Back merge master

.gitignore

@@ -28,3 +28,8 @@
 
 # don't commit local env vars
 .env
+
+# Ignore RubyMine
+/.idea
+
+.generators

CHANGELOG.md

@@ -1,3 +1,23 @@
+## [1.22.4](https://github.com/codeRIT/hackathon-manager/compare/v1.22.3...v1.22.4) (2020-05-26)
+
+
+### Bug Fixes
+
+* **questionnaire:** Fixes error when trying to view a questionnaire modified by a deleted admin ([#236](https://github.com/codeRIT/hackathon-manager/issues/236)) ([](https://github.com/codeRIT/hackathon-manager/commit/2ffe116))
+
+## [1.22.3](https://github.com/codeRIT/hackathon-manager/compare/v1.22.2...v1.22.3) (2020-05-16)
+
+
+### Bug Fixes
+
+* **dashboard:** Fixes security vulnerability that allowed event_tracking role to access Dashboard ([#215](https://github.com/codeRIT/hackathon-manager/issues/215)) ([](https://github.com/codeRIT/hackathon-manager/commit/74a40ad))
+
+
+### Styles
+
+* **check-in:** Changes table header to be more descriptive ([#207](https://github.com/codeRIT/hackathon-manager/issues/207)) ([](https://github.com/codeRIT/hackathon-manager/commit/889fbd0))
+* **config:** Removes unused event_is_over flag ([#208](https://github.com/codeRIT/hackathon-manager/issues/208)) ([](https://github.com/codeRIT/hackathon-manager/commit/0c73e66))
+
 ## [1.22.2](https://github.com/codeRIT/hackathon-manager/compare/v1.22.1...v1.22.2) (2020-03-29)
 
 

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby '>= 2.5'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 5.2.4.2'
+gem 'rails', '~> 5.2.4.3'
 # Use mysql as the database for Active Record
 gem 'mysql2', '>= 0.4.4', '< 0.6.0'
 # Use Puma as the app server
@@ -61,7 +61,7 @@ gem 'mustache', '~> 1.0'
 # Assets
 gem 'sprockets'
 gem 'jquery-rails'
-gem 'jquery-ui-sass-rails'
+gem 'jquery-ui-rails'
 gem 'selectize-rails'
 gem 'highcharts-rails', '~> 6.0'
 gem 'bootstrap', '~> 4.3.1'

