RubyGems - spree_admin - Versions diffs - 5.0.3 → 5.1.0.beta - Mend

spree_admin 5.0.3 → 5.1.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

data/app/controllers/spree/admin/post_categories_controller.rb CHANGED Viewed

@@ -1,6 +1,9 @@
 module Spree
   module Admin
     class PostCategoriesController < ResourceController
+      include StorefrontBreadcrumbConcern
+      add_breadcrumb Spree.t(:posts), :admin_posts_path
+      add_breadcrumb Spree.t(:categories), :admin_post_categories_path
     end
   end
 end

data/app/controllers/spree/admin/posts_controller.rb CHANGED Viewed

@@ -3,6 +3,11 @@ module Spree
     class PostsController < ResourceController
       before_action :load_post_categories
+      include StorefrontBreadcrumbConcern
+      add_breadcrumb Spree.t(:posts), :admin_posts_path
+      before_action :add_breadcrumb_for_post, only: [:edit, :update]
       def select_options
         render json: current_store.posts.published.to_tom_select_json
       end
@@ -24,6 +29,12 @@ module Spree
       def load_post_categories
         @post_categories = current_store.post_categories.accessible_by(current_ability).order(:title)
       end
+      def add_breadcrumb_for_post
+        return unless @post.present?
+        add_breadcrumb @post.title, spree.edit_admin_post_path(@post)
+      end
     end
   end
 end

data/app/controllers/spree/admin/products_controller.rb CHANGED Viewed

@@ -4,6 +4,7 @@ module Spree
       include Spree::Admin::StockLocationsHelper
       include Spree::Admin::BulkOperationsConcern
       include Spree::Admin::SessionAssetsHelper
+      include Spree::Admin::ProductsBreadcrumbConcern
       helper 'spree/admin/products'
       helper 'spree/admin/taxons'
@@ -282,14 +283,6 @@ module Spree
         clone_admin_product_url resource
       end
-      def permitted_resource_params
-        if cannot?(:activate, @product) && @new_status&.to_sym == :active
-          super.except(:status, :make_active_at).permit!
-        else
-          super
-        end
-      end
       private
       def variant_stock_includes
@@ -360,6 +353,16 @@ module Spree
         new_slug = permitted_resource_params[:slug]
         permitted_resource_params[:slug] = @product.ensure_slug_is_unique(new_slug)
       end
+      def permitted_resource_params
+        @permitted_resource_params ||= begin
+          if cannot?(:activate, @product) && @new_status&.to_sym == :active
+            params.require(:product).permit(permitted_product_attributes).except(:status, :make_active_at)
+          else
+            params.require(:product).permit(permitted_product_attributes)
+          end
+        end
+      end
     end
   end
 end

data/app/controllers/spree/admin/promotion_actions_controller.rb CHANGED Viewed

@@ -11,8 +11,12 @@ module Spree
       def model_class
         @model_class = if params.dig(:promotion_action, :type).present?
-                         if allowed_action_types.map(&:to_s).include?(params.dig(:promotion_action, :type))
-                           params.dig(:promotion_action, :type).safe_constantize
+                         # Find the actual class from allowed types rather than using constantize
+                         action_type = params.dig(:promotion_action, :type)
+                         action_class = allowed_action_types.find { |type| type.to_s == action_type }
+                         if action_class
+                           action_class
                          else
                            raise 'Unknown promotion action type'
                          end
@@ -42,6 +46,10 @@ module Spree
           @promotion_action.calculator_type = @promotion_action.class.calculators.first.name
         end
       end
+      def permitted_resource_params
+        params.require(:promotion_action).permit(permitted_promotion_action_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/promotion_rules_controller.rb CHANGED Viewed

