RubyGems - spree_admin - Versions diffs - 5.0.3 → 5.1.0.beta - Mend

spree_admin 5.0.3 → 5.1.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

data/app/controllers/spree/admin/base_controller.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 module Spree
   module Admin
     class BaseController < Spree::BaseController
+      include Spree::Admin::BreadcrumbConcern
       layout :choose_layout
       helper 'spree/base'
@@ -8,6 +10,7 @@ module Spree
       helper 'spree/locale'
       helper 'spree/currency'
       helper 'spree/addresses'
+      helper 'spree/integrations'
       before_action :authorize_admin
@@ -33,20 +36,24 @@ module Spree
           redirect_to spree.admin_forbidden_path, allow_other_host: true
         else
           store_location
-          if defined?(spree_admin_login_path)
-            redirect_to spree_admin_login_path, allow_other_host: true
-          elsif respond_to?(:spree_login_path)
-            redirect_to spree_login_path, allow_other_host: true
-          elsif spree.respond_to?(:root_path)
-            redirect_to spree.root_path, allow_other_host: true
-          else
-            redirect_to main_app.respond_to?(:root_path) ? main_app.root_path : '/'
-          end
+          try_to_redirect_to_login_path
+        end
+      end
+      def try_to_redirect_to_login_path
+        if defined?(spree_admin_login_path)
+          redirect_to spree_admin_login_path, allow_other_host: true
+        elsif respond_to?(:spree_login_path)
+          redirect_to spree_login_path, allow_other_host: true
+        elsif spree.respond_to?(:root_path)
+          redirect_to spree.root_path, allow_other_host: true
+        else
+          redirect_to main_app.respond_to?(:root_path) ? main_app.root_path : '/'
         end
       end
       def try_spree_current_user
-        if Spree.admin_user_class
+        if Spree.admin_user_class && Spree.admin_user_class != Spree.user_class
           send("current_#{Spree.admin_user_class.model_name.singular_route_key}")
         else
           # use Spree::Core::ControllerHelpers::Auth#try_spree_current_user
@@ -54,6 +61,10 @@ module Spree
         end
       end
+      def store_location_session_key
+        "#{Spree.admin_user_class.model_name.singular_route_key.to_sym}_return_to"
+      end
       def flash_message_for(object, event_sym)
         if object.is_a?(ActiveRecord::Relation)
           resource_desc = object.model.model_name.human.pluralize

data/app/controllers/spree/admin/checkouts_controller.rb CHANGED Viewed

@@ -5,6 +5,10 @@ module Spree
       before_action :load_user, only: [:index]
+      add_breadcrumb Spree.t(:orders), :admin_orders_path
+      add_breadcrumb Spree.t(:draft_orders), :admin_checkouts_path
+      add_breadcrumb_icon 'inbox'
       def index
         params[:q] ||= {}
         params[:q][:s] ||= 'created_at desc'

data/app/controllers/spree/admin/classifications_controller.rb CHANGED Viewed

@@ -69,6 +69,10 @@ module Spree
         sort_orders.fetch(sort_order.to_s, 'manual')
       end
+      def permitted_resource_params
+        params.require(:classification).permit(Spree::PermittedAttributes.classification_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/coupon_codes_controller.rb CHANGED Viewed

@@ -3,6 +3,8 @@ module Spree
     class CouponCodesController < ResourceController
       belongs_to 'spree/promotion', find_by: :id
+      include PromotionsBreadcrumbConcern
       def collection
         return @collection if @collection.present?

data/app/controllers/spree/admin/custom_domains_controller.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 module Spree
   module Admin
     class CustomDomainsController < ResourceController
+      add_breadcrumb Spree.t(:domains), :admin_custom_domains_path
       protected
       def collection_url
@@ -14,6 +16,10 @@ module Spree
       def location_after_save
         spree.admin_custom_domains_path
       end
+      def permitted_resource_params
+        params.require(:custom_domain).permit(Spree::PermittedAttributes.custom_domain_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/customer_returns_controller.rb CHANGED Viewed

