Workarea 3.5.4 (2020-01-21) -------------------------------------------------------------------------------- * Ignore elements with no ID value when announcing duplicate IDs on-page WORKAREA.duplicateID was throwing a false positive exception when it would find elements containing an `id` attribute with no value specified. This behavior should be allowed, since empty ID values should pose no issues for the developer WORKAREA-184 Curt Howard * Add link to edit the footer area of Layout content in Shortcuts We need to be more permissive in our linking to footer content areas from the header, since themes and builds can technically rename these areas. Now this link will point to the first content area that contains the word 'footer'. WORKAREA-145 Curt Howard * Order release changesets during publishing, touch releasables after publish WORKAREA-164 Matt Duffy Workarea 3.5.3 (2020-01-07) -------------------------------------------------------------------------------- * Another hardcoded 2020 fix We've all learned our lesson, right? Ben Crouse * Pin version for wysihtml-rails Setting the version to 0.6.0.beta2 fixes the dependency issues that arose after the new version of Bundler. Jeff Yucis * Fix some references to 2020 These were causing build failures. Assuming these fixes got lost in a merge. Ben Crouse * Reuse new Activity UI for main dashboard in Admin WORKAREA-138 Curt Howard * Use the Rack session ID cookie value for user activity session IDs Rack >= 2.0.8 adds the idea private/public session IDs to prevent timing attacks where a session ID can be stolen. This is big for sessions stored in databases because the session can then be stolen. Workarea only supports a cookie session store, so we can continue to safely use the cookie value of the session ID for metrics lookups. You can learn more about the Rack vulnerability here: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 Ben Crouse * Disallow multiple form submissions throughout the Admin Disable any submit button within a form after submission to prevent multiple clicks. Also be less opinionated with disabled inputs and buttons, applying only an opacity and a cursor style, which allows relevant component's disabled states to more easily be inherited. WORKAREA-133 Curt Howard * Fix Performance Test Task Instead of using a Boolean `true` value, use the String `"true"` so Ruby won't complain when running the task. WORKAREA-156 Tom Scott Workarea 3.5.2 (2019-12-19) -------------------------------------------------------------------------------- * Use the Rack session ID cookie value for metrics session IDs Rack >= 2.0.8 adds the idea private/public session IDs to prevent timing attacks where a session ID can be stolen. This is big for sessions stored in databases because the session can then be stolen. Workarea only supports a cookie session store, so we can continue to safely use the cookie value of the session ID for metrics lookups. You can learn more about the Rack vulnerability here: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 Ben Crouse * Don't bother with segmentation for SVG requests Ben Crouse * Fix bad method call in migrate task Ben Crouse * Add a Shortcut for editing the Footer to Admin WORKAREA-145 Curt Howard Workarea 3.5.1 (2019-12-17) -------------------------------------------------------------------------------- * Bump Puma version to fix security advisory See https://github.com/advisories/GHSA-7xx3-m584-x994 for more details. Ben Crouse * Exclude Update Timestamp From Imports Update the `:updated_at` timestamp to the current time when existing models are updated via an import, and ignore any settings of the `:updated_at` timestamp in JSON/CSV imports, as this can interfere with cache key generation. WORKAREA-126 Tom Scott * Improve Redis configuration defaulting This makes Redis configuration a little more robust, allowing partial configuration values that will always end up falling back to defaults. Ben Crouse * Fix time zone querying for insights and reports Data was getting stored correctly, but not queried correctly. When building aggregations for MongoDB, the Mongoid logic to use UTC does not kick in since it's not going through the Mongoid DSL. This was the lowest impact fix. Changing how we store reporting_on will invalidate current data and not allow for changing timezones later. WORKAREA-135 Ben Crouse * Fix Install Generator On Freshly Created App (#274) The `workarea:install` generator failed with an error finding the `Storefront::Engine` constant when it was run against a freshly generated Rails 5.2.3 application. To resolve this, require the necessary engines in **lib/workarea/core.rb** so the application loads properly the first time, and can run the generator. WORKAREA-134 Tom Scott * [DOCS] Add/improve payment tender types documentation Existing payment tender type documentation is limited to the credit card tender type, covers only a portion of the implementation, and does not explain the concepts or provide context to those new to the platform. Replace and significantly expand coverage, providing 3 separate howtos: * Customize the Credit Card Tender Type * Implement a Primary Tender Type * Implement an Advance Payment Tender Type WORKAREA-13 Chris Cressman * Remove Logstasher as a dependency (#273) Logstasher isn't required to run an instance of Workarea. This dependency is being moved to the `workarea-commerce_cloud` gem for hosting. Eric Pigeon * Fix password config not available when building indexes This causes a null value for expireAfterSeconds when creating indexes in Mongo. Ben Crouse * Add index for better redemption querying As suggested by the hosting team. Ben Crouse * Restrict release datetimepicker to dates in the future WORKAREA-65 Matt Duffy * Add activate_with as a field on block drafts for compatibility Matt Duffy * Fix adding a new first content block hidden This can happen in certain release conditions WORKAREA-111 Ben Crouse * Remove Releasable module from Content::BlockDraft WORKAREA-121 Matt Duffy * Fix nil search customizations when inactive in ProductSearch WORKAREA-80 Ben Crouse * Fix polymorphic embedded relations in CSV importing/exporting WORKAREA-120 Ben Crouse Workarea 3.5.0 (2019-11-26) -------------------------------------------------------------------------------- * Add caching to order item details results This was a point of bottleneck during recent Reformation load-testing. WORKAREA-102 Ben Crouse * Add admin alert when a newer workarea version is available WORKAREA-107 Matt Duffy * Base discount auto-deactivation on updated_at, expose auto_deactivate field WORKAREA-114 Matt Duffy * Ensure UTF-8 Encoding of Data File Import Samples This ensures data file import samples are always treated as UTF-8. While Ruby itself does do this pretty well, and most browsers are good at guessing the file type/encoding based on the contents of the file, there might be some outliers that rely on metadata that's a bit more strictly adhered to. This change ensures that sample CSV/JSON files are delivered to the user as an attachment, and using the correct MIME type, so that they register as such when downloaded by the browser. Previously, all imports were showing as "TXT file" types, when they were really "CSV file" or "JSON file", and at least in Firefox, they were not downloading when you clicked the sample link. Instead, a new tab would open (since Firefox thinks it's a text file), and you have to refresh the page to actually get the browser to download the file. WORKAREA-77 Tom Scott * Import UTF-8 CSVs With BOM Characters UTF-8 doesn't need a BOM in order to start or end a file, but these characters can end up in CSVs generated by older software that doesn't have great support for Unicode. As a result, if a BOM is in the CSV near `_id` it will cause improper importing of the data held within. To address this, Workarea now specifies the `bom|` prefix in the `:encoding` param for `CSV.foreach` by default. This can still be overridden if you have an ASCII file, and since BOM stripping doesn't really apply, developers can override the entire encoding string in configuration if necessary. But this is a sane default for those who use UTF-8 and happen to be exporting out of older spreadsheet software. WORKAREA-79 Tom Scott * Fix content block asset uploads, set redis key to reduce S3 CORS config requests WORKAREA-109 Matt Duffy * Handle display of missing segment for active_by_segment admin filter Matt Duffy * Add admin alert for segmented resources with no matching segments WORKAREA-116 Matt Duffy * Clean up generic admin activity view partials WORKAREA-117 Matt Duffy * Clean up generic admin activity view partials Matt Duffy * Allow redis to be configured with TLS (#234) Matt Martyn * Update Tests Referencing 2020 The credit card expiration year `2020` was hard-coded into many Workarea integration tests, and would fail when January 2020 passes. Update these tests to always set the credit card expiration year to 1 year in advance of when the test runs so this won't happen again in the future. WORKAREA-104 Fixes #222 Tom Scott * Extend impersonation notification to guest browsing WORKAREA-115 Matt Duffy * Add special tags information tooltip to content asset tags field WORKAREA-99 Matt Duffy * Add Event functionality