@@ -9,8 +9,12 @@ module Spree
       def model_class
         @model_class = if params.dig(:promotion_rule, :type).present?
-                         if allowed_rule_types.map(&:to_s).include?(params.dig(:promotion_rule, :type))
-                           params.dig(:promotion_rule, :type).safe_constantize
+                         # Find the actual class from allowed types rather than using constantize
+                         rule_type = params.dig(:promotion_rule, :type)
+                         rule_class = allowed_rule_types.find { |type| type.to_s == rule_type }
+                         if rule_class
+                           rule_class
                          else
                            raise 'Unknown promotion rule type'
                          end
@@ -34,6 +38,10 @@ module Spree
       def collection_url
         spree.admin_promotion_path(parent)
       end
+      def permitted_resource_params
+        params.require(:promotion_rule).permit(*permitted_promotion_rule_attributes + @object.preferences.keys.map { |key| "preferred_#{key}" })
+      end
     end
   end
 end

data/app/controllers/spree/admin/promotions_controller.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 module Spree
   module Admin
     class PromotionsController < ResourceController
+      include PromotionsBreadcrumbConcern
       before_action :load_form_data, except: :index
       # POST /admin/promotions/:id/clone
@@ -56,6 +58,10 @@ module Spree
         @collection
       end
+      def permitted_resource_params
+        params.require(:promotion).permit(permitted_promotion_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/properties_controller.rb CHANGED Viewed

@@ -1,6 +1,11 @@
 module Spree
   module Admin
     class PropertiesController < ResourceController
+      include ProductsBreadcrumbConcern
+      add_breadcrumb Spree.t(:properties), :admin_properties_path
+      before_action :add_breadcrumbs
       protected
       def update_turbo_stream_enabled?
@@ -18,6 +23,16 @@ module Spree
         @collection = @search.result.
                       page(params[:page])
       end
+      def add_breadcrumbs
+        if @property.present? && @property.persisted?
+          add_breadcrumb @property.presentation, spree.edit_admin_property_path(@property)
+        end
+      end
+      def permitted_resource_params
+        params.require(:property).permit(permitted_property_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/refund_reasons_controller.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 module Spree
   module Admin
     class RefundReasonsController < ResourceController
+      add_breadcrumb Spree.t(:refund_reasons), :admin_refund_reasons_path
+      private
+      def permitted_resource_params
+        params.require(:refund_reason).permit(permitted_refund_reason_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/refunds_controller.rb CHANGED Viewed

@@ -38,6 +38,10 @@ module Spree
       def assign_refunder
         @refund.refunder = try_spree_current_user
       end
+      def permitted_resource_params
+        params.require(:refund).permit(permitted_refund_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/reimbursement_types_controller.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 module Spree
   module Admin
     class ReimbursementTypesController < ResourceController
+      add_breadcrumb Spree.t(:reimbursement_types), :admin_reimbursement_types_path
+      private
+      def permitted_resource_params
+        params.require(:reimbursement_type).permit(permitted_reimbursement_type_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/reimbursements_controller.rb CHANGED Viewed

@@ -42,6 +42,10 @@ module Spree
         flash[:error] = error.message
         redirect_to spree.edit_admin_order_reimbursement_path(parent, @reimbursement)
       end
+      def permitted_resource_params
+        params.require(:reimbursement).permit(permitted_reimbursement_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/reports_controller.rb CHANGED Viewed

@@ -3,6 +3,9 @@ module Spree
     class ReportsController < ResourceController
       include ActiveStorage::SetCurrent
+      add_breadcrumb_icon 'chart-bar'
+      add_breadcrumb Spree.t(:reports), :admin_reports_path
       before_action :set_user, only: [:new, :create]
       def show
@@ -33,9 +36,12 @@ module Spree
       def model_class
         @model_class = if params[:type].present?
+                         # Find the actual class from allowed types rather than using constantize
                          report_type = "Spree::Reports::#{params[:type].classify}"
-                         if allowed_report_types.include?(report_type)
-                           report_type.constantize
+                         report_class = allowed_report_types.find { |type| type == report_type }
+                         if report_class
+                           Object.const_get(report_class)
                          else
                            raise 'Unknown report type'
                          end
@@ -47,6 +53,10 @@ module Spree
       def allowed_report_types
         Rails.application.config.spree.reports.map(&:to_s)
       end
+      def permitted_resource_params
+        params.require(:report).permit(permitted_report_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/resource_controller.rb CHANGED Viewed

