solidus_core 3.0.6 → 3.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/spree/log_entry.rb +74 -1
  3. data/lib/generators/solidus/install/install_generator.rb +2 -1
  4. data/lib/spree/app_configuration.rb +16 -0
  5. data/lib/spree/core/engine.rb +6 -0
  6. data/lib/spree/core/version.rb +1 -1
  7. data/lib/spree/testing_support/factories/user_factory.rb +6 -0
  8. data/solidus_core.gemspec +1 -0
  9. metadata +23 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2d1ce3955d5e6602144201d2672f85af4d0c9c27ea04ed25b3bd13945e1a22c7
4
- data.tar.gz: 8726f50bdd8922267dcda829078e4ea4a70a39766098076b1f792145fdfb18b4
3
+ metadata.gz: 537dddd7d010536778c7f8a680b31f260360f1979c29ae6743db0016a31ce280
4
+ data.tar.gz: ea39d3503b7fe86d3be5d21d40c435cf7ec53da8b33f28272ad7008c00c3a839
5
5
  SHA512:
6
- metadata.gz: 9517bfb7a7df1a91a16f4c03a1455016be0a328bf2cb58f50da97270d2b221a084539df35be76df57ec7928a23cf3049a0a8dbcfd0d1e60a47242630d462c694
7
- data.tar.gz: e5742706f8c34b9ca310787c6ded79a4203eb3bce38127db4f31ef3276b23cedb2a7849b8226b5110f73124a5dab3e570f8202a38d583cb6c4f9c775b14ab392
6
+ metadata.gz: 2b9b1a71a93ef6487e619d7fc14a78fc46da6803802f6773e6384e3d5ce000aaeda155dfb7eac3b538eac7ada013c704be4afc70343f85e4d29a2ae4174f1791
7
+ data.tar.gz: 5f6fee042fa4cbcbd5bc3019dfe94ea48abddcee9ec491677ddb045a3066e92dd896a12c71252e7514e2554d7dd053a0e94e83193f5cda4f01ab48328515dc65
data/app/models/spree/log_entry.rb CHANGED
@@ -2,10 +2,83 @@
2
2
 
3
3
  module Spree
4
4
  class LogEntry < Spree::Base
5
+ # Classes used in core that can be present in serialized details
6
+ #
7
+ # Users can add their own classes in
8
+ # `Spree::Config#log_entry_permitted_classes`.
9
+ #
10
+ # @see Spree::AppConfiguration#log_entry_permitted_classes
11
+ CORE_PERMITTED_CLASSES = [
12
+ ActiveMerchant::Billing::Response,
13
+ ActiveSupport::TimeWithZone,
14
+ Time,
15
+ ActiveSupport::TimeZone
16
+ ].freeze
17
+
18
+ # Raised when a disallowed class is tried to be loaded
19
+ class DisallowedClass < RuntimeError
20
+ attr_reader :psych_exception
21
+
22
+ def initialize(psych_exception:)
23
+ @psych_exception = psych_exception
24
+ super(default_message)
25
+ end
26
+
27
+ private
28
+
29
+ def default_message
30
+ <<~MSG
31
+ #{psych_exception.message}
32
+
33
+ You can specify custom classes to be loaded in config/initializers/spree.rb. E.g:
34
+
35
+ Spree.config do |config|
36
+ config.log_entry_permitted_classes = ['MyClass']
37
+ end
38
+ MSG
39
+ end
40
+ end
41
+
42
+ # Raised when YAML contains aliases and they're not enabled
43
+ class BadAlias < RuntimeError
44
+ attr_reader :psych_exception
45
+
46
+ def initialize(psych_exception:)
47
+ @psych_exception = psych_exception
48
+ super(default_message)
49
+ end
50
+
51
+ private
52
+
53
+ def default_message
54
+ <<~MSG
55
+ #{psych_exception.message}
56
+
57
+ You can explicitly enable aliases in config/initializers/spree.rb. E.g:
58
+
59
+ Spree.config do |config|
60
+ config.log_entry_allow_aliases = true
61
+ end
62
+ MSG
63
+ end
64
+ end
65
+
66
+ def self.permitted_classes
67
+ CORE_PERMITTED_CLASSES + Spree::Config.log_entry_permitted_classes.map(&:constantize)
68
+ end
69
+
5
70
  belongs_to :source, polymorphic: true, optional: true
6
71
 
7
72
  def parsed_details
8
- @details ||= YAML.load(details)
73
+ @details ||= YAML.safe_load(
74
+ details,
75
+ permitted_classes: self.class.permitted_classes,
76
+ aliases: Spree::Config.log_entry_allow_aliases
77
+ )
78
+ rescue Psych::DisallowedClass => e
79
+ raise DisallowedClass.new(psych_exception: e)
80
+ rescue Psych::BadAlias => e
81
+ raise BadAlias.new(psych_exception: e)
9
82
  end
10
83
  end
11
84
  end
data/lib/generators/solidus/install/install_generator.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'rails/generators'
4
+ require 'rails/version'
4
5
 