to Timeline Report UI WORKAREA-86 Curt Howard * Expand last order segment rule to allow not ordered within WORKAREA-90 Matt Duffy * Bump Chartkick dependency to fix security warning Fixes bundler-audit failures in builds. Ben Crouse * Add link to browse as a guest to admin shortcuts menu Matt Duffy * Add discount cards append point Ben Crouse * Create the life cycle segments as part of migration task Ben Crouse * Use query string over ID for insights display Query string will also be used in the search autocomplete output. Ben Crouse * Remove require_permission for admin guest browsing Matt Duffy * [DOCS] Improve table of contents for docs The table of contents that appears within each doc contains a link to every h2-h6 in the document. Therefore, in longer docs, the TOC gets quite crowded and stops communicating the overall structure of the doc. Help readers maintain context by simplifying the TOC, limiting links to h2-h3. I spot-checked docs of various lengths and found this version of the TOC more useful in all cases. WORKAREA-96 Chris Cressman * Update `Redis::Rack::Cache` to v2.2.0 This new version requires `Rack::Cache` v1.10 and enables over-the-wire gzip compression to the Redis server. This feature is useful for extremely high traffic sites, but should be used with caution since it will increase the CPU/RAM load on your application server. You should use this if the trade-off between RAM increase and bandwidth decrease makes sense. WORKAREA-94 Tom Scott * Bump Chartkick dependency to fix security warning Fixes bundler-audit failures in builds. Ben Crouse * Add index to SearchByDay model Bryan Alexander * Add index to SearchByDay model Bryan Alexander * Add admin browsing by segmentable content This adds "Active by Segment" as a filter, and adds a "Content" card to segments to surface what stuff has been setup specifically for a segment. WORKAREA-89 Ben Crouse * Remove now-unneeded version restriction on the BSON gem If we remove this restriction, we can use newer versions of the `mongo` gem, which contain cluster fixes. Ben Crouse * [DOCS] Rename and update doc for testing CC transactions Rename "Test a Credit Card Transaction" to "Manually Test Credit Card Transactions" and update the content. The content was specific to a particular gateway and didn't make that clear. These changes provide a generic solution in addition to the specifics for the default gateway. The title confused devs who reviewed this doc in a different PR, thinking that it had to do with automated testing. WORKAREA-13 Chris Cressman Workarea 3.5.0.beta.1 (2019-11-07) -------------------------------------------------------------------------------- * Allow storing non-unique recently viewed items This will allow us to do better segmenting in the future with rules like "viewed this product more than once". WORKAREA-88 Ben Crouse * Fix Incorrect Test Setup The `Pricing::Calculators::Calculator.test_adjust` method accepts two arguments, and expects the first argument is going to be of type `Order`, but in a `TaxCalculator` test only a shipping was being passed in. Update this test to use the correct syntax so that other downstream projects that expect data to be on an Order won't get confused. Tom Scott * Allow an asset to be tagged 'og-default' to use for open graph images WORKAREA-76 Matt Duffy * Move segment overriding into middleware To enable correct segment headers and caching, segment overriding will need to happen in middleware. To accomplish this, we'll need to store whether someone is an admin in their metrics. This has a nice side-effect of not needing the `cache` cookie anymore, so that's being removed. Ben Crouse * Add buttons to allow admin users to subscribe/unsubscribe from comments WORKAREA-75 Matt Duffy * Add browser info options for segment rules This also replaces Workarea's `Robots` class with use of the `browser` gem, which keeps far better and updated checks. Ben Crouse * Adds graceful handling of timestamps from CSV imports WORKAREA-24 Matt Duffy * Don't default to S3 asset store This causes problems spinning up environments in other hosting setups where S3 isn't available or desired. To retain the old behavior (which you'll want if you're on the Workarea Commerce Cloud) drop this into an initializer: `Workarea.config.asset_store = (Rails.env.test? || Rails.env.development?) ? :file_system : :s3` WORKAREA-32 Ben Crouse * Use private HTTP caching headers for responses with segmented content If a page has segmented content, it can't be cached by any upstream HTTP caches because the user's segments can change request-by-request. Our solution is to use the headers we've