RubyGems - spree_core - Versions diffs - 1.3.1 → 1.3.2 - Mend

spree_core 1.3.1 → 1.3.2

Files changed (87) hide show

data/app/controllers/spree/admin/payments_controller.rb CHANGED Viewed

@@ -77,7 +77,7 @@ module Spree
       def load_data
         @amount = params[:amount] || load_order.total
-        @payment_methods = PaymentMethod.available
+        @payment_methods = PaymentMethod.available(:back_end)
         if @payment and @payment.payment_method
           @payment_method = @payment.payment_method
         else
@@ -88,6 +88,7 @@ module Spree
       def load_order
         @order = Order.find_by_number!(params[:order_id])
+        authorize! params[:action], @order
       end
       def load_payment

data/app/controllers/spree/admin/products_controller.rb CHANGED Viewed

@@ -9,10 +9,12 @@ module Spree
       update.before :update_before
       def show
+        session[:return_to] ||= request.referer
         redirect_to( :action => :edit )
       end
       def index
+        session[:return_to] = request.url
         respond_with(@collection)
       end
@@ -33,7 +35,7 @@ module Spree
       end
       def destroy
-        @product = Product.where(:permalink => params[:id]).first!
+        @product = Product.find_by_permalink!(params[:id])
         @product.delete
         flash.notice = I18n.t('notice_messages.product_deleted')

data/app/controllers/spree/admin/resource_controller.rb CHANGED Viewed

@@ -40,6 +40,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
   def create
     invoke_callbacks(:create, :before)
+    @object.attributes = params[object_name]
     if @object.save
       invoke_callbacks(:create, :after)
       flash[:success] = flash_message_for(@object, :successfully_created)
@@ -134,9 +135,19 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def load_resource
       if member_action?
         @object ||= load_resource_instance
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! params[:action], @object
         instance_variable_set("@#{object_name}", @object)
       else
         @collection ||= collection
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
         instance_variable_set("@#{controller_name}", @collection)
       end
     end
@@ -155,7 +166,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def parent
       if parent_data.present?
-        @parent ||= parent_data[:model_class].where(parent_data[:find_by] => params["#{model_name}_id"]).first
+        @parent ||= parent_data[:model_class].send("find_by_#{parent_data[:find_by]}", params["#{model_name}_id"])
         instance_variable_set("@#{model_name}", @parent)
       else
         nil
@@ -172,16 +183,16 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def build_resource
       if parent_data.present?
-        parent.send(controller_name).build(params[object_name])
+        parent.send(controller_name).build
       else
-        model_class.new(params[object_name])
+        model_class.new
       end
     end
     def collection
       return parent.send(controller_name) if parent_data.present?
       if model_class.respond_to?(:accessible_by) && !current_ability.has_block?(params[:action], model_class)
-        model_class.accessible_by(current_ability)
+        model_class.accessible_by(current_ability, params[:action])
       else
         model_class.scoped
       end

data/app/controllers/spree/admin/shipments_controller.rb CHANGED Viewed

@@ -79,10 +79,11 @@ module Spree
       def order
         @order ||= Order.find_by_number(params[:order_id])
+        authorize! params[:action], @order
       end
       def shipment
-        @shipment ||= Shipment.find_by_number(params[:id])
+        @shipment ||= order.shipments.find_by_number(params[:id])
       end
       def build_shipment
@@ -92,6 +93,10 @@ module Spree
         @shipment.shipping_method ||= order.shipping_method
         @shipment.attributes = params[:shipment]
       end
+      def model_class
+        Spree::Shipment
+      end
     end
   end
 end

data/app/controllers/spree/admin/taxons_controller.rb CHANGED Viewed

@@ -109,12 +109,6 @@ module Spree
         respond_with(@taxon) { |format| format.json { render :json => '' } }
       end
-      private
-      def load_product
-        Product.find_by_permalink! params[:product_id]
-      end
     end
   end
 end

data/app/controllers/spree/checkout_controller.rb CHANGED Viewed

@@ -107,10 +107,6 @@ module Spree
         @order.shipping_method ||= (@order.rate_hash.first && @order.rate_hash.first[:shipping_method])
       end
-      def before_payment
-        current_order.payments.destroy_all if request.put?
-      end
       def after_complete
         session[:order_id] = nil
       end

