solidus_core 4.4.2 → 4.5.1

data/app/models/spree/money.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module Spree
+  # Spree::Money is a relatively thin wrapper around Monetize which handles
+  # formatting via Spree::Config.
+  class Money
+    include Comparable
+    DifferentCurrencyError = Class.new(StandardError)
+
+    class << self
+      attr_accessor :default_formatting_rules
+
+      def parse(amount, currency = Spree::Config[:currency])
+        new(parse_to_money(amount, currency))
+      end
+
+      # @api private
+      def parse_to_money(amount, currency)
+        ::Monetize.parse(amount, currency)
+      end
+    end
+    self.default_formatting_rules = {
+      # Ruby money currently has this as false, which is wrong for the vast
+      # majority of locales.
+      sign_before_symbol: true
+    }
+
+    attr_reader :money
+
+    delegate :cents, :currency, :to_d, :zero?, to: :money
+
+    # @param amount [Money, #to_s] the value of the money object
+    # @param options [Hash] the default options for formatting the money object See #format
+    def initialize(amount, options = {})
+      if amount.is_a?(::Money)
+        @money = amount
+      else
+        currency = options[:currency] || Spree::Config[:currency]
+
+        @money = Monetize.from_string(amount, currency)
+      end
+      @options = Spree::Money.default_formatting_rules.merge(options)
+    end
+
+    # @return [String] the value of this money object formatted according to
+    #   its options
+    def to_s
+      format
+    end
+
+    # @param options [Hash, String] the options for formatting the money object
+    # @option options [Boolean] with_currency when true, show the currency
+    # @option options [Boolean] no_cents when true, round to the closest dollar
+    # @option options [String] decimal_mark the mark for delimiting the
+    #   decimals
+    # @option options [String, false, nil] thousands_separator the character to
+    #   delimit powers of 1000, if one is desired, otherwise false or nil
+    # @option options [Boolean] sign_before_symbol when true the sign of the
+    #   value comes before the currency symbol
+    # @option options [:before, :after] symbol_position the position of the
+    #   currency symbol
+    # @return [String] the value of this money object formatted according to
+    #   its options
+    def format(options = {})
+      @money.format(@options.merge(options))
+    end
+
+    # @note If you pass in options, ensure you pass in the { html_wrap: true } as well.
+    # @param options [Hash] additional formatting options
+    # @return [String] the value of this money object formatted according to
+    #   its options and any additional options, by default with html_wrap.
+    def to_html(options = { html_wrap: true })
+      output = format(options)
+      # Maintain compatibility by checking html option renamed to html_wrap.
+      if options[:html_wrap]
+        output = output.html_safe
+      end
+      output
+    end
+
+    # (see #to_s)
+    def as_json(*)
+      to_s
+    end
+
+    def <=>(other)
+      if !other.respond_to?(:money)
+        raise TypeError, "Can't compare #{other.class} to Spree::Money"
+      end
+      if currency != other.currency
+        # By default, ::Money will try to run a conversion on `other.money` and
+        # try a comparison on that. We do not want any currency conversion to
+        # take place so we'll catch this here and raise an error.
+        raise(
+          DifferentCurrencyError,
+          "Can't compare #{currency} with #{other.currency}"
+        )
+      end
+      @money <=> other.money
+    end
+
+    # Delegates comparison to the internal ruby money instance.
+    #
+    # @see http://www.rubydoc.info/gems/money/Money/Arithmetic#%3D%3D-instance_method
+    def ==(other)
+      raise TypeError, "Can't compare #{other.class} to Spree::Money" if !other.respond_to?(:money)
+      @money == other.money
+    end
+
+    def -(other)
+      raise TypeError, "Can't subtract #{other.class} to Spree::Money" if !other.respond_to?(:money)
+      self.class.new(@money - other.money)
+    end
+
+    def +(other)
+      raise TypeError, "Can't add #{other.class} to Spree::Money" if !other.respond_to?(:money)
+      self.class.new(@money + other.money)
+    end
+  end
+end

data/app/models/spree/order.rb

@@ -26,6 +26,7 @@ module Spree
     include ::Spree::Config.state_machines.order
 
     include Spree::Order::Payments
+    include Metadata
 
     class InsufficientStock < StandardError
       attr_reader :items
@@ -163,8 +164,24 @@ module Spree
     delegate :name, to: :bill_address, prefix: true, allow_nil: true
     alias_method :billing_name, :bill_address_name
 
