spree_core 5.0.5 → 5.1.0.beta

data/app/models/spree/credit_card.rb

@@ -2,8 +2,6 @@ module Spree
   class CreditCard < Spree.base_class
     include ActiveMerchant::Billing::CreditCardMethods
     include Spree::Metadata
-    include Spree::PaymentSourceConcern
-
     if defined?(Spree::Webhooks::HasWebhooks)
       include Spree::Webhooks::HasWebhooks
     end
@@ -137,6 +135,30 @@ module Spree
       brand.present? ? brand.upcase : Spree.t(:no_cc_type)
     end
 
+    def actions
+      %w{capture void credit}
+    end
+
+    # Indicates whether its possible to capture the payment
+    def can_capture?(payment)
+      payment.pending? || payment.checkout?
+    end
+
+    # Indicates whether its possible to void the payment.
+    def can_void?(payment)
+      !payment.failed? && !payment.void?
+    end
+
+    # Indicates whether its possible to credit the payment.  Note that most gateways require that the
+    # payment be settled first which generally happens within 12-24 hours of the transaction.
+    def can_credit?(payment)
+      payment.completed? && payment.credit_allowed > 0
+    end
+
+    def has_payment_profile?
+      gateway_customer_profile_id.present? || gateway_payment_profile_id.present?
+    end
+
     # ActiveMerchant needs first_name/last_name because we pass it a Spree::CreditCard and it calls those methods on it.
     # Looking at the ActiveMerchant source code we should probably be calling #to_active_merchant before passing
     # the object to ActiveMerchant but this should do for now.

data/app/models/spree/custom_domain.rb

@@ -14,7 +14,7 @@ module Spree
     # Validations
     #
     validates :url, presence: true, uniqueness: true, format: {
-      with: %r{[a-z][a-z0-9-]*[a-z0-9]}i
+      with: %r{\A(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\z}i
     }, length: { in: 1..63 }
     validate :url_is_valid
 
@@ -26,6 +26,7 @@ module Spree
     after_validation :ensure_default, on: :create
 
     def url_is_valid
+      return if url.blank?
       parts = url.split('.')
 
       errors.add(:url, 'use domain or subdomain') if (parts[0] != 'www' && parts.size > 3) || (parts[0] == 'www' && parts.size > 4) || parts.size < 2

data/app/models/spree/export.rb

@@ -124,7 +124,7 @@ module Spree
     end
 
     def current_ability
-      @current_ability ||= Spree::Dependencies.ability_class.constantize.new(user)
+      @current_ability ||= Spree::Dependencies.ability_class.constantize.new(user, { store: store })
     end
 
     # eg. Spree::Exports::Products => products-store-my-store-code-20241030133348.csv

data/app/models/spree/integration.rb

@@ -0,0 +1,63 @@
+module Spree
+  class Integration < Spree.base_class
+    include Spree::SingleStoreResource
+
+    #
+    # Associations
+    #
+    belongs_to :store, class_name: 'Spree::Store', touch: true
+
+    #
+    # Validations
+    #
+    validates :type, presence: true
+    validates :store, presence: true, uniqueness: { scope: :type }
+
+    #
+    # Scopes
+    #
+    scope :active, -> { where(active: true) }
+
+    # This attribute is used to temporarily store connection-related error messages
+    # that can be displayed to users when testing or validating integration connections.
+    # It is not persisted to the database and is reset on each new connection attempt.
+    # @param message [String, nil] The error message to be stored
+    # @return [String, nil] The current error message
+    attr_accessor :connection_error_message
+
+    # Associates the integration to a group.
+    # The name here will be used as Spree.t key to display the group name.
+    # Leave blank to leave the integration ungrouped.
+    def self.integration_group
+      nil
+    end
+
+    def self.icon_path
+      nil
+    end
+
+    def self.integration_name
+      name.demodulize.titleize.strip
+    end
+
+    def self.integration_key
+      name.demodulize.underscore
+    end
+
+    def name
+      self.class.integration_name
+    end
+
+    def key
+      self.class.integration_key
+    end
+
+    # Checks if the integration can establish a connection.
+    # This is a base implementation that always returns true.
+    # Subclasses should override this method to implement their own connection validation logic.
+    # @return [Boolean] true if the integration can connect, false otherwise
+    def can_connect?
+      true
+    end
+  end
+end