data/app/controllers/spree/locale_controller.rb CHANGED Viewed

@@ -4,8 +4,8 @@ module Spree
       if request.referer && request.referer.starts_with?('http://' + request.host)
         session['user_return_to'] = request.referer
       end
-      if params[:locale] && I18n.available_locales.include?(params[:locale].to_sym)
-        session[:locale] = I18n.locale = params[:locale].to_sym
+      if params[:locale] && I18n.available_locales.map(&:to_s).include?(params[:locale])
+        session[:locale] = I18n.locale = params[:locale]
         flash.notice = t(:locale_changed)
       else
         flash[:error] = t(:locale_not_changed)

data/app/controllers/spree/orders_controller.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Spree
     # Adds a new item to the order (creating a new order if none already exists)
     def populate
-      populator = OrderPopulator.new(current_order(true), current_currency)
+      populator = Spree::OrderPopulator.new(current_order(true), current_currency)
       if populator.populate(params.slice(:products, :variants, :quantity))
         fire_event('spree.cart.add')
         fire_event('spree.order.contents_changed')

data/app/helpers/spree/admin/base_helper.rb CHANGED Viewed

@@ -22,6 +22,14 @@ module Spree
         end
       end
+      def datepicker_field_value(date)
+        unless date.blank?
+          l(date, :format => t('spree.date_picker.format'))
+        else
+          nil
+        end
+      end
       # This method demonstrates the use of the :child_index option to render a
       # form partial for, for instance, client side addition of new nested
       # records.
@@ -54,7 +62,7 @@ module Spree
       def remove_nested(fields)
         out = ''
         out << fields.hidden_field(:_destroy) unless fields.object.new_record?
-        out << (link_to icon('delete'), "#", :class => 'remove')
+        out << (link_to icon('icon-remove'), "#", :class => 'remove')
         out.html_safe
       end

data/app/helpers/spree/admin/images_helper.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    module ImagesHelper
+      def options_text_for(image)
+        if image.viewable.is_a?(Spree::Variant)
+          image.viewable.options_text
+        else
+          "All"
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree/admin/products_helper.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Spree
           content_tag(:option,
                       :value    => taxon.id,
                       :selected => ('selected' if selected)) do
-            (taxon.ancestors.map(&:name) + [taxon.name]).join(" -> ")
+            (taxon.ancestors.pluck(:name) + [taxon.name]).join(" -> ")
           end
         end.join("").html_safe
       end

data/app/helpers/spree/base_helper.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Spree
     end
     def link_to_cart(text = nil)
-      return "" if current_spree_page?(cart_path)
+      return "" if current_spree_page?(spree.cart_path)
       text = text ? h(text) : t('cart')
       css_class = nil
@@ -26,7 +26,7 @@ module Spree
         css_class = 'full'
       end
-      link_to text, cart_path, :class => css_class
+      link_to text, spree.cart_path, :class => css_class
     end
     # human readable list of variant options
@@ -127,7 +127,7 @@ module Spree
       end
       countries.collect do |country|
-        country.name = I18n.t(country.iso, :scope => 'countries', :default => country.name)
+        country.name = I18n.t(country.iso, :scope => 'country_names', :default => country.name)
         country
       end.sort { |a, b| a.name <=> b.name }
     end

data/app/models/spree/ability.rb CHANGED Viewed

@@ -30,18 +30,14 @@ module Spree
       alias_action :new, :to => :create
       alias_action :new_action, :to => :create
       alias_action :show, :to => :read
+      alias_action :delete, :to => :destroy
       user ||= Spree.user_class.new
       if user.respond_to?(:has_spree_role?) && user.has_spree_role?('admin')
         can :manage, :all
       else
         #############################
-        can :read, Spree.user_class do |resource|
-          resource == user
-        end
-        can :update, Spree.user_class do |resource|
-          resource == user
-        end
+        can [:read,:update,:destroy], Spree.user_class, :id => user.id
         can :create, Spree.user_class
         #############################
         can :read, Order do |order, token|

data/app/models/spree/address.rb CHANGED Viewed

@@ -5,7 +5,8 @@ module Spree
     has_many :shipments
-    validates :firstname, :lastname, :address1, :city, :zipcode, :country, :phone, :presence => true
+    validates :firstname, :lastname, :address1, :city, :zipcode, :country, :presence => true
+    validates :phone, :presence => true, :if => :require_phone?
     validate :state_validate
     attr_accessible :firstname, :lastname, :address1, :address2,
@@ -83,6 +84,10 @@ module Spree
     private
+      def require_phone?
+        true
+      end
       def state_validate
         # Skip state validation without country (also required)
         # or when disabled by preference

