RubyGems - spree_core - Versions diffs - 1.3.1 → 1.3.2 - Mend

spree_core 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

data/app/controllers/spree/admin/payments_controller.rb CHANGED Viewed

@@ -77,7 +77,7 @@ module Spree
       def load_data
         @amount = params[:amount] || load_order.total
-        @payment_methods = PaymentMethod.available
+        @payment_methods = PaymentMethod.available(:back_end)
         if @payment and @payment.payment_method
           @payment_method = @payment.payment_method
         else
@@ -88,6 +88,7 @@ module Spree
       def load_order
         @order = Order.find_by_number!(params[:order_id])
+        authorize! params[:action], @order
       end
       def load_payment

data/app/controllers/spree/admin/products_controller.rb CHANGED Viewed

@@ -9,10 +9,12 @@ module Spree
       update.before :update_before
       def show
+        session[:return_to] ||= request.referer
         redirect_to( :action => :edit )
       end
       def index
+        session[:return_to] = request.url
         respond_with(@collection)
       end
@@ -33,7 +35,7 @@ module Spree
       end
       def destroy
-        @product = Product.where(:permalink => params[:id]).first!
+        @product = Product.find_by_permalink!(params[:id])
         @product.delete
         flash.notice = I18n.t('notice_messages.product_deleted')

data/app/controllers/spree/admin/resource_controller.rb CHANGED Viewed

@@ -40,6 +40,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
   def create
     invoke_callbacks(:create, :before)
+    @object.attributes = params[object_name]
     if @object.save
       invoke_callbacks(:create, :after)
       flash[:success] = flash_message_for(@object, :successfully_created)
@@ -134,9 +135,19 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def load_resource
       if member_action?
         @object ||= load_resource_instance
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! params[:action], @object
         instance_variable_set("@#{object_name}", @object)
       else
         @collection ||= collection
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
         instance_variable_set("@#{controller_name}", @collection)
       end
     end
@@ -155,7 +166,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def parent
       if parent_data.present?
-        @parent ||= parent_data[:model_class].where(parent_data[:find_by] => params["#{model_name}_id"]).first
+        @parent ||= parent_data[:model_class].send("find_by_#{parent_data[:find_by]}", params["#{model_name}_id"])
         instance_variable_set("@#{model_name}", @parent)
       else
         nil
@@ -172,16 +183,16 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def build_resource
       if parent_data.present?
-        parent.send(controller_name).build(params[object_name])
+        parent.send(controller_name).build
       else
-        model_class.new(params[object_name])
+        model_class.new
       end
     end
     def collection
       return parent.send(controller_name) if parent_data.present?
       if model_class.respond_to?(:accessible_by) && !current_ability.has_block?(params[:action], model_class)
-        model_class.accessible_by(current_ability)
+        model_class.accessible_by(current_ability, params[:action])
       else
         model_class.scoped
       end

data/app/controllers/spree/admin/shipments_controller.rb CHANGED Viewed

@@ -79,10 +79,11 @@ module Spree
       def order
         @order ||= Order.find_by_number(params[:order_id])
+        authorize! params[:action], @order
       end
       def shipment
-        @shipment ||= Shipment.find_by_number(params[:id])
+        @shipment ||= order.shipments.find_by_number(params[:id])
       end
       def build_shipment
@@ -92,6 +93,10 @@ module Spree
         @shipment.shipping_method ||= order.shipping_method
         @shipment.attributes = params[:shipment]
       end
+      def model_class
+        Spree::Shipment
+      end
     end
   end
 end

data/app/controllers/spree/admin/taxons_controller.rb CHANGED Viewed

@@ -109,12 +109,6 @@ module Spree
         respond_with(@taxon) { |format| format.json { render :json => '' } }
       end
-      private
-      def load_product
-        Product.find_by_permalink! params[:product_id]
-      end
     end
   end
 end

data/app/controllers/spree/checkout_controller.rb CHANGED Viewed

@@ -107,10 +107,6 @@ module Spree
         @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
       end
-      def before_payment
-        current_order.payments.destroy_all if request.put?
-      end
       def after_complete
         session[:order_id] = nil
       end

