diff --git a/app/controllers/admin/invoice_settings_controller.rb b/app/controllers/admin/invoice_settings_controller.rb index bfa22205ec..0e52797b6b 100644 --- a/app/controllers/admin/invoice_settings_controller.rb +++ b/app/controllers/admin/invoice_settings_controller.rb @@ -1,7 +1,7 @@ module Admin class InvoiceSettingsController < Spree::Admin::BaseController def update - Spree::Config.set(params[:preferences]) + Spree::Config.set(preferences_params.to_h) respond_to do |format| format.html { @@ -9,5 +9,15 @@ module Admin } end end + + private + + def preferences_params + params.require(:preferences).permit( + :enable_invoices?, + :invoice_style2?, + :enable_receipt_printing?, + ) + end end end diff --git a/app/controllers/admin/matomo_settings_controller.rb b/app/controllers/admin/matomo_settings_controller.rb index 102f5b0ed5..63196910f9 100644 --- a/app/controllers/admin/matomo_settings_controller.rb +++ b/app/controllers/admin/matomo_settings_controller.rb @@ -1,7 +1,7 @@ module Admin class MatomoSettingsController < Spree::Admin::BaseController def update - Spree::Config.set(params[:preferences]) + Spree::Config.set(preferences_params.to_h) respond_to do |format| format.html { @@ -9,5 +9,15 @@ module Admin } end end + + private + + def preferences_params + params.require(:preferences).permit( + :matomo_url, + :matomo_site_id, + :matomo_tag_manager_url, + ) + end end end diff --git a/app/controllers/admin/stripe_connect_settings_controller.rb b/app/controllers/admin/stripe_connect_settings_controller.rb index 6f54722fc0..3b7ab969e2 100644 --- a/app/controllers/admin/stripe_connect_settings_controller.rb +++ b/app/controllers/admin/stripe_connect_settings_controller.rb @@ -17,7 +17,7 @@ module Admin end def update - Spree::Config.set(params[:settings]) + Spree::Config.set(settings_params.to_h) resource = t('admin.controllers.stripe_connect_settings.resource') flash[:success] = t(:successfully_updated, resource: resource) redirect_to_edit @@ -37,5 +37,11 @@ module Admin key = Stripe.api_key key.first(8) + "****" + key.last(4) end + + def settings_params + params.require(:settings).permit( + :stripe_connect_enabled, + ) + end end end diff --git a/app/controllers/spree/admin/tax_settings_controller.rb b/app/controllers/spree/admin/tax_settings_controller.rb index 8be30677e0..564a090da4 100644 --- a/app/controllers/spree/admin/tax_settings_controller.rb +++ b/app/controllers/spree/admin/tax_settings_controller.rb @@ -2,7 +2,7 @@ module Spree module Admin class TaxSettingsController < Spree::Admin::BaseController def update - Spree::Config.set(params[:preferences]) + Spree::Config.set(preferences_params.to_h) respond_to do |format| format.html { @@ -10,6 +10,16 @@ module Spree } end end + + private + + def preferences_params + params.require(:preferences).permit( + :products_require_tax_category, + :shipment_inc_vat, + :shipping_tax_rate, + ) + end end end end diff --git a/spec/controllers/admin/invoice_settings_controller_spec.rb b/spec/controllers/admin/invoice_settings_controller_spec.rb new file mode 100644 index 0000000000..67cc64af2b --- /dev/null +++ b/spec/controllers/admin/invoice_settings_controller_spec.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Admin::InvoiceSettingsController, type: :controller do + describe "#update" do + let(:params) { + { + preferences: { + enable_invoices?: 0, + invoice_style2?: 1, + enable_receipt_printing?: 1, + } + } + } + + before do + allow(controller).to receive(:spree_current_user) { create(:admin_user) } + end + + it "disables invoices" do + expect { + post :update, params + }.to change { + Spree::Config[:enable_invoices?] + }.to(false) + end + + it "changes the invoice style" do + expect { + post :update, params + }.to change { + Spree::Config[:invoice_style2?] + }.to(true) + end + + it "disables receipt printing" do + expect { + post :update, params + }.to change { + Spree::Config[:enable_receipt_printing?] + }.to(true) + end + end +end diff --git a/spec/controllers/admin/matomo_settings_controller_spec.rb b/spec/controllers/admin/matomo_settings_controller_spec.rb new file mode 100644 index 0000000000..8644557a58 --- /dev/null +++ b/spec/controllers/admin/matomo_settings_controller_spec.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Admin::MatomoSettingsController, type: :controller do + describe "#update" do + let(:params) { + { + preferences: { + matomo_url: "test url", + matomo_site_id: "42", + matomo_tag_manager_url: "test manager url", + } + } + } + + before do + allow(controller).to receive(:spree_current_user) { create(:admin_user) } + end + + it "changes Matomo settings" do + expect { + post :update, params + }.to change { + [ + Spree::Config[:matomo_url], + Spree::Config[:matomo_site_id], + Spree::Config[:matomo_tag_manager_url], + ] + }.to( + [ + "test url", + "42", + "test manager url", + ] + ) + end + end +end diff --git a/spec/controllers/spree/admin/tax_settings_controller_spec.rb b/spec/controllers/spree/admin/tax_settings_controller_spec.rb new file mode 100644 index 0000000000..7b64d4e2cd --- /dev/null +++ b/spec/controllers/spree/admin/tax_settings_controller_spec.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Spree::Admin::TaxSettingsController, type: :controller do + describe "#update" do + let(:params) { + { + preferences: { + products_require_tax_category: "1", + shipment_inc_vat: "0", + shipping_tax_rate: "0.1", + } + } + } + + before do + allow(controller).to receive(:spree_current_user) { create(:admin_user) } + end + + it "changes Tax settings" do + expect { + spree_post :update, params + }.to change { + [ + Spree::Config[:products_require_tax_category], + Spree::Config[:shipment_inc_vat], + Spree::Config[:shipping_tax_rate], + ] + }.to( + [ + true, + false, + 0.1, + ] + ) + end + end +end