Module: Spree::PermittedAttributes
- Defined in:
- lib/spree/permitted_attributes.rb
Overview
Spree::PermittedAttributes contains the attributes permitted through strong params in various controllers in the frontend. Extensions and stores that need additional params to be accepted can mutate these arrays to add them.
Constant Summary collapse
- ATTRIBUTES =
[ :address_attributes, :address_book_attributes, :checkout_address_attributes, :checkout_delivery_attributes, :checkout_payment_attributes, :checkout_confirm_attributes, :credit_card_update_attributes, :customer_return_attributes, :image_attributes, :inventory_unit_attributes, :line_item_attributes, :option_type_attributes, :option_value_attributes, :payment_attributes, :product_attributes, :product_properties_attributes, :property_attributes, :return_authorization_attributes, :shipment_attributes, :source_attributes, :stock_item_attributes, :stock_location_attributes, :stock_movement_attributes, :store_attributes, :taxon_attributes, :taxonomy_attributes, :user_attributes, :variant_attributes ]
- @@address_attributes =
[ :id, :name, :firstname, :lastname, :first_name, :last_name, :address1, :address2, :city, :country_id, :state_id, :zipcode, :phone, :state_name, :country_iso, :alternative_phone, :company, country: [:iso, :name, :iso3, :iso_name], state: [:name, :abbr] ]
- @@address_book_attributes =
address_attributes + [:default]
- @@credit_card_update_attributes =
[ :month, :year, :expiry, :first_name, :last_name, :name ]
- @@customer_return_attributes =
[ :stock_location_id, return_items_attributes: [ :id, :inventory_unit_id, :return_authorization_id, :returned, :amount, :reception_status_event, :acceptance_status, :exchange_variant_id, :resellable, :return_reason_id ] ]
- @@image_attributes =
[:alt, :attachment, :position, :viewable_type, :viewable_id]
- @@inventory_unit_attributes =
[:shipment, :variant_id]
- @@line_item_attributes =
[:id, :variant_id, :quantity]
- @@option_type_attributes =
[:name, :presentation, :option_values_attributes]
- @@option_value_attributes =
[:name, :presentation]
- @@payment_attributes =
[:amount, :payment_method_id, :payment_method]
- @@product_properties_attributes =
[:property_name, :value, :position]
- @@product_attributes =
[ :name, :description, :available_on, :discontinue_on, :permalink, :meta_description, :meta_keywords, :price, :sku, :deleted_at, :option_values_hash, :weight, :height, :width, :depth, :shipping_category_id, :tax_category_id, :taxon_ids, :option_type_ids, :cost_currency, :cost_price ]
- @@property_attributes =
[:name, :presentation]
[:memo, :stock_location_id, :return_reason_id, return_items_attributes: [:inventory_unit_id, :exchange_variant_id, :return_reason_id, :preferred_reimbursement_type_id]]
- @@shipment_attributes =
[ :special_instructions, :stock_location_id, :id, :tracking, :selected_shipping_rate_id ]
- @@source_attributes =
month / year may be provided by some sources, or others may elect to use one field
[ :number, :month, :year, :expiry, :verification_value, :first_name, :last_name, :cc_type, :gateway_customer_profile_id, :gateway_payment_profile_id, :last_digits, :name, :encrypted_data, :existing_card_id, :wallet_payment_source_id, address_attributes: address_attributes ]
- @@stock_item_attributes =
[:variant, :stock_location, :backorderable, :variant_id]
- @@stock_location_attributes =
[ :name, :active, :address1, :address2, :city, :zipcode, :backorderable_default, :state_name, :state_id, :country_id, :phone, :propagate_all_variants ]
- @@stock_movement_attributes =
[ :quantity, :stock_item, :stock_item_id, :originator, :action ]
- @@store_attributes =
[:name, :url, :seo_title, :meta_keywords, :meta_description, :default_currency, :mail_from_address, :cart_tax_country_iso, :bcc_email]
- @@taxonomy_attributes =
[:name]
- @@taxon_attributes =
[ :name, :parent_id, :position, :icon, :description, :permalink, :taxonomy_id, :meta_description, :meta_keywords, :meta_title, :child_index ]
- @@user_attributes =
Intentionally leaving off email here to prevent privilege escalation by changing a user with higher priveleges’ email to one a lower-priveleged admin owns. Creating a user with an email is handled separate at the controller level.
[:password, :password_confirmation]
- @@variant_attributes =
[ :name, :presentation, :cost_price, :lock_version, :position, :track_inventory, :product_id, :product, :option_values_attributes, :price, :weight, :height, :width, :depth, :sku, :cost_currency, option_value_ids: [], options: [:name, :value] ]
- @@checkout_address_attributes =
[ :use_billing, :email, bill_address_attributes: address_attributes, ship_address_attributes: address_attributes ]
- @@checkout_delivery_attributes =
[ :special_instructions, shipments_attributes: shipment_attributes ]
- @@checkout_payment_attributes =
[ :coupon_code, payments_attributes: payment_attributes + [ source_attributes: source_attributes ] ]
- @@checkout_confirm_attributes =
[]
Class Method Summary collapse
Class Method Details
.checkout_attributes ⇒ Object
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 |
# File 'lib/spree/permitted_attributes.rb', line 160 def self.checkout_attributes Spree::Deprecation.warn <<-WARN.squish, caller checkout_attributes is deprecated, please use the permitted attributes set for the specific step that needs to be updated. E.g. permitted_checkout_address_attributes WARN CheckoutAdditionalAttributes.new( checkout_address_attributes + checkout_delivery_attributes + checkout_payment_attributes + checkout_confirm_attributes ) end |