solidus_core 4.4.1 → 4.5.0

data/app/models/spree/permission_sets/product_management.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for product management.
+    #
+    # This permission set grants full control over all product and related resources,
+    # including:
+    #
+    # - Products
+    # - Images
+    # - Variants
+    # - Option values
+    # - Product properties
+    # - Option types
+    # - Properties
+    # - Taxonomies
+    # - Taxons
+    # - Classifications
+    # - Prices
+    class ProductManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :product
+        end
+      end
+
+      def activate!
+        can :manage, Spree::Classification
+        can :manage, Spree::Image
+        can :manage, Spree::OptionType
+        can :manage, Spree::OptionValue
+        can :manage, Spree::Price
+        can :manage, Spree::Product
+        can :manage, Spree::ProductProperty
+        can :manage, Spree::Property
+        can :manage, Spree::Taxon
+        can :manage, Spree::Taxonomy
+        can :manage, Spree::Variant
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/restricted_stock_display.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read permissions for stock limited to allowed locations.
+    #
+    # This permission set allows users to view information about stock items and
+    # locations, both of them limited to locations they have access to.
+    # Permissions are also granted for the admin panel for items.
+    class RestrictedStockDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :restricted_stock
+        end
+      end
+
+      def activate!
+        can [:read, :admin], Spree::StockItem, stock_location_id: location_ids
+        can :read, Spree::StockLocation, id: location_ids
+      end
+
+      private
+
+      def location_ids
+        @ids ||= user.stock_locations.pluck(:id)
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/restricted_stock_management.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for stock management limited to allowed locations.
+    #
+    # This permission set grants full control over all stock items a user has
+    # access to their locations. Those locations are also readable by the
+    # corresponding ability.
+    class RestrictedStockManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :restricted_stock
+        end
+      end
+
+      def activate!
+        can :manage, Spree::StockItem, stock_location_id: location_ids
+        can :read, Spree::StockLocation, id: location_ids
+      end
+
+      private
+
+      def location_ids
+        @ids ||= user.stock_locations.pluck(:id)
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/stock_display.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read-only permissions for stock.
+    #
+    # This permission set allows users to view information about stock items
+    # (also from the admin panel) and stock locations.
+    class StockDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :stock
+        end
+      end
+
+      def activate!
+        can [:read, :admin], Spree::StockItem
+        can :read, Spree::StockLocation
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/stock_management.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for stock management.
+    #
+    # This permission set grants full control over all stock items and read
+    # access to locations.
+    class StockManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :stock
+        end
+      end
+
+      def activate!
+        can :manage, Spree::StockItem
+        can :read, Spree::StockLocation
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/super_user.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for store administration.
+    #
+    # This permission set is always added to users with the `:admin` role.
+    #
+    # It grants permission to perform any read or write action on any resource.
+    class SuperUser < PermissionSets::Base
+      class << self
+        def privilege
+          :other
+        end
+
+        def category
+          :super_user
+        end
+      end
+
+      def activate!
+        can :manage, :all
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/user_display.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read-only permissions for users, roles and store credits.
+    #
+    # This permission set allows users to view all related information about
+    # users, roles and store credits, also from the admin panel.
+    class UserDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :user
+        end
+      end
+
+      def activate!
+        can [:read, :admin, :edit, :addresses, :orders, :items], Spree.user_class
+        can [:read, :admin], Spree::StoreCredit
+        can :read, Spree::Role
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/user_management.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for user management.
+    #
+    # This permission set grants full control over all user and
+    # related resources, including:
+    #
+    # - Users
+    # - Store credits
+    # - Roles
+    # - API keys
+    class UserManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :user
+        end
+      end
+
+      def activate!
+        can [:admin, :read, :create, :update, :save_in_address_book, :remove_from_address_book, :addresses, :orders, :items], Spree.user_class
+
+        # NOTE: This does not work with accessible_by.
+        # See https://github.com/solidusio/solidus/pull/1263
+        can :update_email, Spree.user_class do |user|
+          user.spree_roles.none?
+        end
+        can :update_password, Spree.user_class do |user|
+          user.spree_roles.none?
+        end
+
+        cannot :destroy, Spree.user_class
+        can :manage, Spree::StoreCredit
+        can :manage, :api_key
+        can :read, Spree::Role
+      end
+    end
+  end
+end