data/app/models/spree/legacy_user.rb CHANGED Viewed

@@ -4,11 +4,16 @@ module Spree
     self.table_name = 'spree_users'
     attr_accessible :email, :password, :password_confirmation
+    has_many :orders, :foreign_key => :user_id
     belongs_to :ship_address, :class_name => 'Spree::Address'
     belongs_to :bill_address, :class_name => 'Spree::Address'
     scope :registered
+    before_destroy :check_completed_orders
+    class DestroyWithOrdersError < StandardError; end
     def anonymous?
       false
     end
@@ -24,5 +29,11 @@ module Spree
     attr_accessor :password
     attr_accessor :password_confirmation
+    private
+      def check_completed_orders
+        raise DestroyWithOrdersError if orders.complete.present?
+      end
   end
 end

data/app/models/spree/log_entry.rb CHANGED Viewed

@@ -1,5 +1,16 @@
 module Spree
   class LogEntry < ActiveRecord::Base
     belongs_to :source, :polymorphic => true
+    # Fix for #1767
+    # If a payment fails, we want to make sure we keep the record of it failing
+    after_rollback :save_anyway
+    def save_anyway
+      log = Spree::LogEntry.new
+      log.source  = source
+      log.details = details
+      log.save!
+    end
   end
 end

data/app/models/spree/order.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module Spree
     token_resource
     attr_accessible :line_items, :bill_address_attributes, :ship_address_attributes, :payments_attributes,
-                    :ship_address, :bill_address, :line_items_attributes, :number,
+                    :ship_address, :bill_address, :payments_attributes, :line_items_attributes, :number,
                     :shipping_method_id, :email, :use_billing, :special_instructions, :currency
     if Spree.user_class
@@ -52,7 +52,13 @@ module Spree
     has_many :line_items, :dependent => :destroy, :order => "created_at ASC"
     has_many :inventory_units
     has_many :payments, :dependent => :destroy
-    has_many :shipments, :dependent => :destroy
+    has_many :shipments, :dependent => :destroy do
+      def states
+        pluck(:state).uniq
+      end
+    end
     has_many :return_authorizations, :dependent => :destroy
     has_many :adjustments, :as => :adjustable, :dependent => :destroy, :order => "created_at ASC"
@@ -351,11 +357,11 @@ module Spree
     end
     def can_ship?
-      self.complete? || self.resumed?
+      self.complete? || self.resumed? || self.awaiting_return? || self.returned?
     end
     def credit_cards
-      credit_card_ids = payments.from_credit_card.map(&:source_id).uniq
+      credit_card_ids = payments.from_credit_card.pluck(:source_id).uniq
       CreditCard.scoped(:conditions => { :id => credit_card_ids })
     end
@@ -436,7 +442,7 @@ module Spree
     end
     def available_payment_methods
-      @available_payment_methods ||= PaymentMethod.available
+      @available_payment_methods ||= PaymentMethod.available(:front_end)
     end
     def payment_method

data/app/models/spree/order_populator.rb CHANGED Viewed

@@ -50,9 +50,9 @@ module Spree
       display_name = %Q{#{variant.name}}
       display_name += %Q{ (#{variant.options_text})} unless variant.options_text.blank?
-      if variant.in_stock?
+      if variant.available?
         on_hand = variant.on_hand
-        if on_hand >= quantity
+        if on_hand >= quantity || Spree::Config[:allow_backorders]
           return true
         else
           errors.add(:base, %Q{There are only #{on_hand} of #{display_name.inspect} remaining.} +

data/app/models/spree/order_updater.rb CHANGED Viewed

@@ -69,18 +69,18 @@ module Spree
       if order.backordered?
         order.shipment_state = 'backorder'
       else
-        order.shipment_state =
-        case shipments.count
-        when 0
-          nil
-        when shipments.shipped.count
-          'shipped'
-        when shipments.ready.count
-          'ready'
-        when shipments.pending.count
-          'pending'
+        # get all the shipment states for this order
+        shipment_states = shipments.states
+        if shipment_states.size > 1
+          # multiple shiment states means it's most likely partially shipped
+          order.shipment_state = 'partial'
         else
-          'partial'
+          # will return nil if no shipments are found
+          order.shipment_state = shipment_states.first
+          if order.shipment_state && order.inventory_units.where(:shipment_id => nil).exists?
+            # shipments exist but there are unassigned inventory units
+            order.shipment_state = 'partial'
+          end
         end
       end

