raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-18 04:39:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
31,487 Commits 15 Branches 457 Tags
b24ca03e287c91b41bcdebe45eb836a0b4012a4e
Commit Graph

3528 Commits

Author SHA1 Message Date
Matt-Yorkley
f1002b953d Disable Javascript CSRF protection on EnterprisesController#check_permalink route 
This route checks if an enterprise permalink is taken or not. Allowing the route to be accessed via Javascript without strict CSRF protection is reasonable. Fixes the following errors:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
 2020-11-27 13:59:46 +00:00
Luis Ramos
3ebc8145df Avoid calling update with nil values 2020-11-27 13:59:46 +00:00
Luis Ramos
6814eb663f Fix respond_with error 2020-11-27 13:59:46 +00:00
Eduardo
a8a933d73a change from render json to render plain due to template missing issue 2020-11-27 13:59:46 +00:00
Matt-Yorkley
3bfa903912 Revert "Move Spree::Admin::BaseController to Admin::BaseController" 2020-11-27 14:11:57 +01:00
Matt-Yorkley
0ba670b180 Ensure order is cleanly reset to cart state when redirecting to cart 2020-11-27 11:42:46 +00:00
Matt-Yorkley
2fa2a30c67 Add spec coverage, refactor, avoid double-render errors 
👍
 2020-11-22 18:37:31 +00:00
Matt-Yorkley
cabec7e73f Fix Rubocop warnings and tidy up 2020-11-22 18:02:54 +00:00
Matt-Yorkley
87df44764f Extract stock-check logic to controller concern and inject prior to final Paypal payment confirmation. 2020-11-22 18:02:52 +00:00
Andy Brett
85d99f3bf2 Merge branch 'master' into controllers 2020-11-20 08:12:03 -08:00
Matt-Yorkley
010c1c799d Add some notes on paypal checkout flow 2020-11-18 14:55:29 +00:00
Matt-Yorkley
2faea65f82 Bring in Spree::PaypalController#confirm method 
Original method from the gem. This handles the post-payment response from paypal.
 2020-11-18 14:51:23 +00:00
Matt-Yorkley
dd8f139c1b Memoize Spree::PaypalController#payment_method 
This gets called 4 or 5 times in a single request just to read basic attributes from the object. The query doesn't need to be repeated each time
 2020-11-18 13:45:14 +00:00
Matt-Yorkley
6d0d4b5096 Bring in Spree::PaypalController#payment_method 
Original method from the gem. Modified in preceding commit.
 2020-11-18 13:45:13 +00:00
Matt-Yorkley
b0a70f0ba3 Improve TaxonController strong params handling 2020-11-17 19:48:27 +00:00
Matt-Yorkley
0b18b0dc0a Include Calculator attributes in PaymentMethod nested attributes and DRY repeated code 2020-11-17 19:04:26 +00:00
Matt-Yorkley
d225294b6b Extract to PermittedAttributes::Calculator 2020-11-17 18:51:48 +00:00
Matt-Yorkley
3547b9fe56 Add missing calculator params 2020-11-17 18:51:48 +00:00
Matt-Yorkley
1766f33d46 Use ActionController::Metal and include StrongParameters 2020-11-17 18:51:48 +00:00
Matt-Yorkley
cbdb6126a6 Fix strong_params in API enterprises_controller 2020-11-17 18:51:48 +00:00
Matt-Yorkley
6a26c9da8c Fix strong_params in API products_controller 2020-11-17 18:51:48 +00:00
Matt-Yorkley
36f4f40e84 Refactor and fix PaymentMethod strong params 2020-11-17 18:51:48 +00:00
Matt-Yorkley
787f29105c Fix ForbiddenAttribute errors for bulk update of enterprise fees and order cycles 
Example error:
As an administrator
    I want to manage simple order cycles
 updating many order cycle opening/closing times at once
     Failure/Error: raise ActiveModel::ForbiddenAttributesError, params.to_s