-    class_attribute :line_item_comparison_hooks
-    self.line_item_comparison_hooks = Set.new
+    delegate :line_item_comparison_hooks, to: :class
+    class << self
+      def line_item_comparison_hooks=(value)
+        Spree::Config.line_item_comparison_hooks = value.to_a
+      end
+      line_item_hooks_deprecation_msg = "Use Spree::Config.line_item_comparison_hooks instead."
+      deprecate :line_item_comparison_hooks= => line_item_hooks_deprecation_msg, :deprecator => Spree.deprecator
+
+      def line_item_comparison_hooks
+        Spree::Config.line_item_comparison_hooks
+      end
+      deprecate line_item_comparison_hooks: line_item_hooks_deprecation_msg, deprecator: Spree.deprecator
+
+      def register_line_item_comparison_hook(hook)
+        Spree::Config.line_item_comparison_hooks << hook
+      end
+      deprecate register_line_item_comparison_hook: line_item_hooks_deprecation_msg, deprecator: Spree.deprecator
+    end
 
     scope :created_between, ->(start_date, end_date) { where(created_at: start_date..end_date) }
     scope :completed_between, ->(start_date, end_date) { where(completed_at: start_date..end_date) }
@@ -198,12 +215,6 @@ module Spree
       where.not(state: 'canceled')
     end
 
-    # Use this method in other gems that wish to register their own custom logic
-    # that should be called when determining if two line items are equal.
-    def self.register_line_item_comparison_hook(hook)
-      line_item_comparison_hooks.add(hook)
-    end
-
     # For compatiblity with Calculator::PriceSack
     def amount
       line_items.sum(&:amount)
@@ -356,7 +367,7 @@ module Spree
     def line_item_options_match(line_item, options)
       return true unless options
 
-      line_item_comparison_hooks.all? { |hook|
+      Spree::Config.line_item_comparison_hooks.all? { |hook|
         send(hook, line_item, options)
       }
     end

data/app/models/spree/order_merger.rb

@@ -78,7 +78,7 @@ module Spree
     def find_matching_line_item(other_order_line_item)
       order.line_items.detect do |my_li|
         my_li.variant == other_order_line_item.variant &&
-          order.line_item_comparison_hooks.all? do |hook|
+          Spree::Config.line_item_comparison_hooks.all? do |hook|
             order.send(hook, my_li, other_order_line_item.serializable_hash)
           end
       end

data/app/models/spree/order_taxation.rb

@@ -28,6 +28,7 @@ module Spree
 
       @order.line_items.each do |item|
         taxed_items = taxes.line_item_taxes.select { |element| element.item_id == item.id }
+        item.tax_category_id = item.variant_tax_category_id
         update_adjustments(item, taxed_items)
       end
 

data/app/models/spree/order_updater.rb

@@ -113,7 +113,7 @@ module Spree
       # It also fits the criteria for sales tax as outlined here:
       # http://www.boe.ca.gov/formspubs/pub113/
       update_promotions
-      update_taxes
+      update_tax_adjustments
       update_item_totals
     end
 
@@ -198,21 +198,8 @@ module Spree
       Spree::Config.promotions.order_adjuster_class.new(order).call
     end
 
