Skip to content

Commit b4b15bb

Browse files
chaimannchaimann
committed
Update permitted params for products
Use explicit product params to permit. Removes #split_params as not needed because multiple select handles sending multiple values correctly.
1 parent c1225e1 commit b4b15bb

File tree

2 files changed

+54
-10
lines changed

2 files changed

+54
-10
lines changed

admin/app/controllers/solidus_admin/products_controller.rb

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ class ProductsController < SolidusAdmin::BaseController
1111
search_scope(:in_stock) { _1.where(id: Spree::Variant.in_stock.distinct.select(:product_id)) }
1212
search_scope(:out_of_stock) { _1.where.not(id: Spree::Variant.in_stock.distinct.select(:product_id)) }
1313

14-
before_action :split_params, only: [:update]
15-
1614
def index
1715
products = apply_search_to(
1816
Spree::Product.includes(:master, :variants),
@@ -44,7 +42,7 @@ def show
4442
def update
4543
@product = Spree::Product.friendly.find(params[:id])
4644

47-
if @product.update(params.require(:product).permit!)
45+
if @product.update(product_params)
4846
flash[:success] = t('spree.successfully_updated', resource: [
4947
Spree::Product.model_name.human,
5048
@product.name.inspect,
@@ -101,13 +99,12 @@ def activate
10199
redirect_to products_path, status: :see_other
102100
end
103101

104-
def split_params
105-
if params[:product][:taxon_ids].present?
106-
params[:product][:taxon_ids] = params[:product][:taxon_ids].split(',')
107-
end
108-
if params[:product][:option_type_ids].present?
109-
params[:product][:option_type_ids] = params[:product][:option_type_ids].split(',')
110-
end
102+
private
103+
104+
def product_params
105+
params.require(:product).permit(:name, :slug, :description, :meta_title, :meta_description, :meta_keywords, :gtin,
106+
:condition, :price, :cost_price, :cost_currency, :sku, :shipping_category_id, :tax_category_id,
107+
:available_on, :discontinue_on, :promotionable, option_type_ids: [], taxon_ids: [])
111108
end
112109
end
113110
end

admin/spec/requests/solidus_admin/products_spec.rb

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
# frozen_string_literal: true
2+
3+
require "spec_helper"
4+
5+
RSpec.describe "SolidusAdmin::PropertiesController", type: :request do
6+
let(:admin_user) { create(:admin_user) }
7+
8+
before do
9+
allow_any_instance_of(SolidusAdmin::BaseController).to receive(:spree_current_user).and_return(admin_user)
10+
end
11+
12+
describe "PATCH #update" do
13+
let(:product) { create(:product) }
14+
let(:params) do
15+
{
16+
name: "T-Shirt",
17+
description: "Nice T-Shirt",
18+
slug: "nice-t-shirt",
19+
meta_title: "Nice T-Shirt",
20+
meta_description: "It is a really nice T-Shirt",
21+
meta_keywords: "tshirt, tee",
22+
gtin: "12345",
23+
condition: "new",
24+
price: 100,
25+
cost_price: 100,
26+
cost_currency: "USD",
27+
sku: "T123",
28+
shipping_category_id: create(:shipping_category).id,
29+
tax_category_id: create(:tax_category).id,
30+
available_on: "2025-05-28".to_date,
31+
discontinue_on: "2026-01-06".to_date,
32+
promotionable: true,
33+
option_type_ids: [create(:option_type).id, create(:option_type).id],
34+
taxon_ids: [create(:taxon).id, create(:taxon).id],
35+
}
36+
end
37+
38+
it "updates product" do
39+
patch solidus_admin.product_path(product), params: { product: params }
40+
expect(response).to have_http_status(:see_other)
41+
expect(product.reload).to have_attributes(params.except(Spree::Product::MASTER_ATTRIBUTES))
42+
%i[gtin condition price cost_price cost_currency sku].each do |attr|
43+
expect(product.public_send(attr)).to eq(params[attr])
44+
end
45+
end
46+
end
47+
end

0 commit comments

Comments
 (0)