Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve admin return authorization controller #2420

Merged
merged 3 commits into from
Jun 13, 2018
Merged

Improve admin return authorization controller #2420

merged 3 commits into from
Jun 13, 2018

Conversation

kennyadsl
Copy link
Member

With #2284 we noticed we had no specs for the fire action in admin ReturnAuthorization controller.

This PR adds specs for that method and handle when trying to fire a method that does not exist on the ReturnAuthorization instance.

@kennyadsl kennyadsl added the changelog:solidus_backend Changes to the solidus_backend gem label Dec 1, 2017
@kennyadsl kennyadsl self-assigned this Dec 1, 2017
@tvdeyen
Copy link
Member

tvdeyen commented Dec 1, 2017

Build errors will be fixed by #2423

@kennyadsl kennyadsl force-pushed the add-return-authorization-specs branch from b2c8006 to 74dd5b7 Compare December 4, 2017 15:00
@kennyadsl
Copy link
Member Author

After talking with @gmacdougall we agreed that it's better to whitelist the accepted methods here. As a next step it will probably make sense to try to refactor the logic that required this fire action to exist.

kennyadsl added 3 commits May 31, 2018 11:26
@kennyadsl
Add spec for fire action on backend return authorization controller
645f811
@kennyadsl
Handle firing return authorization with non existing event
13203b1
@kennyadsl
Restrict return authorization fire actions to state machine ones
553f8e4 
This commit whitelist actions fireable with this action to state
machine events only. We don't want to let this action accept
all methods that ends with ! (like .destroy!).

This is not considered a security issue since this action is
restricted to admin only.
@kennyadsl kennyadsl force-pushed the add-return-authorization-specs branch from 74dd5b7 to 553f8e4 Compare June 2, 2018 17:35
@kennyadsl
Copy link
Member Author

The only possible event is cancel! so it does not make a lot of sense having this metaprogrammed stuff in there just for that.

As next iteration we could remove this fire action and create another controller that is responsible just for canceling return authorization instead.

@kennyadsl kennyadsl merged commit c37bb06 into solidusio:master Jun 13, 2018
@kennyadsl kennyadsl deleted the add-return-authorization-specs branch June 13, 2018 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmacdougall gmacdougall gmacdougall approved these changes

@tvdeyen tvdeyen tvdeyen approved these changes

Assignees

@kennyadsl kennyadsl

Labels
changelog:solidus_backend Changes to the solidus_backend gem
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kennyadsl @tvdeyen @gmacdougall