@@ -1,6 +1,10 @@
 module Spree
   module Admin
     class CustomerReturnsController < ResourceController
+      add_breadcrumb_icon 'receipt-refund'
+      add_breadcrumb Spree.t(:returns), :admin_customer_returns_path
+      add_breadcrumb Spree.t(:customer_returns), :admin_customer_returns_path
       def index; end
       private

data/app/controllers/spree/admin/dashboard_controller.rb CHANGED Viewed

@@ -7,9 +7,15 @@ module Spree
       before_action :load_vendor
       before_action :clear_return_to, only: %i[show]
-      def show; end
+      def show
+        @breadcrumb_icon = 'home'
+        add_breadcrumb Spree.t(:home), spree.admin_dashboard_path
+      end
-      def getting_started; end
+      def getting_started
+        @breadcrumb_icon = 'map'
+        add_breadcrumb Spree.t('admin.getting_started'), spree.admin_getting_started_path
+      end
       def analytics
         @orders_scope = current_store.orders.complete.where(currency: params[:analytics_currency])
@@ -111,9 +117,11 @@ module Spree
         @audience_growth_rate = calc_growth_rate(@audience_total, previous_audience_total)
         @audience = if same_day?
-                      @audience_scope.group_by_hour(:created_at, range: analytics_time_range, time_zone: current_store.preferred_timezone, default_value: 0)
+                      @audience_scope.group_by_hour(:created_at, range: analytics_time_range, time_zone: current_store.preferred_timezone,
+                                                                 default_value: 0)
                     else
-                      @audience_scope.group_by_day(:created_at, range: analytics_time_range, time_zone: current_store.preferred_timezone, default_value: 0)
+                      @audience_scope.group_by_day(:created_at, range: analytics_time_range, time_zone: current_store.preferred_timezone,
+                                                                default_value: 0)
                     end
         return unless defined?(Ahoy)
@@ -123,25 +131,22 @@ module Spree
         previous_visits_total = Ahoy::Visit.where(started_at: previous_analytics_time_range).count
         @visits_growth_rate = calc_growth_rate(@visits_total, previous_visits_total)
-        @visits_scope = Ahoy::Visit.where(started_at: analytics_time_range)
-        @visits_total = @visits_scope.count
-        previous_visits_total = Ahoy::Visit.where(started_at: previous_analytics_time_range).count
-        @visits_growth_rate = calc_growth_rate(@visits_total, previous_visits_total)
         @visits = if same_day?
-                    @visits_scope.group_by_hour(:started_at, range: analytics_time_range, time_zone: current_store.preferred_timezone, default_value: 0)
+                    @visits_scope.group_by_hour(:started_at, range: analytics_time_range, time_zone: current_store.preferred_timezone,
+                                                             default_value: 0)
                   else
-                    @visits_scope.group_by_day(:started_at, range: analytics_time_range, time_zone: current_store.preferred_timezone, default_value: 0)
+                    @visits_scope.group_by_day(:started_at, range: analytics_time_range, time_zone: current_store.preferred_timezone,
+                                                            default_value: 0)
                   end
-        @top_landing_pages = @visits_scope.where.not(landing_page_title: [nil, '']).top(:landing_page_title, 10)
+        @top_landing_pages = @visits_scope.where.not(landing_page: [nil, '']).top(:landing_page, 10)
         @top_referrers = @visits_scope.where.not(referring_domain: current_store.custom_domains.pluck(:url) << current_store.url).top(
           :referring_domain, 10
         )
         @top_locations = @visits_scope.top(:country, 10)
         @top_devices = @visits_scope.group(:device_type).count.transform_keys do |device|
-                        device.nil? ? 'N/A' : device
-                      end.map { |series| [series.first, (series.second.to_f / @visits_scope.count) * 100] }
+          device.nil? ? 'N/A' : device
+        end.map { |series| [series.first, (series.second.to_f / @visits_scope.count) * 100] }
       end
     end
   end

data/app/controllers/spree/admin/digital_assets_controller.rb CHANGED Viewed

@@ -3,6 +3,10 @@ module Spree
     class DigitalAssetsController < ResourceController
       belongs_to 'spree/product', find_by: :slug
+      include ProductsBreadcrumbConcern
+      before_action :add_breadcrumbs
       private
       def model_class
@@ -40,6 +44,10 @@ module Spree
       def permitted_resource_params
         params.require(:digital_asset).permit(permitted_digital_attributes)
       end
+      def add_breadcrumbs
+        add_breadcrumb Spree.t(:digital_assets), spree.admin_product_digital_assets_path(@product)
+      end
     end
   end
 end

data/app/controllers/spree/admin/exports_controller.rb CHANGED Viewed

@@ -40,8 +40,12 @@ module Spree
       end
       def assign_params
-        @object.type = params.dig(:export, :type) if Spree::Export.available_types.map(&:to_s).include?(params.dig(:export, :type))
-        @object.search_params = params.dig(:export, :search_params)
+        @object.type = permitted_resource_params[:type] if Spree::Export.available_types.map(&:to_s).include?(permitted_resource_params[:type])
+        @object.search_params = permitted_resource_params[:search_params]
+      end
+      def permitted_resource_params
+        params.require(:export).permit(permitted_export_attributes)
       end
     end
   end