data/app/models/spree/invitation.rb

@@ -0,0 +1,153 @@
+module Spree
+  class Invitation < Spree.base_class
+    has_secure_token
+    acts_as_paranoid
+
+    #
+    # Virtual Attributes
+    #
+    attribute :skip_email, :boolean, default: false
+
+    #
+    # Associations
+    #
+    belongs_to :resource, polymorphic: true # eg. Store, Vendor, Account
+    belongs_to :inviter, polymorphic: true # User or AdminUser
+    belongs_to :invitee, polymorphic: true, optional: true # User or AdminUser
+    belongs_to :role, class_name: 'Spree::Role'
+    has_one :role_user, dependent: :destroy, class_name: 'Spree::RoleUser'
+
+    #
+    # Validations
+    #
+    validates :email, email: true, presence: true
+    validates :token, presence: true, uniqueness: true
+    validates :inviter, :resource, :role, presence: true
+    validate :invitee_is_not_inviter, on: :create
+    validate :invitee_already_exists, on: :create
+
+    #
+    # Scopes
+    #
+    scope :pending, -> { where(status: 'pending') }
+    scope :accepted, -> { where(status: 'accepted') }
+    scope :not_expired, -> { where('expires_at > ?', Time.current) }
+
+    #
+    # State Machine
+    #
+    state_machine initial: :pending, attribute: :status do
+      state :accepted do
+        validate :accept_invitation_within_time_limit
+        validates :invitee, presence: true
+      end
+
+      event :accept do
+        transition pending: :accepted
+      end
+      after_transition to: :accepted, do: :after_accept
+    end
+
+    #
+    # Callbacks
+    #
+    after_initialize :set_defaults, if: :new_record?
+    before_validation :set_invitee_from_email, on: :create
+    after_create :send_invitation_email, unless: :skip_email
+
+    # returns the store for the invitation
+    # if the resource is a store, return the resource
+    # if the resource responds to store, return the store
+    # otherwise, return the current store
+    # @return [Spree::Store]
+    def store
+      if resource.is_a?(Spree::Store)
+        resource
+      elsif resource.respond_to?(:store)
+        resource.store
+      else
+        Spree::Store.current
+      end
+    end
+
+    # returns true if the invitation has expired
+    # @return [Boolean]
+    def expired?
+      expires_at < Time.current
+    end
+
+    # Resends the invitation email if the invitation is pending and not expired
+    def resend!
+      return if expired? || deleted? || accepted?
+
+      send_invitation_email
+    end
+
+    private
+
+    # this method can be extended by developers now
+    def after_accept
+      create_role_user
+      set_accepted_at
+      send_acceptance_notification
+    end
+
+    def send_invitation_email
+      Spree::InvitationMailer.invitation_email(self).deliver_later
+    end
+
+    def send_acceptance_notification
+      Spree::InvitationMailer.invitation_accepted(self).deliver_later
+    end
+
+    def set_defaults
+      self.expires_at ||= 2.weeks.from_now
+      self.resource ||= Spree::Store.current
+      self.role ||= Spree::Role.default_admin_role
+    end
+
+    def invitee_is_not_inviter
+      if invitee == inviter
+        errors.add(:invitee, 'cannot be the same as the inviter')
+      end
+    end
+
+    def invitee_already_exists
+      return if resource.blank?
+
+      exists = if invitee.present?
+                resource.users.include?(invitee)
+              else
+                resource.users.exists?(email: email)
+              end
+
+      if exists
+        errors.add(:email, 'already exists')
+      end
+    end
+
+    def set_accepted_at
+      update!(accepted_at: Time.current)
+    end
+
+    def create_role_user
+      return if invitee.blank?
+
+      role_user = resource.add_user(invitee, role)
+      self.role_user = role_user
+      save!
+    end
+
+    def set_invitee_from_email
+      return if invitee.present?
+
+      self.invitee = Spree.admin_user_class.find_by(email: email)
+    end
+
+    def accept_invitation_within_time_limit
+      if Time.current > expires_at
+        errors.add(:base, 'Invitation expired')
+      end
+    end
+  end
+end

data/app/models/spree/invitations/store.rb

@@ -0,0 +1,6 @@
+module Spree
+  module Invitations
+    class Store < Base
+    end
+  end
+end

data/app/models/spree/option_value.rb

@@ -62,9 +62,9 @@ module Spree
     delegate :name, :presentation, to: :option_type, prefix: true, allow_nil: true
 
     def self.to_tom_select_json
-      all.pluck(:name, :presentation).map do |name, presentation|
+      all.pluck(:id, :presentation).map do |id, presentation|
         {
-          id: name,
+          id: id,
           name: presentation
         }
       end

data/app/models/spree/order.rb

@@ -91,6 +91,8 @@ module Spree
     acts_as_taggable_on :tags
     acts_as_taggable_tenant :store_id
 