data/app/models/spree/product.rb

@@ -32,6 +32,7 @@ module Spree
 
     belongs_to :tax_category, class_name: 'Spree::TaxCategory', optional: true
     belongs_to :shipping_category, class_name: 'Spree::ShippingCategory', inverse_of: :products, optional: true
+    belongs_to :primary_taxon, class_name: 'Spree::Taxon', optional: true
 
     has_one :master,
       -> { where(is_master: true).with_discarded },
@@ -84,6 +85,8 @@ module Spree
       :track_inventory,
       :weight,
       :width,
+      :gtin,
+      :condition
     ]
     MASTER_ATTRIBUTES.each do |attr|
       delegate :"#{attr}", :"#{attr}=", to: :find_or_build_master
@@ -291,6 +294,10 @@ module Spree
       @gallery ||= Spree::Config.product_gallery_class.new(self)
     end
 
+    def brand
+      Spree::Config.brand_selector_class.new(self).call
+    end
+
     private
 
     def any_variants_not_track_inventory?

data/app/models/spree/refund.rb

@@ -2,6 +2,8 @@
 
 module Spree
   class Refund < Spree::Base
+    include Metadata
+
     belongs_to :payment, inverse_of: :refunds, optional: true
     belongs_to :reason, class_name: 'Spree::RefundReason', foreign_key: :refund_reason_id, optional: true
     belongs_to :reimbursement, inverse_of: :refunds, optional: true

data/app/models/spree/return_authorization.rb

@@ -4,6 +4,8 @@ module Spree
   # Models the return of Inventory Units to a Stock Location for an Order.
   #
   class ReturnAuthorization < Spree::Base
+    include Metadata
+
     belongs_to :order, class_name: 'Spree::Order', inverse_of: :return_authorizations, optional: true
 
     has_many :return_items, inverse_of: :return_authorization, dependent: :destroy

data/app/models/spree/shipment.rb

@@ -4,6 +4,8 @@ module Spree
   # An order's planned shipments including tracking and cost.
   #
   class Shipment < Spree::Base
+    include Metadata
+
     belongs_to :order, class_name: 'Spree::Order', touch: true, inverse_of: :shipments, optional: true
     belongs_to :stock_location, class_name: 'Spree::StockLocation', optional: true
 

data/app/models/spree/simple_order_contents.rb

@@ -85,8 +85,11 @@ module Spree
         adjustments: []
       )
 
+      permitted_attributes = Spree::PermittedAttributes.line_item_attributes.dup
+      permitted_attributes << { admin_metadata: {} } if options[:admin_metadata].present?
+
       line_item.quantity += quantity.to_i
-      line_item.options = ActionController::Parameters.new(options).permit(PermittedAttributes.line_item_attributes).to_h
+      line_item.options = ActionController::Parameters.new(options).permit(permitted_attributes).to_h
 
       line_item.target_shipment = options[:shipment]
       line_item.save!

