spree_core 1.3.2 → 1.3.3

data/app/assets/stylesheets/admin/shared/_forms.scss

@@ -175,10 +175,11 @@ fieldset {
     text-transform: uppercase;
     text-align: center;
     padding: 8px 15px;
+    -webkit-font-smoothing: antialiased;
   }
 
   label {
-    color: lighten($color-body-text, 5);
+    color: lighten($color-body-text, 8);
   }
 
   .filter-actions {

data/app/assets/stylesheets/admin/shared/_icons.scss

@@ -18,4 +18,5 @@
 .icon-cancel:before, 
 .icon-void:before     { @extend .icon-remove:before   }
 
-.icon-capture:before  { @extend .icon-ok:before       }
+.icon-capture:before  { @extend .icon-ok:before       }
+.icon-credit:before   { @extend .icon-ok:before       }

data/app/assets/stylesheets/admin/shared/_layout.scss

@@ -65,10 +65,13 @@
 
   .page-title {
     font-size: 20px;
+    -webkit-font-smoothing: antialiased;
   }
   .page-actions {
     text-align: right;
-
+    form {
+      display: inline-block;
+    }
     .button {
       font-size: 85%;
     }

data/app/assets/stylesheets/admin/shared/_tables.scss

@@ -18,6 +18,14 @@ table {
       border-left: 1px solid $color-border;
     }
 
+    a {
+      border-bottom: 1px dotted lighten($color-link, 10);
+
+      &:hover {
+        border-color: lighten($color-link-hover, 10);
+      }
+    }
+
     &.actions {
       background-color: transparent;
       border: none !important;

data/app/assets/stylesheets/store/screen.css.scss

@@ -19,7 +19,7 @@ hr {
   background-color: transparent;
   color: transparent;
   border: none;
-  border-bottom: 1px solid $border_color;
+  border-bottom: $default_border;
 }
 
 /* Custom text-selection colors (remove any text shadows: twitter.com/miketaylr/status/12228805301) */
@@ -72,7 +72,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
       padding: 5px;
 
       &.odd {
-        background-color: lighten($body_text_color, 60);
+        background-color: $table_head_color;
       }
     }
     dt {
@@ -215,7 +215,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
   /*--------------------------------------*/
   footer#footer {
     padding: 10px 0;
-    border-top: 1px solid lighten($body_text_color, 60);
+    border-top: $default_border;
   }
 
   /*--------------------------------------*/
@@ -230,7 +230,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
   /*--------------------------------------*/
   table {
     thead {
-      background-color: lighten($body_text_color, 60);
+      background-color: $table_head_color;
       text-transform: uppercase;
 
       tr {
@@ -242,7 +242,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
 
     tbody, tfoot {
       tr {
-        border-bottom: 1px solid lighten($body_text_color, 60);
+        border-bottom: $default_border;
 
         td {
           vertical-align: middle;
@@ -281,7 +281,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
     text-transform: uppercase;
     font-weight: bold;
     margin-top: 20px;
-    border-bottom: 1px solid lighten($body_text_color, 60);
+    border-bottom: $default_border;
     padding-bottom: 6px;
 
     li {
@@ -318,7 +318,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
           .amount {
             font-size: $horizontal_navigation_font_size + 2;
             font-weight: bold;
-            border-left: 1px solid lighten($body_text_color, 60);
+            border-left: $default_border;
             padding-left: 5px;
             padding-bottom: 5px;
           }
@@ -330,7 +330,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
   nav#taxonomies {
     .taxonomy-root {
       text-transform: uppercase;
-      border-bottom: 1px solid lighten($body_text_color, 60);
+      border-bottom: $default_border;
       margin-bottom: 5px;
       font-size: $main_navigation_header_font_size;
     }
@@ -345,7 +345,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
   }
 
   #breadcrumbs {
-    border-bottom: 1px solid lighten($body_text_color, 60);
+    border-bottom: $default_border;
     padding: 3px 0;
     margin-bottom: 15px;
 
