-
-
Save kennyadsl/4618cd9797984cb64f7700a81bda889d to your computer and use it in GitHub Desktop.
security_2020-07-15.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copy/Paste this code into an initializer. | |
| # | |
| # If you are using extra permitted attributes in your store, | |
| # remember to also push them only into the step used to set them. | |
| # | |
| # E.g. | |
| # | |
| # Spree::PermittedAttributes.checkout_attributes << :extra_zipcode | |
| # | |
| # becomes: | |
| # | |
| # Spree::PermittedAttributes.checkout_address_attributes << :extra_zipcode | |
| Spree::PermittedAttributes.source_attributes.push(address_attributes: address_attributes) | |
| Spree::PermittedAttributes.module_eval do | |
| mattr_reader :checkout_address_attributes, | |
| :checkout_delivery_attributes, | |
| :checkout_payment_attributes, | |
| :checkout_confirm_attributes | |
| @@checkout_address_attributes = [ | |
| :use_billing, | |
| :email, | |
| bill_address_attributes: address_attributes, | |
| ship_address_attributes: address_attributes | |
| ] | |
| @@checkout_delivery_attributes = [ | |
| :special_instructions, | |
| shipments_attributes: shipment_attributes | |
| ] | |
| @@checkout_payment_attributes = [ | |
| :coupon_code, | |
| payments_attributes: payment_attributes + [ | |
| source_attributes: source_attributes | |
| ] | |
| ] | |
| @@checkout_confirm_attributes = [] | |
| def self.checkout_attributes | |
| Spree::Deprecation.warn <<-WARN.squish, caller | |
| checkout_attributes is deprecated, please use the permitted | |
| attributes set for the specific step that needs to be updated. | |
| E.g. permitted_checkout_address_attributes | |
| WARN | |
| CheckoutAdditionalAttributes.new( | |
| checkout_address_attributes + | |
| checkout_delivery_attributes + | |
| checkout_payment_attributes + | |
| checkout_confirm_attributes | |
| ) | |
| end | |
| end | |
| Spree::Api::CheckoutsController.class_eval do | |
| private | |
| def update_params | |
| state = @order.state | |
| case state.to_sym | |
| when :cart, :address | |
| massaged_params.fetch(:order, {}).permit( | |
| permitted_checkout_address_attributes | |
| ) | |
| when :delivery | |
| massaged_params.require(:order).permit( | |
| permitted_checkout_delivery_attributes | |
| ) | |
| when :payment | |
| massaged_params.require(:order).permit( | |
| permitted_checkout_payment_attributes | |
| ) | |
| else | |
| massaged_params.fetch(:order, {}).permit( | |
| permitted_checkout_confirm_attributes | |
| ) | |
| end | |
| end | |
| end | |
| Spree::CheckoutController.class_eval do | |
| private | |
| def update_params | |
| case params[:state].to_sym | |
| when :address | |
| massaged_params.require(:order).permit( | |
| permitted_checkout_address_attributes | |
| ) | |
| when :delivery | |
| massaged_params.require(:order).permit( | |
| permitted_checkout_delivery_attributes | |
| ) | |
| when :payment | |
| massaged_params.require(:order).permit( | |
| permitted_checkout_payment_attributes | |
| ) | |
| else | |
| massaged_params.fetch(:order, {}).permit( | |
| permitted_checkout_confirm_attributes | |
| ) | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment