spree_core 5.2.0 → 5.2.2

data/lib/spree/core/configuration.rb

@@ -46,6 +46,36 @@ module Spree
       preference :expedited_exchanges_days_window, :integer, default: 14 # the amount of days the customer has to return their item after the expedited exchange is shipped in order to avoid being charged
       preference :geocode_addresses, :boolean, default: true
       preference :images_save_from_url_job_attempts, :integer, default: 5
+
+      # Preprocessed product image variant sizes at 2x retina resolution.
+      # These variants are generated on upload to reduce runtime processing.
+      # When using spree_image_tag, pass variant option instead of width and height.
+      #
+      # Default sizes:
+      #   mini (128x128)     - admin thumbnails, checkout line items
+      #   small (256x256)    - cart/order items, gallery thumbnails
+      #   medium (400x400)   - mobile listing, admin media
+      #   large (720x720)    - product listing, mobile gallery
+      #   xlarge (2000x2000) - gallery main, lightbox
+      #
+      # To customize, override in your initializer:
+      #   Spree::Config.product_image_variant_sizes = {
+      #     mini: [128, 128],
+      #     small: [256, 256],
+      #     # ... your custom sizes
+      #   }
+      attr_writer :product_image_variant_sizes
+
+      def product_image_variant_sizes
+        @product_image_variant_sizes ||= {
+          mini: [128, 128],
+          small: [256, 256],
+          medium: [400, 400],
+          large: [720, 720],
+          xlarge: [2000, 2000],
+          og_image: [1200, 630]
+        }
+      end
       preference :layout, :string, deprecated: 'Please use Spree::Frontend::Config[:layout] instead'
       preference :logo, :string, deprecated: true
       preference :mailer_logo, :string, deprecated: true

data/lib/spree/core/controller_helpers/auth.rb

@@ -17,7 +17,7 @@ module Spree
 
         # Needs to be overridden so that we use Spree's Ability rather than anyone else's.
         def current_ability
-          @current_ability ||= Spree::Dependencies.ability_class.constantize.new(try_spree_current_user, { store: current_store })
+          @current_ability ||= Spree.ability_class.new(try_spree_current_user, { store: current_store })
         end
 
         def redirect_back_or_default(default)

data/lib/spree/core/controller_helpers/store.rb

@@ -64,7 +64,7 @@ module Spree
         end
 
         def current_store_finder
-          Spree::Dependencies.current_store_finder.constantize
+          Spree.current_store_finder
         end
 
         def raise_record_not_found_if_store_is_not_found

data/lib/spree/core/dependencies.rb

@@ -97,8 +97,8 @@ module Spree
         # finders
         address_finder: 'Spree::Addresses::Find',
         country_finder: 'Spree::Countries::Find',
-        cms_page_finder: 'Spree::CmsPages::Find', # LEGACY
-        menu_finder: 'Spree::Menus::Find', # LEGACY
+        cms_page_finder: nil, # LEGACY
+        menu_finder: nil, # LEGACY
         current_order_finder: 'Spree::Orders::FindCurrent',
         current_store_finder: 'Spree::Stores::FindCurrent',
         completed_order_finder: 'Spree::Orders::FindComplete',