@@ -473,7 +473,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
           margin-top: 5px;
           font-size: $product_list_name_font_size;
           color: $product_link_text_color;
-          border-bottom: 1px solid lighten($body_text_color, 60);
+          border-bottom: $default_border;
           overflow: hidden;
         }
       }
@@ -513,7 +513,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
 
   .search-results-title {
     text-transform: uppercase;
-    border-bottom: 1px solid lighten($body_text_color, 60);
+    border-bottom: $default_border;
     margin-bottom: 10px;
   }
 
@@ -558,7 +558,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
 
   #product-description {
     .product-title {
-      border-bottom: 1px solid lighten($body_text_color, 60);
+      border-bottom: $default_border;
       margin-bottom: 15px;
       color: $product_title_text_color;
       font-size: $product_detail_name_font_size;
@@ -641,7 +641,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
       }
 
       &.completed-first, &.completed {
-        background-color: lighten($body_text_color, 60);
+        background-color: $table_head_color;
         color: $layout_background_color;
 
         a {
@@ -684,7 +684,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
     h3 {
       text-transform: uppercase;
       font-size: $base_font_size + 2;
-      border-bottom: 1px solid lighten($body_text_color, 60);
+      border-bottom: $default_border;
     }
 
     table {
@@ -760,7 +760,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
         color: $body_text_color;
 
         tr {
-          border-top: 1px solid lighten($body_text_color, 60);
+          border-top: $default_border;
 
           td {
             padding: 10px;
@@ -780,7 +780,7 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
       }
 
       h6 {
-        border-bottom: 1px solid lighten($body_text_color, 60);
+        border-bottom: $default_border;
         margin-bottom: 5px;
       }
     }
@@ -788,6 +788,14 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
 
   #shipping_method {
     p {
+      &#minstrs {
+        clear: both;
+
+        label {
+          width: 100%;
+        }
+      }
+
       label {
         float: left;
         font-weight: bold;
@@ -878,6 +886,10 @@ mark {background-color: $link_text_color; color: $layout_background_color; font-
     margin-bottom: 15px;
     border: $default_border;
     padding: 10px;
+
+    dd {
+      margin-left: 0px;
+    }
   }
 
   /*--------------------------------------*/

data/app/assets/stylesheets/store/variables.css.scss

@@ -55,6 +55,8 @@ $ff_base:       'Ubuntu', sans-serif !default;
       $button_font_size:                      12px !default;
       $input_box_font_size:                   13px !default;
       $base_font_size:                        12px !default;
-      $border_color:                          lighten($body_text_color, 60);
-      $default_border:                        1px solid $border_color;
+      $border_color:                          lighten($body_text_color, 60) !default;
+      $default_border:                        1px solid $border_color !default;
       $button_border_color:                   rgba(0, 138, 189, .75) !default;
+      $table_head_color:                      lighten($body_text_color, 60) !default;
+

data/app/controllers/spree/admin/adjustments_controller.rb

@@ -5,9 +5,13 @@ module Spree
       destroy.after :reload_order
 
       private
-        def reload_order
-          @order.reload
-        end
+      def reload_order
+        @order.reload
+      end
+
+      def collection
+        parent.adjustments.eligible
+      end
     end
   end
 end

data/app/controllers/spree/admin/base_controller.rb

@@ -11,13 +11,18 @@ module Spree
       before_filter :authorize_admin
 
       protected
+        def action
+          params[:action].to_sym
+        end
+
         def authorize_admin
-          begin
-            record = model_class.new
-          rescue
-            record = Object.new
+          if respond_to?(:model_class, true) && model_class
+            record = model_class
+          else
+            record = Object
           end
-          authorize! params[:action].to_sym, record
+          authorize! :admin, record
+          authorize! action, record
         end
 
         def check_alerts

data/app/controllers/spree/admin/line_items_controller.rb

@@ -26,7 +26,8 @@ module Spree
       def destroy
         @line_item.destroy
         respond_with(@line_item) do |format|
-          format.html { render :partial => 'spree/admin/orders/form', :locals => { :order => @order.reload } }
+          format.html { redirect_to edit_admin_order_path(@order) }
+          format.js { @order.reload }
         end
       end
 
