raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-25 20:46:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,725 Commits 21 Branches 450 Tags
d0f48687e28e7094de4580e6e04691cb2a0799ec
Commit Graph

126 Commits

Author SHA1 Message Date
Maikel
dcb48272f5 Merge pull request #13746 from rioug/security-255-code-injection 
[Security]  Fix potential code injection
 2025-11-24 12:01:44 +11:00
Gaetan Craig-Riou
74d2a94181 Add input validation to prevent code injection 
Plus spec
 2025-11-23 13:46:36 +11:00
Ahmed Ejaz
763655f0e5 Enhance product sorting for On-Demand items and add backorderable name support 2025-11-14 06:04:32 +05:00
David Rodríguez
4c6d894bc0 Bump RuboCop to 1.86.6 
There were a few changes needed:

* Plugins are now specified through `plugin:` config keyword.
* All plugin gems need to be specified explicitly in Gemfile since they
  are no longer dependencies of plugins already specified explicitly.
* All plugin gems need to be updated in other to use the new APIs.
* One cop was renamed.
* New offenses safe to correct were corrected directly with `bundle exec
  rubocop -a`.
* New offenses unsafe to correct were added to the TODO configuration
  with `bundle exec rubocop --auto-gen-config --auto-gen-only-exclude
  --exclude-limit 1400 --no-auto-gen-timestamp`.
 2025-10-27 11:30:33 +01:00
Ahmed Ejaz
dffcd446fd Simplify backorderable priority SQL query in product sorting concern 2025-09-15 12:03:04 +05:00
Ahmed Ejaz
49dbe1d039 Refactor comments for clarity in product sorting concerns 2025-09-15 02:15:03 +05:00
Ahmed Ejaz
da843d1ba1 Add sorting by stock levels using ransacker and update locale for 'on_hand' header 2025-09-13 01:11:21 +05:00
Maikel Linke
729e62d7db Remove unused stock move originator parameter 2025-05-13 15:24:26 +10:00
Maikel Linke
2197656606 Stop creating stock movements 
Spree added stock movements to track the movements between stock
locations. But we got rid of stock locations and the only stock
movements we have now are just records of stock level changes.

These records were not created in all cases though and there were also
not created for variant overrides (inventory items). And since these
records aren't visible anywhere, I think it's best we remove them
altogether.

I do think that some kind of log would be useful but I don't think that
AR records like this are the best solution for that. And the
StockMovement model just added complexity to our already complex stock
level storage. The actual adjustment of the count_on_hand attribute of
the StockItem was performed in an after_create hook of the
StockMovement. Now we call it explicitely.
 2025-05-13 14:56:29 +10:00
cyrillefr
fbb4954ff7 Fixes Rubocop Naming NamingMemoizedInstanceVariableName cop 2025-04-29 13:27:47 +02:00
Maikel Linke
b3ddfde1c3 Remove empty ProductStock concern 2025-03-28 14:49:47 +11:00
Maikel Linke
ca9f32ceae [API change] Remove unused Product#on_hand 2025-03-28 14:48:40 +11:00
Maikel Linke
d55d4dd8ed Remove unused Product#on_demand 2025-03-28 14:00:40 +11:00
cyrillefr
0aecb6873a Requested changes 
- 2 new methods for reading either current/desired on hand/on demand
  depending on variant state. Goal is to get rid of send method in View
- referring in on_hand/on_demand is in fact irrelevant. In the piece of
  code, only desired on_hand/on_demand can be called as we are only in
  new variant (non persisted) mode
- View does not use send method anymore, replaced by current_or_desired
- refactor of the spec -> 2 examples in one to get more speed.
 2025-02-12 16:01:21 +01:00
Maikel Linke
64608beaa8 Remove DefaultStockLocation created in setup 2025-01-22 12:01:57 +11:00
Maikel Linke
33c6f3b94f Remove StockLocation#stock_item 2025-01-22 11:20:05 +11:00
Gaetan Craig-Riou
a2c4c44eea Move Vine voucher to Vouchers::Vine 
A Vine voucher is really a specific type of FlatRate voucher but because
a Vine voucher can be used by mutiple enterprise, it can be considered
different enough to warrant it's own class.
It still share a lot of the behaviour of a FlatRate voucher, so to avoid
duplication, all the shared functionality have been moved to a
Vouchers::FlatRatable concern.
 2024-11-28 13:35:01 +01:00
Maikel Linke
af07358914 Assume on-demand is false by default 
We have only one stock location and that has the default set to false.
Now we can simplify code.

