RubyGems - solidus_core - Versions diffs - 1.1.0.pre1 → 1.1.0.pre2 - Mend

solidus_core 1.1.0.pre1 → 1.1.0.pre2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of solidus_core might be problematic. Click here for more details.

Files changed (72) hide show

data/{app/models → lib}/spree/permission_sets/stock_transfer_management.rb RENAMED Viewed

File without changes

data/{app/models → lib}/spree/permission_sets/super_user.rb RENAMED Viewed

File without changes

data/{app/models → lib}/spree/permission_sets/user_display.rb RENAMED Viewed

File without changes

data/lib/spree/permission_sets/user_management.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Spree
+  module PermissionSets
+    class UserManagement < PermissionSets::Base
+      def activate!
+        can [:admin, :display, :create, :update, :save_in_address_book, :remove_from_address_book, :addresses, :orders, :items], Spree.user_class
+        # due to how cancancan filters by associations,
+        # we have to define this twice, once for `accessible_by`
+        can :update_email, Spree.user_class, spree_roles: { id: nil }
+        # and once for `can?`
+        can :update_email, Spree.user_class do |user|
+          user.spree_roles.none?
+        end
+        cannot [:delete, :destroy], Spree.user_class
+        can :manage, Spree::StoreCredit
+        can :display, Spree::Role
+      end
+    end
+  end
+end

data/lib/spree/permitted_attributes.rb CHANGED Viewed

@@ -80,8 +80,8 @@ module Spree
     @@return_authorization_attributes = [:memo, :stock_location_id, :return_reason_id, return_items_attributes: [:inventory_unit_id, :exchange_variant_id, :return_reason_id]]
     @@shipment_attributes = [
-      :order, :special_instructions, :stock_location_id, :id,
-      :tracking, :address, :inventory_units, :selected_shipping_rate_id]
+      :special_instructions, :stock_location_id, :id, :tracking,
+      :selected_shipping_rate_id]
     # month / year may be provided by some sources, or others may elect to use one field
     @@source_attributes = [
@@ -110,8 +110,11 @@ module Spree
     @@transfer_item_attributes = [:variant_id, :expected_quantity, :received_quantity]
-    # TODO Should probably use something like Spree.user_class.attributes
-    @@user_attributes = [:email, :password, :password_confirmation]
+    # intentionally leaving off email here to prevent privilege escalation
+    # by changing a user with higher priveleges' email to one a lower-priveleged
+    # admin owns. creating a user with an email is handled separate at the
+    # controller level
+    @@user_attributes = [:password, :password_confirmation]
     @@variant_attributes = [
       :name, :presentation, :cost_price, :lock_version,

data/lib/spree/testing_support/factories/order_factory.rb CHANGED Viewed

@@ -60,8 +60,12 @@ FactoryGirl.define do
           payment_state 'paid'
           shipment_state 'ready'
-          after(:create) do |order|
-            create(:payment, amount: order.total, order: order, state: 'completed')
+          transient do
+            payment_type :credit_card_payment
+          end
+          after(:create) do |order, evaluator|
+            create(evaluator.payment_type, amount: order.total, order: order, state: 'completed')
             order.shipments.each do |shipment|
               shipment.inventory_units.update_all state: 'on_hand'
               shipment.update_column('state', 'ready')

data/lib/spree/testing_support/factories/tracker_factory.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 FactoryGirl.define do
   factory :tracker, class: Spree::Tracker do
-    environment { Rails.env }
     analytics_id 'A100'
     active true
   end

