Merge pull request #6277 from luisramos0/controllers

Move Spree::Admin::BaseController to Admin::BaseController
2026-01-24 20:36:49 +00:00 · 2020-11-27 16:13:55 +11:00
parent 55b21310e4 85d99f3bf2
commit 9e2a3d6973
26 changed files with 145 additions and 145 deletions
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+module Admin
+  class BaseController < Spree::BaseController
+    ssl_required
+
+    helper 'spree/admin/navigation'
+    layout '/spree/layouts/admin'
+
+    include I18nHelper
+
+    before_action :authorize_admin
+    before_action :set_locale
+    before_action :warn_invalid_order_cycles, if: :html_request?
+
+    # Warn the user when they have an active order cycle with hubs that are not ready
+    # for checkout (ie. does not have valid shipping and payment methods).
+    def warn_invalid_order_cycles
+      return if flash[:notice].present?
+
+      warning = OrderCycleWarning.new(spree_current_user).call
+      flash[:notice] = warning if warning.present?
+    end
+
+    # This is in Spree::Core::ControllerHelpers::Auth
+    # But you can't easily reopen modules in Ruby
+    def unauthorized
+      if spree_current_user
+        flash[:error] = t(:authorization_failure)
+        redirect_to '/unauthorized'
+      else
+        store_location
+        redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
+      end
+    end
+
+    protected
+
+    def model_class
+      const_name = controller_name.classify
+      return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name)
+
+      nil
+    end
+
+    def action
+      params[:action].to_sym
+    end
+
+    def authorize_admin
+      if respond_to?(:model_class, true) && model_class
+        record = model_class
+      else
+        # This allows specificity for each non-resource controller
+        #   (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
+        record = self.class.to_s.
+          sub("Controller", "").
+          underscore.split('/').last.singularize.to_sym
+      end
+      authorize! :admin, record
+      authorize! resource_authorize_action, record
+    end
+
+    def resource_authorize_action
+      action
+    end
+
+    def flash_message_for(object, event_sym)
+      resource_desc  = object.class.model_name.human
+      resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+      Spree.t(event_sym, resource: resource_desc)
+    end
+
+    # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+    def check_json_authenticity
+      return unless request.format.js? || request.format.json?
+
+      return unless protect_against_forgery?
+
+      auth_token = params[request_forgery_protection_token]
+      return if auth_token && form_authenticity_token == CGI.unescape(auth_token)
+
+      raise(ActionController::InvalidAuthenticityToken)
+    end
+
+    private
+
+    def html_request?
+      request.format.html?
+    end
+
+    def json_request?
+      request.format.json?
+    end
+
+    def render_as_json(data, options = {})
+      ams_prefix = options.delete :ams_prefix
+      if each_serializer_required?(data)
+        render options.merge(json: data, each_serializer: serializer(ams_prefix))
+      else
+        render options.merge(json: data, serializer: serializer(ams_prefix))
+      end
+    end
+
+    def each_serializer_required?(data)
+      ['Array', 'ActiveRecord::Relation'].include?(data.class.name)
+    end
+
+    def serializer(ams_prefix)
+      unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
+        raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
+      end
+
+      prefix = ams_prefix.andand.classify || ""
+      name = controller_name.classify
+      "::Api::Admin::#{prefix}#{name}Serializer".constantize
+    end
+  end
+end
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class BulkLineItemsController < Spree::Admin::BaseController
+  class BulkLineItemsController < ::Admin::BaseController
    # GET /admin/bulk_line_items.json
    #
    def index
--- a/app/controllers/admin/contents_controller.rb
+++ b/app/controllers/admin/contents_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class ContentsController < Spree::Admin::BaseController
+  class ContentsController < ::Admin::BaseController
    def edit
      @preference_sections = preference_sections.map do |preference_section|
        { name: preference_section.name, preferences: preference_section.preferences }
--- a/app/controllers/admin/invoice_settings_controller.rb
+++ b/app/controllers/admin/invoice_settings_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class InvoiceSettingsController < Spree::Admin::BaseController
+  class InvoiceSettingsController < ::Admin::BaseController
    def update
      Spree::Config.set(params[:preferences])

--- a/app/controllers/admin/manager_invitations_controller.rb
+++ b/app/controllers/admin/manager_invitations_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class ManagerInvitationsController < Spree::Admin::BaseController
+  class ManagerInvitationsController < ::Admin::BaseController
    authorize_resource class: false

    def create
--- a/app/controllers/admin/matomo_settings_controller.rb
+++ b/app/controllers/admin/matomo_settings_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class MatomoSettingsController < Spree::Admin::BaseController
+  class MatomoSettingsController < ::Admin::BaseController
    def update
      Spree::Config.set(params[:preferences])

--- a/app/controllers/admin/product_import_controller.rb
+++ b/app/controllers/admin/product_import_controller.rb
@@ -1,7 +1,7 @@
 require 'roo'

 module Admin
-  class ProductImportController < Spree::Admin::BaseController
+  class ProductImportController < ::Admin::BaseController
    before_action :validate_upload_presence, except: %i[index guide validate_data]

    def index
--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -1,7 +1,7 @@
 require 'stripe/account_connector'

 module Admin
-  class StripeAccountsController < Spree::Admin::BaseController
+  class StripeAccountsController < ::Admin::BaseController
    def connect
      payload = params.slice(:enterprise_id)
      key = Openfoodnetwork::Application.config.secret_token
--- a/app/controllers/admin/stripe_connect_settings_controller.rb
+++ b/app/controllers/admin/stripe_connect_settings_controller.rb
@@ -1,7 +1,7 @@
 # This controller is used by super admin users to update the settings the app is using

 module Admin
-  class StripeConnectSettingsController < Spree::Admin::BaseController
+  class StripeConnectSettingsController < ::Admin::BaseController
    StripeConnectSettings = Struct.new(:stripe_connect_enabled)

    before_action :load_settings, only: [:edit]
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -1,119 +0,0 @@
-module Spree
-  module Admin
-    class BaseController < Spree::BaseController
-      ssl_required
-
-      helper 'spree/admin/navigation'
-      layout '/spree/layouts/admin'
-
-      include I18nHelper
-
-      before_action :authorize_admin
-      before_action :set_locale
-      before_action :warn_invalid_order_cycles, if: :html_request?
-
-      # Warn the user when they have an active order cycle with hubs that are not ready
-      # for checkout (ie. does not have valid shipping and payment methods).
-      def warn_invalid_order_cycles
-        return if flash[:notice].present?
-
-        warning = OrderCycleWarning.new(spree_current_user).call
-        flash[:notice] = warning if warning.present?
-      end
-
-      # This is in Spree::Core::ControllerHelpers::Auth
-      # But you can't easily reopen modules in Ruby
-      def unauthorized
-        if spree_current_user
-          flash[:error] = t(:authorization_failure)
-          redirect_to '/unauthorized'
-        else
-          store_location
-          redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
-        end
-      end
-
-      protected
-
-      def model_class
-        const_name = controller_name.classify
-        return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name)
-
-        nil
-      end
-
-      def action
-        params[:action].to_sym
-      end
-
-      def authorize_admin
-        if respond_to?(:model_class, true) && model_class
-          record = model_class
-        else
-          # This allows specificity for each non-resource controller
-          #   (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
-          record = self.class.to_s.
-            sub("Controller", "").
-            underscore.split('/').last.singularize.to_sym
-        end
-        authorize! :admin, record
-        authorize! resource_authorize_action, record
-      end
-
-      def resource_authorize_action
-        action
-      end
-
-      def flash_message_for(object, event_sym)
-        resource_desc  = object.class.model_name.human
-        resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
-        Spree.t(event_sym, resource: resource_desc)
-      end
-
-      # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
-      def check_json_authenticity
-        return unless request.format.js? || request.format.json?
-
-        return unless protect_against_forgery?
-
-        auth_token = params[request_forgery_protection_token]
-        return if auth_token && form_authenticity_token == CGI.unescape(auth_token)
-
-        raise(ActionController::InvalidAuthenticityToken)
-      end
-
-      private
-
-      def html_request?
-        request.format.html?
-      end
-
-      def json_request?
-        request.format.json?
-      end
-
-      def render_as_json(data, options = {})
-        ams_prefix = options.delete :ams_prefix
-        if each_serializer_required?(data)
-          render options.merge(json: data, each_serializer: serializer(ams_prefix))
-        else
-          render options.merge(json: data, serializer: serializer(ams_prefix))
-        end
-      end
-
-      def each_serializer_required?(data)
-        ['Array', 'ActiveRecord::Relation'].include?(data.class.name)
-      end
-
-      def serializer(ams_prefix)
-        unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
-          raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
-        end
-
-        prefix = ams_prefix.andand.classify || ""
-        name = controller_name.classify
-        "::Api::Admin::#{prefix}#{name}Serializer".constantize
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/general_settings_controller.rb
+++ b/app/controllers/spree/admin/general_settings_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class GeneralSettingsController < Spree::Admin::BaseController
+    class GeneralSettingsController < ::Admin::BaseController
      def edit
        @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
                                :default_meta_description, :site_url, :bugherd_api_key]
--- a/app/controllers/spree/admin/invoices_controller.rb
+++ b/app/controllers/spree/admin/invoices_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class InvoicesController < Spree::Admin::BaseController
+    class InvoicesController < ::Admin::BaseController
      respond_to :json
      authorize_resource class: false

