solidus_core 4.4.2 → 4.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a77feaec973407e0036df672af2decbf5a3a0fcae38d4041dcbd5fea19bfbaf
-  data.tar.gz: ed69345a425cef54bb72257aa687711c9379903866886035f54510dc076aedb4
+  metadata.gz: 995355f29d96abe41d7beb6b28cbe8bd8198d8c4ebee544dedc223f15b856548
+  data.tar.gz: 07b683686244717fc86fe1a83777e29845365dbed70c2117d1aacddf8c729717
 SHA512:
-  metadata.gz: 47c13a634466741aa45278e9fd7007eed9621ac595ae9bcfd9c5f8bbeeeae932b2419e620ec574b00a68c4f90a8a8e866042744895cf71d5443dc42ff39577b8
-  data.tar.gz: 3d8a8943ae006304d636ba1c54108a01d46b390bf10085c917002caaeb2b3b4c55986ba528efa8a6b18ce2b2f39d49b40d589cff4233a7c67977e634adeacf13
+  metadata.gz: '0963f51448492bca5190edb6641ea96206670f8ce17bea75e67c429838b5b98c041a936d64f57b994ca731df036995ef402eb24e723840a3b00efb109bf4e5c0'
+  data.tar.gz: 0fc6248571ff6027d618e4840d9c154bba8674fdbfd96805a58fbbc051b7c36d9c31d6e1d20b042bce38b8c5fc2b48d8b3201acb2ec264be2466c29704612c02

data/app/helpers/spree/core/controller_helpers/auth.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'cancan'
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Auth
+        extend ActiveSupport::Concern
+
+        # @!attribute [rw] unauthorized_redirect
+        #   @!scope class
+        #   Extension point for overriding behaviour of access denied errors.
+        #   Default behaviour is to redirect back or to "/unauthorized" with a flash
+        #   message.
+        #   @return [Proc] action to take when access denied error is raised.
+
+        included do
+          before_action :set_guest_token
+          helper_method :spree_current_user
+
+          class_attribute :unauthorized_redirect
+          deprecate :unauthorized_redirect= => "Use a custom Spree::Config.unauthorized_redirect_handler_class instead", :deprecator => Spree.deprecator
+
+          rescue_from CanCan::AccessDenied, with: :handle_unauthorized_access
+        end
+
+        # Needs to be overriden so that we use Spree's Ability rather than anyone else's.
+        def current_ability
+          @current_ability ||= Spree::Ability.new(spree_current_user)
+        end
+
+        def redirect_back_or_default(default)
+          redirect_to(session["spree_user_return_to"] || default)
+          session["spree_user_return_to"] = nil
+        end
+
+        def set_guest_token
+          if cookies.signed[:guest_token].blank?
+            cookies.permanent.signed[:guest_token] = Spree::Config[:guest_token_cookie_options].merge(
+              value: SecureRandom.urlsafe_base64(nil, false),
+              httponly: true
+            )
+          end
+        end
+
+        def store_location
+          Spree::UserLastUrlStorer.new(self).store_location
+        end
+
+        # Auth extensions are expected to define it, otherwise it's a no-op
+        def spree_current_user
+          defined?(super) ? super : nil
+        end
+
+        def handle_unauthorized_access
+          if unauthorized_redirect
+            instance_exec(&unauthorized_redirect)
+          else
+            Spree::Config.unauthorized_redirect_handler_class.new(self).call
+          end
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/common.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'carmen'
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Common
+        extend ActiveSupport::Concern
+        included do
+          helper_method :title
+          helper_method :title=
+          helper_method :accurate_title
+
+          layout :get_layout
+
+          before_action :set_user_language
+        end
+
+        protected
+
+        # can be used in views as well as controllers.
+        # e.g. <% self.title = 'This is a custom title for this view' %>
+        attr_writer :title
+
+        def title
+          title_string = @title.presence || accurate_title
+          if title_string.present?
+            if Spree::Config[:always_put_site_name_in_title]
+              [title_string, default_title].join(' - ')
+            else
+              title_string
+            end
+          else
+            default_title
+          end
+        end
+
+        def default_title
+          current_store.name
+        end
+
+        # this is a hook for subclasses to provide title
+        def accurate_title
+          current_store.seo_title
+        end
+
+        private
+
+        def set_user_language_locale_key
+          :locale
+        end
+
+        def set_user_language
+          available_locales = Spree.i18n_available_locales
+          locale = [
+            params[:locale],
+            session[set_user_language_locale_key],
+            (config_locale if respond_to?(:config_locale, true)),
+            I18n.default_locale
+          ].detect do |candidate|
+            candidate &&
+              available_locales.include?(candidate.to_sym)
+          end
+          session[set_user_language_locale_key] = locale
+          I18n.locale = locale
+          Carmen.i18n_backend.locale = locale
+        end
+
+        # Returns which layout to render.
+        #
+        # You can set the layout you want to render inside your Spree configuration with the +:layout+ option.
+        #
+        # Default layout is: +app/views/spree/layouts/spree_application+
+        #
+        def get_layout
+          Spree::Config[:layout]
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/order.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Order
+        extend ActiveSupport::Concern
+        include ControllerHelpers::Pricing
+
+        included do
+          helper_method :current_order
+        end
+
+        # The current incomplete order from the guest_token for use in cart and during checkout
+        def current_order(options = {})
+          should_create = options[:create_order_if_necessary] || false
+          should_build = options[:build_order_if_necessary] || should_create
+
+          return @current_order if @current_order
+
+          @current_order = find_order_by_token_or_user(lock: options[:lock])
+
+          if should_build && (@current_order.nil? || @current_order.completed?)
+            @current_order = Spree::Order.new(new_order_params)
+            @current_order.user ||= spree_current_user
+            # See issue https://github.com/spree/spree/issues/3346 for reasons why this line is here
+            @current_order.created_by ||= spree_current_user
+            @current_order.save! if should_create
+          end
+
+          if @current_order
+            @current_order.record_ip_address(ip_address)
+            @current_order
+          end
+        end
+
+        def associate_user
+          @order ||= current_order
+          if spree_current_user && @order && (@order.user.blank? || @order.email.blank?)
+            @order.associate_user!(spree_current_user)
+          end
+        end
+
+        def set_current_order
+          if spree_current_user && current_order
+            spree_current_user.orders.by_store(current_store).incomplete.where('id != ?', current_order.id).find_each do |order|
+              current_order.merge!(order, spree_current_user)
+            end
+          end
+        end
+
+        def ip_address
+          request.remote_ip
+        end
+
+        private
+
+        def last_incomplete_order
+          @last_incomplete_order ||= spree_current_user.last_incomplete_spree_order(store: current_store)
+        end
+
+        def current_order_params
+          { currency: current_pricing_options.currency, guest_token: cookies.signed[:guest_token], store_id: current_store.id, user_id: spree_current_user.try(:id) }
+        end
+
+        def new_order_params
+          current_order_params.merge(last_ip_address: ip_address)
+        end
+
+        def find_order_by_token_or_user(options = {})
+          should_lock = options[:lock] || false
+
+          # Find any incomplete orders for the guest_token
+          order = Spree::Order.incomplete.lock(should_lock).find_by(current_order_params)
+
+          # Find any incomplete orders for the current user
+          if order.nil? && spree_current_user
+            order = last_incomplete_order
+          end
+
+          order
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/payment_parameters.rb

