diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml index 8bb05901273..4e0deb10609 100644 --- a/.rubocop_manual_todo.yml +++ b/.rubocop_manual_todo.yml @@ -42,7 +42,6 @@ Metrics/LineLength: - app/controllers/application_controller.rb - app/controllers/checkout_controller.rb - app/controllers/spree/admin/adjustments_controller_decorator.rb - - app/controllers/spree/admin/base_controller_decorator.rb - app/controllers/spree/admin/orders_controller_decorator.rb - app/controllers/spree/admin/payments_controller_decorator.rb - app/controllers/spree/credit_cards_controller.rb @@ -644,6 +643,7 @@ Metrics/ClassLength: - app/controllers/admin/subscriptions_controller.rb - app/controllers/api/products_controller.rb - app/controllers/checkout_controller.rb + - app/controllers/spree/admin/base_controller.rb - app/controllers/spree/admin/payment_methods_controller.rb - app/controllers/spree/admin/users_controller.rb - app/controllers/spree/orders_controller.rb diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb new file mode 100644 index 00000000000..c1c01791337 --- /dev/null +++ b/app/controllers/spree/admin/base_controller.rb @@ -0,0 +1,142 @@ +module Spree + module Admin + class BaseController < Spree::BaseController + ssl_required + + helper 'spree/admin/navigation' + layout '/spree/layouts/admin' + + include I18nHelper + + before_filter :authorize_admin + before_filter :set_locale + before_filter :warn_invalid_order_cycles, if: :html_request? + + # Warn the user when they have an active order cycle with hubs that are not ready + # for checkout (ie. does not have valid shipping and payment methods). + def warn_invalid_order_cycles + distributors = active_distributors_not_ready_for_checkout + + return if distributors.empty? || flash[:notice].present? + + flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors) + end + + # This is in Spree::Core::ControllerHelpers::Auth + # But you can't easily reopen modules in Ruby + def unauthorized + if try_spree_current_user + flash[:error] = t(:authorization_failure) + redirect_to '/unauthorized' + else + store_location + redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}") + end + end + + protected + + def model_class + const_name = controller_name.classify + return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name) + + nil + end + + def action + params[:action].to_sym + end + + def authorize_admin + if respond_to?(:model_class, true) && model_class + record = model_class + else + # This allows specificity for each non-resource controller + # (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146) + record = self.class.to_s. + sub("Controller", ""). + underscore.split('/').last.singularize.to_sym + end + authorize! :admin, record + authorize! resource_authorize_action, record + end + + def resource_authorize_action + action + end + + def flash_message_for(object, event_sym) + resource_desc = object.class.model_name.human + resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present? + Spree.t(event_sym, resource: resource_desc) + end + + def render_js_for_destroy + render partial: '/spree/admin/shared/destroy' + end + + # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking + def check_json_authenticity + return unless request.format.js? || request.format.json? + + return unless protect_against_forgery? + + auth_token = params[request_forgery_protection_token] + return if auth_token && form_authenticity_token == CGI.unescape(auth_token) + + raise(ActionController::InvalidAuthenticityToken) + end + + def config_locale + Spree::Backend::Config[:locale] + end + + private + + def active_distributors_not_ready_for_checkout + ocs = OrderCycle.managed_by(spree_current_user).active + distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq + Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout + end + + def active_distributors_not_ready_for_checkout_message(distributors) + distributor_names = distributors.map(&:name).join ', ' + + if distributors.count > 1 + I18n.t(:active_distributors_not_ready_for_checkout_message_plural, + distributor_names: distributor_names) + else + I18n.t(:active_distributors_not_ready_for_checkout_message_singular, + distributor_names: distributor_names) + end + end + + def html_request? + request.format.html? + end + + def json_request? + request.format.json? + end + + def render_as_json(data, options = {}) + ams_prefix = options.delete :ams_prefix + if [Array, ActiveRecord::Relation].include? data.class + render options.merge(json: data, each_serializer: serializer(ams_prefix)) + else + render options.merge(json: data, serializer: serializer(ams_prefix)) + end + end + + def serializer(ams_prefix) + unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym) + raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}." + end + + prefix = ams_prefix.andand.classify || "" + name = controller_name.classify + "::Api::Admin::#{prefix}#{name}Serializer".constantize + end + end + end +end diff --git a/app/controllers/spree/admin/base_controller_decorator.rb b/app/controllers/spree/admin/base_controller_decorator.rb deleted file mode 100644 index 34bde0028ea..00000000000 --- a/app/controllers/spree/admin/base_controller_decorator.rb +++ /dev/null @@ -1,105 +0,0 @@ -require 'spree/core/controller_helpers/respond_with_decorator' - -Spree::Admin::BaseController.class_eval do - include I18nHelper - - layout 'spree/layouts/admin' - - before_filter :set_locale - before_filter :warn_invalid_order_cycles, if: :html_request? - - # Warn the user when they have an active order cycle with hubs that are not ready - # for checkout (ie. does not have valid shipping and payment methods). - def warn_invalid_order_cycles - distributors = active_distributors_not_ready_for_checkout - - if distributors.any? && flash[:notice].nil? - flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors) - end - end - - # Override Spree method - # It's a shame Spree doesn't just let CanCan handle this in it's own way - def authorize_admin - if respond_to?