-    def update_taxes
+    def update_tax_adjustments
       Spree::Config.tax_adjuster_class.new(order).adjust!
-
-      [*line_items, *shipments].each do |item|
-        tax_adjustments = item.adjustments.select(&:tax?)
-        # Tax adjustments come in not one but *two* exciting flavours:
-        # Included & additional
-
-        # Included tax adjustments are those which are included in the price.
-        # These ones should not affect the eventual total price.
-        #
-        # Additional tax adjustments are the opposite, affecting the final total.
-        item.included_tax_total   = tax_adjustments.select(&:included?).sum(&:amount)
-        item.additional_tax_total = tax_adjustments.reject(&:included?).sum(&:amount)
-      end
     end
 
     def update_cancellations
@@ -221,21 +208,17 @@ module Spree
 
     def update_item_totals
       [*line_items, *shipments].each do |item|
-        # The cancellation_total isn't persisted anywhere but is included in
-        # the adjustment_total
-        item.adjustment_total = item.adjustments.
-          reject(&:included?).
-          sum(&:amount)
-
-        if item.changed?
-          item.update_columns(
-            promo_total:          item.promo_total,
-            included_tax_total:   item.included_tax_total,
-            additional_tax_total: item.additional_tax_total,
-            adjustment_total:     item.adjustment_total,
-            updated_at:           Time.current,
-          )
-        end
+        Spree::Config.item_total_class.new(item).recalculate!
+
+        next unless item.changed?
+
+        item.update_columns(
+          promo_total:          item.promo_total,
+          included_tax_total:   item.included_tax_total,
+          additional_tax_total: item.additional_tax_total,
+          adjustment_total:     item.adjustment_total,
+          updated_at:           Time.current,
+        )
       end
     end
   end

data/app/models/spree/payment.rb

@@ -7,6 +7,7 @@ module Spree
   #
   class Payment < Spree::Base
     include Spree::Payment::Processing
+    include Metadata
 
     IDENTIFIER_CHARS    = (('A'..'Z').to_a + ('0'..'9').to_a - %w(0 1 I O)).freeze
     NON_RISKY_AVS_CODES = ['B', 'D', 'H', 'J', 'M', 'Q', 'T', 'V', 'X', 'Y'].freeze

data/app/models/spree/permission_sets/base.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # This is the base class used for crafting permission sets.
+    #
+    # This is used by {Spree::RoleConfiguration} when adding custom behavior to {Spree::Ability}.
+    # See one of the subclasses for example structure such as {Spree::PermissionSets::UserDisplay}
+    #
+    # @see Spree::RoleConfiguration
+    # @see Spree::PermissionSets
+    class Base
+      # @param ability [CanCan::Ability]
+      #   The ability that will be extended with the current permission set.
+      #   The ability passed in must respond to #user
+      def initialize(ability)
+        @ability = ability
+      end
+
+      # Activate permissions on the ability. Put your can and cannot statements here.
+      # Must be overridden by subclasses
+      def activate!
+        raise NotImplementedError.new
+      end
+
+      # Provide the permission set privilege in the form of a :symbol.
+      # Must be overridden by subclasses.
+      def self.privilege
+        raise NotImplementedError, "Subclass #{name} must define a privilege using `self.privilege :symbol`"
+      end
+
+      # Provide the permission set category in the form of a :symbol.
+      # Must be overridden by subclasses.
+      def self.category
+        raise NotImplementedError, "Subclass #{name} must define a category using `self.category :symbol`"
+      end
+
+      private
+
+      attr_reader :ability
+
+      delegate :can, :cannot, :user, to: :ability
+    end
+  end
+end

