raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-05 02:41:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
33,861 Commits 20 Branches 455 Tags
cf9ffd8931286866b66b714a8b32030e004ddcbf
Commit Graph

33861 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Filipe
cf9ffd8931 Merge pull request #13419 from chahmedejaz/bugfix/13416-orders-page-inaccessible-by-admins 
Orders page inaccessible as superadmin (error 504)
 2025-07-14 13:50:51 +01:00
Ahmed Ejaz
e6b9373570 Refactor line items search to improve security and maintainability 
Moves search field configuration from frontend to backend to prevent potential security issues with exposing internal field names. The change also improves maintainability by centralizing search logic in the controller.

Adds conditional logic to use name_alias for non-admin users when searching distributor names, enhancing data access control.
 2025-07-13 18:07:14 +05:00
Ahmed Ejaz
ec44947b37 Add special handling for admin users in order permissions 
Modifies order and line item permission logic to give admin users full access to all orders and line items, bypassing the regular complex joins queries to get orders editable by producers. These complex joins are needed for regular users but for user admins we need to return all orders.
 2025-07-13 05:34:55 +05:00
Gaetan Craig-Riou
c0639b37bb Merge pull request #13412 from openfoodfoundation/dependabot/npm_and_yarn/hotkeys-js-3.13.15 
Bump hotkeys-js from 3.13.14 to 3.13.15
 2025-07-12 14:47:40 +10:00
dependabot[bot]
7a0ecc777a Bump hotkeys-js from 3.13.14 to 3.13.15 
Bumps [hotkeys-js](https://github.com/jaywcjlove/hotkeys-js) from 3.13.14 to 3.13.15.
- [Release notes](https://github.com/jaywcjlove/hotkeys-js/releases)
- [Commits](https://github.com/jaywcjlove/hotkeys-js/compare/v3.13.14...v3.13.15)

---
updated-dependencies:
- dependency-name: hotkeys-js
  dependency-version: 3.13.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-09 09:41:28 +00:00
Gaetan Craig-Riou
aeefe841bf Merge pull request #13403 from chitty/cch/image_variant_url_for 
Do not try to generate a URL for unpersisted blobs in development/test environment
 2025-07-09 14:15:07 +10:00
David Cook
d80481a106 Merge pull request #13405 from openfoodfoundation/dependabot/npm_and_yarn/floating-ui/dom-1.7.2 
Bump @floating-ui/dom from 1.7.1 to 1.7.2
 2025-07-08 09:52:28 +10:00
David Cook
174be39c5e Merge pull request #13399 from openfoodfoundation/dependabot/npm_and_yarn/pbkdf2-3.1.3 
Bump pbkdf2 from 3.1.1 to 3.1.3
 2025-07-08 09:38:12 +10:00
Ahmed Ejaz
5f694276f1 Update all locales with the latest Transifex translations v5.1.3 2025-07-07 03:53:59 +05:00
Filipe
affb5d7281 Merge pull request #13338 from chahmedejaz/task/13287-add-producer-seller-ability-to-edit-orders 
Allow producer who are also seller to edit their products on hubs' orders
 2025-07-04 14:26:39 +01:00
Maikel
87b9eeb2f1 Merge pull request #13407 from rioug/fix-undercover-ci-step 
CI - Do not run undercover CI step on the master branch
 2025-07-02 11:04:29 +10:00
Gaetan Craig-Riou
81c75b2b71 Do not run undercover on the master branch 
No need to compare master to itself.
 2025-07-02 10:12:28 +10:00
dependabot[bot]
ec6d490676 Bump @floating-ui/dom from 1.7.1 to 1.7.2 
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.2/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-30 12:15:11 +00:00
filipefurtad0
80aa8d71a5 Update all locales with the latest Transifex translations v5.1.2 2025-06-30 11:51:30 +01:00
Filipe
0408b74987 Merge pull request #13375 from chahmedejaz/task/13130-add-customer-email-and-phone-to-notify-producer-emails 
Add customer email and phone to notify producer emails when enabled
 2025-06-30 11:48:18 +01:00
David Cook
9e9cc28062 Update spec/mailers/producer_mailer_spec.rb 2025-06-30 09:19:38 +02:00
Ahmed Ejaz
80fc0a5790 Exclude customer personal information from order summary in email 2025-06-30 09:19:38 +02:00
Ahmed Ejaz
5a13aa1c8a Add phone and email fields to customer order summary in ProducerMailer 2025-06-30 09:19:38 +02:00
Gaetan Craig-Riou
aabf3c861a Merge pull request #13398 from mkllnk/configure-wait-time 
Increase default timeout in system specs
 2025-06-30 13:34:41 +10:00
Gaetan Craig-Riou
01e4ca7d93 Merge pull request #13101 from filipefurtad0/adds_undercover_gem_to_the_stack 
Adds undercover gem to the stack
 2025-06-30 13:30:49 +10:00
Ahmed Ejaz
838e88a502 Refactor display_value_for_producer method to use Spree::Ability for supplier edit permissions 2025-06-29 19:41:41 +05:00
Ahmed Ejaz
4b19d38c58 Refactor variant creation in hub actions spec to use supplier association for clarity 2025-06-29 19:13:44 +05:00
Ahmed Ejaz
7725fae992 Refactor order cycle and order management abilities to improve producer edit permissions 2025-06-29 19:13:31 +05:00
Carlos Chitty
b43fa55a7b Do not try to generate a URL for unpersisted blobs in development/test environment 
Explicitly raise an error in `image_variant_url_for` if an Active Storage variant's blob is not persisted.