The mentioned Bugsnag notification has not been found. The stock item is
always present in this case but it doesn't hurt to guard against it with
`&.`.
 2024-10-02 15:06:48 +10:00
Maikel Linke
2201d2e8c2 VariantOverride with on_demand now overriding stock 
Otherwise we would try to take stock from the producer stock level
without respecting their on-demand settings. So from now on:
If stock level or on_demand are set on the override then it's not using
producer stock levels.
 2024-08-02 14:40:17 +10:00
Maikel Linke
b6c407971d Allow on-demand VariantOverride to track stock 
We allowed this for producer stock and need to do the same for inventory
stock. This will allow us to create backorders for missing, but promised
stock.
 2024-08-02 14:40:17 +10:00
Maikel Linke
a1887bdc76 Update stock levels of on-demand items 
We weren't bothering with stock when items were on demand anyway. But we
want to track stock now so that we can backorder more when local stock
levels become negative.
 2024-08-02 14:40:17 +10:00
cyrillefr
ce8a2b3251 Fixes Rails/SkipsModelValidations offenses 
- increments! & decrement! skip validations
 - replaced increment! method calls
 - one call was for a redefined increment! method
 - the other for a regular(ActiveRecord::Persistence)
 - removes increments/decrements definition now useless
 2024-07-05 16:35:40 +02:00
Abdellani
0337464291 update logged message when a product is deleted 2024-06-19 15:15:04 +01:00
Maikel
8837f1caa2 Revert "Allow negative stock levels for on-demand products" 2024-06-19 15:18:57 +10:00
Maikel
2f173cb5c2 Merge pull request #12536 from mkllnk/stock-levels 
Allow negative stock levels for on-demand products
 2024-06-13 10:26:01 +10:00
Maikel Linke
e6ac2f0d88 Style/SuperArguments 
Call super without arguments and parentheses when the signature is identical.
 2024-06-05 09:29:42 +10:00
Maikel Linke
ecbba894f7 Update stock levels of on-demand items 
We weren't bothering with stock when items were on demand anyway. But we
want to track stock now so that we can backorder more when local stock
levels become negative.
 2024-05-31 16:38:24 +10:00
Mohamed ABDELLANI
8ccb59a9ab included LogDestroyPerformer on product model 2024-05-17 15:42:39 +01:00
Mohamed ABDELLANI
40b2361572 add LogDestroyPerformer concern to be included in models where we want log destroy action 2024-05-09 14:38:21 +01:00
Feruz Oripov
9d919938f3 Group Order && OrderCycle related services and specs 2024-03-16 19:07:08 +05:00
Neal Chambers
4ffd3759cc Fix Style/HashSyntax 2023-09-12 23:19:05 +09:00
Neal Chambers
06e217c527 Safely autocorrect Rails/WhereNot 
Inspecting 1483 files
........................................................................................................................C..................................................................................................................C...........CC.C..........................................C......C..........C.........................C......................CC..........C........................................................................................................................C.......................................................................................................C........................................................C...........................................................................................................................................C......................................C.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Offenses:

