spree_core 0.30.1 → 0.30.2

data/app/controllers/admin/base_controller.rb

@@ -1,6 +1,8 @@
 class Admin::BaseController < Spree::BaseController
   ssl_required
 
+  before_filter :check_alerts if Rails.env.production?
+
   helper :search
   helper 'admin/navigation'
   layout 'admin'
@@ -8,6 +10,35 @@ class Admin::BaseController < Spree::BaseController
   before_filter :parse_date_params
 
   protected
+  def check_alerts
+    return unless current_user and should_check_alerts?
+
+    unless session.has_key? :alerts
+      begin
+        session[:alerts] = Spree::Alert.current(request.host)
+        filter_dismissed_alerts
+        Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
+      rescue
+        session[:alerts] = nil
+      end
+    end
+  end
+
+  def should_check_alerts?
+    return false if not Spree::Config[:check_for_spree_alerts]
+
+    last_check = Spree::Config[:last_check_for_spree_alerts]
+    return true if last_check.blank?
+
+    DateTime.parse(last_check) < 12.hours.ago
+  end
+
+  def filter_dismissed_alerts
+    return unless session[:alerts]
+    dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
+    session[:alerts].reject! { |a| dismissed.include? a.id.to_s }
+  end
+
   def render_js_for_destroy
     render :partial => "/admin/shared/destroy"
     flash.notice = nil

data/app/models/app_configuration.rb

@@ -35,6 +35,9 @@ class AppConfiguration < Configuration
   preference :cache_static_content, :boolean, :default => true
   preference :use_content_controller, :boolean, :default => true
   preference :allow_checkout_on_gateway_error, :boolean, :default => false
+  preference :check_for_spree_alerts, :boolean, :default => true
+  preference :dismissed_spree_alerts, :string, :default => ''
+  preference :last_check_for_spree_alerts, :string, :default => nil
 
   validates :name, :presence => true, :uniqueness => true
 

data/app/models/product_group.rb

@@ -90,10 +90,14 @@ class ProductGroup < ActiveRecord::Base
   end
 
   def add_scope(scope_name, arguments=[])
-    self.product_scopes << ProductScope.new({
-        :name => scope_name.to_s,
-        :arguments => [*arguments]
-      })
+    if scope_name.to_s !~ /eval|send|system|[^a-z0-9_!?]/
+      self.product_scopes << ProductScope.new({
+          :name => scope_name.to_s,
+          :arguments => [*arguments]
+        })
+    else
+      raise ArgumentError.new("'#{scope_name}` can't be used as scope")
+    end
     self
   end
 

data/app/models/spree/alert.rb

@@ -0,0 +1,13 @@
+class Spree::Alert < ActiveResource::Base
+  self.site = "http://alerts.spreecommerce.com/"
+  self.format = :json
+
+  def self.current(host)
+    find(:all, :params => { :version => Spree.version,
+                            :name => Spree::Config[:site_name],
+                            :host => host,
+                            :rails_env => Rails.env,
+                            :rails_version => Rails.version })
+  end
+end
+

data/app/views/admin/general_settings/edit.html.erb

@@ -28,6 +28,14 @@
     </label>
   </p>
 
+  <p>
+    <label>
+      <input name="preferences[check_for_spree_alerts]" type="hidden" value="0" />
+      <%= check_box_tag('preferences[check_for_spree_alerts]', "1", Spree::Config[:check_for_spree_alerts]) %>
+      <%= t('spree_alert_checking') %>
+    </label>
+ </p>
+
   <p class="form-buttons">
     <%= button t('update') %> 
     <%= t("or") %> <%= link_to t("cancel"), admin_general_settings_url %>