(:model_class, true) && model_class - record = model_class - else - # this line changed to allow specificity for each non-resource controller (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146) - record = self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym - end - authorize! :admin, record - authorize! resource_authorize_action, record - end - - def resource_authorize_action - action - end - - # This is in Spree::Core::ControllerHelpers::Auth - # But you can't easily reopen modules in Ruby - def unauthorized - if try_spree_current_user - flash[:error] = t(:authorization_failure) - redirect_to '/unauthorized' - else - store_location - redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}") - end - end - - protected - - def model_class - const_name = controller_name.classify - if Spree.const_defined?(const_name) - return "Spree::#{const_name}".constantize - end - - nil - end - - private - - def active_distributors_not_ready_for_checkout - ocs = OrderCycle.managed_by(spree_current_user).active - distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq - Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout - end - - def active_distributors_not_ready_for_checkout_message(distributors) - distributor_names = distributors.map(&:name).join ', ' - - if distributors.count > 1 - I18n.t(:active_distributors_not_ready_for_checkout_message_plural, distributor_names: distributor_names) - else - I18n.t(:active_distributors_not_ready_for_checkout_message_singular, distributor_names: distributor_names) - end - end - - def html_request? - request.format.html? - end - - def json_request? - request.format.json? - end - - def render_as_json(data, options = {}) - ams_prefix = options.delete :ams_prefix - if [Array, ActiveRecord::Relation].include? data.class - render options.merge(json: data, each_serializer: serializer(ams_prefix)) - else - render options.merge(json: data, serializer: serializer(ams_prefix)) - end - end - - def serializer(ams_prefix) - if ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym) - prefix = ams_prefix.andand.classify || "" - name = controller_name.classify - "Api::Admin::#{prefix}#{name}Serializer".constantize - else - raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}." - end - end -end diff --git a/app/controllers/spree/admin/general_settings_controller.rb b/app/controllers/spree/admin/general_settings_controller.rb index 853ad929a11..dcb360bcc90 100644 --- a/app/controllers/spree/admin/general_settings_controller.rb +++ b/app/controllers/spree/admin/general_settings_controller.rb @@ -5,8 +5,7 @@ def edit @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords, :default_meta_description, :site_url, :bugherd_api_key] @preferences_security = [:allow_ssl_in_production, - :allow_ssl_in_staging, :allow_ssl_in_development_and_test, - :check_for_spree_alerts] + :allow_ssl_in_staging, :allow_ssl_in_development_and_test] @preferences_currency = [:display_currency, :hide_cents] end @@ -20,18 +19,6 @@ def update redirect_to edit_admin_general_settings_path end - - def dismiss_alert - return unless request.xhr? && params[:alert_id] - - dismissed = Spree::Config[:dismissed_spree_alerts] || '' - Spree::Config.set(dismissed_spree_alerts: dismissed. - split(','). - push(params[:alert_id]). - join(',')) - filter_dismissed_alerts - render nothing: true - end end end end diff --git a/app/views/spree/layouts/_admin_body.html.haml b/app/views/spree/layouts/_admin_body.html.haml index a51fc57755e..bd479f462f8 100644 --- a/app/views/spree/layouts/_admin_body.html.haml +++ b/app/views/spree/layouts/_admin_body.html.haml @@ -16,8 +16,6 @@ = Spree.t(:loading) \... - = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts] - %header#header{"data-hook" => ""} .container %figure.columns.five{"data-hook" => "logo-wrapper"} diff --git a/app/views/spree/layouts/bare_admin.html.haml b/app/views/spree/layouts/bare_admin.html.haml index 9bec54bedd0..39e87961f40 100644 --- a/app/views/spree/layouts/bare_admin.html.haml +++ b/app/views/spree/layouts/bare_admin.html.haml @@ -14,7 +14,6 @@ .progress-message = t(:loading) \... - = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts] %header#header{"data-hook" => ""} .container diff --git a/config/locales/en.yml b/config/locales/en.yml index f1945520a0b..da7dc565149 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -2851,7 +2851,6 @@ See the %{link} to find out more about %{sitename}'s features and to start using allow_ssl_in_development_and_test: "Allow SSL to be used when in development and test modes" allow_ssl_in_production: "Allow SSL to be used in production mode" allow_ssl_in_staging: "Allow SSL to be used in staging mode" - check_for_spree_alerts: "Check for Spree alerts" currency_decimal_mark: "Currency decimal mark" currency_settings: "Currency Settings" currency_symbol_position: Put "currency symbol before or after dollar amount?" diff --git a/config/routes/spree.rb b/config/routes/spree.rb index 72d43d90ec7..478b4f0509b 100644 --- a/config/routes/spree.rb +++ b/config/routes/spree.rb @@ -84,11 +84,7 @@ end # Configuration section - resource :general_settings do - collection do - post :dismiss_alert - end - end + resource :general_settings resource :mail_method, :only => [:edit, :update] do post :testmail, :on => :collection end