From 59184122f77b1aebaa7b3b2eaa4fd8f5df8934eb Mon Sep 17 00:00:00 2001
From: Sojan Jose <sojan@pepalo.com>
Date: Thu, 25 Jan 2024 17:33:21 +0400
Subject: [PATCH] fix: [Snyk] Security upgrade administrate from 0.19.0 to
 0.20.1 (#8741)

-  Upgrade  administrate  gem to latest
- Update the `show` partial with changes from upstream
---
 Gemfile                                      |  2 +-
 Gemfile.lock                                 | 16 +++----
 app/views/super_admin/accounts/show.html.erb | 42 ++++++++++++-------
 app/views/super_admin/users/show.html.erb    | 44 ++++++++++++--------
 4 files changed, 62 insertions(+), 42 deletions(-)

diff --git a/Gemfile b/Gemfile
index 0f9a1d5ba..144240b62 100644
--- a/Gemfile
+++ b/Gemfile
@@ -74,7 +74,7 @@ gem 'devise_token_auth'
 gem 'jwt'
 gem 'pundit'
 # super admin
-gem 'administrate', '>= 0.19.0'
+gem 'administrate', '>= 0.20.1'
 gem 'administrate-field-active_storage', '>= 1.0.1'
 gem 'administrate-field-belongs_to_search', '>= 0.9.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 08c2696c6..62c6829ed 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -105,12 +105,12 @@ GEM
       activerecord (>= 6.0, < 7.1)
     addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
-    administrate (0.19.0)
-      actionpack (>= 5.0)
-      actionview (>= 5.0)
-      activerecord (>= 5.0)
-      jquery-rails (>= 4.0)
-      kaminari (>= 1.0)
+    administrate (0.20.1)
+      actionpack (>= 6.0, < 8.0)
+      actionview (>= 6.0, < 8.0)
+      activerecord (>= 6.0, < 8.0)
+      jquery-rails (~> 4.6.0)
+      kaminari (~> 1.2.2)
       sassc-rails (~> 2.1)
       selectize-rails (~> 0.6)
     administrate-field-active_storage (1.0.1)
@@ -461,7 +461,7 @@ GEM
     mini_magick (4.12.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.5)
-    minitest (5.20.0)
+    minitest (5.21.2)
     mock_redis (0.36.0)
       ruby2_keywords
     msgpack (1.7.0)
@@ -840,7 +840,7 @@ DEPENDENCIES
   active_record_query_trace
   activerecord-import
   acts-as-taggable-on
-  administrate (>= 0.19.0)
+  administrate (>= 0.20.1)
   administrate-field-active_storage (>= 1.0.1)
   administrate-field-belongs_to_search (>= 0.9.0)
   annotate
diff --git a/app/views/super_admin/accounts/show.html.erb b/app/views/super_admin/accounts/show.html.erb
index 65cb6c567..fb8947f69 100644
--- a/app/views/super_admin/accounts/show.html.erb
+++ b/app/views/super_admin/accounts/show.html.erb
@@ -34,16 +34,24 @@ as well as a link to its edit page.
 
 <section class="main-content__body">
   <dl>
-    <% page.attributes.each do |attribute| %>
-      <dt class="attribute-label" id="<%= attribute.name %>">
-      <%= t(
-        "helpers.label.#{resource_name}.#{attribute.name}",
-        default: attribute.name.titleize,
-      ) %>
-      </dt>
+    <% page.attributes.each do |title, attributes| %>
+      <fieldset class="<%= "field-unit--nested" if title.present? %>">
+        <% if title.present? %>
+          <legend><%= t "helpers.label.#{page.resource_name}.#{title}", default: title %></legend>
+        <% end %>
 
-      <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
-          ><%= render_field attribute, page: page %></dd>
+        <% attributes.each do |attribute| %>
+          <dt class="attribute-label" id="<%= attribute.name %>">
+          <%= t(
+            "helpers.label.#{resource_name}.#{attribute.name}",
+            default: page.resource.class.human_attribute_name(attribute.name),
+          ) %>
+          </dt>
+
+          <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
+              ><%= render_field attribute, page: page %></dd>
+        <% end %>
+      </fieldset>
     <% end %>
   </dl>
 </section>
@@ -69,13 +77,15 @@ as well as a link to its edit page.
     </div>
   <% end %>
 
-  <% account_user_page.attributes.each do |attribute| -%>
-    <% if attribute.name == "account" %>
-      <%= f.hidden_field('account_id', value: page.resource.id) %>
-    <% else %>
-    <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
-      <%= render_field attribute, f: f %>
-    </div>
+  <% account_user_page.attributes.each do |title, attributes| -%>
+    <% attributes.each do |attribute| %>
+      <% if attribute.name == "account" %>
+        <%= f.hidden_field('account_id', value: page.resource.id) %>
+      <% else %>
+      <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
+        <%= render_field attribute, f: f %>
+      </div>
+      <% end %>
     <% end %>
   <% end -%>
 
diff --git a/app/views/super_admin/users/show.html.erb b/app/views/super_admin/users/show.html.erb
index 37a79b121..a5bc2bf39 100644
--- a/app/views/super_admin/users/show.html.erb
+++ b/app/views/super_admin/users/show.html.erb
@@ -34,16 +34,24 @@ as well as a link to its edit page.
 
 <section class="main-content__body">
   <dl>
-    <% page.attributes.each do |attribute| %>
-      <dt class="attribute-label" id="<%= attribute.name %>">
-      <%= t(
-        "helpers.label.#{resource_name}.#{attribute.name}",
-        default: attribute.name.titleize,
-      ) %>
-      </dt>
+    <% page.attributes.each do |title, attributes| %>
+      <fieldset class="<%= "field-unit--nested" if title.present? %>">
+        <% if title.present? %>
+          <legend><%= t "helpers.label.#{page.resource_name}.#{title}", default: title %></legend>
+        <% end %>
 
-      <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
-          ><%= render_field attribute, page: page %></dd>
+        <% attributes.each do |attribute| %>
+          <dt class="attribute-label" id="<%= attribute.name %>">
+          <%= t(
+            "helpers.label.#{resource_name}.#{attribute.name}",
+            default: page.resource.class.human_attribute_name(attribute.name),
+          ) %>
+          </dt>
+
+          <dd class="attribute-data attribute-data--<%=attribute.html_class%>"
+              ><%= render_field attribute, page: page %></dd>
+        <% end %>
+      </fieldset>
     <% end %>
   </dl>
 </section>
@@ -69,14 +77,16 @@ as well as a link to its edit page.
     </div>
   <% end %>
 
-  <% account_user_page.attributes.each do |attribute| -%>
-    <% if attribute.name == "user" %>
-      <%= f.hidden_field('user_id', value: page.resource.id) %>
-    <% else %>
-    <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
-      <%= render_field attribute, f: f %>
-    </div>
-    <% end %>
+  <% account_user_page.attributes.each do |title, attributes| -%>
+    <% attributes.each do |attribute| %>
+      <% if attribute.name == "user" %>
+        <%= f.hidden_field('user_id', value: page.resource.id) %>
+      <% else %>
+      <div class="field-unit field-unit--<%= attribute.html_class %> field-unit--<%= requireness(attribute) %>">
+        <%= render_field attribute, f: f %>
+      </div>
+      <% end %>
+    <% end %>  
   <% end -%>
 
   <div class="form-actions">