data/app/models/spree/payment/processing.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
         if payment_method && payment_method.source_required?
           if source
             if !processing?
-              if Spree::Config[:auto_capture]
+              if payment_method.auto_capture?
                 purchase!
               else
                 authorize!
@@ -111,7 +111,7 @@ module Spree
       options = { :email    => order.email,
                   :customer => order.email,
                   :ip       => order.last_ip_address,
-                  :order_id => order.number }
+                  :order_id => "#{order.number}-#{self.identifier}" }
       options.merge!({ :shipping => order.ship_total * 100,
                        :tax      => order.tax_total * 100,

data/app/models/spree/payment.rb CHANGED Viewed

@@ -8,6 +8,8 @@ module Spree
     has_many :offsets, :class_name => "Spree::Payment", :foreign_key => :source_id, :conditions => "source_type = 'Spree::Payment' AND amount < 0 AND state = 'completed'"
     has_many :log_entries, :as => :source
+    before_save :set_unique_identifier
     after_save :create_payment_profile, :if => :profiles_supported?
     # update the order totals, etc.
@@ -56,7 +58,7 @@ module Spree
     end
     def offsets_total
-      offsets.map(&:amount).sum
+      offsets.pluck(:amount).sum
     end
     def credit_allowed
@@ -108,5 +110,22 @@ module Spree
         order.payments.reload
         order.update!
       end
+      # Necessary because some payment gateways will refuse payments with
+      # duplicate IDs. We *were* using the Order number, but that's set once and
+      # is unchanging. What we need is a unique identifier on a per-payment basis,
+      # and this is it. Related to #1998.
+      # See https://github.com/spree/spree/issues/1998#issuecomment-12869105
+      def set_unique_identifier
+        chars = [('A'..'Z').to_a, ('0'..'9').to_a].flatten - %w(0 1 I O)
+        identifier = ''
+        8.times { identifier << chars[rand(chars.length)] }
+        if Spree::Payment.exists?(:identifier => identifier)
+          # Call it again, we've got a duplicate ID.
+          set_unique_identifier
+        else
+          self.identifier = identifier
+        end
+      end
   end
 end

data/app/models/spree/payment_method.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 module Spree
   class PaymentMethod < ActiveRecord::Base
+    DISPLAY = [:both, :front_end, :back_end]
     default_scope where(:deleted_at => nil)
     scope :production, lambda { where(:environment => 'production') }
-    attr_accessible :name, :description, :environment, :active
+    attr_accessible :name, :description, :environment, :display_on, :active
     validates :name, :presence => true
     def self.providers
@@ -22,9 +23,11 @@ module Spree
       raise 'You must implement payment_source_class method for this gateway.'
     end
-    def self.available
+    def self.available(display_on = 'both')
       all.select do |p|
-        p.active && (p.environment == Rails.env || p.environment.blank?)
+        p.active &&
+        (p.display_on == display_on.to_s || p.display_on.blank?) &&
+        (p.environment == Rails.env || p.environment.blank?)
       end
     end
@@ -51,5 +54,9 @@ module Spree
     def source_required?
       true
     end
+    def auto_capture?
+      Spree::Config[:auto_capture]
+    end
   end
 end

data/app/models/spree/preference.rb CHANGED Viewed

@@ -33,33 +33,4 @@ class Spree::Preference < ActiveRecord::Base
     self[:value]
   end
-  # For the rc releases of 1.0, we stored the object class names, this converts
-  # to preferences definition types. This code should eventually be removed.
-  # it is called during the load_preferences of the Preferences::Store
-  def self.convert_old_value_types(preference)
-    classes =  [Symbol.to_s, Fixnum.to_s, Bignum.to_s,
-                Float.to_s, TrueClass.to_s, FalseClass.to_s]
-    return unless classes.map(&:downcase).include? preference.value_type.downcase
-    case preference.value_type.downcase
-    when "symbol"
-      preference.value_type = 'string'
-    when "fixnum"
-      preference.value_type = 'integer'
-    when "bignum"
-      preference.value_type = 'integer'
-      preference.value = preference.value.to_f.to_i
-    when "float"
-      preference.value_type = 'decimal'
-    when "trueclass"
-      preference.value_type = 'boolean'
-      preference.value = "true"
-    when "falseclass"
-      preference.value_type = 'boolean'
-      preference.value = "false"
-    end
-    preference.save
-  end
 end