data/app/controllers/spree/locale_controller.rb CHANGED Viewed

@@ -4,8 +4,8 @@ module Spree
       if request.referer && request.referer.starts_with?('http://' + request.host)
         session['user_return_to'] = request.referer
       end
-      if params[:locale] && I18n.available_locales.include?(params[:locale].to_sym)
-        session[:locale] = I18n.locale = params[:locale].to_sym
+      if params[:locale] && I18n.available_locales.map(&:to_s).include?(params[:locale])
+        session[:locale] = I18n.locale = params[:locale]
         flash.notice = t(:locale_changed)
       else
         flash[:error] = t(:locale_not_changed)

data/app/controllers/spree/orders_controller.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Spree
     # Adds a new item to the order (creating a new order if none already exists)
     def populate
-      populator = OrderPopulator.new(current_order(true), current_currency)
+      populator = Spree::OrderPopulator.new(current_order(true), current_currency)
       if populator.populate(params.slice(:products, :variants, :quantity))
         fire_event('spree.cart.add')
         fire_event('spree.order.contents_changed')

data/app/helpers/spree/admin/base_helper.rb CHANGED Viewed

@@ -22,6 +22,14 @@ module Spree
         end
       end
+      def datepicker_field_value(date)
+        unless date.blank?
+          l(date, :format => t('spree.date_picker.format'))
+        else
+          nil
+        end
+      end
       # This method demonstrates the use of the :child_index option to render a
       # form partial for, for instance, client side addition of new nested
       # records.
@@ -54,7 +62,7 @@ module Spree
       def remove_nested(fields)
         out = ''
         out << fields.hidden_field(:_destroy) unless fields.object.new_record?
-        out << (link_to icon('delete'), "#", :class => 'remove')
+        out << (link_to icon('icon-remove'), "#", :class => 'remove')
         out.html_safe
       end

data/app/helpers/spree/admin/images_helper.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    module ImagesHelper
+      def options_text_for(image)
+        if image.viewable.is_a?(Spree::Variant)
+          image.viewable.options_text
+        else
+          "All"
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/admin/products_helper.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Spree
           content_tag(:option,
                       :value    => taxon.id,
                       :selected => ('selected' if selected)) do
-            (taxon.ancestors.map(&:name) + [taxon.name]).join(" -> ")
+            (taxon.ancestors.pluck(:name) + [taxon.name]).join(" -> ")
           end
         end.join("").html_safe
       end

data/app/helpers/spree/base_helper.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Spree
     end
     def link_to_cart(text = nil)
-      return "" if current_spree_page?(cart_path)
+      return "" if current_spree_page?(spree.cart_path)
       text = text ? h(text) : t('cart')
       css_class = nil
@@ -26,7 +26,7 @@ module Spree
         css_class = 'full'
       end
-      link_to text, cart_path, :class => css_class
+      link_to text, spree.cart_path, :class => css_class
     end
     # human readable list of variant options
@@ -127,7 +127,7 @@ module Spree
       end
       countries.collect do |country|
-        country.name = I18n.t(country.iso, :scope => 'countries', :default => country.name)
+        country.name = I18n.t(country.iso, :scope => 'country_names', :default => country.name)
         country
       end.sort { |a, b| a.name <=> b.name }
     end

data/app/models/spree/ability.rb CHANGED Viewed

@@ -30,18 +30,14 @@ module Spree
       alias_action :new, :to => :create
       alias_action :new_action, :to => :create
       alias_action :show, :to => :read
+      alias_action :delete, :to => :destroy
       user ||= Spree.user_class.new
       if user.respond_to?(:has_spree_role?) && user.has_spree_role?('admin')
         can :manage, :all
       else
         #############################
-        can :read, Spree.user_class do |resource|
-          resource == user
-        end
-        can :update, Spree.user_class do |resource|
-          resource == user
-        end
+        can [:read,:update,:destroy], Spree.user_class, :id => user.id
         can :create, Spree.user_class
         #############################
         can :read, Order do |order, token|

data/app/models/spree/address.rb CHANGED Viewed

@@ -5,7 +5,8 @@ module Spree
     has_many :shipments
-    validates :firstname, :lastname, :address1, :city, :zipcode, :country, :phone, :presence => true
+    validates :firstname, :lastname, :address1, :city, :zipcode, :country, :presence => true
+    validates :phone, :presence => true, :if => :require_phone?
     validate :state_validate
     attr_accessible :firstname, :lastname, :address1, :address2,
@@ -83,6 +84,10 @@ module Spree
     private
+      def require_phone?
+        true
+      end
       def state_validate
         # Skip state validation without country (also required)
         # or when disabled by preference

