solidus_core 3.0.6 → 3.0.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2d1ce3955d5e6602144201d2672f85af4d0c9c27ea04ed25b3bd13945e1a22c7
4
- data.tar.gz: 8726f50bdd8922267dcda829078e4ea4a70a39766098076b1f792145fdfb18b4
3
+ metadata.gz: 537dddd7d010536778c7f8a680b31f260360f1979c29ae6743db0016a31ce280
4
+ data.tar.gz: ea39d3503b7fe86d3be5d21d40c435cf7ec53da8b33f28272ad7008c00c3a839
5
5
  SHA512:
6
- metadata.gz: 9517bfb7a7df1a91a16f4c03a1455016be0a328bf2cb58f50da97270d2b221a084539df35be76df57ec7928a23cf3049a0a8dbcfd0d1e60a47242630d462c694
7
- data.tar.gz: e5742706f8c34b9ca310787c6ded79a4203eb3bce38127db4f31ef3276b23cedb2a7849b8226b5110f73124a5dab3e570f8202a38d583cb6c4f9c775b14ab392
6
+ metadata.gz: 2b9b1a71a93ef6487e619d7fc14a78fc46da6803802f6773e6384e3d5ce000aaeda155dfb7eac3b538eac7ada013c704be4afc70343f85e4d29a2ae4174f1791
7
+ data.tar.gz: 5f6fee042fa4cbcbd5bc3019dfe94ea48abddcee9ec491677ddb045a3066e92dd896a12c71252e7514e2554d7dd053a0e94e83193f5cda4f01ab48328515dc65
@@ -2,10 +2,83 @@
2
2
 
3
3
  module Spree
4
4
  class LogEntry < Spree::Base
5
+ # Classes used in core that can be present in serialized details
6
+ #
7
+ # Users can add their own classes in
8
+ # `Spree::Config#log_entry_permitted_classes`.
9
+ #
10
+ # @see Spree::AppConfiguration#log_entry_permitted_classes
11
+ CORE_PERMITTED_CLASSES = [
12
+ ActiveMerchant::Billing::Response,
13
+ ActiveSupport::TimeWithZone,
14
+ Time,
15
+ ActiveSupport::TimeZone
16
+ ].freeze
17
+
18
+ # Raised when a disallowed class is tried to be loaded
19
+ class DisallowedClass < RuntimeError
20
+ attr_reader :psych_exception
21
+
22
+ def initialize(psych_exception:)
23
+ @psych_exception = psych_exception
24
+ super(default_message)
25
+ end
26
+
27
+ private
28
+
29
+ def default_message
30
+ <<~MSG
31
+ #{psych_exception.message}
32
+
33
+ You can specify custom classes to be loaded in config/initializers/spree.rb. E.g:
34
+
35
+ Spree.config do |config|
36
+ config.log_entry_permitted_classes = ['MyClass']
37
+ end
38
+ MSG
39
+ end
40
+ end
41
+
42
+ # Raised when YAML contains aliases and they're not enabled
43
+ class BadAlias < RuntimeError
44
+ attr_reader :psych_exception
45
+
46
+ def initialize(psych_exception:)
47
+ @psych_exception = psych_exception
48
+ super(default_message)
49
+ end
50
+
51
+ private
52
+
53
+ def default_message
54
+ <<~MSG
55
+ #{psych_exception.message}
56
+
57
+ You can explicitly enable aliases in config/initializers/spree.rb. E.g:
58
+
59
+ Spree.config do |config|
60
+ config.log_entry_allow_aliases = true
61
+ end
62
+ MSG
63
+ end
64
+ end
65
+
66
+ def self.permitted_classes
67
+ CORE_PERMITTED_CLASSES + Spree::Config.log_entry_permitted_classes.map(&:constantize)
68
+ end
69
+
5
70
  belongs_to :source, polymorphic: true, optional: true
6
71
 
7
72
  def parsed_details
8
- @details ||= YAML.load(details)
73
+ @details ||= YAML.safe_load(
74
+ details,
75
+ permitted_classes: self.class.permitted_classes,
76
+ aliases: Spree::Config.log_entry_allow_aliases
77
+ )
78
+ rescue Psych::DisallowedClass => e
79
+ raise DisallowedClass.new(psych_exception: e)
80
+ rescue Psych::BadAlias => e
81
+ raise BadAlias.new(psych_exception: e)
9
82
  end
10
83
  end
11
84
  end
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'rails/generators'
4
+ require 'rails/version'
4
5
 