data/app/views/admin/general_settings/show.html.erb

@@ -4,25 +4,30 @@
 
 <table>
   <tr>
-    <th scope="row"><%= t("site_name") %>:</th> 
+    <th scope="row"><%= t("site_name") %>:</th>
     <td><%=  Spree::Config[:site_name] %></td>
   </tr>
   <tr>
-    <th scope="row"><%= t("site_url") %>:</th> 
+    <th scope="row"><%= t("site_url") %>:</th>
     <td><%=  Spree::Config[:site_url] %></td>
   </tr>
   <tr>
 	<td colspan="2">
-	  <%= (Spree::Config[:allow_ssl_in_production] ? t("ssl_will_be_used_in_production_mode") : t("ssl_will_not_be_used_in_production_mode")) %> 
+	  <%= (Spree::Config[:allow_ssl_in_production] ? t("ssl_will_be_used_in_production_mode") : t("ssl_will_not_be_used_in_production_mode")) %>
 	</td>
   </tr>
   <tr>
 	<td colspan="2">
 	  <%= (Spree::Config[:allow_ssl_in_development_and_test] ? t("ssl_will_be_used_in_development_and_test_modes") : t("ssl_will_not_be_used_in_development_and_test_modes")) %>
-	</td>	
+	</td>
+  </tr>
+  <tr>
+    <td colspan="2">
+      <%= (Spree::Config[:check_for_spree_alerts] ? t("spree_alert_checking") : t("spree_alert_not_checking")) %>
+    </td>
   </tr>
 </table>
 
-<p><%= link_to_with_icon 'edit', t("edit"), edit_admin_general_settings_path %></p>
+<p><%= link_to_with_icon 'edit', t("edit"), edit_admin_general_settings_path, :id => 'admin_general_settings_link' %></p>
 
 

data/app/views/admin/shared/_alert.html.erb

@@ -0,0 +1,6 @@
+<div class="alert <%= alert.severity.downcase %>">
+  <%= alert.message %> <%= link_to alert.url_name, alert.url if alert.url %>
+  <%= link_to 'X', dismiss_alert_admin_general_settings_path(:alert_id => alert.id),
+              :remote => true, :method => :post, :class => 'dismiss' %>
+</div>
+

data/app/views/layouts/admin.html.erb

@@ -50,6 +50,7 @@
     <div class="flash notice"><%= self.notice %></div>
     <% end %>
 
+    <%= render :partial => 'admin/shared/alert', :collection => session[:alerts] %>
 
     <%= yield %>
 

data/config/locales/en.yml

@@ -880,6 +880,8 @@ en:
   ssl_will_be_used_in_production_mode: "SSL will be used in production mode"
   ssl_will_not_be_used_in_development_and_test_modes: "SSL will not be used in development and test mode if necessary."
   ssl_will_not_be_used_in_production_mode: "SSL will not be used in production mode"
+  spree_alert_checking: "Check for Spree security and release alerts"
+  spree_alert_not_checking: "Not checking for Spree security and release alerts"
   start: Start
   start_date: Valid from
   state: State

data/config/routes.rb

@@ -149,7 +149,11 @@ Rails.application.routes.draw do
       end
     end
 
-    resource :general_settings
+    resource :general_settings do
+      collection do
+        post :dismiss_alert
+      end
+    end
 
     resources :taxonomies do
       member do

data/lib/spree_core.rb

@@ -65,7 +65,7 @@ end
 
 module Spree
   def self.version
-    "0.30.1"
+    "0.30.2"
   end
 end
 

data/public/javascripts/admin.js

@@ -224,3 +224,9 @@ jQuery(".observe_field").live('change', function() {
     }
   );
 });
+
+jQuery(document).ready(function() {
+  $('div.alert a.dismiss').click(function() {
+    $(this).parent().fadeOut();
+  });
+});

data/public/stylesheets/admin/admin.css

@@ -577,3 +577,37 @@ table#product_scopes tr td table tr td {
 }
 
 
+span.handle{
+  background-image: url(../../images/reorder.jpg);
+  display: inline-block;
+  width:14px;
+  height:15px;
+}
+
+.alert {
+  -moz-border-radius: 5px;
+  -webkit-border-radius: 5px;
+  border-radius: 5px;
+  font-size: 1.3em;
+  margin-bottom: 1em;
+  padding: 0.8em;
+}
+.alert a.dismiss {
+  float:right;
+  font-size: 0.8em;
+}
+.alert.release {
+  background: #ccddff url(../images/shadow_top.png) 0px -50px repeat-x;
+  color: #556699;
+  border: 1px solid #99aacc;
+}
+.alert.security {
+  background: #f4b4b4 url(../images/shadow_top.png) 0px -50px repeat-x;
+  color: #000000;
+  border: 1px solid #e75b5b;
+}
+.alert.news {
+  background: #ccffd4 url(../images/shadow_top.png) 0px -50px repeat-x;
+  color: #000000;
+  border: 1px solid #66ff7e;
+}