@@ -46,7 +47,7 @@ module Spree
 
         def load_order
           @order = Order.find_by_number!(params[:order_id])
-          authorize! params[:action], @order
+          authorize! action, @order
         end
 
         def load_line_item

data/app/controllers/spree/admin/orders/customer_details_controller.rb

@@ -25,14 +25,15 @@ module Spree
                 @order.user_id = params[:user_id]
                 @order.user true
               end
-              @order.save
-              @order.create_shipment!
+              while @order.next; end
+
               flash[:success] = t('customer_details_updated')
               redirect_to edit_admin_order_shipment_path(@order, @order.shipment)
             else
               flash[:error] = t('errors.messages.no_shipping_methods_available')
               redirect_to admin_order_customer_path(@order)
             end
+
           else
             render :action => :edit
           end

data/app/controllers/spree/admin/orders_controller.rb

@@ -101,7 +101,7 @@ module Spree
       end
 
       def resend
-        OrderMailer.confirm_email(@order, true).deliver
+        OrderMailer.confirm_email(@order.id, true).deliver
         flash[:success] = t(:order_email_resent)
 
         respond_with(@order) { |format| format.html { redirect_to :back } }
@@ -111,7 +111,7 @@ module Spree
 
         def load_order
           @order = Order.find_by_number!(params[:id], :include => :adjustments) if params[:id]
-          authorize! params[:action], @order
+          authorize! action, @order
         end
 
         # Used for extensions which need to provide their own custom event links on the order details view.

data/app/controllers/spree/admin/payments_controller.rb

@@ -88,7 +88,7 @@ module Spree
 
       def load_order
         @order = Order.find_by_number!(params[:order_id])
-        authorize! params[:action], @order
+        authorize! action, @order
       end
 
       def load_payment

data/app/controllers/spree/admin/resource_controller.rb

@@ -2,7 +2,7 @@ require 'spree/core/action_callbacks'
 
 class Spree::Admin::ResourceController < Spree::Admin::BaseController
   helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
-  before_filter :load_resource
+  before_filter :load_resource, :except => [:update_positions]
   rescue_from ActiveRecord::RecordNotFound, :with => :resource_not_found
 
   respond_to :html
@@ -139,7 +139,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
         # call authorize! a third time (called twice already in Admin::BaseController)
         # this time we pass the actual instance so fine-grained abilities can control
         # access to individual records, not just entire models.
-        authorize! params[:action], @object
+        authorize! action, @object
 
         instance_variable_set("@#{object_name}", @object)
       else
@@ -153,7 +153,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     end
 
     def load_resource_instance
-      if new_actions.include?(params[:action].to_sym)
+      if new_actions.include?(action)
         build_resource
       elsif params[:id]
         find_resource
@@ -192,7 +192,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     def collection
       return parent.send(controller_name) if parent_data.present?
       if model_class.respond_to?(:accessible_by) && !current_ability.has_block?(params[:action], model_class)
-        model_class.accessible_by(current_ability, params[:action])
+        model_class.accessible_by(current_ability, action)
       else
         model_class.scoped
       end
@@ -252,7 +252,7 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
     end
 
     def member_action?
-      !collection_actions.include? params[:action].to_sym
+      !collection_actions.include? action
     end
 
     def new_actions

data/app/controllers/spree/admin/shipments_controller.rb

@@ -79,7 +79,7 @@ module Spree
 
       def order
         @order ||= Order.find_by_number(params[:order_id])
-        authorize! params[:action], @order
+        authorize! action, @order
       end
 