data/app/controllers/spree/admin/integrations_controller.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module Spree
+  module Admin
+    class IntegrationsController < ResourceController
+      include Spree::Admin::PreferencesConcern
+      prepend_before_action :require_integration_type, only: %i[new create]
+      prepend_before_action :prevent_from_creating_more_integrations, only: %i[new create]
+      before_action -> { clear_empty_password_preferences(:integration) }, only: :update
+      before_action :check_if_can_connect, only: %i[create update]
+      add_breadcrumb Spree.t(:integrations), :admin_integrations_path
+      add_breadcrumb_icon 'plug-connected'
+      private
+      def allowed_integration_types
+        @allowed_integration_types ||= Rails.application.config.spree.integrations.map { |klass| [klass.to_s, klass] }.to_h
+      end
+      def require_integration_type
+        redirect_to spree.admin_integrations_path unless params.dig(:integration, :type).present?
+      end
+      def prevent_from_creating_more_integrations
+        type = params.dig(:integration, :type)
+        if allowed_integration_types.key?(type) && allowed_integration_types[type].for_store(current_store).exists?
+          redirect_to spree.admin_integrations_path
+        end
+      end
+      def build_resource
+        return unless params[:integration].present?
+        type = params[:integration].delete(:type)
+        if allowed_integration_types.key?(type)
+          @object = allowed_integration_types[type].new
+        else
+          flash[:error] = Spree.t('admin.integrations.invalid_integration_type')
+          redirect_to spree.admin_integrations_path
+        end
+      end
+      def check_if_can_connect
+        @integration.attributes = permitted_resource_params
+        unless @integration.can_connect?
+          @integration.errors.add(:base, :unable_to_connect, error_message: @integration.connection_error_message)
+          render action == :create ? :new : :edit, status: :unprocessable_entity
+        end
+      end
+      def permitted_resource_params
+        params.require(:integration).permit(*permitted_integration_attributes + @object.preferences.keys.map { |key| "preferred_#{key}" })
+      end
+    end
+  end
+end

data/app/controllers/spree/admin/invitations_controller.rb ADDED Viewed

@@ -0,0 +1,128 @@
+module Spree
+  module Admin
+    class InvitationsController < BaseController
+      skip_before_action :authorize_admin, only: [:show, :accept]
+      add_breadcrumb Spree.t(:users), :admin_admin_users_path
+      add_breadcrumb Spree.t(:invitations), :admin_invitations_path
+      before_action :load_parent, except: [:show]
+      before_action :load_invitation, only: [:destroy]
+      before_action :load_roles, only: [:new, :create]
+      layout :choose_layout
+      # GET /admin/invitations
+      def index
+        params[:q] ||= {}
+        params[:q][:s] ||= 'created_at desc'
+        @search = scope.includes(:inviter, :role).ransack(params[:q])
+        @collection = @search.result
+      end
+      # GET /admin/invitations/new
+      def new
+        authorize! :create, Spree::Invitation
+        authorize! :manage, @parent
+        @invitation = Spree::Invitation.new
+        @invitation.resource = @parent
+        @invitation.inviter = try_spree_current_user
+      end
+      # POST /admin/invitations
+      def create
+        authorize! :create, Spree::Invitation
+        authorize! :manage, @parent
+        @invitation = Spree::Invitation.new(permitted_params)
+        @invitation.resource = @parent
+        @invitation.inviter = try_spree_current_user
+        if @invitation.save
+          respond_to do |format|
+            format.html { redirect_to spree.admin_invitations_path, notice: flash_message_for(@invitation, :successfully_created) }
+            format.turbo_stream
+          end
+        else
+          render :new, status: :unprocessable_entity
+        end
+      end
+      # GET /admin/invitations/:id?token=:token
+      def show
+        @invitation = Spree::Invitation.pending.not_expired.find_by!(id: params[:id], token: params[:token])
+        @parent = @invitation.resource
+        if try_spree_current_user.present?
+          unless @invitation.invitee == try_spree_current_user
+            raise ActiveRecord::RecordNotFound
+          end
+        elsif @invitation.invitee.present?
+          store_location
+          try_to_redirect_to_login_path
+        else
+          redirect_to spree.new_admin_admin_user_path(token: @invitation.token), status: :see_other
+        end
+      rescue ActiveRecord::RecordNotFound
+        redirect_to spree.root_path, alert: Spree.t('invalid_or_expired_invitation')
+        nil
+      end
+      # PUT /admin/invitations/:id/accept
+      def accept
+        @invitation = try_spree_current_user.invitations.pending.not_expired.find(params[:id])
+        authorize! :accept, @invitation
+        @invitation.accept!
+        redirect_to spree.admin_path, notice: Spree.t('invitation_accepted')
+      end
+      # PUT /admin/invitations/:id/resend
+      def resend
+        @invitation = scope.find(params[:id])
+        @invitation.resend!
+        redirect_back fallback_location: spree.admin_invitations_path, notice: Spree.t('invitation_resent')
+      end
+      # DELETE /admin/invitations/:id
+      def destroy
+        authorize! :destroy, @invitation
+        @invitation.destroy
+        redirect_back fallback_location: spree.admin_invitations_path, notice: flash_message_for(@invitation, :successfully_removed)
+      end
+      private
+      def load_invitation
+        @invitation = scope.find(params[:id])
+      end
+      def load_parent
+        @parent = current_store
+      end
+      def scope
+        Spree::Invitation.accessible_by(current_ability).where(resource: @parent)
+      end
+      def load_roles
+        @roles = Spree::Role.accessible_by(current_ability)
+      end
+      def permitted_params
+        params.require(:invitation).permit(Spree::PermittedAttributes.invitation_attributes)
+      end
+      def choose_layout
+        action_name == 'show' ? 'spree/minimal' : 'spree/admin'
+      end
+      def model_class
+        Spree::Invitation
+      end
+    end
+  end
+end

