RubyGems - solidus_core - Versions diffs - 1.1.0.pre1 → 1.1.0.pre2 - Mend

solidus_core 1.1.0.pre1 → 1.1.0.pre2

Potentially problematic release.

This version of solidus_core might be problematic. Click here for more details.

Files changed (72) hide show

data/{app/models → lib}/spree/permission_sets/stock_transfer_management.rb RENAMED Viewed

File without changes

data/{app/models → lib}/spree/permission_sets/super_user.rb RENAMED Viewed

File without changes

data/{app/models → lib}/spree/permission_sets/user_display.rb RENAMED Viewed

File without changes

data/lib/spree/permission_sets/user_management.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Spree
+  module PermissionSets
+    class UserManagement < PermissionSets::Base
+      def activate!
+        can [:admin, :display, :create, :update, :save_in_address_book, :remove_from_address_book, :addresses, :orders, :items], Spree.user_class
+        # due to how cancancan filters by associations,
+        # we have to define this twice, once for `accessible_by`
+        can :update_email, Spree.user_class, spree_roles: { id: nil }
+        # and once for `can?`
+        can :update_email, Spree.user_class do |user|
+          user.spree_roles.none?
+        end
+        cannot [:delete, :destroy], Spree.user_class
+        can :manage, Spree::StoreCredit
+        can :display, Spree::Role
+      end
+    end
+  end
+end

data/lib/spree/permitted_attributes.rb CHANGED Viewed

@@ -80,8 +80,8 @@ module Spree
     @@return_authorization_attributes = [:memo, :stock_location_id, :return_reason_id, return_items_attributes: [:inventory_unit_id, :exchange_variant_id, :return_reason_id]]
     @@shipment_attributes = [
-      :order, :special_instructions, :stock_location_id, :id,
-      :tracking, :address, :inventory_units, :selected_shipping_rate_id]
+      :special_instructions, :stock_location_id, :id, :tracking,
+      :selected_shipping_rate_id]
     # month / year may be provided by some sources, or others may elect to use one field
     @@source_attributes = [
@@ -110,8 +110,11 @@ module Spree
     @@transfer_item_attributes = [:variant_id, :expected_quantity, :received_quantity]
-    # TODO Should probably use something like Spree.user_class.attributes
-    @@user_attributes = [:email, :password, :password_confirmation]
+    # intentionally leaving off email here to prevent privilege escalation
+    # by changing a user with higher priveleges' email to one a lower-priveleged
+    # admin owns. creating a user with an email is handled separate at the
+    # controller level
+    @@user_attributes = [:password, :password_confirmation]
     @@variant_attributes = [
       :name, :presentation, :cost_price, :lock_version,

data/lib/spree/testing_support/factories/order_factory.rb CHANGED Viewed

@@ -60,8 +60,12 @@ FactoryGirl.define do
           payment_state 'paid'
           shipment_state 'ready'
-          after(:create) do |order|
-            create(:payment, amount: order.total, order: order, state: 'completed')
+          transient do
+            payment_type :credit_card_payment
+          end
+          after(:create) do |order, evaluator|
+            create(evaluator.payment_type, amount: order.total, order: order, state: 'completed')
             order.shipments.each do |shipment|
               shipment.inventory_units.update_all state: 'on_hand'
               shipment.update_column('state', 'ready')

data/lib/spree/testing_support/factories/tracker_factory.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 FactoryGirl.define do
   factory :tracker, class: Spree::Tracker do
-    environment { Rails.env }
     analytics_id 'A100'
     active true
   end