5
6
  module Solidus
6
7
  # @private
@@ -15,7 +16,7 @@ module Solidus
15
16
  class_option :migrate, type: :boolean, default: true, banner: 'Run Solidus migrations'
16
17
  class_option :seed, type: :boolean, default: true, banner: 'Load seed data (migrations must be run)'
17
18
  class_option :sample, type: :boolean, default: true, banner: 'Load sample data (migrations must be run)'
18
- class_option :active_storage, type: :boolean, default: true, banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
+ class_option :active_storage, type: :boolean, default: Rails.gem_version >= Gem::Version.new("6.1.0"), banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
20
  class_option :auto_accept, type: :boolean
20
21
  class_option :user_class, type: :string
21
22
  class_option :admin_email, type: :string
@@ -165,6 +165,22 @@ module Spree
165
165
  # @return [String] URL of logo used on frontend (default: +'logo/solidus.svg'+)
166
166
  preference :logo, :string, default: 'logo/solidus.svg'
167
167
 
168
+ # @!attribute [rw] log_entry_permitted_classes
169
+ # @return [Array<String>] An array of extra classes that are allowed to be
170
+ # loaded from a serialized YAML as details in {Spree::LogEntry}
171
+ # (defaults to a non-frozen empty array, so that extensions can add
172
+ # their own classes).
173
+ # @example
174
+ # config.log_entry_permitted_classes = ['Date']
175
+ preference :log_entry_permitted_classes, :array, default: []
176
+
177
+ # @!attribute [rw] log_entry_allow_aliases
178
+ # @return [Boolean] Whether YAML aliases are allowed when loading
179
+ # serialized data in {Spree::LogEntry}. It defaults to true. Depending
180
+ # on the source of your data, you may consider disabling it to prevent
181
+ # entity expansion attacks.
182
+ preference :log_entry_allow_aliases, :boolean, default: true
183
+
168
184
  # @!attribute [rw] mails_from
169
185
  # @return [String] Email address used as +From:+ field in transactional emails.
170
186
  preference :mails_from, :string, default: 'solidus@example.com'
@@ -15,6 +15,12 @@ module Spree
15
15
  generator.test_framework :rspec
16
16
  end
17
17
 
18
+ if ActiveRecord.respond_to?(:yaml_column_permitted_classes) || ActiveRecord::Base.respond_to?(:yaml_column_permitted_classes)
19
+ config.active_record.yaml_column_permitted_classes ||= []
20
+ config.active_record.yaml_column_permitted_classes |=
21
+ [Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess]
22
+ end
23
+
18
24
  initializer "spree.environment", before: :load_config_initializers do |app|
19
25
  app.config.spree = Spree::Config.environment
20
26
  end
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spree
4
- VERSION = "3.0.6"
4
+ VERSION = "3.0.7"
5
5
 
6
6
  def self.solidus_version
7
7
  VERSION
@@ -21,6 +21,12 @@ FactoryBot.define do
21
21
  end
22
22
  end
23
23
 
24
+ trait :with_orders do
25
+ after(:create) do |user, _|
26
+ create(:order, user: user)
27
+ end
28
+ end
29
+
24
30
  factory :admin_user do
25
31
  after(:create) do |user, _|
26
32
  admin_role = Spree::Role.find_by(name: 'admin') || create(:role, name: 'admin')
data/solidus_core.gemspec CHANGED
@@ -40,6 +40,7 @@ Gem::Specification.new do |s|
40
40
  s.add_dependency 'mini_magick', '~> 4.10'
41
41
  s.add_dependency 'monetize', '~> 1.8'
42
42
  s.add_dependency 'kt-paperclip', '~> 6.3'
43
+ s.add_dependency 'psych', ['>= 3.1.0', '< 5.0']
43
44
  s.add_dependency 'ransack', '~> 2.0'
44
45
  s.add_dependency 'state_machines-activerecord', '~> 0.6'
45
46
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.6
4
+ version: 3.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-01 00:00:00.000000000 Z
11
+ date: 2022-07-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionmailer
@@ -344,6 +344,26 @@ dependencies:
344
344
  - - "~>"
345
345
  - !ruby/object:Gem::Version
346
346
  version: '6.3'
347
+ - !ruby/object:Gem::Dependency
348
+ name: psych
349
+ requirement: !ruby/object:Gem::Requirement
350
+ requirements:
351
+ - - ">="
352
+ - !ruby/object:Gem::Version
353
+ version: 3.1.0
354
+ - - "<"
355
+ - !ruby/object:Gem::Version
356
+ version: '5.0'
357
+ type: :runtime
358
+ prerelease: false
359
+ version_requirements: !ruby/object:Gem::Requirement
360
+ requirements:
361
+ - - ">="
362
+ - !ruby/object:Gem::Version
363
+ version: 3.1.0
364
+ - - "<"
365
+ - !ruby/object:Gem::Version
366
+ version: '5.0'
347
367
  - !ruby/object:Gem::Dependency
348
368
  name: ransack
349
369
  requirement: !ruby/object:Gem::Requirement
@@ -945,7 +965,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
945
965
  - !ruby/object:Gem::Version
946
966
  version: 1.8.23
947
967
  requirements: []
948
- rubygems_version: 3.2.31
968
+ rubygems_version: 3.1.2
949
969
  signing_key:
950
970
  specification_version: 4
951
971
  summary: Essential models, mailers, and classes for the Solidus e-commerce project.