data/lib/spree/testing_support/order_walkthrough.rb CHANGED Viewed

@@ -1,18 +1,21 @@
 class OrderWalkthrough
   def self.up_to(state)
+    new.up_to(state)
+  end
+  def up_to(state)
     # Need to create a valid zone too...
-    zone = FactoryGirl.create(:zone)
-    country = FactoryGirl.create(:country)
-    zone.members << Spree::ZoneMember.create(:zoneable => country)
-    country.states << FactoryGirl.create(:state, :country => country)
+    @zone = FactoryGirl.create(:zone)
+    @country = FactoryGirl.create(:country)
+    @state = FactoryGirl.create(:state, :country => @country)
+    @zone.members << Spree::ZoneMember.create(:zoneable => @country)
     # A shipping method must exist for rates to be displayed on checkout page
-    unless Spree::ShippingMethod.exists?
-      FactoryGirl.create(:shipping_method).tap do |sm|
-        sm.calculator.preferred_amount = 10
-        sm.calculator.preferred_currency = Spree::Config[:currency]
-        sm.calculator.save
-      end
+    FactoryGirl.create(:shipping_method, zones: [@zone]).tap do |sm|
+      sm.calculator.preferred_amount = 10
+      sm.calculator.preferred_currency = Spree::Config[:currency]
+      sm.calculator.save
     end
     order = Spree::Order.create!(
@@ -38,22 +41,22 @@ class OrderWalkthrough
   private
-  def self.add_line_item!(order)
+  def add_line_item!(order)
     FactoryGirl.create(:line_item, order: order)
     order.reload
   end
-  def self.address(order)
-    order.bill_address = FactoryGirl.create(:address, :country_id => Spree::Zone.global.members.first.zoneable.id)
-    order.ship_address = FactoryGirl.create(:address, :country_id => Spree::Zone.global.members.first.zoneable.id)
+  def address(order)
+    order.bill_address = FactoryGirl.create(:address, :country => @country, state: @state)
+    order.ship_address = FactoryGirl.create(:address, :country => @country, state: @state)
     order.next!
   end
-  def self.delivery(order)
+  def delivery(order)
     order.next!
   end
-  def self.payment(order)
+  def payment(order)
     credit_card = FactoryGirl.create(:credit_card)
     order.payments.create!(:payment_method => credit_card.payment_method, :amount => order.total, source: credit_card)
     # TODO: maybe look at some way of making this payment_state change automatic
@@ -61,15 +64,15 @@ class OrderWalkthrough
     order.next!
   end
-  def self.confirm(order)
+  def confirm(order)
     order.complete!
   end
-  def self.complete(order)
+  def complete(order)
     #noop?
   end
-  def self.states
+  def states
     [:address, :delivery, :payment, :confirm]
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_core
 version: !ruby/object:Gem::Version
-  version: 1.1.0.pre1
+  version: 1.1.0.pre2
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-09-30 00:00:00.000000000 Z
+date: 2015-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemerchant
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: deface
   requirement: !ruby/object:Gem::Requirement
@@ -452,29 +452,6 @@ files:
 - app/models/spree/payment_method.rb
 - app/models/spree/payment_method/check.rb
 - app/models/spree/payment_method/store_credit.rb
-- app/models/spree/permission_sets/base.rb
-- app/models/spree/permission_sets/configuration_display.rb
-- app/models/spree/permission_sets/configuration_management.rb
-- app/models/spree/permission_sets/dashboard_display.rb
-- app/models/spree/permission_sets/default_customer.rb
-- app/models/spree/permission_sets/order_display.rb
-- app/models/spree/permission_sets/order_management.rb
-- app/models/spree/permission_sets/product_display.rb
-- app/models/spree/permission_sets/product_management.rb
-- app/models/spree/permission_sets/promotion_display.rb
-- app/models/spree/permission_sets/promotion_management.rb
-- app/models/spree/permission_sets/report_display.rb
-- app/models/spree/permission_sets/restricted_stock_display.rb
-- app/models/spree/permission_sets/restricted_stock_management.rb
-- app/models/spree/permission_sets/restricted_stock_transfer_display.rb
-- app/models/spree/permission_sets/restricted_stock_transfer_management.rb
-- app/models/spree/permission_sets/stock_display.rb
-- app/models/spree/permission_sets/stock_management.rb
-- app/models/spree/permission_sets/stock_transfer_display.rb
-- app/models/spree/permission_sets/stock_transfer_management.rb
-- app/models/spree/permission_sets/super_user.rb
-- app/models/spree/permission_sets/user_display.rb
-- app/models/spree/permission_sets/user_management.rb
 - app/models/spree/preference.rb
 - app/models/spree/preferences/configuration.rb
 - app/models/spree/preferences/preferable.rb
@@ -496,6 +473,7 @@ files:
 - app/models/spree/promotion/actions/create_quantity_adjustments.rb
 - app/models/spree/promotion/actions/free_shipping.rb
 - app/models/spree/promotion/rules/first_order.rb