@@ -294,7 +294,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
   #
   # Other controllers can, should, override it to set custom logic
   def permitted_resource_params
-    params[resource.object_name].present? ? params.require(resource.object_name).permit! : ActionController::Parameters.new
+    raise NotImplementedError, "You must implement the permitted_resource_params method"
   end
   def collection_actions

data/app/controllers/spree/admin/return_authorization_reasons_controller.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 module Spree
   module Admin
     class ReturnAuthorizationReasonsController < ResourceController
+      add_breadcrumb Spree.t(:return_authorization_reasons), :admin_return_authorization_reasons_path
+      private
+      def permitted_resource_params
+        params.require(:return_authorization_reason).permit(permitted_return_authorization_reason_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/return_authorizations_controller.rb CHANGED Viewed

@@ -11,6 +11,10 @@ module Spree
       private
+      def permitted_resource_params
+        params.require(:return_authorization).permit(permitted_return_authorization_attributes)
+      end
       def location_after_destroy
         spree.edit_admin_order_path(@return_authorization.order)
       end

data/app/controllers/spree/admin/return_items_controller.rb CHANGED Viewed

@@ -1,9 +1,15 @@
 module Spree
   module Admin
     class ReturnItemsController < ResourceController
+      private
       def location_after_save
         spree.edit_admin_order_customer_return_path(@return_item.customer_return.order, @return_item.customer_return)
       end
+      def permitted_resource_params
+        params.require(:return_item).permit(permitted_return_item_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/role_users_controller.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Spree
+  module Admin
+    class RoleUsersController < BaseController
+      before_action :load_parent
+      before_action :load_role_user, only: [:edit, :update, :destroy]
+      # DELETE /admin/store/role_users/:id
+      def destroy
+        authorize! :destroy, @role_user
+        @role_user.destroy
+        redirect_back fallback_location: spree.admin_admin_users_path, status: :see_other, notice: flash_message_for(@role_user, :successfully_removed)
+      end
+      private
+      # load the resource to be used for authorization
+      # this can be extended to load different resources, eg vendor users
+      def load_parent
+        @parent = current_store
+      end
+      def scope
+        @parent.role_users.accessible_by(current_ability, :manage)
+      end
+      def load_role_user
+        @role_user = scope.find(params[:id])
+      end
+      def model_class
+        Spree::RoleUser
+      end
+    end
+  end
+end

data/app/controllers/spree/admin/roles_controller.rb CHANGED Viewed

@@ -1,6 +1,14 @@
 module Spree
   module Admin
     class RolesController < ResourceController
+      add_breadcrumb Spree.t(:users), :admin_admin_users_path
+      add_breadcrumb Spree.t(:roles), :admin_roles_path
+      private
+      def permitted_resource_params
+        params.require(:role).permit(permitted_role_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/shipments_controller.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Spree
         if errors.any?
           flash[:error] = errors.to_sentence
-          return redirect_back_or_default(spree.edit_admin_order_path(@order))
+          return redirect_back(fallback_location: spree.edit_admin_order_path(@order))
         end
         if transfer.valid? && transfer.run!
@@ -64,7 +64,7 @@ module Spree
           flash[:error] = transfer.errors.full_messages.to_sentence
         end
-        redirect_back_or_default(spree.edit_admin_order_path(@order))
+        redirect_back(fallback_location: spree.edit_admin_order_path(@order))
       end
       private

data/app/controllers/spree/admin/shipping_categories_controller.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 module Spree
   module Admin
     class ShippingCategoriesController < ResourceController
+      add_breadcrumb Spree.t(:shipping_categories), :admin_shipping_categories_path
+      private
+      def permitted_resource_params
+        params.require(:shipping_category).permit(permitted_shipping_category_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/shipping_methods_controller.rb CHANGED Viewed