app/controllers/spree/admin/products_controller.rb:183:11: C: [Corrected] Rails/WhereNot: Use where.not(spree_variants: { import_date: nil }) instead of manually constructing negated SQL in where.
          where('spree_variants.import_date IS NOT NULL').
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/concerns/permalink_generator.rb:37:26: C: [Corrected] Rails/WhereNot: Use where.not(id: id) instead of manually constructing negated SQL in where.
      scope_with_deleted.where('id != ?', id)
                         ^^^^^^^^^^^^^^^^^^^^
app/models/concerns/permalink_generator.rb:37:40: C: [Corrected] Style/HashSyntax: Omit the hash value.
      scope_with_deleted.where.not(id: id)
                                       ^^
app/models/enterprise.rb:152:7: C: [Corrected] Rails/WhereNot: Use where.not(enterprises: { id: ready_enterprises }) instead of manually constructing negated SQL in where.
      where("enterprises.id NOT IN (?)", ready_enterprises)
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/enterprise.rb:158:31: C: [Corrected] Rails/WhereNot: Use where.not(sells: 'none') instead of manually constructing negated SQL in where.
  scope :is_distributor, -> { where('sells != ?', 'none') }
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/enterprise.rb:479:17: C: [Corrected] Rails/WhereNot: Use where.not(id: id) instead of manually constructing negated SQL in where.
    dups = dups.where('id != ?', id) unless new_record?
                ^^^^^^^^^^^^^^^^^^^^
app/models/enterprise.rb:534:43: C: [Corrected] Rails/WhereNot: Use where.not(enterprises: { id: self }) instead of manually constructing negated SQL in where.
    enterprises = owner.owned_enterprises.where('enterprises.id != ?', self)
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/enterprise.rb:583:7: C: [Corrected] Rails/WhereNot: Use where.not(enterprises: { id: id }) instead of manually constructing negated SQL in where.
      where('enterprises.id != ?', id).
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/enterprise_fee.rb:40:24: C: [Corrected] Rails/WhereNot: Use where.not(spree_calculators: { type: PER_ORDER_CALCULATORS }) instead of manually constructing negated SQL in where.
    joins(:calculator).where('spree_calculators.type NOT IN (?)', PER_ORDER_CALCULATORS)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/enterprise_relationship.rb:78:19: C: [Corrected] Rails/WhereNot: Use where.not(name: perms) instead of manually constructing negated SQL in where.
      permissions.where('name NOT IN (?)', perms).destroy_all
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/product_import/inventory_reset_strategy.rb:27:16: C: [Corrected] Rails/WhereNot: Use where.not(id: excluded_items_ids) instead of manually constructing negated SQL in where.
      relation.where('id NOT IN (?)', excluded_items_ids)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/proxy_order.rb:19:25: C: [Corrected] Rails/WhereNot: Use where.not(proxy_orders: { canceled_at: nil }) instead of manually constructing negated SQL in where.
  scope :canceled, -> { where('proxy_orders.canceled_at IS NOT NULL') }
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/spree/credit_card.rb:26:39: C: [Corrected] Rails/WhereNot: Use where.not(gateway_customer_profile_id: nil) instead of manually constructing negated SQL in where.
    scope :with_payment_profile, -> { where('gateway_customer_profile_id IS NOT NULL') }
                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/spree/product.rb:166:9: C: [Corrected] Rails/WhereNot: Use where.not(order_cycles: { id: nil }) instead of manually constructing negated SQL in where.
        where('order_cycles.id IS NOT NULL')
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/spree/variant.rb:94:30: C: [Corrected] Rails/WhereNot: Use where.not(deleted_at: nil) instead of manually constructing negated SQL in where.
    scope :deleted, lambda { where('deleted_at IS NOT NULL') }
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/spree/variant.rb:165:43: C: [Corrected] Rails/WhereNot: Use where.not(spree_prices: { amount: nil }) instead of manually constructing negated SQL in where.
                                          where('spree_prices.amount IS NOT NULL').
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/models/spree/zone.rb:141:19: C: [Corrected] Rails/WhereNot: Use where.not(id: id) instead of manually constructing negated SQL in where.
      Spree::Zone.where('id != ?', id).update_all(default_tax: false) if default_tax
                  ^^^^^^^^^^^^^^^^^^^^
app/models/spree/zone.rb:141:33: C: [Corrected] Style/HashSyntax: Omit the hash value.
      Spree::Zone.where.not(id: id).update_all(default_tax: false) if default_tax
                                ^^
app/models/variant_override.rb:32:7: C: [Corrected] Rails/WhereNot: Use where.not(variant_overrides: { import_date: nil }) instead of manually constructing negated SQL in where.
      where('variant_overrides.import_date IS NOT NULL').
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
app/services/cap_quantity.rb:45:22: C: [Corrected] Rails/WhereNot: Use where.not(variant_id: available_variants_for.select(&:id)) instead of manually constructing negated SQL in where.
    order.line_items.where('variant_id NOT IN (?)', available_variants_for.select(&:id))
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
engines/catalog/app/services/catalog/product_import/products_reset_strategy.rb:32:18: C: [Corrected] Rails/WhereNot: Use where.not(spree_variants: { id: excluded_items_ids }) instead of manually constructing negated SQL in where.
        relation.where('spree_variants.id NOT IN (?)', excluded_items_ids)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
engines/order_management/app/services/order_management/subscriptions/proxy_order_syncer.rb:78:18: C: [Corrected] Rails/WhereNot: Use where.not(order_cycle_id: order_cycle_ids) instead of manually constructing negated SQL in where.
        orphaned.where('order_cycle_id NOT IN (?)', order_cycle_ids)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
lib/reporting/reports/users_and_enterprises/base.rb:27:14: C: [Corrected] Rails/WhereNot: Use where.not(enterprises: { id: nil }) instead of manually constructing negated SQL in where.
            .where("enterprises.id IS NOT NULL")
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
lib/reporting/reports/users_and_enterprises/base.rb:39:14: C: [Corrected] Rails/WhereNot: Use where.not(enterprise_id: nil) instead of manually constructing negated SQL in where.
            .where("enterprise_id IS NOT NULL")
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
lib/reporting/reports/users_and_enterprises/base.rb:40:14: C: [Corrected] Rails/WhereNot: Use where.not(user_id: nil) instead of manually constructing negated SQL in where.
            .where("user_id IS NOT NULL")
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
lib/tasks/data/anonymize_data.rake:50:16: C: [Corrected] Rails/WhereNot: Use where.not(user_id: nil) instead of manually constructing negated SQL in where.
      Customer.where("user_id IS NOT NULL")
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

