Conversation
Agent-Logs-Url: https://github.com/blocknotes/tiny_admin/sessions/701f4f0e-0369-4a49-ab32-a89eefb32223 Co-authored-by: blocknotes <6893256+blocknotes@users.noreply.github.com>
Agent-Logs-Url: https://github.com/blocknotes/tiny_admin/sessions/701f4f0e-0369-4a49-ab32-a89eefb32223 Co-authored-by: blocknotes <6893256+blocknotes@users.noreply.github.com>
- Section 2: Sortable column headers in Index (clickable links, ASC/DESC toggle, sanitization) - Section 3a: Range filters (gte/lte pair inputs + ActiveRecord/Sequel filter handling) - Section 3b: Multi-value select filters (multiple: true option + IN query) - Section 3c: Association filters (related model dropdown) - Section 4: SequelRepository plugin + BaseRepository contract docs + shared page_offset helper - Section 5: Config validation (unknown keys, strict_config mode, section type, repo interface check) - Section 6a: BCrypt support in SimpleAuth (auto-detect $2b$ prefix) - Section 6b: Login rate limiting (session-based, max_attempts/lockout_seconds) - Section 6c: Optional username support in SimpleAuth - Section 7: CsvExport action (text/csv, Content-Disposition, filter-aware) - Section 8: RBS signatures updated/added for all new code - Section 10a: Fix Show link rendered when only: [:index] - Section 10b: Normalize only: to symbols in Store - Section 10c: configure_from_file reset: keyword - Section 10e: Widgets raises ArgumentError for non-Phlex widgets Note: Section 9 (per-request load_settings) and Section 10d (BasicApp auth plugin deferred load) were investigated and reverted - class-level caching broke test isolation, and deferred auth plugin loading broke Rack middleware setup timing. Agent-Logs-Url: https://github.com/blocknotes/tiny_admin/sessions/701f4f0e-0369-4a49-ab32-a89eefb32223 Co-authored-by: blocknotes <6893256+blocknotes@users.noreply.github.com>
Agent-Logs-Url: https://github.com/blocknotes/tiny_admin/sessions/701f4f0e-0369-4a49-ab32-a89eefb32223 Co-authored-by: blocknotes <6893256+blocknotes@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
blocknotes
May 2, 2026 16:31
View session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Implements a broad set of improvements to TinyAdmin covering interactive index sorting, richer filter types, a Sequel repository plugin, hardened authentication, CSV export, configuration validation, RBS coverage, and several bug fixes. CRUD write operations are excluded (deferred).
Sortable Column Headers (Section 2)
Index table headers are now
<a>links that toggle ASC ▲ / DESC ▼. Sort params are validated against the known field list to prevent column injection.Filter Enhancements (Section 3)
type: :rangerenders a gte/lte input pair;apply_filtersmaps toWHERE col >= ? AND col <= ?type: :select, multiple: truerenders a multi-select; maps toIN (?)type: :associationwithassociation:,value_field:,label_field:populates a<select>from a related modelSequel Repository (Section 4)
New
TinyAdmin::Plugins::SequelRepositoryimplements the full repository contract for Sequel datasets (field inference viadb_schema, scalar/range/multi-select filters using Sequel expressions).BaseRepositorynow documents its contract in full and exposes apage_offsetprotected helper used by both AR and Sequel implementations.Configuration Validation (Section 5)
Settings#load_settingsnow validates: unknown top-level keys, invalid sectiontype:values, and missing required repository interface methods. Warnings by default;strict_config: trueraisesArgumentError.Authentication Hardening (Section 6)
SimpleAuthauto-detects$2b$/$2a$hash prefix; SHA-512 kept for backward compatmax_attempts(default 5) andlockout_seconds(default 300)username:config; when set, login form must supply a matching paramCSV Export (Section 7)
New
TinyAdmin::Actions::CsvExportcollection action — respects field/attribute config, applies active filters, returns atext/csvattachment. Default row cap is 10,000 (configurable viamax_export_limit:).RBS (Section 8)
All new/changed classes have updated signatures:
CsvExport,SequelRepository,SimpleAuth::BCRYPT_PREFIX,Index(show_link,sort_params),FiltersFormprivate helpers,Settingsnew constants/methods,BaseRepository#page_offset.Bug Fixes (Section 10)
only: [:index];show_linkflows Router → Action → ViewStore#add_resource_sectionnormalisesonly:values to symbols, removing the string/symbol dual-check inRouterconfigure_from_fileacceptsreset: falseto preserve prior programmatic settingsWidgetsraisesArgumentErrorfor non-Phlex::HTMLwidget classes instead of silently skipping