5
6
  module Solidus
6
7
  # @private
@@ -15,7 +16,7 @@ module Solidus
15
16
  class_option :migrate, type: :boolean, default: true, banner: 'Run Solidus migrations'
16
17
  class_option :seed, type: :boolean, default: true, banner: 'Load seed data (migrations must be run)'
17
18
  class_option :sample, type: :boolean, default: true, banner: 'Load sample data (migrations must be run)'
18
- class_option :active_storage, type: :boolean, default: true, banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
+ class_option :active_storage, type: :boolean, default: Rails.gem_version >= Gem::Version.new("6.1.0"), banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
20
  class_option :auto_accept, type: :boolean
20
21
  class_option :user_class, type: :string
21
22
  class_option :admin_email, type: :string
data/lib/spree/app_configuration.rb CHANGED
@@ -165,6 +165,22 @@ module Spree
165
165
  # @return [String] URL of logo used on frontend (default: +'logo/solidus.svg'+)
166
166
  preference :logo, :string, default: 'logo/solidus.svg'
167
167
 
168
+ # @!attribute [rw] log_entry_permitted_classes
169
+ # @return [Array<String>] An array of extra classes that are allowed to be
170
+ # loaded from a serialized YAML as details in {Spree::LogEntry}
171
+ # (defaults to a non-frozen empty array, so that extensions can add
172
+ # their own classes).
173
+ # @example
174
+ # config.log_entry_permitted_classes = ['Date']
175
+ preference :log_entry_permitted_classes, :array, default: []
176
+
177
+ # @!attribute [rw] log_entry_allow_aliases
178
+ # @return [Boolean] Whether YAML aliases are allowed when loading
179
+ # serialized data in {Spree::LogEntry}. It defaults to true. Depending
180
+ # on the source of your data, you may consider disabling it to prevent
181
+ # entity expansion attacks.
182
+ preference :log_entry_allow_aliases, :boolean, default: true
183
+
168
184
  # @!attribute [rw] mails_from
169
185
  # @return [String] Email address used as +From:+ field in transactional emails.
170
186
  preference :mails_from, :string, default: 'solidus@example.com'
data/lib/spree/core/engine.rb CHANGED
@@ -15,6 +15,12 @@ module Spree
15
15
  generator.test_framework :rspec
16
16
  end
17
17
 
18
+ if ActiveRecord.respond_to?(:yaml_column_permitted_classes) || ActiveRecord::Base.respond_to?(:yaml_column_permitted_classes)
19
+ config.active_record.yaml_column_permitted_classes ||= []
20
+ config.active_record.yaml_column_permitted_classes |=
21
+ [Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess]
22
+ end
23
+
18
24
  initializer "spree.environment", before: :load_config_initializers do |app|
19
25
  app.config.spree = Spree::Config.environment
20
26
  end
data/lib/spree/core/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spree
4
- VERSION = "3.0.6"
4
+ VERSION = "3.0.7"
5
5
 
6
6
  def self.solidus_version
7
7
  VERSION
data/lib/spree/testing_support/factories/user_factory.rb CHANGED
@@ -21,6 +21,12 @@ FactoryBot.define do
21
21
  end
22
22
  end
23
23
 
24
+ trait :with_orders do
25
+ after(:create) do |user, _|
26
+ create(:order, user: user)
27
+ end
28
+ end
29
+
24
30
  factory :admin_user do
25
31
  after(:create) do |user, _|
26
32
  admin_role = Spree::Role.find_by(name: 'admin') || create(:role, name: 'admin')
data/solidus_core.gemspec CHANGED
@@ -40,6 +40,7 @@ Gem::Specification.new do |s|
40
40
  s.add_dependency 'mini_magick', '~> 4.10'
41
41
  s.add_dependency 'monetize', '~> 1.8'
42
42
  s.add_dependency 'kt-paperclip', '~> 6.3'
43
+ s.add_dependency 'psych', ['>= 3.1.0', '< 5.0']
43
44
  s.add_dependency 'ransack', '~> 2.0'
44
45
  s.add_dependency 'state_machines-activerecord', '~> 0.6'
45
46
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.6
4
+ version: 3.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-01 00:00:00.000000000 Z
11
+ date: 2022-07-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionmailer
@@ -344,6 +344,26 @@ dependencies:
344
344
  - - "~>"
345
345
  - !ruby/object:Gem::Version
346
346
  version: '6.3'
347
+ - !ruby/object:Gem::Dependency
348
+ name: psych
349
+ requirement: !ruby/object:Gem::Requirement
350
+ requirements:
351
+ - - ">="
352
+ - !ruby/object:Gem::Version
353
+ version: 3.1.0
354
+ - - "<"
355
+ - !ruby/object:Gem::Version
356
+ version: '5.0'
357
+ type: :runtime
358
+ prerelease: false
359
+ version_requirements: !ruby/object:Gem::Requirement
360
+ requirements:
361
+ - - ">="
362
+ - !ruby/object:Gem::Version
363
+ version: 3.1.0
364
+ - - "<"
365
+ - !ruby/object:Gem::Version
366
+ version: '5.0'
347
367
  - !ruby/object:Gem::Dependency
348
368
  name: ransack
349
369
  requirement: !ruby/object:Gem::Requirement
@@ -945,7 +965,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
945
965
  - !ruby/object:Gem::Version
946
966
  version: 1.8.23
947
967
  requirements: []
948
- rubygems_version: 3.2.31
968
+ rubygems_version: 3.1.2
949
969
  signing_key:
950
970
  specification_version: 4
951
971
  summary: Essential models, mailers, and classes for the Solidus e-commerce project.