raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-26 20:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,379 Commits 18 Branches 451 Tags
872cfcfc5889a01dd58cf40200fc94de8c7ea630
Commit Graph

557 Commits

Author SHA1 Message Date
Luis Ramos
6ba3a3c373 Handle strong params in admin/enterprises_controller 2020-03-25 10:51:55 +00:00
Matt-Yorkley
d847560d7c Fix rubocop issues 2020-03-25 10:15:03 +01:00
Pau Pérez Fabregat
a72957e3c3 Merge pull request #4827 from luisramos0/strong_params 
[Spree 2.1] Implement Strong Parameters in various controllers
 2020-03-25 10:07:14 +01:00
Pau Pérez Fabregat
2c487c2592 Merge pull request #5037 from luisramos0/strong_params_subs 
[Spree 2.1] Implement strong params in subscriptions controller
 2020-03-25 09:50:47 +01:00
Luis Ramos
4e43535512 Add missing permitted attribute 2020-03-21 20:30:34 +00:00
Luis Ramos
3ccd58d50b Fix a problem in the permit list to allow a list to be taken 2020-03-21 20:30:34 +00:00
Luis Ramos
5a0319213f Fix schedules controller permitted attributes 2020-03-21 20:30:34 +00:00
Luis Ramos
8c5dfea92f Fix strong params in order_cycles and schedules controllers 2020-03-21 20:30:34 +00:00
Luis Ramos
b99d4ab627 Permit specific params in schedules controller 2020-03-21 20:30:34 +00:00
Luis Ramos
e23267156d Improve inventory_items_controller strong params by not using permit! 2020-03-21 20:30:34 +00:00
Luis Ramos
913ea5b883 Handle strong parameters in bulk_line_items controller 2020-03-21 20:30:34 +00:00
Luis Ramos
d496a4bdc8 Add strong parameters permits to some controllers 2020-03-21 20:30:34 +00:00
Luis Ramos
a261ae118d Add missing permitted attributes to variant overrides controller 2020-03-21 19:14:26 +00:00
Luis Ramos
7320b38b93 Add missing attributes to variant override controller 2020-03-21 19:14:26 +00:00
Luis Ramos
0151b5ee9a Permit extra needed params in variant overrides controller 2020-03-21 19:14:26 +00:00
Luis Ramos
5b37e89738 Handle strong params in variant_overrides_controller 
We use a simpler way to permit on array within params here and change products_controller to the same style
 2020-03-21 19:14:26 +00:00
Luis Ramos
79b0867507 Extract permitted attributes to separate service 2020-03-21 19:08:37 +00:00
Luis Ramos
58c83d056d Add missing permitted attributes to subscriptions controller 2020-03-21 18:57:37 +00:00
Luis Ramos
c3897b2f1c Handle strong params in subscriptions controller 2020-03-21 18:57:37 +00:00
Luis Ramos
d7cfda8385 Handle strong params in subscription_line_items controller 2020-03-21 18:57:37 +00:00
Luis Ramos
fd2cf7295e Extract permitted_attributes from order_cycle_controller into a specific service 2020-03-21 16:17:20 +00:00
Luis Ramos
57f8fa26ab Fix strong params in order_cycles 2020-03-21 14:45:51 +00:00
Luis Ramos
1a46e7b7ee Improve strong params implementation on order_cycle controller and fix corresponding specs 2020-03-21 14:45:51 +00:00
Luis Ramos
905811ccb3 Handle strong params in admin order_cycles controller 2020-03-21 14:45:51 +00:00
Matt-Yorkley
7baa875a91 Fix big N+1 issues in enterprises#edit for superadmin 
The page is usable now as superadmin. Roughly 10x faster...
 2020-03-19 23:41:47 +01:00
Luis Ramos
eccaaca907 Merge pull request #4930 from luisramos0/3-0-stable-mar6 
Merge master into 3-0-stable
 2020-03-17 14:49:30 +00:00
Luis Ramos
29377bbff9 Move 5 subscriptions services from app/services to the engines/order_management/app/services 2020-03-16 17:20:01 +00:00
Luis Ramos
3901c49af9 Fix rubocop issues 2020-03-16 17:20:01 +00:00
Luis Ramos
ae0ceb61a1 Move ProxyOrderSyncer to OrderManagement engine 2020-03-16 17:20:01 +00:00
Luis Ramos
32a4355f09 Merge branch 'master' into 3-0-stable-mar6 2020-03-12 16:54:09 +00:00
Luis Ramos
bc0a1d9bae Remove one more responder and fix rubocop issues 2020-03-10 15:56:08 +00:00
Luis Ramos
a53dc3a8c1 Remove usage of the responder as this is a json only controller 2020-03-10 14:46:16 +00:00
Luis Ramos
014e22a7ad Fix problem with misssing params in schedules controller and adapt its spec 2020-03-09 16:04:59 +00:00
Luis Ramos
af8369ae1b Remove 5 years old debug code 
This reverts ab9bc7b1dc, it can be added if the issue happens again
 2020-03-03 10:56:57 +00:00
Pau Pérez Fabregat
d03d1c0cc2 Merge pull request #4832 from Matt-Yorkley/3-0-more_strong_params 
[Spree 2.1] Add strong_params to admin/enterprise_relationships_controller.rb
 2020-02-28 10:41:05 +01:00
Matt-Yorkley
90d1a5e605 Add strong params to admin/column_preferences_controller.rb 
Fixes failures such as:

  119) Admin::ColumnPreferencesController bulk_update json where I don't own the preferences submitted prevents me from updating the column preferences
       Failure/Error: raise ActiveModel::ForbiddenAttributesError, params.to_s

       ActiveModel::ForbiddenAttributesError:
         {"action_name"=>"enterprises_index", "column_preferences"=>[{"id"=>1, "user_id"=>2716, "action_name"=>"enterprises_index", "column_name"=>"name", "visible"=>false}, {"id"=>nil, "user_id"=>2716, "action_name"=>"enterprises_index", "column_name"=>"producer", "visible"=>true}, {"id"=>nil, "user_id"=>2716, "action_name"=>"enterprises_index", "column_name"=>"status", "visible"=>true}], "format"=>"json", "controller"=>"admin/column_preferences", "action"=>"bulk_update"}
       # ./app/controllers/application_controller.rb:16:in `print_params'
       # ./spec/controllers/admin/column_preferences_controller_spec.rb:28:in `block (5 levels) in <top (required)>'
       # ------------------
       # --- Caused by: ---
       # ActiveModel::ForbiddenAttributesError:
       #   ActiveModel::ForbiddenAttributesError
       #   ./app/models/model_set.rb:24:in `block in collection_attributes='
 2020-02-23 14:52:06 +01:00
Matt-Yorkley
fccc8037f0 Add strong_params to enterprise_relationships_controller.rb 
Fixes specs such as:

  31)
  As an Administrator
  I want to manage relationships between enterprises
 as a site administrator creating a relationship
      Failure/Error: raise ActiveModel::ForbiddenAttributesError, params.to_s

      ActiveModel::ForbiddenAttributesError:
        {"enterprise_relationship"=>{"parent_id"=>284, "child_id"=>285, "permissions_list"=>["add_to_order_cycle", "edit_profile", "create_variant_overrides"]}, "action"=>"create", "controller"=>"admin/enterprise_relationships"}
      # ./app/controllers/application_controller.rb:16:in `print_params'
      # ./lib/open_food_network/rack_request_blocker.rb:36:in `call'
      # ------------------
      # --- Caused by: ---
      # ActiveModel::ForbiddenAttributesError:
      #   ActiveModel::ForbiddenAttributesError
      #   ./app/controllers/admin/enterprise_relationships_controller.rb:10:in `create'
 2020-02-23 14:26:14 +01:00
Matt-Yorkley
df1299b290 Fix user not yet loaded in prepend_before_filter 2020-02-22 11:06:51 +00:00
Matt-Yorkley
c0ecdb9e3a Fix deprecated #includes in join without reference 
DEPRECATION WARNING: It looks like you are eager loading table(s) (one of: variant_overrides, enterprises, enterprise_roles) that are referenced in a string SQL snippet. For example:

    Post.includes(:comments).where("comments.title = 'foo'")

Currently, Active Record recognizes the table in the string, and knows to JOIN the comments table to the query, rather than loading comments in a separate query. However, doing this without writing a full-blown SQL parser is inherently flawed. Since we don't want to write an SQL parser, we are removing this functionality. From now on, you must explicitly tell Active Record when you are referencing a table from a string:

    Post.includes(:comments).where("comments.title = 'foo'").references(:comments)

If you don't rely on implicit join references you can disable the feature entirely by setting `config.active_record.disable_implicit_join_references = true`. (called from collection at /home/user/Github/openfoodnetwork/app/controllers/admin/variant_overrides_controller.rb:77)
 2020-02-22 11:06:51 +00:00
Matt-Yorkley
53645517af Update deprecated #find_by_* methods 2020-02-22 11:06:51 +00:00
luisramos0
685abccb61 Make variant count consider oc config and not count variants that are hidden in the inventory of the coordinator of the OC 2020-01-28 18:02:58 +00:00
luisramos0
ee3c9563d8 Add all submenus entries to the main tabs list so that the main menu keeps selected when user selects the submenus 2020-01-23 14:31:25 +00:00
Matt-Yorkley
b9edea7c0e Rename 'admin/overview#index' route from :admin to :admin_dashboard 
Fixes issues with route declarations in Rails 4
 2020-01-12 13:11:33 +01:00
Matt-Yorkley
54a40fe79c Handle validation messages when saving new fees 2019-12-07 14:51:17 +01:00
luisramos0
3959f16d65 Switch some more references from Permissions to Permissions::Order 2019-11-29 12:22:50 +00:00
Matt-Yorkley
4ef682915c Eager-load option_values in Admin::EnterprisesController 2019-11-23 10:58:18 +01:00
Matt-Yorkley
e693e8ac37 Eager-load option_values in Admin::BulkLineItemsController 2019-11-23 10:58:18 +01:00
luisramos0
14433e7764 Fix some rubocop issues in admin/order_cycles_controller 2019-11-12 12:02:36 +00:00
luisramos0
5fdb86ae43 Make simple create redirect to OC list but normal create to jump to incoming settings 2019-11-12 12:00:48 +00:00
luisramos0
5f1360e226 Move incoming and outgoing parts of the (not simple) OC new and edit pages to separate routes and views to make this page a multi step page 2019-11-12 12:00:48 +00:00