       def shipment

data/app/controllers/spree/admin/taxons_controller.rb

@@ -106,7 +106,7 @@ module Spree
       def destroy
         @taxon = Taxon.find(params[:id])
         @taxon.destroy
-        respond_with(@taxon) { |format| format.json { render :json => '' } }
+        render :text => "", :status => 204
       end
 
     end

data/app/controllers/spree/admin/users_controller.rb

@@ -0,0 +1,96 @@
+module Spree
+  module Admin
+    class UsersController < ResourceController
+
+      if Spree.user_class.const_defined?("DestroyWithOrdersError")
+        rescue_from "#{Spree.user_class}::DestroyWithOrdersError".constantize, :with => :user_destroy_with_orders_error
+      end
+
+      # http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
+      before_filter :check_json_authenticity, :only => :index
+      before_filter :load_roles, :only => [:edit, :new, :update, :create, :generate_api_key, :clear_api_key]
+      update.after :sign_in_if_change_own_password
+      before_filter :load_roles, :only => [:edit, :new, :update, :create]
+
+      def index
+        respond_with(@collection) do |format|
+          format.html
+          format.json { render :json => json_data }
+        end
+      end
+
+      def generate_api_key
+        if @user.generate_spree_api_key!
+          flash.notice = t('key_generated', :scope => 'spree.api')
+        end
+        redirect_to edit_admin_user_path(@user)
+      end
+
+      def clear_api_key
+        if @user.clear_spree_api_key!
+          flash.notice = t('key_cleared', :scope => 'spree.api')
+        end
+        redirect_to edit_admin_user_path(@user)
+      end
+
+      protected
+
+        def sign_in_if_change_own_password
+          if spree_current_user == @user && @user.password.present?
+            sign_in(@user, :event => :authentication, :bypass => true)
+          end
+        end
+
+        def load_roles
+          @roles = Spree::Role.scoped
+        end
+
+        def model_class
+          Spree.user_class
+        end
+
+        def collection
+          return @collection if @collection.present?
+          unless request.xhr?
+            @search = Spree.user_class.registered.ransack(params[:q])
+            @collection = @search.result.page(params[:page]).per(Spree::Config[:admin_products_per_page])
+          else
+            #disabling proper nested include here due to rails 3.1 bug
+            #@collection = User.includes(:bill_address => [:state, :country], :ship_address => [:state, :country]).
+            @collection = Spree.user_class.includes(:bill_address, :ship_address).
+                              where("spree_users.email #{LIKE} :search
+                                     OR (spree_addresses.firstname #{LIKE} :search AND spree_addresses.id = spree_users.bill_address_id)
+                                     OR (spree_addresses.lastname  #{LIKE} :search AND spree_addresses.id = spree_users.bill_address_id)
+                                     OR (spree_addresses.firstname #{LIKE} :search AND spree_addresses.id = spree_users.ship_address_id)
+                                     OR (spree_addresses.lastname  #{LIKE} :search AND spree_addresses.id = spree_users.ship_address_id)",
+              { :search => "#{params[:q].strip}%" }).
+                limit(params[:limit] || 100)
+            end
+          end
+
+      private
+
+        # handling raise from Spree::Admin::ResourceController#destroy
+        def user_destroy_with_orders_error
+          invoke_callbacks(:destroy, :fails)
+          render :status => :forbidden, :text => t(:error_user_destroy_with_orders)
+        end
+
+        # Allow different formats of json data to suit different ajax calls
+        def json_data
+          json_format = params[:json_format] or 'default'
+          case json_format
+          when 'basic'
+            collection.map { |u| { 'id' => u.id, 'name' => u.email } }.to_json
+          else
+            address_fields = [:firstname, :lastname, :address1, :address2, :city, :zipcode, :phone, :state_name, :state_id, :country_id]
+            includes = { :only => address_fields , :include => { :state => { :only => :name }, :country => { :only => :name } } }
+
+            collection.to_json(:only => [:id, :email], :include =>
+                               { :bill_address => includes, :ship_address => includes })
+          end
+        end
+
+    end
+  end
+end