data/lib/spree/core/dependencies_helper.rb

@@ -1,21 +1,103 @@
 module Spree
+  class DependencyError < StandardError; end
+
   module DependenciesHelper
+    # Patterns to skip when finding the actual caller (internal routing code)
+    INTERNAL_CALLER_PATTERNS = [
+      %r{lib/spree/core\.rb.*method_missing},
+      %r{lib/spree/api\.rb.*method_missing}
+    ].freeze
+
     def self.included(base)
       injection_points = base::INJECTION_POINTS_WITH_DEFAULTS.keys.freeze
       base.const_set(:INJECTION_POINTS, injection_points)
-      base.attr_accessor(*injection_points)
+
+      injection_points.each do |point|
+        # Original getter - returns raw value (string, class, or proc result)
+        # BACKWARDS COMPATIBLE: Spree::Dependencies.foo.constantize still works
+        base.attr_reader(point)
+
+        # Setter with override tracking
+        # BACKWARDS COMPATIBLE: Spree::Dependencies.foo = "MyClass" still works
+        base.define_method("#{point}=") do |value|
+          @overrides ||= {}
+          @overrides[point] = {
+            value: value,
+            source: find_caller_source,
+            set_at: Time.current
+          }
+          # Clear memoized class when value changes
+          remove_instance_variable("@#{point}_resolved") if instance_variable_defined?("@#{point}_resolved")
+          instance_variable_set("@#{point}", value)
+        end
+
+        # Returns resolved class with memoization
+        # Usage: Spree::Dependencies.foo_class or Spree.foo
+        base.define_method("#{point}_class") do
+          return instance_variable_get("@#{point}_resolved") if instance_variable_defined?("@#{point}_resolved")
+
+          value = send(point)
+          resolved = case value
+                     when String then value.constantize
+                     when Proc then value.call.then { |v| v.is_a?(String) ? v.constantize : v }
+                     else value
+                     end
+          instance_variable_set("@#{point}_resolved", resolved)
+          resolved
+        end
+      end
     end
 
     def initialize
       set_default_values
     end
 
+    # Returns hash of all overridden dependencies with metadata
+    def overrides
+      @overrides || {}
+    end
+
+    # Check if a specific dependency has been overridden
+    def overridden?(name)
+      overrides.key?(name.to_sym)
+    end
+
+    # Get override info for a specific dependency
+    def override_info(name)
+      overrides[name.to_sym]
+    end
+
+    # Returns array of all dependencies with current values and metadata
     def current_values
-      values = []
-      self.class::INJECTION_POINTS.each do |injection_point|
-        values << { injection_point.to_s => instance_variable_get("@#{injection_point}") }
+      self.class::INJECTION_POINTS.map do |point|
+        default = self.class::INJECTION_POINTS_WITH_DEFAULTS[point]
+        default_val = default.respond_to?(:call) ? default.call : default
+        current = send(point)
+
+        {
+          name: point,
+          current: current,
+          default: default_val,
+          # Use overridden? to check if setter was called, not value comparison
+          # Value comparison fails for proc-based defaults that reference other dependencies
+          overridden: overridden?(point),
+          override_info: overrides[point]
+        }
       end
-      values
+    end
+
+    # Validate all dependencies can be resolved to classes
+    # Raises Spree::DependencyError if any dependency is invalid
+    def validate!
+      errors = []
+      self.class::INJECTION_POINTS.each do |point|
+        send("#{point}_class")
+      rescue NameError => e
+        errors << { name: point, value: send(point), error: e.message }
+      end
+      raise Spree::DependencyError, "Invalid dependencies: #{errors.map { |e| e[:name] }.join(', ')}" if errors.any?
+
+      true
     end
 
     private
@@ -26,5 +108,18 @@ module Spree
         instance_variable_set("@#{injection_point}", value)
       end
     end
+
+    # Find the actual caller source, skipping internal DSL routing code
+    # This ensures Spree.foo = X reports the user's code location, not method_missing
+    def find_caller_source
+      caller_locations(2, 10).each do |location|
+        location_str = location.to_s
+        next if INTERNAL_CALLER_PATTERNS.any? { |pattern| location_str.match?(pattern) }
+
+        return location_str
+      end
+      # Fallback to immediate caller if no external caller found
+      caller_locations(2, 1).first.to_s
+    end
   end
 end

