With a product with mutiple variant, we can end in a scenario where a
user sees variant associated to producer it doesn't have permission for.
This prevents the user from updating any variant. This fix filter out
variant a user shoudn't be seeing
We only support one of filter by inventory variants or filter by variants
at any given time, based on enabled feature. If both features inventory
and variant tag are enabled, variant tag takes precedence.
There were a few changes needed:
* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
--exclude-limit 1400 --no-auto-gen-timestamp`.
TagRuleController is now a subclass of Spree::Admin::BaseController
because Admin::ResourceController did not play well with turbo_stream.
And to be honest we did not need all the functionality provided by the
ResourceController
- Added redirect_auth_url column to spree_payments table
- Updated payment redirection logic to use redirect_auth_url instead of cvv_response_message
- Cleans up old monkeypatch usage and improves Stripe checkout reliability
Removes the bulk product update feature and its associated components:
- Removes Angular-based bulk product editing controller and views
- Deletes bulk product API endpoints and related controller actions
- Removes product cloning and variant deletion functionality
- Removes associated JavaScript tests and specs
This appears to be part of a larger effort to modernize/simplify the product management interface, removing legacy Angular-based bulk editing in favor of a different approach.
Moves search field configuration from frontend to backend to prevent potential security issues with exposing internal field names. The change also improves maintainability by centralizing search logic in the controller.
Adds conditional logic to use name_alias for non-admin users when searching distributor names, enhancing data access control.
