WIP: temp branch

.rubocop.yml

@@ -1,3 +1,10 @@
 inherit_from: .rubocop_todo.yml
 AllCops:
     NewCops: enable
+
+require:
+ - rubocop-factory_bot
+ - rubocop-rails
+ - rubocop-rake
+ - rubocop-rspec
+

.ruby-version

@@ -1 +1 @@
-3.1.1
+3.2.2

Brewfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # vim: ft=ruby
 
 tap 'homebrew/bundle'

Gemfile

@@ -7,13 +7,14 @@ gem 'rails', '~> 6.0.2'
 gem 'attribute_normalizer'
 gem 'awesome_print'
 gem 'bootsnap'
+gem 'bootstrap-sass' # , '3.0.2.1'
 gem 'carrierwave'
 gem 'coffee-rails'
 gem 'colored2'
 gem 'commonjs'
 gem 'country_select'
-gem 'devise'
 gem 'dalli'
+gem 'devise'
 gem 'haml'
 gem 'jquery-rails'
 gem 'libv8'

Gemfile.lock

@@ -67,10 +67,15 @@ GEM
     asciidoctor (2.0.20)
     ast (2.4.2)
     attribute_normalizer (1.2.0)
+    autoprefixer-rails (10.4.16.0)
+      execjs (~> 2)
     awesome_print (1.9.2)
     bcrypt (3.1.20)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
+    bootstrap-sass (3.4.1)
+      autoprefixer-rails (>= 5.2.1)
+      sassc (>= 2.0.0)
     builder (3.2.4)
     capistrano (2.15.11)
       highline
@@ -383,6 +388,7 @@ DEPENDENCIES
   attribute_normalizer
   awesome_print
   bootsnap
+  bootstrap-sass
   capistrano (< 3)
   carrierwave
   codecov

Rakefile

@@ -15,7 +15,7 @@ if is_dev_test
   require 'yard'
 
   namespace :todolist do
-    task :statsetup do
+    task statsetup: :environment do
       require 'rails/code_statistics'
       STATS_DIRECTORIES << %w[Uploaders app/uploaders]
       # For test folders not defined in CodeStatistics::TEST_TYPES (ie: spec/)

app/assets/config/manifest.js

@@ -0,0 +1,6 @@
+//= link fnf.png
+//= link_tree ../images
+//= link_directory ../javascripts .js
+//= link_directory ../stylesheets .css
+//= require bootstrap
+//= require twitter/bootstrap

app/assets/javascripts/bootstrap.js.coffee

@@ -1,4 +1,3 @@
 jQuery ->
-  $("a[rel=popover]").popover()
-  $(".tooltip").tooltip()
-  $("a[rel=tooltip]").tooltip()
+  $("a[rel~=popover], .has-popover").popover()
+  $("a[rel~=tooltip], .has-tooltip").tooltip()

app/assets/stylesheets/bootstrap_and_overrides.scss

@@ -1,5 +1,3 @@
-@import "twitter/bootstrap/bootstrap";
-@import "twitter/bootstrap/responsive";
 
 // Set the correct sprite paths
 $iconSpritePath: asset-path("twitter/bootstrap/glyphicons-halflings");
@@ -13,7 +11,7 @@ $fontAwesomeTtfPath: asset-url("fontawesome-webfont.ttf");
 $fontAwesomeSvgPath: asset-url("fontawesome-webfont.svg#fontawesomeregular");
 
 // Font Awesome
-@import "fontawesome/font-awesome";
+// @import "fontawesome/font-awesome";
 
 // Glyphicons
 //@import "twitter/bootstrap/sprites.scss";

app/classes/fnf/events.rb

@@ -27,5 +27,4 @@ def initialize_events!
   end
 end
 
-
 FnF::Events.initialize_events!

app/controllers/application_controller.rb

@@ -26,7 +26,7 @@ def configure_permitted_parameters
 
   def authenticate_user_from_token!
     user_id = params[:user_id].presence
-    user    = User.find_by_id(user_id)
+    user    = User.find_by(id: user_id)
 
     if user && Devise.secure_compare(user.authentication_token, params[:user_token])
       user.update_attribute(:authentication_token, nil) # One-time use

app/controllers/emails_controller.rb

@@ -4,12 +4,18 @@ class EmailsController < ApplicationController
   def index
     respond_to do |format|
       format.any do
-        if User.where(email: params[:email]).first
+        if User.where(email: email_params[:email]).first
           head :ok
         else
           head :not_found
         end
       end
     end
   end
+
+  private
+
+  def email_params
+    params.permit(:email)
+  end
 end

app/controllers/events_controller.rb

@@ -31,9 +31,9 @@ def edit
   end
 
   def create
-    populate_params_event(params)
+    populate_permitted_params_event(permitted_params)
 
