Use whitelist

It wasn't really necessary, but I'm going to need this list in a moment, so we might as well use it. Also it allows us to ensure the options are listed in a certain order. Also maybe it will help protect against corrupt preferences.
2026-02-15 23:57:48 +00:00 · 2024-08-01 11:53:50 +10:00
parent 4223b36bc3
commit 254e11aa36
3 changed files with 8 additions and 1 deletions
--- a/app/helpers/admin/enterprises_helper.rb
+++ b/app/helpers/admin/enterprises_helper.rb
@@ -39,6 +39,11 @@ module Admin
      )
    end

+    def connected_apps_enabled
+      connected_apps_enabled = Spree::Config.connected_apps_enabled&.split(',') || []
+      ConnectedApp::TYPES & connected_apps_enabled
+    end
+
    private

    def build_enterprise_side_menu_items(
--- a/app/models/connected_app.rb
+++ b/app/models/connected_app.rb
@@ -4,6 +4,8 @@
 #
 # Here we store keys and links to access the app.
 class ConnectedApp < ApplicationRecord
+  TYPES = ['discover_regen', 'affiliate_sales_data'].freeze
+
  belongs_to :enterprise
  after_destroy :disconnect

--- a/app/views/admin/enterprises/form/_connected_apps.html.haml
+++ b/app/views/admin/enterprises/form/_connected_apps.html.haml
@@ -1,3 +1,3 @@
- Spree::Config.connected_apps_enabled&.split(',')&.each do |type|
+- connected_apps_enabled.each do |type|
  = render partial: "/admin/enterprises/form/connected_apps/#{type}",
           locals: { enterprise:, connected_app: enterprise.connected_apps.public_send(type).first }