+    ASSOCIATED_USER_ATTRIBUTES = [:user_id, :email, :created_by_id, :bill_address_id, :ship_address_id]
+
     belongs_to :user, class_name: "::#{Spree.user_class}", optional: true, autosave: true
     belongs_to :created_by, class_name: "::#{Spree.admin_user_class}", optional: true
     belongs_to :approver, class_name: "::#{Spree.admin_user_class}", optional: true
@@ -247,6 +249,13 @@ module Spree
       pre_tax_item_amount + shipments.sum(:pre_tax_amount)
     end
 
+    # Returns the subtotal used for analytics integrations
+    # It's a sum of the item total and the promo total
+    # @return [Float]
+    def analytics_subtotal
+      (item_total + line_items.sum(:promo_total)).to_f
+    end
+
     def shipping_discount
       shipment_adjustments.non_tax.eligible.sum(:amount) * - 1
     end
@@ -355,7 +364,7 @@ module Spree
       self.bill_address ||= user.bill_address
       self.ship_address ||= user.ship_address
 
-      changes = slice(:user_id, :email, :created_by_id, :bill_address_id, :ship_address_id)
+      changes = slice(*ASSOCIATED_USER_ATTRIBUTES)
 
       # immediately persist the changes we just made, but don't use save
       # since we might have an invalid address associated
@@ -364,6 +373,12 @@ module Spree
       end
     end
 
+    def disassociate_user!
+      nullified_attributes = ASSOCIATED_USER_ATTRIBUTES.index_with(nil)
+
+      update!(nullified_attributes)
+    end
+
     def quantity_of(variant, options = {})
       line_item = find_line_item_by_variant(variant, options)
       line_item ? line_item.quantity : 0
@@ -815,10 +830,6 @@ module Spree
       csv_lines
     end
 
-    def all_line_items
-      line_items
-    end
-
     private
 
     def link_by_email

data/app/models/spree/order_merger.rb

@@ -7,7 +7,7 @@ module Spree
       @order = order
     end
 
-    def merge!(other_order, user = nil)
+    def merge!(other_order, user = nil, discard_merged: true)
       other_order.line_items.each do |other_order_line_item|
         next unless other_order_line_item.currency == order.currency
 
@@ -16,12 +16,14 @@ module Spree
       end
 
       set_user(user)
-      clear_addresses(other_order)
+      clear_addresses(other_order) if discard_merged
       persist_merge
 
-      # So that the destroy doesn't take out line items which may have been re-assigned
-      other_order.line_items.reload
-      other_order.destroy
+      if discard_merged
+        # So that the destroy doesn't take out line items which may have been re-assigned
+        other_order.line_items.reload
+        other_order.destroy
+      end
     end
 
     # Compare the line item of the other order with mine.

data/app/models/spree/page_sections/featured_posts.rb

@@ -19,10 +19,6 @@ module Spree
         'news'
       end
 
-      def posts
-        Spree::Post.published.by_newest.limit(preferred_max_posts_to_show)
-      end
-
       private
 
       def make_posts_to_show_valid

data/app/models/spree/payment.rb

@@ -302,8 +302,7 @@ module Spree
       # Payment profile cannot be created without source
       return unless source
       # Imported payments shouldn't create a payment profile.
-      # Imported is only available on Spree::CreditCard, non-credit card payments should not have this attribute.
-      return if source.respond_to?(:imported) && source.imported
+      return if source.imported
 
       payment_method.create_profile(self)
     rescue ActiveMerchant::ConnectionError => e

data/app/models/spree/payment_source.rb

@@ -1,31 +1,10 @@
-# This model is used to store payment sources for non-credit card payments, eg wallet, account, etc.
 module Spree
   class PaymentSource < Spree.base_class
     include Spree::Metadata
-    include Spree::PaymentSourceConcern
 
-    #
-    # Associations
-    #
     belongs_to :payment_method, class_name: 'Spree::PaymentMethod'
     belongs_to :user, class_name: Spree.user_class.to_s, optional: true
 
