solidus_core 2.11.16 → 2.11.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/spree/log_entry.rb +74 -1
- data/lib/spree/app_configuration.rb +16 -0
- data/lib/spree/core/engine.rb +6 -0
- data/lib/spree/core/version.rb +1 -1
- data/lib/spree/testing_support/factories/user_factory.rb +6 -0
- data/solidus_core.gemspec +1 -0
- metadata +23 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 78b3a6c05e492d60c9690e028991c934d4a2aa33788de045110a62b28924bbcb
|
4
|
+
data.tar.gz: 79213862902521b83cfa4dc56c9f6c59bc79cd6c73920145a53b1a67d3cb1eb2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 18eac571ddd52378a9b186a8f18f8eccb7c0825e9d966926106ccfc07e25792ce0d4081b22175e671638bd1ccf98fd5292328887fa5872075690ddd3c1488fba
|
7
|
+
data.tar.gz: b2c25455b49e633a5b9388d92d2dd6d4bbc22a394f8c8d2eb81deb3e0c04e5fdc8e9a7916f9b4dfe97df2724f0607eb8b3fcaf9542e54e441752efdcf74d91a0
|
@@ -2,10 +2,83 @@
|
|
2
2
|
|
3
3
|
module Spree
|
4
4
|
class LogEntry < Spree::Base
|
5
|
+
# Classes used in core that can be present in serialized details
|
6
|
+
#
|
7
|
+
# Users can add their own classes in
|
8
|
+
# `Spree::Config#log_entry_permitted_classes`.
|
9
|
+
#
|
10
|
+
# @see Spree::AppConfiguration#log_entry_permitted_classes
|
11
|
+
CORE_PERMITTED_CLASSES = [
|
12
|
+
ActiveMerchant::Billing::Response,
|
13
|
+
ActiveSupport::TimeWithZone,
|
14
|
+
Time,
|
15
|
+
ActiveSupport::TimeZone
|
16
|
+
].freeze
|
17
|
+
|
18
|
+
# Raised when a disallowed class is tried to be loaded
|
19
|
+
class DisallowedClass < RuntimeError
|
20
|
+
attr_reader :psych_exception
|
21
|
+
|
22
|
+
def initialize(psych_exception:)
|
23
|
+
@psych_exception = psych_exception
|
24
|
+
super(default_message)
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def default_message
|
30
|
+
<<~MSG
|
31
|
+
#{psych_exception.message}
|
32
|
+
|
33
|
+
You can specify custom classes to be loaded in config/initializers/spree.rb. E.g:
|
34
|
+
|
35
|
+
Spree.config do |config|
|
36
|
+
config.log_entry_permitted_classes = ['MyClass']
|
37
|
+
end
|
38
|
+
MSG
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# Raised when YAML contains aliases and they're not enabled
|
43
|
+
class BadAlias < RuntimeError
|
44
|
+
attr_reader :psych_exception
|
45
|
+
|
46
|
+
def initialize(psych_exception:)
|
47
|
+
@psych_exception = psych_exception
|
48
|
+
super(default_message)
|
49
|
+
end
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def default_message
|
54
|
+
<<~MSG
|
55
|
+
#{psych_exception.message}
|
56
|
+
|
57
|
+
You can explicitly enable aliases in config/initializers/spree.rb. E.g:
|
58
|
+
|
59
|
+
Spree.config do |config|
|
60
|
+
config.log_entry_allow_aliases = true
|
61
|
+
end
|
62
|
+
MSG
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def self.permitted_classes
|
67
|
+
CORE_PERMITTED_CLASSES + Spree::Config.log_entry_permitted_classes.map(&:constantize)
|
68
|
+
end
|
69
|
+
|
5
70
|
belongs_to :source, polymorphic: true, optional: true
|
6
71
|
|
7
72
|
def parsed_details
|
8
|
-
@details ||= YAML.
|
73
|
+
@details ||= YAML.safe_load(
|
74
|
+
details,
|
75
|
+
permitted_classes: self.class.permitted_classes,
|
76
|
+
aliases: Spree::Config.log_entry_allow_aliases
|
77
|
+
)
|
78
|
+
rescue Psych::DisallowedClass => e
|
79
|
+
raise DisallowedClass.new(psych_exception: e)
|
80
|
+
rescue Psych::BadAlias => e
|
81
|
+
raise BadAlias.new(psych_exception: e)
|
9
82
|
end
|
10
83
|
end
|
11
84
|
end
|
@@ -188,6 +188,22 @@ module Spree
|
|
188
188
|
# @return [String] URL of logo used on frontend (default: +'logo/solidus.svg'+)
|
189
189
|
preference :logo, :string, default: 'logo/solidus.svg'