data/app/models/spree/legacy_user.rb CHANGED Viewed

@@ -4,11 +4,16 @@ module Spree
     self.table_name = 'spree_users'
     attr_accessible :email, :password, :password_confirmation
+    has_many :orders, :foreign_key => :user_id
     belongs_to :ship_address, :class_name => 'Spree::Address'
     belongs_to :bill_address, :class_name => 'Spree::Address'
     scope :registered
+    before_destroy :check_completed_orders
+    class DestroyWithOrdersError < StandardError; end
     def anonymous?
       false
     end
@@ -24,5 +29,11 @@ module Spree
     attr_accessor :password
     attr_accessor :password_confirmation
+    private
+      def check_completed_orders
+        raise DestroyWithOrdersError if orders.complete.present?
+      end
   end
 end

data/app/models/spree/log_entry.rb CHANGED Viewed

@@ -1,5 +1,16 @@
 module Spree
   class LogEntry < ActiveRecord::Base
     belongs_to :source, :polymorphic => true
+    # Fix for #1767
+    # If a payment fails, we want to make sure we keep the record of it failing
+    after_rollback :save_anyway
+    def save_anyway
+      log = Spree::LogEntry.new
+      log.source  = source
+      log.details = details
+      log.save!
+    end
   end
 end

data/app/models/spree/order.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module Spree
     token_resource
     attr_accessible :line_items, :bill_address_attributes, :ship_address_attributes, :payments_attributes,
-                    :ship_address, :bill_address, :line_items_attributes, :number,
+                    :ship_address, :bill_address, :payments_attributes, :line_items_attributes, :number,
                     :shipping_method_id, :email, :use_billing, :special_instructions, :currency
     if Spree.user_class
@@ -52,7 +52,13 @@ module Spree
     has_many :line_items, :dependent => :destroy, :order => "created_at ASC"
     has_many :inventory_units
     has_many :payments, :dependent => :destroy
-    has_many :shipments, :dependent => :destroy
+    has_many :shipments, :dependent => :destroy do
+      def states
+        pluck(:state).uniq
+      end
+    end
     has_many :return_authorizations, :dependent => :destroy
     has_many :adjustments, :as => :adjustable, :dependent => :destroy, :order => "created_at ASC"
@@ -351,11 +357,11 @@ module Spree
     end
     def can_ship?
-      self.complete? || self.resumed?
+      self.complete? || self.resumed? || self.awaiting_return? || self.returned?
     end
     def credit_cards
-      credit_card_ids = payments.from_credit_card.map(&:source_id).uniq
+      credit_card_ids = payments.from_credit_card.pluck(:source_id).uniq
       CreditCard.scoped(:conditions => { :id => credit_card_ids })
     end
@@ -436,7 +442,7 @@ module Spree
     end
     def available_payment_methods
-      @available_payment_methods ||= PaymentMethod.available
+      @available_payment_methods ||= PaymentMethod.available(:front_end)
     end
     def payment_method

data/app/models/spree/order_populator.rb CHANGED Viewed

@@ -50,9 +50,9 @@ module Spree
       display_name = %Q{#{variant.name}}
       display_name += %Q{ (#{variant.options_text})} unless variant.options_text.blank?
-      if variant.in_stock?
+      if variant.available?
         on_hand = variant.on_hand
-        if on_hand >= quantity
+        if on_hand >= quantity || Spree::Config[:allow_backorders]
           return true
         else
           errors.add(:base, %Q{There are only #{on_hand} of #{display_name.inspect} remaining.} +

data/app/models/spree/order_updater.rb CHANGED Viewed

@@ -69,18 +69,18 @@ module Spree
       if order.backordered?
         order.shipment_state = 'backorder'
       else
-        order.shipment_state =
-        case shipments.count
-        when 0
-          nil
-        when shipments.shipped.count
-          'shipped'
-        when shipments.ready.count
-          'ready'
-        when shipments.pending.count
-          'pending'
+        # get all the shipment states for this order
+        shipment_states = shipments.states
+        if shipment_states.size > 1
+          # multiple shiment states means it's most likely partially shipped
+          order.shipment_state = 'partial'
         else
-          'partial'
+          # will return nil if no shipments are found
+          order.shipment_state = shipment_states.first
+          if order.shipment_state && order.inventory_units.where(:shipment_id => nil).exists?
+            # shipments exist but there are unassigned inventory units
+            order.shipment_state = 'partial'
+          end
         end
       end