-    @event = Event.new(params[:event])
+    @event = Event.new(permitted_params[:event])
 
     if @event.save
       redirect_to @event
@@ -43,9 +43,9 @@ def create
   end
 
   def update
-    populate_params_event(params)
+    populate_permitted_params_event(permitted_params)
 
-    if @event.update_attributes(params[:event])
+    if @event.update(permitted_params[:event])
       redirect_to @event
     else
       render action: 'edit'
@@ -61,8 +61,8 @@ def destroy
   def add_admin
     return redirect_to :back unless @event.admin?(current_user)
 
-    email = params[:user_email]
-    user = User.find_by_email(email)
+    email = permitted_params[:user_email]
+    user = User.find_by(email:)
     return redirect_to :back, notice: "No user with email '#{email}' exists" unless user
 
     @event.admins << user
@@ -78,7 +78,7 @@ def add_admin
   def remove_admin
     return redirect_to :back unless @event.admin?(current_user)
 
-    user_id = params[:user_id]
+    user_id = permitted_params[:user_id]
     event_admin = EventAdmin.where(event_id: @event, user_id:).first
     return redirect_to :back, notice: "No user with id #{user_id} exists" unless event_admin
 
@@ -111,12 +111,12 @@ def download_guest_list
 
   private
 
-  def populate_params_event(params)
-    params[:event][:start_time]               = Time.from_picker(params.delete(:start_time))
-    params[:event][:end_time]                 = Time.from_picker(params.delete(:end_time))
-    params[:event][:ticket_sales_start_time]  = Time.from_picker(params.delete(:ticket_sales_start_time))
-    params[:event][:ticket_sales_end_time]    = Time.from_picker(params.delete(:ticket_sales_end_time))
-    params[:event][:ticket_requests_end_time] = Time.from_picker(params.delete(:ticket_requests_end_time))
+  def populate_permitted_params_event(permitted_params)
+    permitted_params[:event][:start_time]               = Time.from_picker(permitted_params.delete(:start_time))
+    permitted_params[:event][:end_time]                 = Time.from_picker(permitted_params.delete(:end_time))
+    permitted_params[:event][:ticket_sales_start_time]  = Time.from_picker(permitted_params.delete(:ticket_sales_start_time))
+    permitted_params[:event][:ticket_sales_end_time]    = Time.from_picker(permitted_params.delete(:ticket_sales_end_time))
+    permitted_params[:event][:ticket_requests_end_time] = Time.from_picker(permitted_params.delete(:ticket_requests_end_time))
   end
 
   def completed_ticket_requests
@@ -129,6 +129,10 @@ def completed_ticket_requests
   end
 
   def set_event
-    @event = Event.find(params[:id])
+    @event = Event.find(permitted_params[:id])
+  end
+
+  def permitted_params
+    params.permit(:id, :event, :user_email, :user_id, :start_time, :end_time, :ticket_sales_start_time, :ticket_sales_end_time, :ticket_requests_end_time)
   end
 end

app/controllers/home_controller.rb

@@ -23,7 +23,7 @@ def index
   end
 
   def oops
-    flash[:error] = 'No events exist at the moment, please have your Site Administrator create a public event first.'
+    flash.now[:error] = 'No events exist at the moment, please have your Site Administrator create a public event first.'
     render
   end
 end

app/controllers/jobs_controller.rb

@@ -37,7 +37,7 @@ def create
   def update
     @job = Job.find(params[:id])
 
-    if @job.update_attributes(params[:job])
+    if @job.update(params[:job])
       redirect_to event_job_path(@event, @job),
                   notice: 'Job was successfully updated.'
     else

app/controllers/passwords_controller.rb

@@ -8,6 +8,6 @@ def reset
       user.send_reset_password_instructions
     end
 
-    redirect_to request.referrer, alert: 'A password reset link has been sent to your email!'
+    redirect_to request.referer, alert: 'A password reset link has been sent to your email!'
   end
 end

app/controllers/shifts_controller.rb

@@ -6,7 +6,7 @@ class ShiftsController < ApplicationController
 
   def index
     @ticket_request = @event.ticket_requests.where(user_id: current_user).first
-    if !@ticket_request.present? && !current_user.site_admin?
+    if @ticket_request.blank? && !current_user.site_admin?
       flash[:error] = 'The user you are logged in with has not requested a ticket for this event'
       return redirect_to :root
     end

app/controllers/ticket_requests_controller.rb

@@ -45,7 +45,7 @@ def index
   def download
     temp_csv = Tempfile.new('csv')
 
-    raise(ArgumentError, 'Blank temp_csv') unless temp_csv && temp_csv&.path
+    raise(ArgumentError, 'Blank temp_csv') unless temp_csv&.path
 
     CSV.open(temp_csv.path, 'wb') do |csv|
       csv << (%w[name email] + TicketRequest.columns.map(&:name))
@@ -96,12 +96,12 @@ def edit
 
   def create
     unless @event.ticket_sales_open?
-      flash[:error] = 'Sorry, but ticket sales have closed'
+      flash.now[:error] = 'Sorry, but ticket sales have closed'
       return render action: 'new'
     end
 