-    #
-    # Validations
-    #
     validates_uniqueness_of :gateway_payment_profile_id, scope: :type
-
-    #
-    # Delegations
-    #
-    delegate :profile_id, to: :gateway_customer, prefix: true, allow_nil: true
-
-    # Returns the gateway customer for the user.
-    # @return [Spree::GatewayCustomer]
-    def gateway_customer
-      return if user.blank?
-
-      payment_method.gateway_customers.find_by(user: user)
-    end
   end
 end

data/app/models/spree/post.rb

@@ -54,7 +54,6 @@ module Spree
     # Scopes
     #
     scope :published, -> { where(published_at: [..Time.current]) }
-    scope :by_newest, -> { order(created_at: :desc) }
 
     delegate :name, to: :author, prefix: true, allow_nil: true
     delegate :title, to: :post_category, prefix: true, allow_nil: true

data/app/models/spree/product_property.rb

@@ -33,7 +33,7 @@ module Spree
     scope :filterable, -> { joins(:property).where(Property.table_name => { filterable: true }) }
     scope :for_products, ->(products) { joins(:product).merge(products) }
     scope :sort_by_property_position, -> {
-      joins(:property).order("spree_properties.position ASC")
+      unscope(:order).joins(:property).order("spree_properties.position ASC")
     }
 
     self.whitelisted_ransackable_attributes = ['value', 'filter_param']

data/app/models/spree/property.rb

@@ -39,8 +39,10 @@ module Spree
     KIND_OPTIONS = { short_text: 0, long_text: 1, number: 2, rich_text: 3 }.freeze
     enum :kind, KIND_OPTIONS
 
+    DEPENDENCY_UPDATE_FIELDS = [:presentation, :name, :kind, :filterable, :display_on, :position].freeze
+
     after_touch :touch_all_products
-    after_update :touch_all_products, if: -> { saved_changes.key?(:presentation) }
+    after_update :touch_all_products, if: -> { DEPENDENCY_UPDATE_FIELDS.any? { |field| saved_changes.key?(field) } }
     after_save :ensure_product_properties_have_filter_params
 
     self.whitelisted_ransackable_attributes = ['presentation', 'filterable']

data/app/models/spree/reports/sales_total.rb

@@ -2,12 +2,16 @@ module Spree
   module Reports
     class SalesTotal < Spree::Report
       def line_items_scope
-        store.line_items.where(
+        scope = store.line_items.where(
           order: Spree::Order.complete.where(
             currency: currency,
             completed_at: (date_from.to_time.beginning_of_day)..(date_to.to_time.end_of_day)
           )
         ).includes(:order, variant: :product)
+
+        scope = scope.where(vendor_id: vendor.id) if defined?(vendor) && vendor.present?
+
+        scope
       end
     end
   end

data/app/models/spree/role.rb

@@ -4,8 +4,24 @@ module Spree
 
     ADMIN_ROLE = 'admin'
 
+    #
+    # Associations
+    #
     has_many :role_users, class_name: 'Spree::RoleUser', dependent: :destroy
     has_many :users, through: :role_users, source: :user, source_type: Spree.user_class.to_s
     has_many :admin_users, through: :role_users, source: :user, source_type: Spree.admin_user_class.to_s
+    has_many :invitations, class_name: 'Spree::Invitation', dependent: :destroy
+
+    #
+    # Scopes
+    #
+    scope :admin, -> { where(name: ADMIN_ROLE) }
+
+    #
+    # Class Methods
+    #
+    def self.default_admin_role
+      find_or_create_by(name: ADMIN_ROLE)
+    end
   end
 end

data/app/models/spree/role_user.rb

@@ -1,6 +1,37 @@
 module Spree
   class RoleUser < Spree.base_class
-    belongs_to :role, class_name: 'Spree::Role'
+    #
+    # Associations
+    #
+    belongs_to :role, class_name: 'Spree::Role', foreign_key: :role_id
     belongs_to :user, polymorphic: true
+    belongs_to :resource, polymorphic: true
+    belongs_to :invitation, class_name: 'Spree::Invitation', optional: true
+
+    #
+    # Validations
+    #
+    validates :role, presence: true
+    validates :user, presence: true
+    validates :resource, presence: true
+    validates :role_id, uniqueness: { scope: [:user_id, :resource_id, :user_type, :resource_type] }
+
+    #
+    # Delegations
+    #
+    delegate :name, to: :user
+
+    #
+    # Callbacks
+    #
+    before_validation :set_default_resource
+
+    private
+
+    # Set the default resource to the default store if the resource is not set
+    # this will allow a graceful migration from the old roles system to the new one
+    def set_default_resource
+      self.resource ||= Spree::Store.current
+    end
   end
 end

data/app/models/spree/shipment_handler.rb

@@ -1,6 +1,7 @@
 module Spree
   class ShipmentHandler
     include Spree::Shipment::Emails
+    include Spree::IntegrationsConcern
 
     class << self
       def factory(shipment)

data/app/models/spree/shipping_method.rb

@@ -50,7 +50,7 @@ module Spree
     def include?(address)
       return false unless address
 