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core::ControllerHelpers::PaymentParameters
+    # This method handles the awkwardness of how the html forms are currently
+    # set up for frontend.
+    #
+    # This method expects a params hash in the format of:
+    #
+    #  {
+    #    payment_source: {
+    #      # The keys here are spree_payment_method.id's
+    #      '1' => {...source attributes for payment method 1...},
+    #      '2' => {...source attributes for payment method 2...},
+    #    },
+    #    order: {
+    #      # Note that only a single entry is expected/handled in this array
+    #      payments_attributes: [
+    #        {
+    #          payment_method_id: '1',
+    #        },
+    #      ],
+    #      ...other params...
+    #    },
+    #    ...other params...
+    #  }
+    #
+    # And this method modifies the params into the format of:
+    #
+    #  {
+    #    order: {
+    #      payments_attributes: [
+    #        {
+    #          payment_method_id: '1',
+    #          source_attributes: {...source attributes for payment method 1...}
+    #        },
+    #      ],
+    #      ...other params...
+    #    },
+    #    ...other params...
+    #  }
+    #
+    def move_payment_source_into_payments_attributes(params)
+      # Step 1: Gather all the information and ensure all the pieces are there.
+
+      return params if params[:payment_source].blank?
+
+      payment_params = params[:order] &&
+                       params[:order][:payments_attributes] &&
+                       params[:order][:payments_attributes].first
+      return params if payment_params.blank?
+
+      payment_method_id = payment_params[:payment_method_id]
+      return params if payment_method_id.blank?
+
+      source_params = params[:payment_source][payment_method_id]
+      return params if source_params.blank?
+
+      # Step 2: Perform the modifications.
+
+      payment_params[:source_attributes] = source_params
+      params.delete(:payment_source)
+
+      params
+    end
+
+    # This method handles the awkwardness of how the html forms are currently
+    # set up for frontend.
+    #
+    # This method expects a params hash in the format of:
+    #
+    #  {
+    #    order: {
+    #      wallet_payment_source_id: '123',
+    #      ...other params...
+    #    },
+    #    cvc_confirm: '456', # optional
+    #    ...other params...
+    #  }
+    #
+    # And this method modifies the params into the format of:
+    #
+    #  {
+    #    order: {
+    #      payments_attributes: [
+    #        {
+    #          source_attributes: {
+    #            wallet_payment_source_id: '123',
+    #            verification_value: '456',
+    #          },
+    #        },
+    #      ]
+    #      ...other params...
+    #    },
+    #    ...other params...
+    #  }
+    #
+    def move_wallet_payment_source_id_into_payments_attributes(params)
+      return params if params[:order].blank?
+
+      wallet_payment_source_id = params[:order][:wallet_payment_source_id].presence
+      cvc_confirm = params[:cvc_confirm].presence
+
+      return params if wallet_payment_source_id.nil?
+
+      params[:order][:payments_attributes] = [
+        {
+          source_attributes: {
+            wallet_payment_source_id:,
+            verification_value: cvc_confirm
+          }
+        }
+      ]
+
+      params[:order].delete(:wallet_payment_source_id)
+      params.delete(:cvc_confirm)
+
+      params
+    end
+
+    # This is a strange thing to do since an order can have multiple payments
+    # but we always assume that it only has a single payment and that its
+    # amount should be the current order total after store credit is applied.
+    # We should reconsider this method and its usage at some point.
+    #
+    # This method expects a params hash in the format of:
+    #
+    #  {
+    #    order: {
+    #      # Note that only a single entry is expected/handled in this array
+    #      payments_attributes: [
+    #        {
+    #          ...params...
+    #        },
+    #      ],
+    #      ...other params...
+    #    },
+    #    ...other params...
+    #  }
+    #
+    # And this method modifies the params into the format of:
+    #
+    #  {
+    #    order: {
+    #      payments_attributes: [
+    #        {
+    #          ...params...
+    #          amount: <the order total after store credit>,
+    #        },
+    #      ],
+    #      ...other params...
+    #    },
+    #    ...other params...
+    #  }
+    #
+    def set_payment_parameters_amount(params, order)
+      return params if params[:order].blank?
+      return params if params[:order][:payments_attributes].blank?
+
+      params[:order][:payments_attributes].first[:amount] = order.order_total_after_store_credit
+
+      params
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/pricing.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Pricing
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :current_pricing_options
+        end
+
+        def current_pricing_options
