. The previous available contests section is removed, and a horizontal rule is added for better visual separation. These changes improve the organization and clarity of the dashboard, providing users with a more structured overview of their submissions and available opportunities. --- app/views/applicant_dashboard/index.html.erb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/views/applicant_dashboard/index.html.erb b/app/views/applicant_dashboard/index.html.erb index d3b3bebf..3e237f60 100644 --- a/app/views/applicant_dashboard/index.html.erb +++ b/app/views/applicant_dashboard/index.html.erb @@ -13,14 +13,20 @@ <%= render 'applicant_dashboard/opportunities' %> +
+
+ <%= render 'applicant_dashboard/available_contests' %> +
+
<%= render 'applicant_dashboard/submissions_summary', submissions: @submissions %>
+
-
- <%= render 'applicant_dashboard/available_contests' %> +
+ <%= render 'applicant_dashboard/inactive_submissions_summary', submissions: @submissions %>
From 5f0279a86ba74d8ee2e4a5d6be4275625d58a903 Mon Sep 17 00:00:00 2001 From: rsmokeUM Date: Mon, 12 May 2025 13:29:06 -0400 Subject: [PATCH 19/20] Add form instructions to container form and update seed data This commit enhances the container form by adding a section for editable form instructions, improving user guidance during the container creation process. Additionally, it updates the seed data to include instructions for the new form instructions section, ensuring that the necessary content is available for users. These changes contribute to a more informative and user-friendly interface. --- app/views/containers/_form.html.erb | 6 +++++- db/seeds.rb | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/views/containers/_form.html.erb b/app/views/containers/_form.html.erb index 142b67fc..b9bd7c12 100644 --- a/app/views/containers/_form.html.erb +++ b/app/views/containers/_form.html.erb @@ -1,4 +1,7 @@
+ <% if (content = render_editable_content('container', 'form_instructions')) %> + <%= content %> + <% end %> <%= simple_form_for(@container, html: { id: 'new_container_form' }) do |f| %> <%= f.error_notification %> <%= f.error_notification message: f.object.errors[:base].to_sentence if f.object.errors[:base].present? %> @@ -17,10 +20,11 @@ <%= f.input :visibility_id, collection: Visibility.all, + label: 'Dashboard Visibility', label_method: :kind, value_method: :id, hint: safe_join([ - content_tag(:strong, "Public"), " visibility means that this collection of contests will be visible in the applicant's dashboard. ", + content_tag(:strong, "Public"), " visibility means that this collection of contests will be visible to all user's of LSA Evaluate.", tag(:br), content_tag(:strong, "Private"), " visibility requires you provide a special link to applicants in order for them to apply to this collection of contests, it will NOT be visible in the applicant's dashboard." ]), diff --git a/db/seeds.rb b/db/seeds.rb index 4cd72164..3cbb2c8a 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -63,7 +63,11 @@ { page: "judging_assignments", section: "round_specific_instructions", content: ActionText::RichText.new(body: "Instructions for the round_specific_instructions") }, { page: "judging_rounds", section: "comment_interface_behavior", - content: ActionText::RichText.new(body: "Instructions for the comment_interface_behavior") } + content: ActionText::RichText.new(body: "Instructions for the comment_interface_behavior") }, + { page: "applicant_dashboard", section: "inactivesubmission_summary", + content: ActionText::RichText.new(body: "Instructions for the inactivesubmission_summary") }, + { page: "containers", section: "form_instructions", + content: ActionText::RichText.new(body: "Instructions for the form_instructions") } ]) # Seed data for School From e85c93d35fe7e85e223d1a6c42c82fdf3514c7ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 18:12:59 +0000 Subject: [PATCH 20/20] Bump rack-session in the bundler group across 1 directory Bumps the bundler group with 1 update in the / directory: [rack-session](https://github.com/rack/rack-session). Updates `rack-session` from 2.0.0 to 2.1.1 - [Release notes](https://github.com/rack/rack-session/releases) - [Changelog](https://github.com/rack/rack-session/blob/main/releases.md) - [Commits](https://github.com/rack/rack-session/compare/v2.0.0...v2.1.1) --- updated-dependencies: - dependency-name: rack-session dependency-version: 2.1.1 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8da86af6..bfc51257 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -324,7 +324,8 @@ GEM base64 (>= 0.1.0) logger (>= 1.6.0) rack (>= 3.0.0, < 4) - rack-session (2.0.0) + rack-session (2.1.1) + base64 (>= 0.1.0) rack (>= 3.0.0) rack-test (2.1.0) rack (>= 1.3)