+- app/models/spree/promotion/rules/first_repeat_purchase_since.rb
 - app/models/spree/promotion/rules/item_total.rb
 - app/models/spree/promotion/rules/nth_order.rb
 - app/models/spree/promotion/rules/one_use_per_user.rb
@@ -518,6 +496,7 @@ files:
 - app/models/spree/promotion_rule_user.rb
 - app/models/spree/property.rb
 - app/models/spree/prototype.rb
+- app/models/spree/prototype_taxon.rb
 - app/models/spree/refund.rb
 - app/models/spree/refund_reason.rb
 - app/models/spree/reimbursement.rb
@@ -826,6 +805,7 @@ files:
 - db/migrate/20150121202544_add_restock_inventory_to_stock_location.rb
 - db/migrate/20150122202432_add_code_to_spree_promotion_categories.rb
 - db/migrate/20150127161843_create_order_stock_locations.rb
+- db/migrate/20150128032538_remove_environment_from_tracker.rb
 - db/migrate/20150203151219_add_fulfillable_to_stock_location.rb
 - db/migrate/20150205210527_add_code_to_refund_reason.rb
 - db/migrate/20150213160148_add_promotion_code_id_to_orders_promotions.rb
@@ -861,9 +841,11 @@ files:
 - db/migrate/20150514185559_add_invalidated_at_to_spree_store_credits.rb
 - db/migrate/20150514201836_migrate_deleted_store_credits_to_invalidated.rb
 - db/migrate/20150515170322_add_check_stock_on_transfer.rb
+- db/migrate/20150515211137_fix_adjustment_order_id.rb
 - db/migrate/20150528125647_delete_inventory_units_without_shipment.rb
 - db/migrate/20150601191251_add_deleted_at_to_stock_transfers.rb
 - db/migrate/20150601204148_add_deleted_at_to_transfer_items.rb
+- db/migrate/20150609093816_increase_scale_on_pre_tax_amounts.rb
 - db/migrate/20150609193231_add_preferences_to_promotion_actions.rb
 - db/migrate/20150610182638_add_id_to_spree_option_values_variants.rb
 - db/migrate/20150611200247_add_frontend_viewable_to_spree_orders.rb
@@ -889,7 +871,14 @@ files:
 - db/migrate/20150824213633_convert_habtm_to_hmt_for_shipping_methods_zones.rb
 - db/migrate/20150824214129_convert_habtm_to_hmt_for_products_promotion_rules.rb
 - db/migrate/20150825204216_drop_spree_gateways.rb
+- db/migrate/20150826002555_convert_habtm_to_hmt_for_taxon_prototypes.rb
 - db/migrate/20150909123605_create_variant_properties_and_rules.rb
+- db/migrate/20151010003252_add_foreign_keys_for_taxons_prototypes.rb
+- db/migrate/20151013222921_remove_token_permissions_table.rb
+- db/migrate/20151014213349_rename_identifier_to_number_for_payment.rb
+- db/migrate/20151015203732_add_foreign_keys_for_product_promotion_rules.rb
+- db/migrate/20151021113730_add_sale_to_spree_promotions.rb
+- db/migrate/20151021163309_convert_sale_promotions.rb
 - db/seeds.rb
 - lib/generators/spree/custom_user/custom_user_generator.rb
 - lib/generators/spree/custom_user/templates/authentication_helpers.rb.tt
@@ -939,12 +928,37 @@ files:
 - lib/spree/core/unreturned_item_charger.rb
 - lib/spree/core/validators/email.rb
 - lib/spree/core/version.rb
+- lib/spree/deprecation.rb
 - lib/spree/i18n.rb
 - lib/spree/localized_number.rb
 - lib/spree/mailer_previews/carton_preview.rb
 - lib/spree/mailer_previews/order_preview.rb
 - lib/spree/migrations.rb
 - lib/spree/money.rb
+- lib/spree/permission_sets.rb
+- lib/spree/permission_sets/base.rb
+- lib/spree/permission_sets/configuration_display.rb
+- lib/spree/permission_sets/configuration_management.rb
+- lib/spree/permission_sets/dashboard_display.rb
+- lib/spree/permission_sets/default_customer.rb
+- lib/spree/permission_sets/order_display.rb
+- lib/spree/permission_sets/order_management.rb
+- lib/spree/permission_sets/product_display.rb
+- lib/spree/permission_sets/product_management.rb
+- lib/spree/permission_sets/promotion_display.rb
+- lib/spree/permission_sets/promotion_management.rb
+- lib/spree/permission_sets/report_display.rb
+- lib/spree/permission_sets/restricted_stock_display.rb
+- lib/spree/permission_sets/restricted_stock_management.rb
+- lib/spree/permission_sets/restricted_stock_transfer_display.rb
+- lib/spree/permission_sets/restricted_stock_transfer_management.rb
+- lib/spree/permission_sets/stock_display.rb
+- lib/spree/permission_sets/stock_management.rb
+- lib/spree/permission_sets/stock_transfer_display.rb
+- lib/spree/permission_sets/stock_transfer_management.rb
+- lib/spree/permission_sets/super_user.rb
+- lib/spree/permission_sets/user_display.rb
+- lib/spree/permission_sets/user_management.rb
 - lib/spree/permitted_attributes.rb
 - lib/spree/promo/environment.rb
 - lib/spree/responder.rb

data/app/models/spree/permission_sets/user_management.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Spree
-  module PermissionSets
-    class UserManagement < PermissionSets::Base
-      def activate!
-        can :manage, Spree.user_class
-        cannot [:delete, :destroy], Spree.user_class
-        can :manage, Spree::StoreCredit
-        can :display, Spree::Role
-      end
-    end
-  end
-end