Skip to content

Instantly share code, notes, and snippets.

@kennyadsl

kennyadsl/security_2020-07-15.rb Secret

Last active Jul 16, 2020
Embed
What would you like to do?
security_2020-07-15.rb
# Copy/Paste this code into an initializer.
#
# If you are using extra permitted attributes in your store,
# remember to also push them only into the step used to set them.
#
# E.g.
#
# Spree::PermittedAttributes.checkout_attributes << :extra_zipcode
#
# becomes:
#
# Spree::PermittedAttributes.checkout_address_attributes << :extra_zipcode
Spree::PermittedAttributes.source_attributes.push(address_attributes: address_attributes)
Spree::PermittedAttributes.module_eval do
mattr_reader :checkout_address_attributes,
:checkout_delivery_attributes,
:checkout_payment_attributes,
:checkout_confirm_attributes
@@checkout_address_attributes = [
:use_billing,
:email,
bill_address_attributes: address_attributes,
ship_address_attributes: address_attributes
]
@@checkout_delivery_attributes = [
:special_instructions,
shipments_attributes: shipment_attributes
]
@@checkout_payment_attributes = [
:coupon_code,
payments_attributes: payment_attributes + [
source_attributes: source_attributes
]
]
@@checkout_confirm_attributes = []
def self.checkout_attributes
Spree::Deprecation.warn <<-WARN.squish, caller
checkout_attributes is deprecated, please use the permitted
attributes set for the specific step that needs to be updated.
E.g. permitted_checkout_address_attributes
WARN
CheckoutAdditionalAttributes.new(
checkout_address_attributes +
checkout_delivery_attributes +
checkout_payment_attributes +
checkout_confirm_attributes
)
end
end
Spree::Api::CheckoutsController.class_eval do
private
def update_params
state = @order.state
case state.to_sym
when :cart, :address
massaged_params.fetch(:order, {}).permit(
permitted_checkout_address_attributes
)
when :delivery
massaged_params.require(:order).permit(
permitted_checkout_delivery_attributes
)
when :payment
massaged_params.require(:order).permit(
permitted_checkout_payment_attributes
)
else
massaged_params.fetch(:order, {}).permit(
permitted_checkout_confirm_attributes
)
end
end
end
Spree::CheckoutController.class_eval do
private
def update_params
case params[:state].to_sym
when :address
massaged_params.require(:order).permit(
permitted_checkout_address_attributes
)
when :delivery
massaged_params.require(:order).permit(
permitted_checkout_delivery_attributes
)
when :payment
massaged_params.require(:order).permit(
permitted_checkout_payment_attributes
)
else
massaged_params.fetch(:order, {}).permit(
permitted_checkout_confirm_attributes
)
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.