Merge pull request #4512 from luisramos0/backend_ctrl_base

Bring spree_backend base controller to OFN

.rubocop_manual_todo.yml

@@ -42,7 +42,6 @@ Metrics/LineLength:
   - app/controllers/application_controller.rb
   - app/controllers/checkout_controller.rb
   - app/controllers/spree/admin/adjustments_controller_decorator.rb
-  - app/controllers/spree/admin/base_controller_decorator.rb
   - app/controllers/spree/admin/orders_controller_decorator.rb
   - app/controllers/spree/admin/payments_controller_decorator.rb
   - app/controllers/spree/credit_cards_controller.rb
@@ -644,6 +643,7 @@ Metrics/ClassLength:
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
   - app/controllers/checkout_controller.rb
+  - app/controllers/spree/admin/base_controller.rb
   - app/controllers/spree/admin/payment_methods_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
   - app/controllers/spree/admin/users_controller.rb

app/controllers/spree/admin/base_controller.rb

@@ -0,0 +1,142 @@
+module Spree
+  module Admin
+    class BaseController < Spree::BaseController
+      ssl_required
+
+      helper 'spree/admin/navigation'
+      layout '/spree/layouts/admin'
+
+      include I18nHelper
+
+      before_filter :authorize_admin
+      before_filter :set_locale
+      before_filter :warn_invalid_order_cycles, if: :html_request?
+
+      # Warn the user when they have an active order cycle with hubs that are not ready
+      # for checkout (ie. does not have valid shipping and payment methods).
+      def warn_invalid_order_cycles
+        distributors = active_distributors_not_ready_for_checkout
+
+        return if distributors.empty? || flash[:notice].present?
+
+        flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
+      end
+
+      # This is in Spree::Core::ControllerHelpers::Auth
+      # But you can't easily reopen modules in Ruby
+      def unauthorized
+        if try_spree_current_user
+          flash[:error] = t(:authorization_failure)
+          redirect_to '/unauthorized'
+        else
+          store_location
+          redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
+        end
+      end
+
+      protected
+
+      def model_class
+        const_name = controller_name.classify
+        return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name)
+
+        nil
+      end
+
+      def action
+        params[:action].to_sym
+      end
+
+      def authorize_admin
+        if respond_to?(:model_class, true) && model_class
+          record = model_class
+        else
+          # This allows specificity for each non-resource controller
+          #   (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
+          record = self.class.to_s.
+            sub("Controller", "").
+            underscore.split('/').last.singularize.to_sym
+        end
+        authorize! :admin, record
+        authorize! resource_authorize_action, record
+      end
+
+      def resource_authorize_action
+        action
+      end
+
+      def flash_message_for(object, event_sym)
+        resource_desc  = object.class.model_name.human
+        resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+        Spree.t(event_sym, resource: resource_desc)
+      end
+
+      def render_js_for_destroy
+        render partial: '/spree/admin/shared/destroy'
+      end
+
+      # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+      def check_json_authenticity
+        return unless request.format.js? || request.format.json?
+
+        return unless protect_against_forgery?
+
+        auth_token = params[request_forgery_protection_token]
+        return if auth_token && form_authenticity_token == CGI.unescape(auth_token)
+
+        raise(ActionController::InvalidAuthenticityToken)
+      end
+
+      def config_locale
+        Spree::Backend::Config[:locale]
+      end
+
+      private
+
+      def active_distributors_not_ready_for_checkout
+        ocs = OrderCycle.managed_by(spree_current_user).active
+        distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq
+        Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout
+      end
+
+      def active_distributors_not_ready_for_checkout_message(distributors)
+        distributor_names = distributors.map(&:name).join ', '
+
+        if distributors.count > 1
+          I18n.t(:active_distributors_not_ready_for_checkout_message_plural,
+                 distributor_names: distributor_names)
+        else
+          I18n.t(:active_distributors_not_ready_for_checkout_message_singular,
+                 distributor_names: distributor_names)
+        end
+      end
+
+      def html_request?
+        request.format.html?
+      end
+
+      def json_request?
+        request.format.json?
+      end
+
+      def render_as_json(data, options = {})
+        ams_prefix = options.delete :ams_prefix
+        if [Array, ActiveRecord::Relation].include? data.class
+          render options.merge(json: data, each_serializer: serializer(ams_prefix))
+        else
+          render options.merge(json: data, serializer: serializer(ams_prefix))
+        end
+      end
+
+      def serializer(ams_prefix)
+        unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
+          raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
+        end
+
+        prefix = ams_prefix.andand.classify || ""
+        name = controller_name.classify
+        "::Api::Admin::#{prefix}#{name}Serializer".constantize
+      end
+    end
+  end
+end

app/controllers/spree/admin/base_controller_decorator.rb

@@ -1,105 +0,0 @@
-require 'spree/core/controller_helpers/respond_with_decorator'
-
-Spree::Admin::BaseController.class_eval do
-  include I18nHelper
-
-  layout 'spree/layouts/admin'
-
-  before_filter :set_locale
-  before_filter :warn_invalid_order_cycles, if: :html_request?
-
-  # Warn the user when they have an active order cycle with hubs that are not ready
-  # for checkout (ie. does not have valid shipping and payment methods).
-  def warn_invalid_order_cycles
-    distributors = active_distributors_not_ready_for_checkout
-
-    if distributors.any? && flash[:notice].nil?
-      flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
-    end
-  end
-
-  # Override Spree method
-  # It's a shame Spree doesn't just let CanCan handle this in it's own way
-  def authorize_admin
-    if respond_to?(:model_class, true) && model_class
-      record = model_class
-    else
-      # this line changed to allow specificity for each non-resource controller (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
-      record = self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym
-    end
-    authorize! :admin, record
-    authorize! resource_authorize_action, record
-  end
-
-  def resource_authorize_action
-    action
-  end
-
-  # This is in Spree::Core::ControllerHelpers::Auth
-  # But you can't easily reopen modules in Ruby
-  def unauthorized
-    if try_spree_current_user
-      flash[:error] = t(:authorization_failure)
-      redirect_to '/unauthorized'
-    else
-      store_location
-      redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
-    end
-  end
-
-  protected
-
-  def model_class
-    const_name = controller_name.classify
-    if Spree.const_defined?(const_name)
-      return "Spree::#{const_name}".constantize
-    end
-
-    nil
-  end
-
-  private
-
-  def active_distributors_not_ready_for_checkout
-    ocs = OrderCycle.managed_by(spree_current_user).active
-    distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq
-    Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout
-  end
-
-  def active_distributors_not_ready_for_checkout_message(distributors)
-    distributor_names = distributors.map(&:name).join ', '
-
-    if distributors.count > 1
-      I18n.t(:active_distributors_not_ready_for_checkout_message_plural, distributor_names: distributor_names)
-    else
-      I18n.t(:active_distributors_not_ready_for_checkout_message_singular, distributor_names: distributor_names)
-    end
-  end
-
-  def html_request?
-    request.format.html?
-  end
-
-  def json_request?
-    request.format.json?
-  end
-
-  def render_as_json(data, options = {})
-    ams_prefix = options.delete :ams_prefix
-    if [Array, ActiveRecord::Relation].include? data.class
-      render options.merge(json: data, each_serializer: serializer(ams_prefix))
-    else
-      render options.merge(json: data, serializer: serializer(ams_prefix))
-    end
-  end
-
-  def serializer(ams_prefix)
-    if ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
-      prefix = ams_prefix.andand.classify || ""
-      name = controller_name.classify
-      "Api::Admin::#{prefix}#{name}Serializer".constantize
-    else
-      raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
-    end
-  end
-end

app/controllers/spree/admin/general_settings_controller.rb

@@ -5,8 +5,7 @@ module Spree
         @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
                                 :default_meta_description, :site_url, :bugherd_api_key]
         @preferences_security = [:allow_ssl_in_production,
-                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test,
-                                 :check_for_spree_alerts]
+                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test]
         @preferences_currency = [:display_currency, :hide_cents]
       end
 
@@ -20,18 +19,6 @@ module Spree
 
         redirect_to edit_admin_general_settings_path
       end
-
-      def dismiss_alert
-        return unless request.xhr? && params[:alert_id]
-
-        dismissed = Spree::Config[:dismissed_spree_alerts] || ''
-        Spree::Config.set(dismissed_spree_alerts: dismissed.
-                                                    split(',').
-                                                    push(params[:alert_id]).
-                                                    join(','))
-        filter_dismissed_alerts
-        render nothing: true
-      end
     end
   end
 end

app/views/spree/layouts/_admin_body.html.haml

@@ -16,8 +16,6 @@
         = Spree.t(:loading)
         \...
 
-  = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts]
-
   %header#header{"data-hook" => ""}
     .container
       %figure.columns.five{"data-hook" => "logo-wrapper"}

app/views/spree/layouts/bare_admin.html.haml

@@ -14,7 +14,6 @@
           .progress-message
             = t(:loading)
             \...
-      = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts]
 
       %header#header{"data-hook" => ""}
         .container

config/locales/en.yml

@@ -2858,7 +2858,6 @@ See the %{link} to find out more about %{sitename}'s features and to start using
     allow_ssl_in_development_and_test: "Allow SSL to be used when in development and test modes"
     allow_ssl_in_production: "Allow SSL to be used in production mode"
     allow_ssl_in_staging: "Allow SSL to be used in staging mode"
-    check_for_spree_alerts: "Check for Spree alerts"
     currency_decimal_mark: "Currency decimal mark"
     currency_settings: "Currency Settings"
     currency_symbol_position: Put "currency symbol before or after dollar amount?"

config/routes/spree.rb

@@ -86,11 +86,7 @@ Spree::Core::Engine.routes.prepend do
     end
 
     # Configuration section
-    resource :general_settings do
-      collection do
-        post :dismiss_alert
-      end
-    end
+    resource :general_settings
     resource :mail_method, :only => [:edit, :update] do
       post :testmail, :on => :collection
     end