data/app/models/spree/permission_sets/configuration_display.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read-only permissions for e-commerce settings.
+    #
+    # Roles with this permission will be able to view information, also from the admin
+    # panel, about:
+    #
+    # - Tax categories
+    # - Tax rates
+    # - Zones
+    # - Countries
+    # - States
+    # - Payment methods
+    # - Taxonomies
+    # - Shipping methods
+    # - Shipping categories
+    # - Stock locations
+    # - Stock movements
+    # - Refund reasons
+    # - Reimbursement types
+    # - Return reasons
+    class ConfigurationDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :configuration
+        end
+      end
+
+      def activate!
+        can [:read, :admin], Spree::TaxCategory
+        can [:read, :admin], Spree::TaxRate
+        can [:read, :admin], Spree::Zone
+        can [:read, :admin], Spree::Country
+        can [:read, :admin], Spree::State
+        can [:read, :admin], Spree::PaymentMethod
+        can [:read, :admin], Spree::Taxonomy
+        can [:read, :admin], Spree::ShippingMethod
+        can [:read, :admin], Spree::ShippingCategory
+        can [:read, :admin], Spree::StockLocation
+        can [:read, :admin], Spree::StockMovement
+        can [:read, :admin], Spree::RefundReason
+        can [:read, :admin], Spree::ReimbursementType
+        can [:read, :admin], Spree::ReturnReason
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/configuration_management.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read and write permissions for e-commerce settings.
+    #
+    # Roles with this permission set will have full control over:
+    #
+    # - Tax categories
+    # - Tax rates
+    # - Zones
+    # - Countries
+    # - States
+    # - Payment methods
+    # - Taxonomies
+    # - Shipping methods
+    # - Shipping categories
+    # - Stock locations
+    # - Stock movements
+    # - Refund reasons
+    # - Reimbursement types
+    # - Return reasons
+    class ConfigurationManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :configuration
+        end
+      end
+
+      def activate!
+        can :manage, Spree::TaxCategory
+        can :manage, Spree::TaxRate
+        can :manage, Spree::Zone
+        can :manage, Spree::Country
+        can :manage, Spree::State
+        can :manage, Spree::PaymentMethod
+        can :manage, Spree::Taxonomy
+        can :manage, Spree::ShippingMethod
+        can :manage, Spree::ShippingCategory
+        can :manage, Spree::StockLocation
+        can :manage, Spree::StockMovement
+        can :manage, Spree::RefundReason
+        can :manage, Spree::ReimbursementType
+        can :manage, Spree::ReturnReason
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/dashboard_display.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Permissions for viewing the admin dashboard.
+    #
+    # Roles with this permission set will be able to view the admin dashboard,
+    # which may or not contain sensitive information depending on
+    # customizations.
+    class DashboardDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :other
+        end
+
+        def category
+          :dashboard_display
+        end
+      end
+
+      def activate!
+          Spree.deprecator.warn "The #{self.class.name} module is deprecated. " \
+            "If you still use dashboards, please copy all controllers and views from #{self.class.name} to your application."
+          can [:admin, :home], :dashboards
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/default_customer.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Permissions for e-commerce customers.
+    #
+    # This permission set is always added to the `:default` role, which in turn
+    # is the default role for all users without any explicit roles.
+    #
+    # Permissions include reading and updating orders when the ability's user
+    # has been assigned as the order's user, unless the order is already
+    # completed. Same is true for guest checkout orders.
+    #
+    # It grants read-only permissions for the following resources typically used
+    # during a checkout process:
+    #
+    # - Zones
+    # - Countries
+    # - States
+    # - Taxons
+    # - Taxonomies
+    # - Products
+    # - Properties
+    # - Product properties
+    # - Variants
+    # - Option types
+    # - Option values
+    # - Stock items
+    # - Stock locations
+    #
+    # Abilities with this role can also create refund authorizations for orders
+    # with the same user, as well as reading and updating the user record and
+    # their associated cards.
+    class DefaultCustomer < PermissionSets::Base
+      class << self
+        def privilege
+          :other
+        end
+
+        def category
+          :default_customer
+        end
+      end
+
+      def activate!
+        can :read, Country
+        can :read, OptionType
+        can :read, OptionValue