     ActiveModel::ForbiddenAttributesError:
       {"order_cycle_set"=>{"collection_attributes"=>{"0"=>{"id"=>62, "name"=>"Updated Order Cycle 1", "orders_open_at"=>"2040-12-01 12:00:00", "orders_close_at"=>"2040-12-01 12:00:01"}, "1"=>{"id"=>63, "name"=>"Updated Order Cycle 2", "orders_open_at"=>"2040-12-01 12:00:02", "orders_close_at"=>"2040-12-01 12:00:03"}, "2"=>{"id"=>64, "name"=>"Updated Order Cycle 3", "orders_open_at"=>"2040-12-01 12:00:04", "orders_close_at"=>"2040-12-01 12:00:05"}}}, "controller"=>"admin/order_cycles", "action"=>"bulk_update", "format"=>"json", "order_cycle"=>{}}
     # ./app/controllers/application_controller.rb:20:in `print_params'
     # ./lib/open_food_network/rack_request_blocker.rb:36:in `call'
     # ------------------
     # --- Caused by: ---
     # ActiveModel::ForbiddenAttributesError:
     #   ActiveModel::ForbiddenAttributesError
     #   ./app/models/model_set.rb:29:in `block in collection_attributes='
 2020-11-17 18:51:48 +00:00
Matt-Yorkley
642a294844 Fix broken order edit shipment 
As an administrator
    I want to create and edit orders
 as an enterprise manager viewing the edit page with different shipping methods can edit shipping method
     Failure/Error: expect(page).to have_content "Shipping: #{different_shipping_method_for_distributor1.name}"
       expected to find text "Shipping: Different" in "Logged in as : owen@romaguera.ca Account Logout Store DASHBOARD PRODUCTS ORDER CYCLES ORDERS REPORTS ENTERPRISES CUSTOMERS Order # R813516688 CANCEL ACTIONS BACK TO ORDER LIST John Doe - ADD PRODUCT NAME OR SKU (ENTER AT LEAST FIRST 4 CHARACTERS OF PRODUCT NAME) Select a variant 100 - PENDING ITEM DESCRIPTION PRICE QUANTITY TOTAL Product #3 - 9924 - 1g, S $10.00 1 x none $10.00 Product #4 - 5548 - 1g, S $10.00 1 x none $10.00 Product #5 - 8080 - 1g, S $10.00 1 x none $10.00 Product #6 - 3591 - 1g, S $10.00 1 x none $10.00 Product #7 - 6461 - 1g, S $10.00 1 x none $10.00 Product #8 - 4071 - 1g, S $110.00 1 x none $110.00 SHIPPING METHOD Different $0.00 Normal $0.00 Different $0.00 Tracking: U10000 LINE ITEM ADJUSTMENTS NAME AMOUNT Tax 1 10.0%: $10.00 ORDER ADJUSTMENTS NAME AMOUNT Transaction fee: $0.00 ORDER TOTAL $160.00 DISTRIBUTION Distributor: Enterprise 4 Order cycle: Order Cycle 2 UPDATE AND RECALCULATE FEES or BACK ORDER INFORMATION STATUS COMPLETE TOTAL : $160.00 SHIPMENT : PENDING PAYMENT : BALANCE DUE DATE COMPLETED : November 08, 2020 1:51 AM ORDER DETAILS CUSTOMER DETAILS ADJUSTMENTS PAYMENTS RETURN AUTHORIZATIONS"
     # ./spec/features/admin/order_spec.rb:291:in `block (5 levels) in <top (required)>'
 2020-11-17 18:51:48 +00:00
Matt-Yorkley
7401e34c52 Fix credit cards strong params 2020-11-17 18:51:48 +00:00
Matt-Yorkley
ca41bbcee7 Fix Api::VariantsController ForbiddenAttributesError 2020-11-17 18:51:48 +00:00
Matt-Yorkley
c374bf5e49 Fix strong_params in API taxons_controller 2020-11-17 18:51:48 +00:00
Matt-Yorkley
417c4d9aea Inherit from ActionController::Base in API Controllers 2020-11-17 18:51:48 +00:00
Andy Brett
17202ff39c move gateway_error require to lib/spree/core.rb 2020-11-10 14:55:56 -08:00
Luis Ramos
c785d0d1d7 Make engine's routes append to main app instead of prepend 2020-11-04 12:15:45 +00:00
Luis Ramos
09aef524f3 Make route helpers use spree helper 2020-11-04 12:15:45 +00:00
Luis Ramos
1b4a4a8113 Bring code from spree_paypal_express to make it use spree url_helper 2020-11-04 12:15:45 +00:00
Luis Ramos
b7aa04353c Fix requires of product duplicator 2020-11-04 12:15:45 +00:00
Luis Ramos
1bce516a45 Make specs load product duplicator 
This makes the ofn version of the product duplicator be used instead of the spree one
 2020-11-04 12:15:45 +00:00
Luis Ramos
af713385d8 Add frozen string literal 2020-10-31 10:16:37 +00:00
Luis Ramos
c9972189d0 Change usage of Spree::Admin::BaseController to Admin::BaseController 2020-10-31 09:56:59 +00:00
Luis Ramos
eb07a91acb Adapt code from Spree::Admin::BaseController to Admin::BaseController 2020-10-31 09:52:34 +00:00
Luis Ramos
66ba9ff73d Move Spree::Admin::BaseController to Admin::BaseController 2020-10-31 09:51:37 +00:00
Luis Ramos
55e8dace44 Fix sort_by issue on relation by calling to_a 2020-10-30 10:12:56 +00:00
Luis Ramos
7b06fdd943 Convert to array before using sort_by! 2020-10-30 10:12:56 +00:00
Luis Ramos
a53223aefc Convert relation to array before using array only method sort_by! 2020-10-30 10:10:54 +00:00
Andy Brett
57fe1db10e guard against nil params[:available_units] 2020-10-29 09:18:24 -07:00
Andy Brett
18d2599075 indicate block argument is unused 2020-10-29 09:18:24 -07:00
Andy Brett
292b33b4ea simplify available units params (and remove regex!) 2020-10-29 09:18:24 -07:00
Andy Brett
c9b540677c refactor general settings controller to handle available_units params 2020-10-29 09:17:49 -07:00
Andy Brett
cb3ea133e9 add available units to instance prefs page 2020-10-29 09:17:31 -07:00
Matt-Yorkley
489529d30e Merge pull request #5729 from luisramos0/image_settings 
Remove Image settings page and standardise Paperclip styles
 2020-10-22 15:58:14 +02:00
Luis Ramos
032075c04a Merge pull request #6119 from arku/chore/fire-event-removal 
Remove fire_event method usage
 2020-10-21 21:21:35 +01:00
Luis Ramos
b267f542d1 Merge pull request #5980 from luisramos0/spree_clean_up 
[Bye bye spree] Some clean up fixes to make it all work without spree
 2020-10-20 18:52:54 +01:00
Luis Ramos
0f06195baa Remove Image settings page, these settings will come from ofn-install now 2020-10-20 11:20:37 +01:00