data/app/models/spree/store_credit_event.rb

@@ -3,6 +3,7 @@
 module Spree
   class StoreCreditEvent < Spree::Base
     include Spree::SoftDeletable
+    include Metadata
 
     belongs_to :store_credit, optional: true
     belongs_to :originator, polymorphic: true, optional: true

data/app/models/spree/tax/tax_helpers.rb

@@ -5,11 +5,22 @@ module Spree
     module TaxHelpers
       private
 
+      # Select active rates matching tax category and address
+      #
+      # @private
+      # @param [Spree::LineItem, Spree::Shipment, Spree::ShippingRate] item
+      #   the line item, shipment, or shipping rate to select rates for
+      # @return [Array<Spree::TaxRate>] the active Tax Rates that match both
+      #   Tax Category and the item's order's tax address
       def rates_for_item(item)
         @rates_for_item ||= Spree::TaxRate.item_level.for_address(item.order.tax_address)
+        # try is used here to ensure that a LineItem has rates selected for the
+        # currently configured Tax Category. Shipments and ShippingRates do not
+        # implement variant_tax_category_id, so try is necessary instead of .&
+        tax_category_id = item.try(:variant_tax_category_id) || item.tax_category_id
 
         @rates_for_item.select do |rate|
-          rate.active? && rate.tax_categories.map(&:id).include?(item.tax_category_id)
+          rate.active? && rate.tax_categories.map(&:id).include?(tax_category_id)
         end
       end
     end

data/app/models/spree/tax_calculator/default.rb

@@ -99,7 +99,7 @@ module Spree
       # @return [Array<Spree::TaxRate>] rates that apply to an order
       def rates_for_order
         tax_category_ids = Set[
-          *@order.line_items.map(&:tax_category_id),
+          *@order.line_items.map(&:variant_tax_category_id),
           *@order.shipments.map(&:tax_category_id)
         ]
         rates = Spree::TaxRate.active.order_level.for_address(@order.tax_address)

data/app/models/spree/taxon.rb

@@ -4,6 +4,9 @@ require 'spree/core/product_filters'
 
 module Spree
   class Taxon < Spree::Base
+    extend FriendlyId
+    friendly_id :permalink, use: :history, slug_column: :permalink
+
     acts_as_nested_set dependent: :destroy
 
     belongs_to :taxonomy, class_name: 'Spree::Taxonomy', inverse_of: :taxons
@@ -13,8 +16,7 @@ module Spree
     has_many :promotion_rule_taxons
     has_many :promotion_rules, through: :promotion_rule_taxons
 
-    before_create :set_permalink
-    before_update :set_permalink
+    before_save :set_permalink
     after_update :update_child_permalinks, if: :saved_change_to_permalink?
 
     validates :name, presence: true
@@ -121,6 +123,24 @@ module Spree
       end
     end
 
+    # override for {FriendlyId::Slugged#should_generate_new_friendly_id?} method,
+    # to control exactly when new friendly ids are set or updated
+    def should_generate_new_friendly_id?
+      permalink_changed? || super
+    end
+
+    # override for {FriendlyId::Slugged#normalize_friendly_id} method,
+    # to control over the slug format
+    def normalize_friendly_id(value)
+      return '' if value.blank?
+
+      parts = value.to_s.split('/')
+      last_word = parts.pop
+      corrected_last_word = Spree::Config.taxon_url_parametizer_class.parameterize(last_word)
+
+      (parts << corrected_last_word).join('/')
+    end
+
     private
 
     def touch_ancestors_and_taxonomy

data/app/models/spree/taxon_brand_selector.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Spree
+  class TaxonBrandSelector
+    BRANDS_TAXONOMY_NAME = "Brands"
+
+    def initialize(product)
+      @product = product
+    end
+
+    def call
+      product.taxons
+             .joins(:taxonomy)
+             .where(spree_taxonomies: { name: BRANDS_TAXONOMY_NAME })
+             .first
+    end
+
+    private
+
+    attr_reader :product
+  end
+end

data/app/models/spree/unauthorized_redirect_handler.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Spree
+  # This service object is responsible for handling unauthorized redirects
+  class UnauthorizedRedirectHandler
+    # @param controller [ApplicationController] an instance of ApplicationController
+    #  or its subclasses.
+    def initialize(controller)
+      @controller = controller
+    end
+
+    # This method is responsible for handling unauthorized redirects
+    def call
+      flash[:error] = I18n.t('spree.authorization_failure')
+      redirect_back(fallback_location: "/unauthorized")
+    end
+
+    private
+
+    attr_reader :controller
+
+    delegate :flash, :redirect_back, to: :controller
+  end
+end

