forked from mccabe615/ruby-metaprogramming-sec-issues
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path[CONSTANTIZE]SpreeConstantizeEx1.rb
77 lines (67 loc) · 2.86 KB
/
[CONSTANTIZE]SpreeConstantizeEx1.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
## FROM https://github.com/spree/spree/blob/90daf36f622be6f90725ebbe30a46957b14a29c5/backend/app/controllers/spree/admin/payment_methods_controller.rb#L11
module Spree
module Admin
class PaymentMethodsController < ResourceController
skip_before_action :load_resource, only: :create
before_action :load_data
before_action :validate_payment_method_provider, only: :create
respond_to :html
def create
@payment_method = params[:payment_method].delete(:type).constantize.new(payment_method_params)
### Note from the Presenters
### @payment_method = User.delete(:type).constantize.new(payment_method_params + user_params)
### all this requires is that payment method params be used so what if we added a user or if the payment_method_params are similar to user params
@object = @payment_method
invoke_callbacks(:create, :before)
if @payment_method.save
invoke_callbacks(:create, :after)
flash[:success] = Spree.t(:successfully_created, :resource => Spree.t(:payment_method))
redirect_to edit_admin_payment_method_path(@payment_method)
else
invoke_callbacks(:create, :fails)
respond_with(@payment_method)
end
end
def update
invoke_callbacks(:update, :before)
payment_method_type = params[:payment_method].delete(:type)
if @payment_method['type'].to_s != payment_method_type
@payment_method.update_columns(
type: payment_method_type,
updated_at: Time.now,
)
@payment_method = PaymentMethod.find(params[:id])
end
update_params = params[ActiveModel::Naming.param_key(@payment_method)] || {}
attributes = payment_method_params.merge(update_params)
attributes.each do |k,v|
if k.include?("password") && attributes[k].blank?
attributes.delete(k)
end
end
if @payment_method.update_attributes(attributes)
invoke_callbacks(:update, :after)
flash[:success] = Spree.t(:successfully_updated, :resource => Spree.t(:payment_method))
redirect_to edit_admin_payment_method_path(@payment_method)
else
invoke_callbacks(:update, :fails)
respond_with(@payment_method)
end
end
private
def load_data
@providers = Gateway.providers.sort{|p1, p2| p1.name <=> p2.name }
end
def validate_payment_method_provider
valid_payment_methods = Rails.application.config.spree.payment_methods.map(&:to_s)
if !valid_payment_methods.include?(params[:payment_method][:type])
flash[:error] = Spree.t(:invalid_payment_provider)
redirect_to new_admin_payment_method_path
end
end
def payment_method_params
params.require(:payment_method).permit!
end
end
end
end