@@ -4,6 +4,8 @@ module Spree
       before_action :load_data, except: :index
       before_action :set_default_values, only: :new
+      add_breadcrumb Spree.t(:shipping_methods), :admin_shipping_methods_path
       private
       def set_default_values
@@ -24,6 +26,10 @@ module Spree
       def update_turbo_stream_enabled?
         true
       end
+      def permitted_resource_params
+        params.require(:shipping_method).permit(permitted_shipping_method_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/stock_items_controller.rb CHANGED Viewed

@@ -1,6 +1,10 @@
 module Spree
   module Admin
     class StockItemsController < ResourceController
+      include ProductsBreadcrumbConcern
+      before_action :add_breadcrumbs
       private
       def update_turbo_stream_enabled?
@@ -20,6 +24,15 @@ module Spree
                        page(params[:page]).
                        per(params[:per_page])
       end
+      def add_breadcrumbs
+        add_breadcrumb Spree.t(:stock), spree.admin_stock_items_path
+        add_breadcrumb Spree.t(:stock_items), spree.admin_stock_items_path
+      end
+      def permitted_resource_params
+        params.require(:stock_item).permit(permitted_stock_item_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/stock_locations_controller.rb CHANGED Viewed

@@ -3,6 +3,9 @@ module Spree
     class StockLocationsController < ResourceController
       before_action :set_country, only: :new
+      add_breadcrumb Spree.t(:stock_locations), :admin_stock_locations_path
+      # PUT /admin/stock_locations/:id/mark_as_default
       def mark_as_default
         @stock_location.update(default: true)
@@ -19,6 +22,10 @@ module Spree
       def set_country
         @stock_location.country = current_store.default_country
       end
+      def permitted_resource_params
+        params.require(:stock_location).permit(permitted_stock_location_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/stock_transfers_controller.rb CHANGED Viewed

@@ -3,8 +3,12 @@ module Spree
     class StockTransfersController < ResourceController
       before_action :prepare_params, only: :create
+      include ProductsBreadcrumbConcern
       create.fails :load_variant_omit_ids
+      before_action :add_breadcrumbs
       private
       def location_after_save
@@ -22,8 +26,7 @@ module Spree
       end
       def permitted_resource_params
-        params.require(:stock_transfer).permit(:source_location_id, :destination_location_id, :reference,
-                                               stock_movements_attributes: [:variant_id, :quantity, :originator_id, :stock_item_id])
+        params.require(:stock_transfer).permit(permitted_stock_transfer_attributes)
       end
       def prepare_params
@@ -43,6 +46,15 @@ module Spree
       def load_variant_omit_ids
         @variant_omit_ids = @stock_transfer.stock_movements.map(&:variant_id)
       end
+      def add_breadcrumbs
+        add_breadcrumb Spree.t(:stock), spree.admin_stock_items_path
+        add_breadcrumb Spree.t(:stock_transfers), spree.admin_stock_transfers_path
+        if @stock_transfer.present? && @stock_transfer.persisted?
+          add_breadcrumb @stock_transfer.number, spree.admin_stock_transfer_path(@stock_transfer)
+        end
+      end
     end
   end
 end

data/app/controllers/spree/admin/store_credit_categories_controller.rb CHANGED Viewed

@@ -1,6 +1,11 @@
 module Spree
   module Admin
     class StoreCreditCategoriesController < ResourceController
+      private
+      def permitted_resource_params
+        params.require(:store_credit_category).permit(permitted_store_credit_category_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/store_credits_controller.rb CHANGED Viewed