data/app/models/spree/user_address.rb

@@ -6,7 +6,7 @@ module Spree
     belongs_to :address, class_name: "Spree::Address", optional: true
 
     validates_uniqueness_of :address_id, scope: :user_id
-    validates_uniqueness_of :user_id, conditions: -> { active.default_shipping }, message: :default_address_exists, if: :default?
+    validates_uniqueness_of :user_id, conditions: -> { default_shipping }, message: :default_address_exists, if: :default?
 
     scope :with_address_values, ->(address_attributes) do
       joins(:address).merge(
@@ -14,10 +14,16 @@ module Spree
       )
     end
 
-    scope :all_historical, -> { unscope(where: :archived) }
+    scope :all_historical, -> {
+      Spree::Deprecation.warn("This scope does not do anything and will be removed from Solidus 5.")
+      all
+    }
     scope :default_shipping, -> { where(default: true) }
     scope :default_billing, -> { where(default_billing: true) }
-    scope :active, -> { where(archived: false) }
+    scope :active, -> {
+      Spree::Deprecation.warn("This scope does not do anything and will be removed from Solidus 5.")
+      all
+    }
 
     default_scope -> { order([default: :desc, updated_at: :desc]) }
   end

data/app/models/spree/variant.rb

@@ -28,6 +28,10 @@ module Spree
     attr_writer :rebuild_vat_prices
     include Spree::DefaultPrice
 
+    # Consider that not all platforms digest structured data in the same way,
+    # you might have to modify the output on the frontend or in feeds accordingly.
+    enum :condition, { damaged: "damaged", new: "new", refurbished: "refurbished", used: "used" }, prefix: true
+
     belongs_to :product, -> { with_discarded }, touch: true, class_name: 'Spree::Product', inverse_of: :variants_including_master, optional: false
     belongs_to :tax_category, class_name: 'Spree::TaxCategory', optional: true
     belongs_to :shipping_category, class_name: "Spree::ShippingCategory", optional: true
@@ -35,7 +39,7 @@ module Spree
     delegate :name, :description, :slug, :available_on, :discontinue_on, :discontinued?,
              :meta_description, :meta_keywords,
              to: :product
-    delegate :tax_category, to: :product, prefix: true
+    delegate :tax_category, :tax_category_id, to: :product, prefix: true
     delegate :shipping_category, :shipping_category_id,
       to: :product, prefix: true
     delegate :tax_rates, to: :tax_category
@@ -150,6 +154,15 @@ module Spree
       super || product_tax_category
     end
 
+    # @return [Integer] the variant's tax category ID
+    #
+    # This returns the product's tax category ID if the tax category ID on the variant is nil. It looks
+    # like an association, but really is an override.
+    #
+    def tax_category_id
+      super || product_tax_category_id
+    end
+
     # @return [Spree::ShippingCategory] the variant's shipping category
     #
     # This returns the product's shipping category if the shipping category ID on the variant is nil. It looks