This addresses `ArgumentError`/`URI::InvalidURIError` in Rails 7.1, which occurs when attempting to generate a URL for an unsaved Active Storage blob. By raising, we ensure existing error handling in calling methods (e.g., `Spree::Image#url`) can provide graceful fallbacks (default image URLs).

This should only affect test and development environments where blobs may not be immediately persisted. Tests in `SuppliedProductImporter` have been updated to reflect this behavior.

References:
  - Suggestion: https://github.com/openfoodfoundation/openfoodnetwork/pull/13232#discussion_r2071116581
  - Example of failing test due to this: https://github.com/openfoodfoundation/openfoodnetwork/actions/runs/14739687958/job/41374346184?pr=13232
  - Related: https://github.com/rails/rails/issues/50234
 2025-06-27 15:05:52 -04:00
filipefurtad0
1478990eac Removes fake method and spec 2025-06-27 12:29:32 +01:00
Maikel Linke
4a1e32e790 Spec fake method to show undercover working 2025-06-27 12:28:16 +01:00
filipefurtad0
75e0a71e10 Adds a fake method with no test coverage to test Undercover gem 2025-06-27 12:24:25 +01:00
filipefurtad0
e0efb34fe8 Adds undercover command to the build file 
build setup patch
 2025-06-27 12:24:22 +01:00
filipefurtad0
4cb9d870b4 Changes rake task to include merging of the lcov result files 2025-06-27 12:24:22 +01:00
filipefurtad0
5b7675cd9b Adds config file for undercover 
undercover setup patch
 2025-06-27 12:24:18 +01:00
filipefurtad0
b6fc117b17 Adds undercover gem to the gemfile 2025-06-25 14:58:23 +01:00
dependabot[bot]
d5c79be7d9 Bump pbkdf2 from 3.1.1 to 3.1.3 
---
updated-dependencies:
- dependency-name: pbkdf2
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-24 09:47:41 +00:00
Maikel Linke
7d80033c8e Increase default timeout in system specs 2025-06-24 11:57:38 +10:00
Ahmed Ejaz
1b9d64ad5e Refactor search functionality in variants controller spec to include order_id for improved filtering 2025-06-21 16:39:15 +05:00
Ahmed Ejaz
c648249160 Refactor order view specs to improve clarity in expectations 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
765ce68c11 Add order_id to order controller, variant autocomplete, and search parameters for improved order management 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
020d90b957 Enhance line item management abilities by consolidating permissions for Spree::Order 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
8d407b1dc9 Fix lint issues 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
fe1b8aaab3 Add hub actions spec for producer order management functionality 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
ade35f2fa2 Fixes specs and update code respectively 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
cd01a27bdd Add distributor_name_alias to searchable attributes and implement ransacker for filtering line items 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
2f9c856645 Refactors order and line item permissions logic 
Simplifies permission checking by:
- Extracting common managed/coordinated orders logic into separate method
- Combining producer-editable and managed/coordinated order clauses
- Merging producer and admin line item permission checks into single query
 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
8e8878e43a Add search_variants_as parameter to variant search functionality 2025-06-21 16:19:31 +05:00
Ahmed Ejaz
a37e08c2fd Refactor order management permissions for producers 
Introduces granular permissions control for producers editing orders:

- Adds new :edit_as_producer_only permission for suppliers
- Refactors ability checks to clearly separate producer vs admin/distributor access
- Updates order views to properly restrict actions based on user role
- Prevents admins from being restricted by producer-only edit mode
 2025-06-21 16:16:58 +05:00
Maikel Linke
75b2119dd1 Update all locales with the latest Transifex translations v5.1.1 2025-06-20 13:59:47 +10:00
Filipe
6ccc588113 Merge pull request #13342 from chitty/cch/refactor-unit-price 
refactor: move unit price formatting logic out of model into helper
 2025-06-19 16:19:03 +01:00
Gaetan Craig-Riou
7115eb3c0e Merge pull request #13372 from chitty/cch/add-respond-to-missing 
Add `respond_to_missing?` and replace `method_missing` with explicit preference methods
 2025-06-19 18:47:08 +10:00
Maikel
98ebbb2203 Merge pull request #13383 from openfoodfoundation/dependabot/npm_and_yarn/hotkeys-js-3.13.14 
Bump hotkeys-js from 3.13.12 to 3.13.14
 2025-06-19 15:31:23 +10:00
Maikel
3c1ee5f033 Merge pull request #13384 from cyrillefr/MetricsModuleLength 
Fixes offenses Metrics/ModuleLength in engines spec
 2025-06-19 15:30:27 +10:00
Maikel
23b8192b2c Merge pull request #13380 from openfoodfoundation/dependabot/npm_and_yarn/brace-expansion-1.1.12 
Bump brace-expansion from 1.1.11 to 1.1.12
 2025-06-19 15:19:52 +10:00