+        can :create, Order do |order, token|
+          # same user, or both nil
+          order.user == user ||
+            # guest checkout order
+            order.email.present? ||
+            # via API, just like with show and update
+            (order.guest_token.present? && token == order.guest_token)
+        end
+        can [:show, :update], Order, Order.where(user:) do |order, token|
+          order.user == user || (order.guest_token.present? && token == order.guest_token)
+        end
+        cannot :update, Order do |order|
+          order.completed?
+        end
+        can :create, ReturnAuthorization do |return_authorization|
+          return_authorization.order.user == user
+        end
+        can [:read, :update], CreditCard, user_id: user.id
+        can :read, Product
+        can :read, ProductProperty
+        can :read, Property
+        can :create, Spree.user_class
+        can [:show, :update, :update_email], Spree.user_class, id: user.id
+        can :read, State
+        can :read, StockItem, stock_location: { active: true }
+        can :read, StockLocation, active: true
+        can :read, Taxon
+        can :read, Taxonomy
+        can [:save_in_address_book, :remove_from_address_book], Spree.user_class, id: user.id
+        can [:read, :view_out_of_stock], Variant
+        can :read, Zone
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/order_display.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read permissions for orders.
+    #
+    # This permission set allows users to view all related information about
+    # orders, also from the admin panel, including:
+    #
+    # - Orders
+    # - Payments
+    # - Shipments
+    # - Adjustments
+    # - Line items
+    # - Return authorizations
+    # - Customer returns
+    # - Order cancellations
+    # - Reimbursements
+    # - Return items
+    # - Refunds
+    #
+    # However, it does not allow any modifications to be made to any of these
+    # resources.
+    class OrderDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :order
+        end
+      end
+
+      def activate!
+        can [:read, :admin, :edit, :cart], Spree::Order
+        can [:read, :admin], Spree::Payment
+        can [:read, :admin], Spree::Shipment
+        can [:read, :admin], Spree::Adjustment
+        can [:read, :admin], Spree::LineItem
+        can [:read, :admin], Spree::ReturnAuthorization
+        can [:read, :admin], Spree::CustomerReturn
+        can [:read, :admin], Spree::OrderCancellations
+        can [:read, :admin], Spree::Reimbursement
+        can [:read, :admin], Spree::ReturnItem
+        can [:read, :admin], Spree::Refund
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/order_management.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Full permissions for order management.
+    #
+    # This permission set grants full control over all order and related resources,
+    # including:
+    #
+    # - Orders
+    # - Payments
+    # - Shipments
+    # - Adjustments
+    # - Line items
+    # - Return authorizations
+    # - Customer returns
+    # - Order cancellations
+    # - Reimbursements
+    # - Return items
+    # - Refunds
+    #
+    # It also allows reading reimbursement types, but not modifying them.
+    class OrderManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :order
+        end
+      end
+
+      def activate!
+        can :read, Spree::ReimbursementType
+        can :manage, Spree::Order
+        can :manage, Spree::Payment
+        can :manage, Spree::Shipment
+        can :manage, Spree::Adjustment
+        can :manage, Spree::LineItem
+        can :manage, Spree::ReturnAuthorization
+        can :manage, Spree::CustomerReturn
+        can :manage, Spree::OrderCancellations
+        can :manage, Spree::Reimbursement
+        can :manage, Spree::ReturnItem
+        can :manage, Spree::Refund
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/product_display.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read-only permissions for products.
+    #
+    # This permission set allows users to view all related information about
+    # products, also from the admin panel, including:
+    #
+    # - Products
+    # - Images
+    # - Variants
+    # - Option values
+    # - Product properties
+    # - Option types
+    # - Properties
+    # - Taxonomies
+    # - Taxons
+    class ProductDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :product
+        end
+      end
+
+      def activate!
+        can [:read, :admin, :edit], Spree::Product
+        can [:read, :admin], Spree::Image
+        can [:read, :admin], Spree::Variant
+        can [:read, :admin], Spree::OptionValue
+        can [:read, :admin], Spree::ProductProperty
+        can [:read, :admin], Spree::OptionType
+        can [:read, :admin], Spree::Property
+        can [:read, :admin], Spree::Taxonomy
+        can [:read, :admin], Spree::Taxon
+      end
+    end
+  end
+end