Gemfile.lock

@@ -1,43 +1,43 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.4.2)
-      actionpack (= 5.2.4.2)
+    actioncable (5.2.4.3)
+      actionpack (= 5.2.4.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.2)
+    actionmailer (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      actionview (= 5.2.4.3)
+      activejob (= 5.2.4.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.2)
-      actionview (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    actionpack (5.2.4.3)
+      actionview (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.2)
-      activesupport (= 5.2.4.2)
+    actionview (5.2.4.3)
+      activesupport (= 5.2.4.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.2)
-      activesupport (= 5.2.4.2)
+    activejob (5.2.4.3)
+      activesupport (= 5.2.4.3)
       globalid (>= 0.3.6)
-    activemodel (5.2.4.2)
-      activesupport (= 5.2.4.2)
-    activerecord (5.2.4.2)
-      activemodel (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    activemodel (5.2.4.3)
+      activesupport (= 5.2.4.3)
+    activerecord (5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       arel (>= 9.0)
-    activestorage (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      activerecord (= 5.2.4.2)
+    activestorage (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      activerecord (= 5.2.4.3)
       marcel (~> 0.3.1)
-    activesupport (5.2.4.2)
+    activesupport (5.2.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -56,23 +56,23 @@ GEM
     autoprefixer-rails (9.7.6)
       execjs
     aws-eventstream (1.1.0)
-    aws-partitions (1.305.0)
-    aws-sdk-core (3.94.0)
+    aws-partitions (1.317.0)
+    aws-sdk-core (3.96.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
       jmespath (~> 1.0)
-    aws-sdk-kms (1.30.0)
+    aws-sdk-kms (1.31.0)
       aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.63.0)
-      aws-sdk-core (~> 3, >= 3.83.0)
+    aws-sdk-s3 (1.65.0)
+      aws-sdk-core (~> 3, >= 3.96.1)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.1.3)
       aws-eventstream (~> 1.0, >= 1.0.2)
     bcrypt (3.1.13)
-    better_errors (2.7.0)
+    better_errors (2.7.1)
       coderay (>= 1.0.0)
       erubi (>= 1.0.0)
       rack (>= 0.9.0)
@@ -92,7 +92,7 @@ GEM
       sassc-rails (>= 2.0.0)
     builder (3.2.4)
     byebug (11.1.3)
-    capybara (3.32.1)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -127,7 +127,7 @@ GEM
       doorkeeper
       rails
     docile (1.3.2)
-    doorkeeper (5.3.1)
+    doorkeeper (5.4.0)
       railties (>= 5)
     dotenv (2.7.5)
     dotenv-rails (2.7.5)
@@ -154,7 +154,7 @@ GEM
     font-awesome-rails (4.7.0.5)
       railties (>= 3.2, < 6.1)
     formatador (0.2.5)
-    fugit (1.3.4)
+    fugit (1.3.5)
       et-orbi (~> 1.1, >= 1.1.8)
       raabro (~> 1.1)
     globalid (0.4.2)
@@ -199,17 +199,12 @@ GEM
       concurrent-ruby (~> 1.0)
     io-like (0.3.1)
     jmespath (1.4.0)
-    jquery-rails (4.3.5)
+    jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-ui-rails (4.0.3)
-      jquery-rails
-      railties (>= 3.1.0)
-    jquery-ui-sass-rails (4.0.3.0)
-      jquery-rails
-      jquery-ui-rails (= 4.0.3)
-      railties (>= 3.1.0)
+    jquery-ui-rails (6.0.1)
+      railties (>= 3.2.16)
     json (2.3.0)
     jwt (2.2.1)
     listen (3.1.5)
@@ -227,11 +222,11 @@ GEM
     method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0425)
-    mimemagic (0.3.4)
+    mime-types-data (3.2020.0512)
+    mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.14.0)
+    minitest (5.14.1)
     minitest-reporters (1.4.2)
       ansi
       builder
@@ -275,27 +270,27 @@ GEM
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.4)
-    puma (4.3.3)
+    public_suffix (4.0.5)
+    puma (4.3.5)
       nio4r (~> 2.0)
-    raabro (1.1.6)
-    rack (2.2.2)
+    raabro (1.3.1)
+    rack (2.2.3)
     rack-protection (2.0.8.1)
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.4.2)
-      actioncable (= 5.2.4.2)
-      actionmailer (= 5.2.4.2)
-      actionpack (= 5.2.4.2)
-      actionview (= 5.2.4.2)
-      activejob (= 5.2.4.2)
-      activemodel (= 5.2.4.2)
-      activerecord (= 5.2.4.2)
-      activestorage (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    rails (5.2.4.3)
+      actioncable (= 5.2.4.3)
+      actionmailer (= 5.2.4.3)
+      actionpack (= 5.2.4.3)
+      actionview (= 5.2.4.3)
+      activejob (= 5.2.4.3)
+      activemodel (= 5.2.4.3)
+      activerecord (= 5.2.4.3)
+      activestorage (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       bundler (>= 1.3.0)
-      railties (= 5.2.4.2)
+      railties (= 5.2.4.3)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.4)
       actionpack (>= 5.0.1.x)
@@ -313,18 +308,18 @@ GEM
       rails_stdout_logging
     rails_serve_static_assets (0.0.5)
     rails_stdout_logging (0.0.5)
-    railties (5.2.4.2)
-      actionpack (= 5.2.4.2)
-      activesupport (= 5.2.4.2)
+    railties (5.2.4.3)
+      actionpack (= 5.2.4.3)
+      activesupport (= 5.2.4.3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rake (13.0.1)
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.5.0)
-    redis (4.1.3)
+    redis (4.1.4)
     regexp_parser (1.7.0)
     responders (3.0.0)
       actionpack (>= 5.0)
@@ -418,7 +413,7 @@ GEM
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
     valid_attribute (2.0.0)
-    validate_url (1.0.8)
+    validate_url (1.0.11)
       activemodel (>= 3.0.0)
       public_suffix
     warden (1.2.8)
@@ -434,7 +429,7 @@ GEM
       hashdiff (>= 0.4.0, < 2.0.0)
     websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.4)
+    websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.3.0)
@@ -470,15 +465,15 @@ DEPENDENCIES
   highcharts-rails (~> 6.0)
   httparty
   jquery-rails
-  jquery-ui-sass-rails
+  jquery-ui-rails
   listen (>= 3.0.5, < 3.2)
   minitest-reporters
   mustache (~> 1.0)
   mysql2 (>= 0.4.4, < 0.6.0)
   omniauth-mlh (~> 0.1)
   omniauth-rails_csrf_protection
   puma (~> 4.3)
-  rails (~> 5.2.4.2)
+  rails (~> 5.2.4.3)
   rails-controller-testing
   rails-settings-cached (~> 0.7.2)
   rails_12factor