data/app/models/spree/payment/processing.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
         if payment_method && payment_method.source_required?
           if source
             if !processing?
-              if Spree::Config[:auto_capture]
+              if payment_method.auto_capture?
                 purchase!
               else
                 authorize!
@@ -111,7 +111,7 @@ module Spree
       options = { :email    => order.email,
                   :customer => order.email,
                   :ip       => order.last_ip_address,
-                  :order_id => order.number }
+                  :order_id => "#{order.number}-#{self.identifier}" }
       options.merge!({ :shipping => order.ship_total * 100,
                        :tax      => order.tax_total * 100,

data/app/models/spree/payment.rb CHANGED Viewed

@@ -8,6 +8,8 @@ module Spree
     has_many :offsets, :class_name => "Spree::Payment", :foreign_key => :source_id, :conditions => "source_type = 'Spree::Payment' AND amount < 0 AND state = 'completed'"
     has_many :log_entries, :as => :source
+    before_save :set_unique_identifier
     after_save :create_payment_profile, :if => :profiles_supported?
     # update the order totals, etc.
@@ -56,7 +58,7 @@ module Spree
     end
     def offsets_total
-      offsets.map(&:amount).sum
+      offsets.pluck(:amount).sum
     end
     def credit_allowed
@@ -108,5 +110,22 @@ module Spree
         order.payments.reload
         order.update!
       end
+      # Necessary because some payment gateways will refuse payments with
+      # duplicate IDs. We *were* using the Order number, but that's set once and
+      # is unchanging. What we need is a unique identifier on a per-payment basis,
+      # and this is it. Related to #1998.
+      # See https://github.com/spree/spree/issues/1998#issuecomment-12869105
+      def set_unique_identifier
+        chars = [('A'..'Z').to_a, ('0'..'9').to_a].flatten - %w(0 1 I O)
+        identifier = ''
+        8.times { identifier << chars[rand(chars.length)] }
+        if Spree::Payment.exists?(:identifier => identifier)
+          # Call it again, we've got a duplicate ID.
+          set_unique_identifier
+        else
+          self.identifier = identifier
+        end
+      end
   end
 end

data/app/models/spree/payment_method.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 module Spree
   class PaymentMethod < ActiveRecord::Base
+    DISPLAY = [:both, :front_end, :back_end]
     default_scope where(:deleted_at => nil)
     scope :production, lambda { where(:environment => 'production') }
-    attr_accessible :name, :description, :environment, :active
+    attr_accessible :name, :description, :environment, :display_on, :active
     validates :name, :presence => true
     def self.providers
@@ -22,9 +23,11 @@ module Spree
       raise 'You must implement payment_source_class method for this gateway.'
     end
-    def self.available
+    def self.available(display_on = 'both')
       all.select do |p|
-        p.active && (p.environment == Rails.env || p.environment.blank?)
+        p.active &&
+        (p.display_on == display_on.to_s || p.display_on.blank?) &&
+        (p.environment == Rails.env || p.environment.blank?)
       end
     end
@@ -51,5 +54,9 @@ module Spree
     def source_required?
       true
     end
+    def auto_capture?
+      Spree::Config[:auto_capture]
+    end
   end
 end

data/app/models/spree/preference.rb CHANGED Viewed

@@ -33,33 +33,4 @@ class Spree::Preference < ActiveRecord::Base
     self[:value]
   end
-  # For the rc releases of 1.0, we stored the object class names, this converts
-  # to preferences definition types. This code should eventually be removed.
-  # it is called during the load_preferences of the Preferences::Store
-  def self.convert_old_value_types(preference)
-    classes =  [Symbol.to_s, Fixnum.to_s, Bignum.to_s,
-                Float.to_s, TrueClass.to_s, FalseClass.to_s]
-    return unless classes.map(&:downcase).include? preference.value_type.downcase
-    case preference.value_type.downcase
-    when "symbol"
-      preference.value_type = 'string'
-    when "fixnum"
-      preference.value_type = 'integer'
-    when "bignum"
-      preference.value_type = 'integer'
-      preference.value = preference.value.to_f.to_i
-    when "float"
-      preference.value_type = 'decimal'
-    when "trueclass"
-      preference.value_type = 'boolean'
-      preference.value = "true"
-    when "falseclass"
-      preference.value_type = 'boolean'
-      preference.value = "false"
-    end
-    preference.save
-  end
 end