data/lib/spree/testing_support/order_walkthrough.rb CHANGED Viewed

@@ -1,18 +1,21 @@
 class OrderWalkthrough
   def self.up_to(state)
+    new.up_to(state)
+  end
+  def up_to(state)
     # Need to create a valid zone too...
-    zone = FactoryGirl.create(:zone)
-    country = FactoryGirl.create(:country)
-    zone.members << Spree::ZoneMember.create(:zoneable => country)
-    country.states << FactoryGirl.create(:state, :country => country)
+    @zone = FactoryGirl.create(:zone)
+    @country = FactoryGirl.create(:country)
+    @state = FactoryGirl.create(:state, :country => @country)
+    @zone.members << Spree::ZoneMember.create(:zoneable => @country)
     # A shipping method must exist for rates to be displayed on checkout page
-    unless Spree::ShippingMethod.exists?
-      FactoryGirl.create(:shipping_method).tap do |sm|
-        sm.calculator.preferred_amount = 10
-        sm.calculator.preferred_currency = Spree::Config[:currency]
-        sm.calculator.save
-      end
+    FactoryGirl.create(:shipping_method, zones: [@zone]).tap do |sm|
+      sm.calculator.preferred_amount = 10
+      sm.calculator.preferred_currency = Spree::Config[:currency]
+      sm.calculator.save
     end
     order = Spree::Order.create!(
@@ -38,22 +41,22 @@ class OrderWalkthrough
   private
-  def self.add_line_item!(order)
+  def add_line_item!(order)
     FactoryGirl.create(:line_item, order: order)
     order.reload
   end
-  def self.address(order)
-    order.bill_address = FactoryGirl.create(:address, :country_id => Spree::Zone.global.members.first.zoneable.id)
-    order.ship_address = FactoryGirl.create(:address, :country_id => Spree::Zone.global.members.first.zoneable.id)
+  def address(order)
+    order.bill_address = FactoryGirl.create(:address, :country => @country, state: @state)
+    order.ship_address = FactoryGirl.create(:address, :country => @country, state: @state)
     order.next!
   end
-  def self.delivery(order)
+  def delivery(order)
     order.next!
   end
-  def self.payment(order)
+  def payment(order)
     credit_card = FactoryGirl.create(:credit_card)
     order.payments.create!(:payment_method => credit_card.payment_method, :amount => order.total, source: credit_card)
     # TODO: maybe look at some way of making this payment_state change automatic
@@ -61,15 +64,15 @@ class OrderWalkthrough
     order.next!
   end
-  def self.confirm(order)
+  def confirm(order)
     order.complete!
   end
-  def self.complete(order)
+  def complete(order)
     #noop?
   end
-  def self.states
+  def states
     [:address, :delivery, :payment, :confirm]
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_core
 version: !ruby/object:Gem::Version
-  version: 1.1.0.pre1
+  version: 1.1.0.pre2
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-09-30 00:00:00.000000000 Z
+date: 2015-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemerchant
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: deface
   requirement: !ruby/object:Gem::Requirement
@@ -452,29 +452,6 @@ files:
 - app/models/spree/payment_method.rb
 - app/models/spree/payment_method/check.rb
 - app/models/spree/payment_method/store_credit.rb
-- app/models/spree/permission_sets/base.rb
-- app/models/spree/permission_sets/configuration_display.rb
-- app/models/spree/permission_sets/configuration_management.rb
-- app/models/spree/permission_sets/dashboard_display.rb
-- app/models/spree/permission_sets/default_customer.rb
-- app/models/spree/permission_sets/order_display.rb
-- app/models/spree/permission_sets/order_management.rb
-- app/models/spree/permission_sets/product_display.rb
-- app/models/spree/permission_sets/product_management.rb
-- app/models/spree/permission_sets/promotion_display.rb
-- app/models/spree/permission_sets/promotion_management.rb
-- app/models/spree/permission_sets/report_display.rb
-- app/models/spree/permission_sets/restricted_stock_display.rb
-- app/models/spree/permission_sets/restricted_stock_management.rb
-- app/models/spree/permission_sets/restricted_stock_transfer_display.rb
-- app/models/spree/permission_sets/restricted_stock_transfer_management.rb
-- app/models/spree/permission_sets/stock_display.rb
-- app/models/spree/permission_sets/stock_management.rb
-- app/models/spree/permission_sets/stock_transfer_display.rb
-- app/models/spree/permission_sets/stock_transfer_management.rb
-- app/models/spree/permission_sets/super_user.rb
-- app/models/spree/permission_sets/user_display.rb
-- app/models/spree/permission_sets/user_management.rb
 - app/models/spree/preference.rb
 - app/models/spree/preferences/configuration.rb
 - app/models/spree/preferences/preferable.rb
@@ -496,6 +473,7 @@ files:
 - app/models/spree/promotion/actions/create_quantity_adjustments.rb
 - app/models/spree/promotion/actions/free_shipping.rb
 - app/models/spree/promotion/rules/first_order.rb