--- a/app/controllers/spree/admin/mail_methods_controller.rb
+++ b/app/controllers/spree/admin/mail_methods_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class MailMethodsController < Spree::Admin::BaseController
+    class MailMethodsController < ::Admin::BaseController
      after_action :initialize_mail_settings

      def update
--- a/app/controllers/spree/admin/orders/customer_details_controller.rb
+++ b/app/controllers/spree/admin/orders/customer_details_controller.rb
@@ -1,7 +1,7 @@
 module Spree
  module Admin
    module Orders
-      class CustomerDetailsController < Spree::Admin::BaseController
+      class CustomerDetailsController < ::Admin::BaseController
        before_action :load_order
        before_action :check_authorization
        before_action :set_guest_checkout_status, only: :update
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -2,7 +2,7 @@ require 'open_food_network/spree_api_key_loader'

 module Spree
  module Admin
-    class OrdersController < Spree::Admin::BaseController
+    class OrdersController < ::Admin::BaseController
      include OpenFoodNetwork::SpreeApiKeyLoader
      helper CheckoutHelper

--- a/app/controllers/spree/admin/overview_controller.rb
+++ b/app/controllers/spree/admin/overview_controller.rb
@@ -1,7 +1,7 @@
 # this clas was inspired (heavily) from the mephisto admin architecture
 module Spree
  module Admin
-    class OverviewController < Spree::Admin::BaseController
+    class OverviewController < ::Admin::BaseController
      def index
        @enterprises = Enterprise
          .managed_by(spree_current_user)
--- a/app/controllers/spree/admin/payments_controller.rb
+++ b/app/controllers/spree/admin/payments_controller.rb
@@ -2,7 +2,7 @@

 module Spree
  module Admin
-    class PaymentsController < Spree::Admin::BaseController
+    class PaymentsController < ::Admin::BaseController
      before_action :load_order, except: [:show]
      before_action :load_payment, only: [:fire, :show]
      before_action :load_data
--- a/app/controllers/spree/admin/reports_controller.rb
+++ b/app/controllers/spree/admin/reports_controller.rb
@@ -17,7 +17,7 @@ require 'open_food_network/orders_and_fulfillments_report'

 module Spree
  module Admin
-    class ReportsController < Spree::Admin::BaseController
+    class ReportsController < ::Admin::BaseController
      include Spree::ReportsHelper

