Allows Rails 8, updates sqlite in Gemfile to match what CI runs

Only send content to tags that support it per Rails 8 deprecations. See: https://github.com/rails/rails/blob/8-0-stable/actionview/CHANGELOG.md#rails-800rc1-october-19-2024

Handle Rails 8 syntax additions to the error text.

.circleci/config.yml

@@ -224,7 +224,7 @@ commands:
             mkdir -p /tmp/dummy_extension
             cd /tmp/dummy_extension
             bundle init
-            bundle add rails -v "< 8.0" --skip-install
+            bundle add rails -v "< 8.1" --skip-install
             bundle add sqlite3 -v "~> 2.0" --skip-install
             test -n "<<parameters.extra_gems>>" && bundle add <<parameters.extra_gems>> --skip-install
             bundle add solidus --path "$(ruby -e"puts File.expand_path ENV['CIRCLE_WORKING_DIRECTORY']")"
@@ -352,7 +352,7 @@ workflows:
             {
               parameters:
                 {
-                  rails: ["7.0", "7.1", "7.2"],
+                  rails: ["7.0", "7.1", "7.2", "8.0"],
                   ruby: ["3.1"],
                   database: ["mysql"],
                   paperclip: [true],
@@ -364,7 +364,7 @@ workflows:
             {
               parameters:
                 {
-                  rails: ["7.0", "7.1", "7.2"],
+                  rails: ["7.0", "7.1", "7.2", "8.0"],
                   ruby: ["3.1"],
                   database: ["postgres"],
                   paperclip: [false],
@@ -388,7 +388,7 @@ workflows:
             {
               parameters:
                 {
-                  rails: ["7.2", "main"],
+                  rails: ["7.2", "8.0", "main"],
                   ruby: ["3.3.5"],
                   database: ["sqlite"],
                   paperclip: [false],

.rubocop_todo.yml

@@ -92,7 +92,6 @@ Layout/EmptyLinesAroundAttributeAccessor:
     - "core/app/models/spree/stock_quantities.rb"
     - "core/app/models/spree/variant.rb"
     - "core/lib/spree/app_configuration.rb"
-    - "core/lib/spree/permission_sets/base.rb"
     - "core/lib/spree/preferences/configuration.rb"
     - "core/spec/lib/spree/core/validators/email_spec.rb"
     - "core/spec/models/spree/preferences/statically_configurable_spec.rb"
@@ -145,7 +144,6 @@ Layout/MultilineOperationIndentation:
   Exclude:
     - "core/lib/spree/core/engine.rb"
     - "core/lib/spree/core/importer/order.rb"
-    - "core/lib/spree/permission_sets/default_customer.rb"
     - "core/lib/spree/testing_support/factories/address_factory.rb"
 
 # Offense count: 3
@@ -525,7 +523,6 @@ Style/CommentAnnotation:
     - "backend/app/controllers/spree/admin/products_controller.rb"
     - "backend/app/controllers/spree/admin/resource_controller.rb"
     - "core/app/models/spree/payment_method/store_credit.rb"
-    - "core/lib/spree/permission_sets/user_management.rb"
     - "core/lib/spree/testing_support/rake.rb"
     - "core/spec/models/spree/variant/scopes_spec.rb"
 

Gemfile

@@ -8,7 +8,7 @@ gemspec require: false
 if /(stable|main)/.match? ENV['RAILS_VERSION']
   gem 'rails', github: 'rails', require: false, branch: ENV['RAILS_VERSION']
 else
-  gem 'rails', ENV['RAILS_VERSION'] || ['> 7.0', '< 8.0.0.beta1'], require: false
+  gem 'rails', ENV['RAILS_VERSION'] || ['> 7.0', '< 8.1.0.beta1'], require: false
 end
 # rubocop:enable Bundler/DuplicatedGem
 
@@ -19,7 +19,7 @@ dbs = ENV['DB_ALL'] ? 'all' : ENV.fetch('DB', 'sqlite')
 gem 'mysql2', '~> 0.5.0', require: false if dbs.match?(/all|mysql/)
 gem 'pg', '~> 1.0', require: false if dbs.match?(/all|postgres/)
 gem 'fast_sqlite', require: false if dbs.match?(/all|sqlite/)
-gem 'sqlite3', '~> 1.4', require: false if dbs.match?(/all|sqlite/)
+gem 'sqlite3', '~> 2.0', require: false if dbs.match?(/all|sqlite/)
 
 
 gem 'database_cleaner', '~> 2.0', require: false

admin/app/components/solidus_admin/ui/forms/input/component.rb

@@ -93,13 +93,24 @@ def call
       with_content options_for_select(@attributes.delete(:choices), @attributes.delete(:value))
     end
 