app/assets/config/manifest.js

@@ -1,3 +1,4 @@
 //= link_tree ../images
 //= link_tree ../javascripts .js
 //= link_directory ../stylesheets .css
+//= link application.css

app/assets/javascripts/application.js

@@ -14,7 +14,7 @@
 //= require activestorage
 //= require turbolinks
 //= require jquery
-//= require jquery.ui.autocomplete
+//= require jquery-ui/widgets/autocomplete
 //= require highcharts
 //= require chartkick
 //= require ./vendor/debounce

app/assets/javascripts/registrations.js

@@ -1,6 +1,7 @@
 document.addEventListener('turbolinks:load', function() {
   $('[data-school-picker]').autocomplete({
     source: function(request, response) {
+      $(".ui-helper-hidden-accessible").hide();
       $.ajax({
         url: '/apply/schools',
         dataType: 'json',

app/assets/stylesheets/forms/_forms.sass

@@ -261,9 +261,10 @@ input[type=submit]
     color: var(--input--text--focus)
   list-style: none
   padding: 0
-  .ui-menu-item a
+  .ui-menu-item div
     padding: 2px 5px
     display: block
+    cursor: pointer
     &:hover, &.ui-state-focus
       @include css4
         background: var(--primary)

app/controllers/manage/dashboard_controller.rb

@@ -1,6 +1,6 @@
 class Manage::DashboardController < Manage::ApplicationController
   skip_before_action :require_admin_or_limited_admin
-  before_action :require_admin_or_limited_admin_or_event_tracking
+  before_action :require_admin_or_limited_admin
 
   def index
   end

app/helpers/audit_helper.rb

@@ -3,7 +3,7 @@ def display_audit_value(value, field)
     return "(none)" if value.blank?
     return Questionnaire::POSSIBLE_ACC_STATUS[value] if field == "acc_status"
     return BusList.find(value)&.name || value if field == "bus_list_id"
-    return User.find(value)&.full_name || value if field == "checked_in_by_id"
+    return User.find_by_id(value)&.full_name || "(deleted user)" if field == "checked_in_by_id"
     return value.join(", ") if value.is_a? Array
     return display_datetime(value, relative: false) if value.is_a? Time
 

app/models/questionnaire.rb

@@ -159,7 +159,7 @@ def date_of_birth_formatted
 
   def acc_status_author
     return unless acc_status_author_id.present?
-    User.find(acc_status_author_id)
+    User.find_by_id(acc_status_author_id)
   end
 
   def checked_in?
@@ -172,7 +172,7 @@ def boarded_bus?
 
   def checked_in_by
     return unless checked_in_by_id.present?
-    User.find(checked_in_by_id)
+    User.find_by_id(checked_in_by_id)
   end
 
   def fips_code

app/views/manage/questionnaires/_checkin_card.html.haml

@@ -5,7 +5,13 @@
       = render 'manage/questionnaires/check_in_badge'
       - if @questionnaire.checked_in_at
         %small
-          = @questionnaire.checked_in_by_id ? @questionnaire.checked_in_by.email : "(never checked in)"
+          - if @questionnaire.checked_in_by_id
+            - if @questionnaire.checked_in_by
+              = @questionnaire.checked_in_by.email
+            - else
+              = "(deleted user)"
+          - else
+            = "(never checked in)"
           = @questionnaire.checked_in_at ? display_datetime(@questionnaire.checked_in_at, in_sentence: true) : "(not checked in)"
     - if !@questionnaire.checked_in_at
       %p.card-text