data/app/models/spree/preferences/store.rb CHANGED Viewed

@@ -14,7 +14,6 @@ module Spree::Preferences
     def initialize
       @cache = Rails.cache
       @persistence = true
-      load_preferences
     end
     def set(key, value, type)
@@ -64,6 +63,10 @@ module Spree::Preferences
       destroy(key)
     end
+    def clear_cache
+      @cache.clear
+    end
     private
     def persist(cache_key, value, type)
@@ -82,15 +85,6 @@ module Spree::Preferences
       preference.destroy if preference
     end
-    def load_preferences
-      return unless should_persist?
-      Spree::Preference.valid.each do |p|
-        Spree::Preference.convert_old_value_types(p) # see comment
-        @cache.write(p.key, p.value)
-      end
-    end
     def should_persist?
       @persistence and Spree::Preference.table_exists?
     end

data/app/models/spree/product/scopes.rb CHANGED Viewed

@@ -66,7 +66,7 @@ module Spree
     add_search_scope :in_taxon do |taxon|
       select("DISTINCT(spree_products.id), spree_products.*").
       joins(:taxons).
-      where(Taxon.table_name => { :id => taxon.self_and_descendants.map(&:id) })
+      where(Taxon.table_name => { :id => taxon.self_and_descendants.pluck(:id) })
     end
     # This scope selects products in all taxons AND all its descendants
@@ -228,7 +228,7 @@ module Spree
       # specifically avoid having an order for taxon search (conflicts with main order)
       def self.prepare_taxon_conditions(taxons)
-        ids = taxons.map { |taxon| taxon.self_and_descendants.map(&:id) }.flatten.uniq
+        ids = taxons.map { |taxon| taxon.self_and_descendants.pluck(:id) }.flatten.uniq
         joins(:taxons).where("#{Taxon.table_name}.id" => ids)
       end

data/app/models/spree/product.rb CHANGED Viewed

@@ -162,7 +162,7 @@ module Spree
       return if option_values_hash.nil?
       option_values_hash.keys.map(&:to_i).each do |id|
         self.option_type_ids << id unless option_type_ids.include?(id)
-        product_option_types.create({:option_type_id => id}, :without_protection => true) unless product_option_types.map(&:option_type_id).include?(id)
+        product_option_types.create({:option_type_id => id}, :without_protection => true) unless product_option_types.pluck(:option_type_id).include?(id)
       end
     end
@@ -232,10 +232,7 @@ module Spree
     def set_property(property_name, property_value)
       ActiveRecord::Base.transaction do
-        property = Property.where(:name => property_name).first_or_initialize
-        property.presentation = property_name
-        property.save!
+        property = Property.where(:name => property_name).first_or_create!(:presentation => property_name)
         product_property = ProductProperty.where(:product_id => id, :property_id => property.id).first_or_initialize
         product_property.value = property_value
         product_property.save!

data/app/models/spree/product_property.rb CHANGED Viewed

@@ -6,7 +6,9 @@ module Spree
     validates :property, :presence => true
     validates :value, :length => { :maximum => 255 }
-    attr_accessible :property_name, :value
+    attr_accessible :property_name, :value, :position
+    default_scope :order => "#{self.table_name}.position"
     # virtual attributes for use with AJAX completion stuff
     def property_name

data/app/models/spree/property.rb CHANGED Viewed

@@ -9,8 +9,6 @@ module Spree
     validates :name, :presentation, :presence => true
-    scope :sorted, lambda { order(:name) }
     def self.find_all_by_prototype(prototype)
       id = prototype
       if prototype.class == Prototype

data/app/models/spree/return_authorization.rb CHANGED Viewed

@@ -44,7 +44,7 @@ module Spree
           next unless inventory_unit.return_authorization.nil? && count < quantity
           inventory_unit.return_authorization = self
-          inventory_unit.save!
+          inventory_unit.return!
           count += 1
         end