-    tag.public_send(
-      @tag,
-      content,
+    options = {
       "data-controller": stimulus_id,
       "data-#{stimulus_id}-custom-validity-value": @error.presence,
       "data-action": "#{stimulus_id}#clearCustomValidity",
       **@attributes
-    )
+    }
+
+    if tag.method(@tag).parameters.any? { |_type, name| name == :content }
+      tag.public_send(
+        @tag,
+        content,
+        **options
+      )
+    else
+      tag.public_send(
+        @tag,
+        **options
+      )
+    end
   end
 end

api/spec/requests/spree/api/shipments_spec.rb

@@ -75,7 +75,7 @@ module Spree::Api
           it 'returns proper error' do
             subject
             expect(response.status).to eq(422)
-            expect(json_response['exception']).to eq("param is missing or the value is empty: stock_location_id")
+            expect(json_response['exception']).to match(/param is missing or the value is empty( or invalid)?: stock_location_id/)
           end
         end
       end

api/spec/requests/spree/api/stock_items_spec.rb

@@ -86,7 +86,7 @@ module Spree::Api
 
       it 'requires a stock_location_id to be passed as a parameter' do
         get spree.api_stock_items_path
-        expect(json_response['exception']).to eq('param is missing or the value is empty: stock_location_id')
+        expect(json_response['exception']).to match(/param is missing or the value is empty( or invalid)?: stock_location_id/)
         expect(response.status).to eq(422)
       end
 

core/app/models/spree/permission_sets/base.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # This is the base class used for crafting permission sets.
+    #
+    # This is used by {Spree::RoleConfiguration} when adding custom behavior to {Spree::Ability}.
+    # See one of the subclasses for example structure such as {Spree::PermissionSets::UserDisplay}
+    #
+    # @see Spree::RoleConfiguration
+    # @see Spree::PermissionSets
+    class Base
+      # @param ability [CanCan::Ability]
+      #   The ability that will be extended with the current permission set.
+      #   The ability passed in must respond to #user
+      def initialize(ability)
+        @ability = ability
+      end
+
+      # Activate permissions on the ability. Put your can and cannot statements here.
+      # Must be overridden by subclasses
+      def activate!
+        raise NotImplementedError.new
+      end
+
+      # Provide the permission set privilege in the form of a :symbol.
+      # Must be overridden by subclasses.
+      def self.privilege
+        raise NotImplementedError, "Subclass #{name} must define a privilege using `self.privilege :symbol`"
+      end
+
+      # Provide the permission set category in the form of a :symbol.
+      # Must be overridden by subclasses.
+      def self.category
+        raise NotImplementedError, "Subclass #{name} must define a category using `self.category :symbol`"
+      end
+
+      private
+
+      attr_reader :ability
+
+      delegate :can, :cannot, :user, to: :ability
+    end
+  end
+end

core/app/models/spree/permission_sets/configuration_display.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read-only permissions for e-commerce settings.
+    #
+    # Roles with this permission will be able to view information, also from the admin
+    # panel, about:
+    #
+    # - Tax categories
+    # - Tax rates
+    # - Zones
+    # - Countries
+    # - States
+    # - Payment methods
+    # - Taxonomies
+    # - Shipping methods
+    # - Shipping categories
+    # - Stock locations
+    # - Stock movements
+    # - Refund reasons
+    # - Reimbursement types
+    # - Return reasons
+    class ConfigurationDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :display
+        end
+
+        def category
+          :configuration
+        end
+      end
+
+      def activate!
+        can [:read, :admin], Spree::TaxCategory
+        can [:read, :admin], Spree::TaxRate
+        can [:read, :admin], Spree::Zone
+        can [:read, :admin], Spree::Country
+        can [:read, :admin], Spree::State
+        can [:read, :admin], Spree::PaymentMethod
+        can [:read, :admin], Spree::Taxonomy
+        can [:read, :admin], Spree::ShippingMethod
+        can [:read, :admin], Spree::ShippingCategory
+        can [:read, :admin], Spree::StockLocation
+        can [:read, :admin], Spree::StockMovement
+        can [:read, :admin], Spree::RefundReason
+        can [:read, :admin], Spree::ReimbursementType
+        can [:read, :admin], Spree::ReturnReason
+      end
+    end
+  end
+end