data/config/locales/en.yml

@@ -166,11 +166,13 @@ en:
         variant: Variant
       spree/product:
         available_on: Available On
+        condition: Master Condition
         cost_currency: Cost Currency
         cost_price: Cost Price
         depth: Depth
         description: Description
         discontinue_on: Discontinue on
+        gtin: Master GTIN
         height: Height
         master_price: Master Price
         meta_description: Meta Description
@@ -179,6 +181,8 @@ en:
         name: Name
         on_hand: On Hand
         price: Master Price
+        primary_taxon: Primary Taxon
+        primary_taxon_id: Primary Taxon
         promotionable: Promotable
         shipping_category: Shipping Category
         sku: Master SKU
@@ -416,9 +420,11 @@ en:
         password_confirmation: Password Confirmation
         spree_roles: Roles
       spree/variant:
+        condition: Condition
         cost_currency: Cost Currency
         cost_price: Cost Price
         depth: Depth
+        gtin: GTIN
         height: Height
         price: Price
         shipping_category: Variant Shipping Category
@@ -1075,6 +1081,8 @@ en:
     billing: Billing
     billing_address: Billing Address
     both: Both
+    brand: Brand
+    brands: Brands
     calculated_reimbursements: Calculated Reimbursements
     calculator: Calculator
     calculator_settings_warning: If you are changing the calculator type or preference source, you must save first before you can edit the calculator settings
@@ -1130,6 +1138,11 @@ en:
     company: Company
     complete: complete
     complete_order: Complete Order
+    condition:
+      damaged: Damaged
+      new: New
+      refurbished: Refurbished
+      used: Used
     configuration: Configuration
     configurations: Configurations
     confirm: Confirm
@@ -1516,6 +1529,7 @@ en:
     end: End
     ending_in: Ending in
     error: error
+    error_user_destroy_with_orders: Cannot delete a user with orders
     errors:
       messages:
         cannot_delete_finalized_stock_location: Stock Location cannot be destroyed if you have open stock transfers.
@@ -2096,6 +2110,7 @@ en:
     scope: Scope
     search: Search
     search_results: Search results for '%{keywords}'
+    search_results_all: Show all results for '%{keywords}'
     searching: Searching
     secure_connection_type: Secure Connection Type
     security_settings: Security Settings
@@ -2309,6 +2324,7 @@ en:
     unfinalize_all_adjustments: Unfinalize All Adjustments
     unlock: Unlock
     unrecognized_card_type: Unrecognized Card Type
+    unset: Unset
     unshippable_items: Unshippable Items
     update: Update
     updated_successfully: Updated Successfully

data/db/migrate/20220419170826_remove_archived_user_addresses.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class RemoveArchivedUserAddresses < ActiveRecord::Migration[5.2]
+  def up
+    Spree::UserAddress.where(archived: true).delete_all
+    remove_column :spree_user_addresses, :archived, :boolean, default: false
+  end
+
+  def down
+    add_column :spree_user_addresses, :archived, :boolean, default: false
+  end
+end

data/db/migrate/20250129061658_add_metadata_to_spree_resources.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class AddMetadataToSpreeResources < ActiveRecord::Migration[7.2]
+  def change
+    # List of Resources to add metadata columns to
+    %i[
+      spree_orders
+      spree_line_items
+      spree_shipments
+      spree_payments
+      spree_refunds
+      spree_customer_returns
+      spree_store_credit_events
+      spree_users
+      spree_return_authorizations
+    ].each do |table_name|
+      change_table table_name do |t|
+        # Check if the database supports jsonb for efficient querying
+        if t.respond_to?(:jsonb)
+          add_column table_name, :customer_metadata, :jsonb, default: {}
+          add_column table_name, :admin_metadata, :jsonb, default: {}
+        else
+          add_column table_name, :customer_metadata, :json
+          add_column table_name, :admin_metadata, :json
+        end
+      end
+    end
+  end
+end

data/db/migrate/20250201172950_add_gtin_and_condition_to_spree_variant.rb

@@ -0,0 +1,6 @@
+class AddGtinAndConditionToSpreeVariant < ActiveRecord::Migration[7.0]
+  def change
+    add_column :spree_variants, :gtin, :string
+    add_column :spree_variants, :condition, :string
+  end
+end

data/db/migrate/20250207104016_add_primary_taxon_to_products.rb

@@ -0,0 +1,7 @@
+class AddPrimaryTaxonToProducts < ActiveRecord::Migration[7.0]
+  def change
+    change_table :spree_products do |t|
+      t.references :primary_taxon, type: :integer, foreign_key: { to_table: :spree_taxons }
+    end
+  end
+end