data/app/controllers/spree/admin/line_items_controller.rb CHANGED Viewed

@@ -116,6 +116,10 @@ module Spree
           model_class.new
         end
       end
+      def permitted_resource_params
+        params.require(:line_item).permit(permitted_line_item_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/oauth_applications_controller.rb CHANGED Viewed

@@ -3,6 +3,8 @@ module Spree
     class OauthApplicationsController < ResourceController
       before_action :set_default_scopes, only: [:new, :edit]
+      add_breadcrumb Spree.t(:developers), :admin_oauth_applications_path
       private
       def collection
@@ -22,6 +24,10 @@ module Spree
       def set_default_scopes
         @object.scopes = 'admin' if @object.scopes.blank?
       end
+      def permitted_resource_params
+        params.require(:oauth_application).permit(:name, :scopes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/option_types_controller.rb CHANGED Viewed

@@ -3,6 +3,11 @@ module Spree
     class OptionTypesController < ResourceController
       before_action :setup_new_option_value, only: :edit
+      include ProductsBreadcrumbConcern
+      add_breadcrumb Spree.t(:options), :admin_option_types_path
+      before_action :add_breadcrumbs
       private
       def collection
@@ -18,6 +23,16 @@ module Spree
       def setup_new_option_value
         @option_type.option_values.build if @option_type.option_values.empty?
       end
+      def add_breadcrumbs
+        if @option_type.present? && @option_type.persisted?
+          add_breadcrumb @option_type.presentation, spree.edit_admin_option_type_path(@option_type)
+        end
+      end
+      def permitted_resource_params
+        params.require(:option_type).permit(permitted_option_type_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/option_values_controller.rb CHANGED Viewed

@@ -16,6 +16,10 @@ module Spree
       def location_after_save
         spree.edit_admin_option_type_path(@parent)
       end
+      def permitted_resource_params
+        params.require(:option_value).permit(permitted_option_value_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/orders/return_authorizations_controller.rb CHANGED Viewed

@@ -84,6 +84,10 @@ module Spree
         def model_class
           Spree::ReturnAuthorization
         end
+        def permitted_resource_params
+          params.require(:return_authorization).permit(permitted_return_authorization_attributes)
+        end
       end
     end
   end

data/app/controllers/spree/admin/orders_controller.rb CHANGED Viewed

@@ -11,12 +11,23 @@ module Spree
       helper_method :model_class
+      add_breadcrumb Spree.t(:orders), :admin_orders_path
+      add_breadcrumb_icon 'inbox'
       def create
         @order = Spree::Order.create(created_by: try_spree_current_user, store: current_store)
         redirect_to spree.edit_admin_order_path(@order)
       end
+      def edit
+        unless @order.completed?
+          add_breadcrumb Spree.t(:draft_orders), :admin_checkouts_path
+        end
+        add_breadcrumb @order.number, spree.edit_admin_order_path(@order)
+      end
       def index
         params[:q] ||= {}
         params[:q][:s] ||= 'completed_at desc'