1483 files inspected, 26 offenses detected, 26 offenses corrected
 2023-08-20 12:33:43 +09:00
Neal Chambers
3c9afcf360 Fix Rails/CompactBlank 2023-08-17 16:43:13 +09:00
Neal Chambers
1e4034534c Fix Layout/LineLength 2023-06-23 09:08:04 +09:00
Maikel Linke
99fbf80b4c Style Layout/MultilineMethodCallIndentation 2023-06-08 11:15:42 +10:00
Matt-Yorkley
760bf269ca Pull validations-related methods out into a separate module 2023-06-07 18:54:20 +01:00
James Wu
a75f16e23c Implement full_name_for_sorting 2023-04-11 15:25:20 +10:00
Rachel Arnould
2652bc086a Merge pull request #9755 from cillian/order-cycle-payment-methods 
Let people choose which payment methods are available to customers on order cycles
 2022-10-26 20:10:34 +02:00
Cillian O'Ruanaidh
5423c1c02e Resolve conflict in db/schema.rb 2022-10-21 17:21:24 +01:00
Matt-Yorkley
c0ee72319f Remove dead code: Product#variants? 
This only makes sense in the context of Products which only have "master" variants, and we removed that option a while back.

Remove #variants? check from ProductStock concern
 2022-10-19 16:30:12 +11:00
Maikel Linke
86731d7e30 Remove compatibility code for migrating files 
The migration should be complete now.
 2022-06-01 17:16:55 +10:00
Maikel Linke
727eef3c4f Replace Paperclippable ContentConfig 
The old Paperclip configuration was very clever and easy to use but it
was also a complicated implementation building on the complicated Spree
preference system.

I simplified this with Active Storage, storing simple references to blob
ids and default URLs as backup.
 2022-06-01 17:16:54 +10:00
Maikel Linke
1c1f9d73a3 Add task to migrate existing files to Active Storage 
Common migrations look for all models with *_file_name attributes but I
found that unreliable in our code base. It finds too many model classes
and doesn't allow us to be more selective in the migration. So I used
our own migration declaration to migrate exactly those attachments
specified.
 2022-04-25 13:00:31 +10:00
Maikel Linke
92bbcbb7ce Process correct attachment when model has several 
Luckily Paperclip has designated callbacks for processing each
attachment separately. We can just hook into that.
 2022-04-25 13:00:31 +10:00
Maikel Linke
c36ad96acc Move file duplication code to concern to share 
I chose `has_one_migrating` as method name for two reasons:

 1. It reflects Active Storage's method `has_one_attached`.
 2. And it has the same length as Paperclip's `has_attached_file`.
    Therefore the commits don't need any whitespace changes.

When we change it to `has_one_attached`, we will also remove the
Paperclip options which then don't need whitespace changes either.
 2022-04-25 13:00:31 +10:00
Filipe
374c05116b Merge pull request #8726 from Matt-Yorkley/stringex-machina 
Reduce impact of stringex gem
 2022-01-26 19:02:41 +00:00
GeorgeThoppil
f1c4f80be4 Adding deleted_at check on variant_stock move 2022-01-23 13:45:54 -05:00
Matt-Yorkley
3f5e5d52ad Improve concern syntax and definition 2022-01-15 12:31:43 +00:00
Matt-Yorkley
ea312c78b0 Move PermalinkGenerator out of lib directory 2022-01-15 12:31:43 +00:00
Luis Azcuaga
e8fd89a6d2 Run rubocop over existing todo 2021-10-25 21:28:28 -05:00