@@ -73,6 +73,10 @@ module Spree
           flash[:error] = Spree.t(:user_not_found)
           redirect_to spree.admin_path
         end
+        @breadcrumb_icon = 'users'
+        add_breadcrumb Spree.t(:customers), :admin_users_path
+        add_breadcrumb @user.name, spree.admin_user_path(@user)
       end
       def load_store_credit

data/app/controllers/spree/admin/storefront_controller.rb CHANGED Viewed

@@ -1,6 +1,9 @@
 module Spree
   module Admin
     class StorefrontController < BaseController
+      include StorefrontBreadcrumbConcern
+      add_breadcrumb Spree.t(:settings), :edit_admin_storefront_path
       def edit
         @store = current_store
       end

data/app/controllers/spree/admin/stores_controller.rb CHANGED Viewed

@@ -19,6 +19,11 @@ module Spree
         @store.mail_from_address = current_store.mail_from_address
         if @store.save
+          # Move/copy all existing users (staff) to the new store
+          current_store.role_users.each do |role_user|
+            @store.add_user(role_user.user, role_user.role)
+          end
           flash[:success] = flash_message_for(@store, :successfully_created)
           # redirect in view, Turbo doesn't support redirecting to a different host
         else
@@ -26,7 +31,17 @@ module Spree
         end
       end
-      def edit; end
+      def edit
+        if params[:section] == 'emails'
+          add_breadcrumb Spree.t(:emails), spree.edit_admin_store_path(section: params[:section])
+        elsif params[:section] == 'policies'
+          add_breadcrumb Spree.t(:policies), spree.edit_admin_store_path(section: params[:section])
+        elsif params[:section] == 'checkout'
+          add_breadcrumb Spree.t(:checkout), spree.edit_admin_store_path(section: params[:section])
+        else
+          add_breadcrumb Spree.t(:store_details), spree.edit_admin_store_path(section: params[:section])
+        end
+      end
       def edit_emails; end
@@ -53,7 +68,7 @@ module Spree
       protected
       def permitted_store_params
-        params.require(:store).permit(permitted_store_attributes)
+        params.require(:store).permit(permitted_store_attributes + current_store.preferences.keys.map { |key| "preferred_#{key}" })
       end
       private

data/app/controllers/spree/admin/tax_categories_controller.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 module Spree
   module Admin
     class TaxCategoriesController < ResourceController
+      add_breadcrumb Spree.t(:tax_categories), :admin_tax_categories_path
+      private
+      def permitted_resource_params
+        params.require(:tax_category).permit(permitted_tax_category_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/tax_rates_controller.rb CHANGED Viewed

@@ -4,6 +4,8 @@ module Spree
       before_action :load_data
       before_action :set_defaults, only: :new
+      add_breadcrumb Spree.t(:tax_rates), :admin_tax_rates_path
       private
       def set_defaults
@@ -15,6 +17,10 @@ module Spree
         @available_categories = Spree::TaxCategory.order(:name)
         @calculators = Spree::TaxRate.calculators.sort_by(&:name)
       end
+      def permitted_resource_params
+        params.require(:tax_rate).permit(permitted_tax_rate_attributes)
+      end
     end
   end
 end

data/app/controllers/spree/admin/taxonomies_controller.rb CHANGED Viewed

@@ -1,6 +1,11 @@
 module Spree
   module Admin
     class TaxonomiesController < ResourceController
+      include ProductsBreadcrumbConcern
+      add_breadcrumb Spree.t(:taxonomies), :admin_taxonomies_path
+      before_action :add_breadcrumbs
       private
       def collection
@@ -16,6 +21,16 @@ module Spree
       def location_after_save
         spree.admin_taxonomy_path(@taxonomy)
       end
+      def add_breadcrumbs
+        if @taxonomy.present? && @taxonomy.persisted?
+          add_breadcrumb @taxonomy.name, spree.admin_taxonomy_path(@taxonomy)
+        end
+      end
+      def permitted_resource_params
+        params.require(:taxonomy).permit(permitted_taxonomy_attributes)
+      end
     end
   end
 end