+          Spree::Config.pricing_options_class.from_context(self)
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/search.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Search
+        def build_searcher(params)
+          Spree::Config.searcher_class.new(params).tap do |searcher|
+            searcher.current_user = spree_current_user
+            searcher.pricing_options = current_pricing_options
+          end
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/store.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module Store
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :current_store
+        end
+
+        def current_store
+          @current_store ||= Spree::Config.current_store_selector_class.new(request).store
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/core/controller_helpers/strong_parameters.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    module ControllerHelpers
+      module StrongParameters
+        def permitted_attributes
+          Spree::PermittedAttributes
+        end
+
+        delegate(*Spree::PermittedAttributes::ATTRIBUTES,
+                 to: :permitted_attributes,
+                 prefix: :permitted)
+
+        def permitted_credit_card_update_attributes
+          permitted_attributes.credit_card_update_attributes + [
+            address_attributes: permitted_address_attributes
+          ]
+        end
+
+        def permitted_payment_attributes
+          permitted_attributes.payment_attributes + [
+            source_attributes: permitted_source_attributes
+          ]
+        end
+
+        def permitted_source_attributes
+          permitted_attributes.source_attributes + [
+            address_attributes: permitted_address_attributes
+          ]
+        end
+
+        def permitted_checkout_address_attributes
+          permitted_attributes.checkout_address_attributes
+        end
+
+        def permitted_checkout_delivery_attributes
+          permitted_attributes.checkout_delivery_attributes
+        end
+
+        def permitted_checkout_payment_attributes
+          permitted_attributes.checkout_payment_attributes
+        end
+
+        def permitted_checkout_confirm_attributes
+          permitted_attributes.checkout_confirm_attributes
+        end
+
+        def permitted_order_attributes
+          permitted_checkout_address_attributes +
+            permitted_checkout_delivery_attributes +
+            permitted_checkout_payment_attributes +
+            permitted_attributes.customer_metadata_attributes +
+            permitted_checkout_confirm_attributes + [
+            line_items_attributes: permitted_line_item_attributes
+          ]
+        end
+
+        def permitted_product_attributes
+          permitted_attributes.product_attributes + [
+            product_properties_attributes: permitted_product_properties_attributes
+          ]
+        end
+
+        def permitted_user_attributes
+          permitted_attributes.user_attributes + [
+            bill_address_attributes: permitted_address_attributes,
+            ship_address_attributes: permitted_address_attributes
+          ]
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/spree/metadata.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Spree
+  module Metadata
+    extend ActiveSupport::Concern
+
+    included do
+      attribute :customer_metadata, :json, default: {}
+      attribute :admin_metadata, :json, default: {}
+
+      validate :validate_metadata_limits, if: :validate_metadata_enabled?
+    end
+
+    class_methods do
+      def meta_data_columns
+        %i[customer_metadata admin_metadata]
+      end
+    end
+
+    private
+
+    def validate_metadata_enabled?
+      Spree::Config.meta_data_validation_enabled
+    end
+
+    def validate_metadata_limits
+      self.class.meta_data_columns.each { |column| validate_metadata_column(column) }
+    end
+
+    def validate_metadata_column(column)
+      config = Spree::Config
+      metadata = send(column)
+
+      return if metadata.nil?
+
+      # Check for maximum number of keys
+      validate_metadata_keys_count(metadata, column, config.meta_data_max_keys)
+
+      # Check for maximum key and value size
+      metadata.each do |key, value|
+        validate_metadata_key(key, column, config.meta_data_max_key_length)
+        validate_metadata_value(key, value, column, config.meta_data_max_value_length)
+      end
+    end
+
+    def validate_metadata_keys_count(metadata, column, max_keys)
+      return unless metadata.keys.count > max_keys
+
+      errors.add(column, "must not have more than #{max_keys} keys")
+    end
+
+    def validate_metadata_key(key, column, max_key_length)
+      return unless key.to_s.length > max_key_length
+
+      errors.add(column, "key '#{key}' exceeds #{max_key_length} characters")
+    end
+
+    def validate_metadata_value(key, value, column, max_value_length)
+      return unless value.to_s.length > max_value_length
+
+      errors.add(column, "value for key '#{key}' exceeds #{max_value_length} characters")
+    end
+  end
+end

