chouette-core/app, branch 6161-missing_var_in_crontab

Refs #5934 Remove destructive action links for route stop points in Routes#show

2018-03-09T16:48:56+00:00

Refs #5934 Only display stop point action links if user has policy

2018-03-09T16:48:56+00:00

Merge pull request #366 from af83/5989-fix_compliance_check_resource_status

2018-03-09T07:57:48+00:00

Fix compliance_check_resource and compliance_check_set status Refs #5…

Fix compliance_check_resource and compliance_check_set status Refs #5989 @1

2018-03-08T14:03:34+00:00

Chouette::Line#by_name: Use `LEFT OUTER JOIN` on "companies"

2018-03-07T12:19:41+00:00

Thanks to Johan for helping me with this. He correctly remarked that
what I had before will do an `INNER JOIN`, which ends up excluding lines
that don't have an associated company. I didn't really think about the
data, and didn't realise we had lines without a company.

Big thanks to Johan for seeing that I needed to add `public.` to qualify
the `companies` table in order for the join to work. Otherwise it
doesn't work correctly and we can't filter by company name.

Refs #5889

AutocompleteLines: Sanitize `:q` param in `LIKE` operator

2018-03-07T12:19:41+00:00

Johan made a number of good points here:

> * I think this belongs in the model
> * I would rather use a named parameter here
>   `.where('lines.number LIKE :q OR lines.names LIKE :q ...', q: >   "%#{params[:q]}%")`
> * You should defiitely escape the params before passing it to your db.
>   `sanitize_sql_like` seems like the best choice here

I wasn't thinking about sanitisation at all and just assumed the `?`s in
the prepared statement would take care of it for me. But obviously,
we're passing `%`s in the param, so users can of course do the same
thing.

Protect against this using the
`ActiveRecord::Sanitization#sanitize_sql_like` method. This is a private
class method, so in order to use it we have to call it from inside the
`Chouette::Line` model.

And of course the named parameters are a no-brainer. At the time, I had
seen that `Array` splat somewhere else in the codebase and just blindly
copied the format, forgetting that named parameters even existed.

Refs #5889

Change route to AutocompleteLinesController

2018-03-07T12:19:41+00:00

Johan recommended not putting it in a separate `/autocomplete...` route,
but instead to use `/referentials/4/lines/autocomplete` to be more
RESTful. Makes perfect sense.

Refs #5889

VehicleJourney: Remove `.lines` method

2018-03-07T12:19:41+00:00

This is no longer needed thanks to the `AutocompleteLinesController` and
the AJAX filter in
`app/views/referential_vehicle_journeys/_filters.html.slim`.

Refs #5889

AutocompleteLinesController: Move filter SQL string inside query

2018-03-07T12:19:41+00:00

Get rid of the heredoc to allow us to put the string inside the argument
to the function directly and thus make the query more readable by
putting it in context.

Refs #5889

AutocompleteLinesController: Include company name in filter

2018-03-07T12:19:41+00:00

The `#display_name` used in the drop-down on
`ReferentialVehicleJourneys#index` includes the line's company name.
Include this as a field to filter lines by.

Additionally, use `%query%` filtering everywhere. It's going to be
slower, but will produce the same behaviour for all fields for
consistency and is easier for searching by company name when you might
want to filter by a term in the middle of the name.

Refs #5889