data/lib/spree/core/permission_configuration.rb

@@ -0,0 +1,102 @@
+# Manages the mapping between roles and permission sets.
+#
+# This configuration allows you to define which permission sets are assigned to each role.
+# Permission sets are reusable groups of permissions that can be applied to roles.
+#
+# @example Assigning permission sets to a role
+#   Spree.permissions.assign(:customer_service, [
+#     Spree::PermissionSets::OrderDisplay,
+#     Spree::PermissionSets::UserManagement
+#   ])
+#
+# @example Clearing permission sets from a role
+#   Spree.permissions.clear(:customer_service)
+#
+# @example Getting permission sets for a role
+#   Spree.permissions.permission_sets_for(:admin)
+#   # => [Spree::PermissionSets::SuperUser]
+#
+module Spree
+  class PermissionConfiguration
+    # Default role used for unauthenticated users
+    DEFAULT_ROLE = :default
+
+    # Admin role with full access
+    ADMIN_ROLE = :admin
+
+    def initialize
+      @role_permissions = {}
+    end
+
+    # Assigns permission sets to a role.
+    #
+    # @param role_name [Symbol, String] the name of the role
+    # @param permission_sets [Array<Class>, Class] permission set class(es) to assign
+    # @return [Array<Class>] the assigned permission sets
+    #
+    # @example
+    #   Spree.permissions.assign(:customer_service, Spree::PermissionSets::OrderDisplay)
+    #   Spree.permissions.assign(:admin, [
+    #     Spree::PermissionSets::SuperUser
+    #   ])
+    def assign(role_name, permission_sets)
+      role_key = normalize_role_name(role_name)
+      @role_permissions[role_key] ||= []
+      @role_permissions[role_key] |= Array(permission_sets)
+    end
+
+    # Clears all permission sets from a role.
+    #
+    # @param role_name [Symbol, String] the name of the role
+    # @return [Array<Class>] the removed permission sets
+    def clear(role_name)
+      role_key = normalize_role_name(role_name)
+      @role_permissions.delete(role_key)
+    end
+
+    # Returns the permission sets assigned to a role.
+    #
+    # @param role_name [Symbol, String] the name of the role
+    # @return [Array<Class>] the assigned permission sets
+    def permission_sets_for(role_name)
+      role_key = normalize_role_name(role_name)
+      @role_permissions[role_key] || []
+    end
+
+    # Returns all permission sets for multiple roles.
+    #
+    # @param role_names [Array<Symbol, String>] the names of the roles
+    # @return [Array<Class>] the combined permission sets (deduplicated)
+    def permission_sets_for_roles(role_names)
+      role_names.flat_map { |role_name| permission_sets_for(role_name) }.uniq
+    end
+
+    # Returns all configured roles.
+    #
+    # @return [Array<Symbol>] the configured role names
+    def roles
+      @role_permissions.keys
+    end
+
+    # Checks if a role has any permission sets assigned.
+    #
+    # @param role_name [Symbol, String] the name of the role
+    # @return [Boolean]
+    def role_configured?(role_name)
+      role_key = normalize_role_name(role_name)
+      @role_permissions.key?(role_key) && @role_permissions[role_key].any?
+    end
+
+    # Resets all role permissions to empty state.
+    # Useful for testing.
+    def reset!
+      @role_permissions = {}
+    end
+
+    private
+
+    def normalize_role_name(role_name)
+      role_name.to_s.downcase.to_sym
+    end
+  end
+end

data/lib/spree/core/search/base.rb

@@ -32,7 +32,7 @@ module Spree
         def extended_base_scope
           base_scope = current_store.products.spree_base_scopes
           base_scope = get_products_conditions_for(base_scope, keywords)
-          base_scope = Spree::Dependencies.products_finder.constantize.new(**product_finder_params(base_scope)).execute
+          base_scope = Spree.products_finder.new(**product_finder_params(base_scope)).execute
           base_scope = add_search_scopes(base_scope)
           add_eagerload_scopes(base_scope)
         end

data/lib/spree/core/version.rb

@@ -1,5 +1,5 @@
 module Spree
-  VERSION = '5.2.0'.freeze
+  VERSION = '5.2.2'.freeze
 