data/app/controllers/spree/admin/page_blocks_controller.rb CHANGED Viewed

@@ -27,9 +27,10 @@ module Spree
       def create
         page_block_type = params.dig(:page_block, :type)
+        allowed_type = allowed_types.find { |type| type.to_s == page_block_type }
-        if allowed_types.map(&:to_s).include?(page_block_type) && page_block_type.safe_constantize.present?
-          @page_block = page_block_type.constantize.new
+        if allowed_type
+          @page_block = allowed_type.new
           @page_block.section = @page_section
           @page_block.save!
         end

data/app/controllers/spree/admin/page_links_controller.rb CHANGED Viewed

@@ -38,6 +38,15 @@ module Spree
         @page_link.linkable_type ||= @parent.default_linkable_type
         @page_link.linkable ||= @parent.default_linkable_resource
       end
+      # for create action we don't pass the page_link at all
+      def permitted_resource_params
+        if params[:page_link].present?
+          params.require(:page_link).permit(permitted_page_link_attributes)
+        else
+          {}
+        end
+      end
     end
   end
 end

data/app/controllers/spree/admin/page_sections_controller.rb CHANGED Viewed

@@ -9,10 +9,15 @@ module Spree
         page_section_type = params.dig(:page_section, :type)
         allowed_types = available_page_section_types.map(&:to_s)
-        if allowed_types.include?(page_section_type) && page_section_type.safe_constantize.present?
-          @page_section = page_section_type.constantize.new(permitted_resource_params)
-          @page_section.pageable = @pageable
-          @page_section.save!
+        if allowed_types.include?(page_section_type)
+          # Find the actual class from our allowed types rather than using constantize
+          section_class = available_page_section_types.find { |type| type.to_s == page_section_type }
+          if section_class
+            @page_section = section_class.new(permitted_resource_params)
+            @page_section.pageable = @pageable
+            @page_section.save!
+          end
         end
       end
@@ -64,6 +69,10 @@ module Spree
           []
         end
       end
+      def permitted_resource_params
+        params.require(:page_section).permit(permitted_page_section_attributes + @object.preferences.keys.map { |key| "preferred_#{key}" })
+      end
     end
   end
 end

data/app/controllers/spree/admin/pages_controller.rb CHANGED Viewed

@@ -6,6 +6,9 @@ module Spree
       destroy.after :remove_preview_from_session
       create.after :remove_preview_from_session
+      include StorefrontBreadcrumbConcern
+      add_breadcrumb Spree.t(:pages), :admin_pages_path
       private
       def remove_preview_from_session
@@ -35,6 +38,10 @@ module Spree
         @search = @collection.ransack(params[:q])
         @collection = @search.result.page(params[:page]).per(params[:per_page])
       end
+      def permitted_resource_params
+        params.require(:page).permit(permitted_page_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/payment_methods_controller.rb CHANGED Viewed

@@ -1,13 +1,25 @@
 module Spree
   module Admin
     class PaymentMethodsController < ResourceController
+      include Spree::Admin::PreferencesConcern
+      add_breadcrumb Spree.t(:payment_methods), :admin_payment_methods_path
       prepend_before_action :require_payment_type, only: [:new, :create]
-      before_action :clear_empty_password_preferences, only: :update
+      before_action -> { clear_empty_password_preferences(:payment_method) }, only: :update
+      before_action :set_breadcrumb, only: :edit
       private
       def build_resource
-        @object = params[:payment_method].delete(:type).constantize.new if params[:payment_method].present?
+        if params[:payment_method].present?
+          payment_type = params[:payment_method].delete(:type)
+          # Find the actual class from our allowed types rather than using constantize
+          payment_class = allowed_payment_types.find { |type| type.to_s == payment_type }
+          if payment_class
+            @object = payment_class.new
+          end
+        end
       end
       def collection
@@ -28,17 +40,16 @@ module Spree
         redirect_to spree.admin_payment_methods_path unless params.dig(:payment_method, :type).present?
       end
-      def clear_empty_password_preferences
-        if params[:payment_method].present?
-          password_preferences = @object.preferences_of_type(:password)
-          password_preferences.each do |preference|
-            preference_key = "preferred_#{preference}"
+      def set_breadcrumb
+        add_breadcrumb @payment_method.name, spree.edit_admin_payment_method_path(@payment_method)
+      end
-            if params.dig(:payment_method, preference_key).blank? && @object.preferences[preference].present?
-              params[:payment_method].delete(preference_key)
-            end
-          end
-        end
+      def allowed_payment_types
+        Rails.application.config.spree.payment_methods
+      end
+      def permitted_resource_params
+        params.require(:payment_method).permit(permitted_payment_method_attributes + @object.preferences.keys.map { |key| "preferred_#{key}" })
       end
     end
   end