-      zones.includes(:zone_members).any? do |zone|
+      zones.includes(zone_members: :zoneable).any? do |zone|
         zone.include?(address)
       end
     end
@@ -93,7 +93,7 @@ module Spree
       if estimated_transit_business_days_min == estimated_transit_business_days_max
         estimated_transit_business_days_min.to_s
       else
-        [estimated_transit_business_days_min, estimated_transit_business_days_max].compact.join("-")
+        "#{estimated_transit_business_days_min}-#{estimated_transit_business_days_max}"
       end
     end
 

data/app/models/spree/store.rb

@@ -13,6 +13,7 @@ module Spree
     include Spree::Stores::Socials
     include Spree::Webhooks::HasWebhooks if defined?(Spree::Webhooks::HasWebhooks)
     include Spree::Security::Stores if defined?(Spree::Security::Stores)
+    include Spree::UserManagement
 
     #
     # Magic methods
@@ -100,8 +101,10 @@ module Spree
     has_many :custom_domains, class_name: 'Spree::CustomDomain', dependent: :destroy
     has_one :default_custom_domain, -> { where(default: true) }, class_name: 'Spree::CustomDomain'
 
-    has_many :posts
-    has_many :post_categories
+    has_many :posts, class_name: 'Spree::Post'
+    has_many :post_categories, class_name: 'Spree::PostCategory'
+
+    has_many :integrations, class_name: 'Spree::Integration'
 
     #
     # Page Builder associations
@@ -342,7 +345,7 @@ module Spree
     # @return [Spree::StockLocation]
     def default_stock_location
       @default_stock_location ||= begin
-        stock_location_scope = Spree::StockLocation.order_default
+        stock_location_scope = Spree::StockLocation.where(default: true)
         stock_location_scope.first || ActiveRecord::Base.connected_to(role: :writing) do
           stock_location_scope.create(default: true, name: Spree.t(:default_stock_location_name), country: default_country)
         end
@@ -350,7 +353,9 @@ module Spree
     end
 
     def admin_users
-      @admin_users ||= Spree.admin_user_class.joins(:spree_roles).where(spree_roles: { name: :admin })
+      Spree::Deprecation.warn('Store#admin_users is deprecated and will be removed in Spree 6.0. Please use Store#users instead.')
+
+      users
     end
 
     def favicon

data/app/models/spree/store_credit_category.rb

@@ -28,6 +28,10 @@ module Spree
       end
     end
 
+    def can_be_deleted?
+      !store_credit_category_used?
+    end
+
     class << self
       def default_reimbursement_category(_options = {})
         Spree::StoreCreditCategory.first

data/app/models/spree/taxon.rb

@@ -1,4 +1,3 @@
-# TODO: let friendly id take care of sanitizing the url
 require 'stringex'
 
 module Spree
@@ -96,9 +95,11 @@ module Spree
       if Spree.use_translations?
         joins(:taxonomy).
           join_translation_table(Taxonomy).
-          where(["LOWER(#{Taxonomy.translation_table_alias}.name) = ?", taxonomy_name.downcase.strip])
+          where(
+            Taxonomy.arel_table_alias[:name].lower.matches(taxonomy_name.downcase.strip)
+          )
       else
-        joins(:taxonomy).where(["LOWER(#{Spree::Taxonomy.table_name}.name) = ?", taxonomy_name.downcase.strip])
+        joins(:taxonomy).where(Spree::Taxonomy.arel_table[:name].lower.matches(taxonomy_name.downcase.strip))
       end
     }
 
@@ -153,10 +154,6 @@ module Spree
       sort_order == 'manual'
     end
 
-    def page_builder_image
-      square_image.presence || image
-    end
-
     def active_products_with_descendants
       @active_products_with_descendants ||= store.products.
                                             joins(:classifications).

data/app/models/spree/theme.rb

@@ -155,7 +155,7 @@ module Spree
       end
     end
 
-    # Returns an array of available layout section classes for the theme, eg. header, footer, newsletter, etc.
+    # Returns an array of available layout section classes for the theme
     #
     # @return [Array<Class>]
     def available_layout_sections