   def self.version
     VERSION

data/lib/spree/core.rb

@@ -358,6 +358,56 @@ module Spree
     end
   end
 
+  # Permission configuration accessor for managing role-to-permission-set mappings.
+  #
+  # @example Assigning permission sets to a role
+  #   Spree.permissions.assign(:customer_service, [
+  #     Spree::PermissionSets::OrderDisplay,
+  #     Spree::PermissionSets::UserManagement
+  #   ])
+  #
+  # @example Clearing permission sets from a role
+  #   Spree.permissions.clear(:customer_service)
+  #
+  # @return [Spree::PermissionConfiguration] the permission configuration instance
+  def self.permissions
+    @permissions ||= PermissionConfiguration.new
+  end
+
+  class << self
+    # Dynamic methods for core dependencies
+    #
+    # @example Getting a dependency (returns resolved class)
+    #   Spree.cart_add_item_service.call(order: order, variant: variant)
+    #
+    # @example Setting a dependency
+    #   Spree.cart_add_item_service = MyApp::CartAddItem
+    def method_missing(method_name, *args, &block)
+      base_name = method_name.to_s.chomp('=').to_sym
+
+      return super unless core_dependency?(base_name)
+
+      if method_name.to_s.end_with?('=')
+        Spree::Dependencies.send(method_name, args.first)
+      else
+        # Returns resolved class (not string)
+        Spree::Dependencies.send("#{method_name}_class")
+      end
+    end
+
+    def respond_to_missing?(method_name, include_private = false)
+      base_name = method_name.to_s.chomp('=').to_sym
+      core_dependency?(base_name) || super
+    end
+
+    private
+
+    def core_dependency?(name)
+      defined?(Spree::Dependencies) &&
+        Spree::Dependencies.class::INJECTION_POINTS.include?(name)
+    end
+  end
+
   module Core
     autoload :ProductFilters, 'spree/core/product_filters'
     autoload :TokenGenerator, 'spree/core/token_generator'
@@ -400,3 +450,4 @@ require 'spree/core/preferences/scoped_store'
 require 'spree/core/preferences/runtime_configuration'
 
 require 'spree/core/webhooks'
+require 'spree/core/permission_configuration'

data/lib/spree/testing_support/authorization_helpers.rb

@@ -30,7 +30,7 @@ module Spree
 
         def stub_authorization!
           ability = build_ability
-          ability_class = Spree::Dependencies.ability_class.constantize
+          ability_class = Spree.ability_class
 
           after(:all) do
             ability_class.remove_ability(ability)
@@ -51,7 +51,7 @@ module Spree
 
         def custom_authorization!(&block)
           ability = build_ability(&block)
-          ability_class = Spree::Dependencies.ability_class.constantize
+          ability_class = Spree.ability_class
 
           after(:all) do
             ability_class.remove_ability(ability)

data/lib/spree_core.rb

@@ -1,4 +1,5 @@
 require 'friendly_id/paranoia'
+require 'friendly_id/history_decorator'
 require 'mobility/plugins/store_based_fallbacks'
 require 'normalize_string'
 