|
190
190
|
|
191
|
+
# @!attribute [rw] log_entry_permitted_classes
|
192
|
+
# @return [Array<String>] An array of extra classes that are allowed to be
|
193
|
+
# loaded from a serialized YAML as details in {Spree::LogEntry}
|
194
|
+
# (defaults to a non-frozen empty array, so that extensions can add
|
195
|
+
# their own classes).
|
196
|
+
# @example
|
197
|
+
# config.log_entry_permitted_classes = ['Date']
|
198
|
+
preference :log_entry_permitted_classes, :array, default: []
|
199
|
+
|
200
|
+
# @!attribute [rw] log_entry_allow_aliases
|
201
|
+
# @return [Boolean] Whether YAML aliases are allowed when loading
|
202
|
+
# serialized data in {Spree::LogEntry}. It defaults to true. Depending
|
203
|
+
# on the source of your data, you may consider disabling it to prevent
|
204
|
+
# entity expansion attacks.
|
205
|
+
preference :log_entry_allow_aliases, :boolean, default: true
|
206
|
+
|
191
207
|
# @!attribute [rw] mails_from
|
192
208
|
# @return [String] Email address used as +From:+ field in transactional emails.
|
193
209
|
preference :mails_from, :string, default: 'solidus@example.com'
|
data/lib/spree/core/engine.rb
CHANGED
@@ -15,6 +15,12 @@ module Spree
|
|
15
15
|
generator.test_framework :rspec
|
16
16
|
end
|
17
17
|
|
18
|
+
if ActiveRecord.respond_to?(:yaml_column_permitted_classes) || ActiveRecord::Base.respond_to?(:yaml_column_permitted_classes)
|
19
|
+
config.active_record.yaml_column_permitted_classes ||= []
|
20
|
+
config.active_record.yaml_column_permitted_classes |=
|
21
|
+
[Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess]
|
22
|
+
end
|
23
|
+
|
18
24
|
initializer "spree.environment", before: :load_config_initializers do |app|
|
19
25
|
app.config.spree = Spree::Config.environment
|
20
26
|
end
|
data/lib/spree/core/version.rb
CHANGED
@@ -21,6 +21,12 @@ FactoryBot.define do
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
+
trait :with_orders do
|
25
|
+
after(:create) do |user, _|
|
26
|
+
create(:order, user: user)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
24
30
|
factory :admin_user do
|
25
31
|
after(:create) do |user, _|
|
26
32
|
admin_role = Spree::Role.find_by(name: 'admin') || create(:role, name: 'admin')
|
data/solidus_core.gemspec
CHANGED
@@ -41,6 +41,7 @@ Gem::Specification.new do |s|
|
|
41
41
|
s.add_dependency 'monetize', '~> 1.8'
|
42
42
|
s.add_dependency 'kt-paperclip', ['>= 4.4.0', '< 7']
|
43
43
|
s.add_dependency 'paranoia', '~> 2.4'
|
44
|
+
s.add_dependency 'psych', ['>= 3.1.0', '< 5.0']
|
44
45
|
s.add_dependency 'ransack', '~> 2.0'
|
45
46
|
s.add_dependency 'state_machines-activerecord', '~> 0.6'
|
46
47
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: solidus_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.11.
|
4
|
+
version: 2.11.17
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Solidus Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionmailer
|
@@ -364,6 +364,26 @@ dependencies:
|
|
364
364
|
- - "~>"
|
365
365
|
- !ruby/object:Gem::Version
|
366
366
|
version: '2.4'
|
367
|
+
- !ruby/object:Gem::Dependency
|
368
|
+
name: psych
|
369
|
+
requirement: !ruby/object:Gem::Requirement
|
370
|
+
requirements:
|
371
|
+
- - ">="
|
372
|
+
- !ruby/object:Gem::Version
|
373
|
+
version: 3.1.0
|
374
|
+
- - "<"
|
375
|
+
- !ruby/object:Gem::Version
|
376
|
+
version: '5.0'
|
377
|
+
type: :runtime
|
378
|
+
prerelease: false
|
379
|
+
version_requirements: !ruby/object:Gem::Requirement
|
380
|
+
requirements:
|
381
|
+
- - ">="
|
382
|
+
- !ruby/object:Gem::Version
|
383
|
+
version: 3.1.0
|
384
|
+
- - "<"
|
385
|
+
- !ruby/object:Gem::Version
|
386
|
+
version: '5.0'
|
367
387
|
- !ruby/object:Gem::Dependency
|
368
388
|
name: ransack
|
369
389
|
requirement: !ruby/object:Gem::Requirement
|
@@ -992,7 +1012,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
992
1012
|
- !ruby/object:Gem::Version
|
993
1013
|
version: 1.8.23
|
994
1014
|
requirements: []
|
995
|
-
rubygems_version: 3.2
|
1015
|
+
rubygems_version: 3.1.2
|
996
1016
|
signing_key:
|
997
1017
|
specification_version: 4
|
998
1018
|
summary: Essential models, mailers, and classes for the Solidus e-commerce project.
|