core/app/models/spree/permission_sets/configuration_management.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Read and write permissions for e-commerce settings.
+    #
+    # Roles with this permission set will have full control over:
+    #
+    # - Tax categories
+    # - Tax rates
+    # - Zones
+    # - Countries
+    # - States
+    # - Payment methods
+    # - Taxonomies
+    # - Shipping methods
+    # - Shipping categories
+    # - Stock locations
+    # - Stock movements
+    # - Refund reasons
+    # - Reimbursement types
+    # - Return reasons
+    class ConfigurationManagement < PermissionSets::Base
+      class << self
+        def privilege
+          :management
+        end
+
+        def category
+          :configuration
+        end
+      end
+
+      def activate!
+        can :manage, Spree::TaxCategory
+        can :manage, Spree::TaxRate
+        can :manage, Spree::Zone
+        can :manage, Spree::Country
+        can :manage, Spree::State
+        can :manage, Spree::PaymentMethod
+        can :manage, Spree::Taxonomy
+        can :manage, Spree::ShippingMethod
+        can :manage, Spree::ShippingCategory
+        can :manage, Spree::StockLocation
+        can :manage, Spree::StockMovement
+        can :manage, Spree::RefundReason
+        can :manage, Spree::ReimbursementType
+        can :manage, Spree::ReturnReason
+      end
+    end
+  end
+end

core/app/models/spree/permission_sets/dashboard_display.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Permissions for viewing the admin dashboard.
+    #
+    # Roles with this permission set will be able to view the admin dashboard,
+    # which may or not contain sensitive information depending on
+    # customizations.
+    class DashboardDisplay < PermissionSets::Base
+      class << self
+        def privilege
+          :other
+        end
+
+        def category
+          :dashboard_display
+        end
+      end
+
+      def activate!
+          Spree.deprecator.warn "The #{self.class.name} module is deprecated. " \
+            "If you still use dashboards, please copy all controllers and views from #{self.class.name} to your application."
+          can [:admin, :home], :dashboards
+      end
+    end
+  end
+end

core/app/models/spree/permission_sets/default_customer.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module Spree
+  module PermissionSets
+    # Permissions for e-commerce customers.
+    #
+    # This permission set is always added to the `:default` role, which in turn
+    # is the default role for all users without any explicit roles.
+    #
+    # Permissions include reading and updating orders when the ability's user
+    # has been assigned as the order's user, unless the order is already
+    # completed. Same is true for guest checkout orders.
+    #
+    # It grants read-only permissions for the following resources typically used
+    # during a checkout process:
+    #
+    # - Zones
+    # - Countries
+    # - States
+    # - Taxons
+    # - Taxonomies
+    # - Products
+    # - Properties
+    # - Product properties
+    # - Variants
+    # - Option types
+    # - Option values
+    # - Stock items
+    # - Stock locations
+    #
+    # Abilities with this role can also create refund authorizations for orders
+    # with the same user, as well as reading and updating the user record and
+    # their associated cards.
+    class DefaultCustomer < PermissionSets::Base
+      class << self
+        def privilege
+          :other
+        end
+
+        def category
+          :default_customer
+        end
+      end
+
+      def activate!
+        can :read, Country
+        can :read, OptionType
+        can :read, OptionValue
+        can :create, Order do |order, token|
+          # same user, or both nil
+          order.user == user ||
+            # guest checkout order
+            order.email.present? ||
+            # via API, just like with show and update
+            (order.guest_token.present? && token == order.guest_token)
+        end
+        can [:show, :update], Order, Order.where(user:) do |order, token|
+          order.user == user || (order.guest_token.present? && token == order.guest_token)
+        end
+        cannot :update, Order do |order|
+          order.completed?
+        end
+        can :create, ReturnAuthorization do |return_authorization|
+          return_authorization.order.user == user
+        end
+        can [:read, :update], CreditCard, user_id: user.id
+        can :read, Product
+        can :read, ProductProperty
+        can :read, Property
+        can :create, Spree.user_class
+        can [:show, :update, :update_email], Spree.user_class, id: user.id
+        can :read, State
+        can :read, StockItem, stock_location: { active: true }
+        can :read, StockLocation, active: true
+        can :read, Taxon
+        can :read, Taxonomy
+        can [:save_in_address_book, :remove_from_address_book], Spree.user_class, id: user.id
+        can [:read, :view_out_of_stock], Variant
+        can :read, Zone
+      end
+    end
+  end
+end