data/app/models/concerns/spree/user_address_book.rb

@@ -5,7 +5,7 @@ module Spree
     extend ActiveSupport::Concern
 
     included do
-      has_many :user_addresses, -> { active }, foreign_key: "user_id", class_name: "Spree::UserAddress" do
+      has_many :user_addresses, foreign_key: "user_id", class_name: "Spree::UserAddress" do
         def find_first_by_address_values(address_attrs)
           detect { |ua| ua.address == Spree::Address.new(address_attrs) }
         end
@@ -22,7 +22,7 @@ module Spree
             end
 
             if user_address.persisted?
-              user_address.update!(column_for_default => true, archived: false)
+              user_address.update!(column_for_default => true)
             else
               user_address.write_attribute(column_for_default, true)
             end
@@ -151,7 +151,7 @@ module Spree
       user_address = user_addresses.find_by(address_id:)
       if user_address
         remove_user_address_reference(address_id)
-        user_address.update(archived: true, default: false)
+        user_address.destroy!
       else
         false
       end
@@ -160,10 +160,9 @@ module Spree
     private
 
     def prepare_user_address(new_address)
-      user_address = user_addresses.all_historical.find_first_by_address_values(new_address.attributes)
+      user_address = user_addresses.find_first_by_address_values(new_address.attributes)
       user_address ||= user_addresses.build
       user_address.address = new_address
-      user_address.archived = false
       user_address
     end
 

data/app/models/spree/core/state_machines/inventory_unit.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Spree
+  module Core
+    class StateMachines
+      # Inventory Units' state machine
+      #
+      # for each event the following instance methods are dynamically implemented:
+      #   #<event_name>
+      #   #<event_name>!
+      #   #can_<event_name>?
+      #
+      # for each state the following instance methods are implemented:
+      #   #<state_name>?
+      #
+      module InventoryUnit
+        extend ActiveSupport::Concern
+
+        included do
+          state_machine initial: :on_hand do
+            event :fill_backorder do
+              transition to: :on_hand, from: :backordered
+            end
+            after_transition on: :fill_backorder, do: :fulfill_order
+
+            event :ship do
+              transition to: :shipped, if: :allow_ship?
+            end
+
+            event :return do
+              transition to: :returned, from: :shipped
+            end
+
+            event :cancel do
+              transition to: :canceled, from: ::Spree::InventoryUnit::CANCELABLE_STATES.map(&:to_sym)
+            end
+          end
+        end
+      end
+    end
+  end
+end