      ORDER_MANAGEMENT_ENGINE_REPORTS = [
--- a/app/controllers/spree/admin/resource_controller.rb
+++ b/app/controllers/spree/admin/resource_controller.rb
@@ -2,7 +2,7 @@ require 'action_callbacks'

 module Spree
  module Admin
-    class ResourceController < Spree::Admin::BaseController
+    class ResourceController < ::Admin::BaseController
      helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
      before_action :load_resource, except: [:update_positions]
      rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
--- a/app/controllers/spree/admin/search_controller.rb
+++ b/app/controllers/spree/admin/search_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class SearchController < Spree::Admin::BaseController
+    class SearchController < ::Admin::BaseController
      # http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
      before_action :check_json_authenticity, only: :index
      respond_to :json
--- a/app/controllers/spree/admin/tax_settings_controller.rb
+++ b/app/controllers/spree/admin/tax_settings_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class TaxSettingsController < Spree::Admin::BaseController
+    class TaxSettingsController < ::Admin::BaseController
      def update
        Spree::Config.set(params[:preferences])

--- a/app/controllers/spree/admin/taxons_controller.rb
+++ b/app/controllers/spree/admin/taxons_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class TaxonsController < Spree::Admin::BaseController
+    class TaxonsController < ::Admin::BaseController
      respond_to :html, :json, :js

      def create
--- a/engines/order_management/app/controllers/order_management/reports/bulk_coop_controller.rb
+++ b/engines/order_management/app/controllers/order_management/reports/bulk_coop_controller.rb
@@ -2,7 +2,7 @@

 module OrderManagement
  module Reports
-    class BulkCoopController < Spree::Admin::BaseController
+    class BulkCoopController < ::Admin::BaseController
      before_filter :load_report_parameters
      before_filter :load_permissions

--- a/engines/order_management/app/controllers/order_management/reports/enterprise_fee_summaries_controller.rb
+++ b/engines/order_management/app/controllers/order_management/reports/enterprise_fee_summaries_controller.rb
@@ -2,7 +2,7 @@

 module OrderManagement
  module Reports
-    class EnterpriseFeeSummariesController < Spree::Admin::BaseController
+    class EnterpriseFeeSummariesController < ::Admin::BaseController
      before_filter :load_report_parameters
      before_filter :load_permissions

--- a/spec/controllers/spree/admin/base_controller_spec.rb
+++ b/spec/controllers/spree/admin/base_controller_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'

-describe Spree::Admin::BaseController, type: :controller do
-  controller(Spree::Admin::BaseController) do
+describe Admin::BaseController, type: :controller do
+  controller(Admin::BaseController) do
    def index
      before_filter :unauthorized
      render text: ""
@@ -10,7 +10,7 @@ describe Spree::Admin::BaseController, type: :controller do

  it "redirects to Angular login" do
    spree_get :index
-    expect(response).to redirect_to root_path(anchor: "login?after_login=/spree/admin/base")
+    expect(response).to redirect_to root_path(anchor: "login?after_login=/admin/base")
  end

  describe "rendering as json ActiveModelSerializer" do
--- a/spec/features/admin/variant_overrides_spec.rb
+++ b/spec/features/admin/variant_overrides_spec.rb
@@ -196,7 +196,7 @@ feature "
            expect(page).to have_content "Changes to one override remain unsaved."

            # Set a user without suficient permissions
-            allow_any_instance_of(Spree::Admin::BaseController).to receive(:current_spree_user).and_return(build(:user))
+            allow_any_instance_of(Admin::BaseController).to receive(:current_spree_user).and_return(build(:user))

            expect do
              click_button 'Save Changes'