+- app/models/spree/promotion/rules/first_repeat_purchase_since.rb
 - app/models/spree/promotion/rules/item_total.rb
 - app/models/spree/promotion/rules/nth_order.rb
 - app/models/spree/promotion/rules/one_use_per_user.rb
@@ -518,6 +496,7 @@ files:
 - app/models/spree/promotion_rule_user.rb
 - app/models/spree/property.rb
 - app/models/spree/prototype.rb
+- app/models/spree/prototype_taxon.rb
 - app/models/spree/refund.rb
 - app/models/spree/refund_reason.rb
 - app/models/spree/reimbursement.rb
@@ -826,6 +805,7 @@ files:
 - db/migrate/20150121202544_add_restock_inventory_to_stock_location.rb
 - db/migrate/20150122202432_add_code_to_spree_promotion_categories.rb
 - db/migrate/20150127161843_create_order_stock_locations.rb
+- db/migrate/20150128032538_remove_environment_from_tracker.rb
 - db/migrate/20150203151219_add_fulfillable_to_stock_location.rb
 - db/migrate/20150205210527_add_code_to_refund_reason.rb
 - db/migrate/20150213160148_add_promotion_code_id_to_orders_promotions.rb
@@ -861,9 +841,11 @@ files:
 - db/migrate/20150514185559_add_invalidated_at_to_spree_store_credits.rb
 - db/migrate/20150514201836_migrate_deleted_store_credits_to_invalidated.rb
 - db/migrate/20150515170322_add_check_stock_on_transfer.rb
+- db/migrate/20150515211137_fix_adjustment_order_id.rb
 - db/migrate/20150528125647_delete_inventory_units_without_shipment.rb
 - db/migrate/20150601191251_add_deleted_at_to_stock_transfers.rb
 - db/migrate/20150601204148_add_deleted_at_to_transfer_items.rb
+- db/migrate/20150609093816_increase_scale_on_pre_tax_amounts.rb
 - db/migrate/20150609193231_add_preferences_to_promotion_actions.rb
 - db/migrate/20150610182638_add_id_to_spree_option_values_variants.rb
 - db/migrate/20150611200247_add_frontend_viewable_to_spree_orders.rb
@@ -889,7 +871,14 @@ files:
 - db/migrate/20150824213633_convert_habtm_to_hmt_for_shipping_methods_zones.rb
 - db/migrate/20150824214129_convert_habtm_to_hmt_for_products_promotion_rules.rb
 - db/migrate/20150825204216_drop_spree_gateways.rb
+- db/migrate/20150826002555_convert_habtm_to_hmt_for_taxon_prototypes.rb
 - db/migrate/20150909123605_create_variant_properties_and_rules.rb
+- db/migrate/20151010003252_add_foreign_keys_for_taxons_prototypes.rb
+- db/migrate/20151013222921_remove_token_permissions_table.rb
+- db/migrate/20151014213349_rename_identifier_to_number_for_payment.rb
+- db/migrate/20151015203732_add_foreign_keys_for_product_promotion_rules.rb
+- db/migrate/20151021113730_add_sale_to_spree_promotions.rb
+- db/migrate/20151021163309_convert_sale_promotions.rb
 - db/seeds.rb
 - lib/generators/spree/custom_user/custom_user_generator.rb
 - lib/generators/spree/custom_user/templates/authentication_helpers.rb.tt
@@ -939,12 +928,37 @@ files:
 - lib/spree/core/unreturned_item_charger.rb
 - lib/spree/core/validators/email.rb
 - lib/spree/core/version.rb
+- lib/spree/deprecation.rb
 - lib/spree/i18n.rb
 - lib/spree/localized_number.rb
 - lib/spree/mailer_previews/carton_preview.rb
 - lib/spree/mailer_previews/order_preview.rb
 - lib/spree/migrations.rb
 - lib/spree/money.rb
+- lib/spree/permission_sets.rb
+- lib/spree/permission_sets/base.rb
+- lib/spree/permission_sets/configuration_display.rb
+- lib/spree/permission_sets/configuration_management.rb
+- lib/spree/permission_sets/dashboard_display.rb
+- lib/spree/permission_sets/default_customer.rb
+- lib/spree/permission_sets/order_display.rb
+- lib/spree/permission_sets/order_management.rb
+- lib/spree/permission_sets/product_display.rb
+- lib/spree/permission_sets/product_management.rb
+- lib/spree/permission_sets/promotion_display.rb
+- lib/spree/permission_sets/promotion_management.rb
+- lib/spree/permission_sets/report_display.rb
+- lib/spree/permission_sets/restricted_stock_display.rb
+- lib/spree/permission_sets/restricted_stock_management.rb
+- lib/spree/permission_sets/restricted_stock_transfer_display.rb
+- lib/spree/permission_sets/restricted_stock_transfer_management.rb
+- lib/spree/permission_sets/stock_display.rb
+- lib/spree/permission_sets/stock_management.rb
+- lib/spree/permission_sets/stock_transfer_display.rb
+- lib/spree/permission_sets/stock_transfer_management.rb
+- lib/spree/permission_sets/super_user.rb
+- lib/spree/permission_sets/user_display.rb
+- lib/spree/permission_sets/user_management.rb
 - lib/spree/permitted_attributes.rb
 - lib/spree/promo/environment.rb
 - lib/spree/responder.rb

data/app/models/spree/permission_sets/user_management.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Spree
-  module PermissionSets
-    class UserManagement < PermissionSets::Base
-      def activate!
-        can :manage, Spree.user_class
-        cannot [:delete, :destroy], Spree.user_class
-        can :manage, Spree::StoreCredit
-        can :display, Spree::Role
-      end
-    end
-  end
-end