data/lib/tasks/dependencies.rake

@@ -0,0 +1,76 @@
+namespace :spree do
+  namespace :dependencies do
+    desc 'List all Spree dependencies with their current values'
+    task list: :environment do
+      print_dependencies('CORE', Spree::Dependencies)
+      print_dependencies('API', Spree::Api::Dependencies) if defined?(Spree::Api::Dependencies)
+    end
+
+    desc 'Show only overridden dependencies'
+    task overrides: :environment do
+      core_overrides = Spree::Dependencies.current_values.select { |d| d[:overridden] }
+      api_overrides = if defined?(Spree::Api::Dependencies)
+                        Spree::Api::Dependencies.current_values.select { |d| d[:overridden] }
+                      else
+                        []
+                      end
+
+      if core_overrides.empty? && api_overrides.empty?
+        puts 'No dependencies have been overridden.'
+      else
+        print_overrides('Core', core_overrides) if core_overrides.any?
+        print_overrides('API', api_overrides) if api_overrides.any?
+      end
+    end
+
+    desc 'Validate all dependencies resolve to valid classes'
+    task validate: :environment do
+      errors = validate_dependencies('Core', Spree::Dependencies)
+      errors += validate_dependencies('API', Spree::Api::Dependencies) if defined?(Spree::Api::Dependencies)
+
+      puts "\n"
+      if errors.any?
+        puts "\n\e[31m#{errors.size} invalid dependencies:\e[0m"
+        errors.each { |err| puts "  [#{err[:source]}] #{err[:name]}: #{err[:error]}" }
+        exit 1
+      else
+        puts "\e[32mAll dependencies valid\e[0m"
+      end
+    end
+
+    def print_dependencies(name, deps)
+      puts "\n[#{name}]"
+
+      # Calculate max width for alignment
+      max_name_width = deps.class::INJECTION_POINTS.map(&:length).max
+
+      deps.current_values.each do |dep|
+        status = dep[:overridden] ? ' [OVERRIDDEN]' : ''
+        puts "#{dep[:name].to_s.ljust(max_name_width)}  #{dep[:current]}#{status}"
+      end
+    end
+
+    def print_overrides(name, overrides)
+      puts "\n[#{name} OVERRIDES]"
+
+      max_name_width = overrides.map { |d| d[:name].length }.max
+
+      overrides.each do |dep|
+        source = dep[:override_info] ? " (#{dep[:override_info][:source]})" : ''
+        puts "#{dep[:name].to_s.ljust(max_name_width)}  #{dep[:default]} -> #{dep[:current]}#{source}"
+      end
+    end
+
+    def validate_dependencies(name, deps)
+      errors = []
+      deps.class::INJECTION_POINTS.each do |point|
+        deps.send("#{point}_class")
+        print "\e[32m.\e[0m"
+      rescue NameError => e
+        errors << { source: name, name: point, error: e.message }
+        print "\e[31mF\e[0m"
+      end
+      errors
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_core
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.2.2
 platform: ruby
 authors:
 - Sean Schofield
@@ -335,28 +335,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.100'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.100'
 - !ruby/object:Gem::Dependency
   name: state_machines-activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.100'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.100'
 - !ruby/object:Gem::Dependency
   name: stringex
   requirement: !ruby/object:Gem::Requirement
@@ -1050,6 +1050,21 @@ files:
 - app/models/spree/payment_method/check.rb
 - app/models/spree/payment_method/store_credit.rb
 - app/models/spree/payment_source.rb
+- app/models/spree/permission_sets/base.rb
+- app/models/spree/permission_sets/configuration_management.rb
+- app/models/spree/permission_sets/dashboard_display.rb
+- app/models/spree/permission_sets/default_customer.rb
+- app/models/spree/permission_sets/order_display.rb
+- app/models/spree/permission_sets/order_management.rb
+- app/models/spree/permission_sets/product_display.rb
+- app/models/spree/permission_sets/product_management.rb
+- app/models/spree/permission_sets/promotion_management.rb
+- app/models/spree/permission_sets/role_management.rb
+- app/models/spree/permission_sets/stock_display.rb
+- app/models/spree/permission_sets/stock_management.rb
+- app/models/spree/permission_sets/super_user.rb
+- app/models/spree/permission_sets/user_display.rb
+- app/models/spree/permission_sets/user_management.rb
 - app/models/spree/policy.rb
 - app/models/spree/post.rb
 - app/models/spree/post_category.rb
@@ -1457,6 +1472,7 @@ files:
 - db/migrate/20250915093930_add_metadata_to_spree_newsletter_subscribers.rb
 - db/migrate/20250923141845_create_spree_imports.rb
 - db/seeds.rb
+- lib/friendly_id/history_decorator.rb
 - lib/friendly_id/paranoia.rb
 - lib/generators/spree/authentication/custom/custom_generator.rb
 - lib/generators/spree/authentication/custom/templates/authentication_helpers.rb.tt
@@ -1504,6 +1520,7 @@ files:
 - lib/spree/core/importer/product.rb
 - lib/spree/core/number_generator.rb
 - lib/spree/core/partials.rb
+- lib/spree/core/permission_configuration.rb
 - lib/spree/core/preferences/configuration.rb
 - lib/spree/core/preferences/preferable.rb
 - lib/spree/core/preferences/preferable_class_methods.rb
@@ -1648,6 +1665,7 @@ files:
 - lib/spree/translation_migrations.rb
 - lib/spree_core.rb
 - lib/tasks/core.rake
+- lib/tasks/dependencies.rake
 - lib/tasks/exchanges.rake
 - vendor/javascript/@rails--request.js.js
 - vendor/javascript/@stimulus-components--auto-submit.js
@@ -1660,9 +1678,9 @@ licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/spree/spree/issues
-  changelog_uri: https://github.com/spree/spree/releases/tag/v5.2.0
+  changelog_uri: https://github.com/spree/spree/releases/tag/v5.2.2
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree/tree/v5.2.0
+  source_code_uri: https://github.com/spree/spree/tree/v5.2.2
 rdoc_options: []
 require_paths:
 - lib