data/app/models/spree/preferences/store.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module Spree::Preferences
     def initialize
       @cache = Rails.cache
       @persistence = true
-      load_preferences
     end
     def set(key, value, type)
@@ -64,6 +63,10 @@ module Spree::Preferences
       destroy(key)
     end
+    def clear_cache
+      @cache.clear
+    end
     private
     def persist(cache_key, value, type)
@@ -82,15 +85,6 @@ module Spree::Preferences
       preference.destroy if preference
     end
-    def load_preferences
-      return unless should_persist?
-      Spree::Preference.valid.each do |p|
-        Spree::Preference.convert_old_value_types(p) # see comment
-        @cache.write(p.key, p.value)
-      end
-    end
     def should_persist?
       @persistence and Spree::Preference.table_exists?
     end

data/app/models/spree/product/scopes.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module Spree
     add_search_scope :in_taxon do |taxon|
       select("DISTINCT(spree_products.id), spree_products.*").
       joins(:taxons).
-      where(Taxon.table_name => { :id => taxon.self_and_descendants.map(&:id) })
+      where(Taxon.table_name => { :id => taxon.self_and_descendants.pluck(:id) })
     end
     # This scope selects products in all taxons AND all its descendants
@@ -228,7 +228,7 @@ module Spree
       # specifically avoid having an order for taxon search (conflicts with main order)
       def self.prepare_taxon_conditions(taxons)
-        ids = taxons.map { |taxon| taxon.self_and_descendants.map(&:id) }.flatten.uniq
+        ids = taxons.map { |taxon| taxon.self_and_descendants.pluck(:id) }.flatten.uniq
         joins(:taxons).where("#{Taxon.table_name}.id" => ids)
       end

data/app/models/spree/product.rb CHANGED Viewed

@@ -162,7 +162,7 @@ module Spree
       return if option_values_hash.nil?
       option_values_hash.keys.map(&:to_i).each do |id|
         self.option_type_ids << id unless option_type_ids.include?(id)
-        product_option_types.create({:option_type_id => id}, :without_protection => true) unless product_option_types.map(&:option_type_id).include?(id)
+        product_option_types.create({:option_type_id => id}, :without_protection => true) unless product_option_types.pluck(:option_type_id).include?(id)
       end
     end
@@ -232,10 +232,7 @@ module Spree
     def set_property(property_name, property_value)
       ActiveRecord::Base.transaction do
-        property = Property.where(:name => property_name).first_or_initialize
-        property.presentation = property_name
-        property.save!
+        property = Property.where(:name => property_name).first_or_create!(:presentation => property_name)
         product_property = ProductProperty.where(:product_id => id, :property_id => property.id).first_or_initialize
         product_property.value = property_value
         product_property.save!

data/app/models/spree/product_property.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module Spree
     validates :property, :presence => true
     validates :value, :length => { :maximum => 255 }
-    attr_accessible :property_name, :value
+    attr_accessible :property_name, :value, :position
+    default_scope :order => "#{self.table_name}.position"
     # virtual attributes for use with AJAX completion stuff
     def property_name

data/app/models/spree/property.rb CHANGED Viewed

@@ -9,8 +9,6 @@ module Spree
     validates :name, :presentation, :presence => true
-    scope :sorted, lambda { order(:name) }
     def self.find_all_by_prototype(prototype)
       id = prototype
       if prototype.class == Prototype

data/app/models/spree/return_authorization.rb CHANGED Viewed

@@ -44,7 +44,7 @@ module Spree
           next unless inventory_unit.return_authorization.nil? && count < quantity
           inventory_unit.return_authorization = self
-          inventory_unit.save!
+          inventory_unit.return!
           count += 1
         end