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: spree_core
 version: !ruby/object:Gem::Version 
-  prerelease: false
+  hash: 99
+  prerelease: 
   segments: 
   - 0
   - 30
-  - 1
-  version: 0.30.1
+  - 2
+  version: 0.30.2
 platform: ruby
 authors: 
 - Sean Schofield
@@ -14,16 +15,17 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-17 00:00:00 -05:00
-default_executable: 
+date: 2011-10-23 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: acts_as_list
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 31
         segments: 
         - 0
         - 1
@@ -35,9 +37,11 @@ dependencies:
   name: rd_awesome_nested_set
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 15
         segments: 
         - 1
         - 4
@@ -49,9 +53,11 @@ dependencies:
   name: rd_unobtrusive_date_picker
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 27
         segments: 
         - 0
         - 1
@@ -63,9 +69,11 @@ dependencies:
   name: highline
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 1
         segments: 
         - 1
         - 5
@@ -77,9 +85,11 @@ dependencies:
   name: stringex
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 17
         segments: 
         - 1
         - 0
@@ -91,9 +101,11 @@ dependencies:
   name: state_machine
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 51
         segments: 
         - 0
         - 9
@@ -105,9 +117,11 @@ dependencies:
   name: faker
   prerelease: false
   requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 17
         segments: 
         - 0
         - 3
@@ -119,9 +133,11 @@ dependencies:
   name: paperclip
   prerelease: false
   requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 113
         segments: 
         - 2
         - 3
@@ -134,9 +150,11 @@ dependencies:
   name: rd_resource_controller
   prerelease: false
   requirement: &id009 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
         segments: 
         - 0
         version: "0"
@@ -146,14 +164,17 @@ dependencies:
   name: rd_searchlogic
   prerelease: false
   requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 15424115
         segments: 
         - 3
         - 0
         - 0
-        - rc3
+        - rc
+        - 3
         version: 3.0.0.rc3
   type: :runtime
   version_requirements: *id010
@@ -161,9 +182,11 @@ dependencies:
   name: activemerchant
   prerelease: false
   requirement: &id011 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 9
         segments: 
         - 1
         - 7
@@ -175,9 +198,11 @@ dependencies:
   name: will_paginate
   prerelease: false
   requirement: &id012 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 961915916
         segments: 
         - 3
         - 0
@@ -189,23 +214,27 @@ dependencies:
   name: rails
   prerelease: false
   requirement: &id013 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 15
         segments: 
         - 3
         - 0
-        - 1
-        version: 3.0.1
+        - 4
+        version: 3.0.4
   type: :runtime
   version_requirements: *id013
 - !ruby/object:Gem::Dependency 
   name: jquery-rails
   prerelease: false
   requirement: &id014 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 19
         segments: 
         - 0
         - 2
@@ -343,6 +372,7 @@ files:
 - app/models/shipment.rb
 - app/models/shipping_category.rb
 - app/models/shipping_method.rb
+- app/models/spree/alert.rb
 - app/models/state.rb
 - app/models/state_event.rb
 - app/models/state_monitor.rb
@@ -471,6 +501,7 @@ files:
 - app/views/admin/shared/_address.html.erb
 - app/views/admin/shared/_address_form.html.erb
 - app/views/admin/shared/_adjustments_table.html.erb
+- app/views/admin/shared/_alert.html.erb
 - app/views/admin/shared/_calculator_fields.html.erb
 - app/views/admin/shared/_configuration_menu.html.erb
 - app/views/admin/shared/_destroy.js.erb
@@ -1032,7 +1063,6 @@ files:
 - public/stylesheets/jquery.autocomplete.css
 - public/stylesheets/scaffold.css
 - public/stylesheets/screen.css
-has_rdoc: true
 homepage: http://spreecommerce.com
 licenses: []
 
@@ -1042,25 +1072,29 @@ rdoc_options: []
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 57
       segments: 
       - 1
       - 8
       - 7
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: 
 - none
 rubyforge_project: spree_core
-rubygems_version: 1.3.6
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Core e-commerce functionality for the Spree project.