-    params[:ticket_request][:user] = current_user if signed_in?
-    @ticket_request = TicketRequest.new(params[:ticket_request])
+    permitted_params[:ticket_request][:user] = current_user if signed_in?
+    @ticket_request = TicketRequest.new(permitted_params[:ticket_request])
 
     if @ticket_request.save
       FnF::Events::TicketRequestEvent.new(
@@ -123,9 +123,9 @@ def create
 
   def update
     # Allow ticket request to edit guests and nothing else
-    params[:ticket_request].slice!(:guests) unless @event.admin?(current_user)
+    permitted_params[:ticket_request].slice!(:guests) unless @event.admin?(current_user)
 
-    if @ticket_request.update_attributes(params[:ticket_request])
+    if @ticket_request.update(permitted_params[:ticket_request])
       redirect_to event_ticket_request_path(@event, @ticket_request)
     else
       render action: 'edit'
@@ -147,7 +147,7 @@ def approve
   end
 
   def decline
-    if @ticket_request.update_attributes(status: TicketRequest::STATUS_DECLINED)
+    if @ticket_request.update(status: TicketRequest::STATUS_DECLINED)
       ::FnF::Events::TicketRequestDeclinedEvent.new(
         user: current_user,
         target: @ticket_request
@@ -185,11 +185,15 @@ def refund
   private
 
   def set_event
-    @event = Event.find(params[:event_id])
+    @event = Event.find(permitted_params[:event_id])
   end
 
   def set_ticket_request
-    @ticket_request = TicketRequest.find(params[:id])
+    @ticket_request = TicketRequest.find(permitted_params[:id])
     redirect_to @event unless @ticket_request.event == @event
   end
+
+  def permitted_params
+    params.permit(:event_id, :id, ticket_request: %i[address_line1 address_line2])
+  end
 end

app/controllers/time_slots_controller.rb

@@ -43,7 +43,7 @@ def update
     params[:time_slot][:start_time] = Time.from_picker(params.delete(:start_time))
     params[:time_slot][:end_time] = Time.from_picker(params.delete(:end_time))
 
-    if @time_slot.update_attributes(params[:time_slot])
+    if @time_slot.update(params[:time_slot])
       redirect_to event_job_path(@event, @job)
     else
       render action: 'edit'

app/helpers/ticket_requests_helper.rb

@@ -58,9 +58,9 @@ def eald_paid?(ticket_request)
   end
 
   def price_rules_to_json(event)
-    event.price_rules.map do |price_rule|
+    event.price_rules.to_h do |price_rule|
       [price_rule.trigger_value, price_rule.price.to_i]
-    end.to_h.to_json
+    end.to_json
   end
 
   def help_text_for(sym)

app/models/application_record.rb

@@ -0,0 +1,4 @@
+
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

app/models/eald_payment.rb

@@ -4,15 +4,13 @@
 #
 # We only associate this with an event, as we want to treat these separately
 # from ticket requests.
-class EaldPayment < ActiveRecord::Base
+class EaldPayment < ApplicationRecord
   include PaymentsHelper
 
   belongs_to :event
 
   attr_accessible :event_id, :name, :email, :early_arrival_passes, :late_departure_passes, :stripe_card_token
 
-  validates :event_id, presence: true
-
   validates :early_arrival_passes, presence: true,
                                    numericality: { only_integer: true, greater_than_or_equal_to: 0 }
 

app/models/event.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Core object containing all information related to an actual event being held.
-class Event < ActiveRecord::Base
+class Event < ApplicationRecord
   has_many :event_admins
   has_many :admins, through: :event_admins, source: :user
   has_many :jobs, dependent: :destroy
@@ -45,7 +45,7 @@ class Event < ActiveRecord::Base
            :ensure_prices_set_if_maximum_specified
 
   def admin?(user)
-    user && (user.site_admin? || admins.where(id: user).exists?)
+    user && (user.site_admin? || admins.exists?(id: user))
   end
 
   def cabins_available?
@@ -56,18 +56,18 @@ def cabins_available?
   end
 
   def ticket_sales_open?
-    return false if ticket_sales_start_time && Time.now < ticket_sales_start_time
-    return Time.now < ticket_sales_end_time if ticket_sales_end_time
-    return false if Time.now >= end_time
+    return false if ticket_sales_start_time && Time.zone.now < ticket_sales_start_time
+    return Time.zone.now < ticket_sales_end_time if ticket_sales_end_time
+    return false if Time.zone.now >= end_time
 
     true
   end
 
   def ticket_requests_open?
-    return false if Time.now >= end_time
+    return false if Time.zone.now >= end_time
     return true unless ticket_requests_end_time
 
-    ticket_requests_end_time > Time.now
+    ticket_requests_end_time > Time.zone.now
   end
 
   def eald?