been using for cached responses if the page has no segmented content. If it does have segmented content, change those headers to force refetching every time, while allowing the server to return a 304 to eliminate sending unnecessary responses. This is being done in a piece of middleware to ensure to Rack::Cache the headers look the same. This allows us to still cache complete responses in Rack::Cache for requests with segmented content. This commit also refactors the middleware that sets this all up into a single ApplicationMiddleware so it's easier to see everything going on in one file. WORKAREA-36 Ben Crouse * Don't shell out to bundler to get gem path This can cause problems if bundler outputs warnings/errors. There's a safe way to do it in Ruby, so use that instead. Fixes #191 Ben Crouse * Add a hook method to allow extending product's activeness Plugins like package products need a place to add more logic to a product's activeness without having to reimplement all of active's `super`. With the addition of segments, this becomes a bunch of code. Ben Crouse * Allow content to be appended to head element in Content WORKAREA-4 Curt Howard * Add notes about admin config fields and encryption to upgrade guide WORKAREA-25 Matt Duffy * Integrate segments into discount cache keys Also, since we won't be able to expire keys in a performant way (delete_matched is O(N) on the number of keys in Redis), we'll have to remove discount cache busting. Ben Crouse * Fix changeset loading missing root Can raise an error when rendering changesets on the release's show page. Ben Crouse * Implement Tribute.js for comment notifications WORKAREA-6 Curt Howard * Fix issue around Visit#referrer and Puma Curt Howard * Add segmented icons to index pages Ben Crouse * Add segment icon to content blocks UI Ben Crouse * Rework FeaturedCategorizations to allow easier decoration WORKAREA-21 Matt Duffy * Removes Puma auto-configuration (#151) This is going to part of the `workarea-commerce_cloud` gem going forward. If you're a subscriber to the Workarea Commerce Cloud service, you should include that gem in your project to get Puma and other configuration for that service. Jesse McPherson * Fix Product URL In Breadcrumbs The `storefront_url_for` method doesn't handle models other than taxons, but the Schema.org helpers use it to render breadcrumb URLs in the `BreadcrumbList` for any model that's in the breadcrumbs. To prevent incorrect URLs from showing up in the breadcrumbs, the `Navigation::Breadcrumbs` class has been modified to accept a model object as its `:last` parameter, instead of just a name, to be added to an arbitrary `Navigation::Taxon` created for the purpose of rendering both the name and URL of the final navigation taxon. This wasn't needed prior to the introduction of Schema.org's `BreadcrumbList`, because the final URL of breadcrumbs was always left out. The helper methods that render the breadcrumbs will continue to leave out the final taxon's URL, but for breadcrumbs in Schema.org, the URL will now be included. (#83) Tom Scott * Apply tax to items that do not require shipping * Adds Payment lookup to pricing request * Modifies TaxCalculator to check shipped and not shipped items * Renames TaxApplier to ShippedTaxApplier, Uses TaxApplier for not shipped items Matt Duffy * Update order documentation for Workarea 3.5 Cover suspected fraud. Closes #99 Chris Cressman * Allow setting active by segment This allows configuring releasable resources to be active only for certain segments. If no segments are specified, it will be active globally. If segments are specified, only those segments will be able to see it. For #102 Ben Crouse * Pass Options To `Storefront::UserActivityViewModel` This was an oversight that got caught and fixed in the `flow-io` plugin, but should really be in base since it will allow more control over the product summaries on the recent views action. The `view_model_options` were not getting passed into the `UserActivityViewModel`, and thus the `ProductViewModel` instances that it creates, causing some stale content to appear in the view. Tom Scott * Surface Asset alt text and behavior within Content Blocks (#95) In an effort to make the recent updates to alt text overridding in Content Blocks a bit clearer, alt text is now being output: - On the content assets index view - In the title for a content asset summary Default alt text has been removed from the Content block DSL, which makes the default text come directly from the Asset itself. The help text displayed on Asset Content Blocks always appears now, better explaining the behavior of this feature. Curt Howard * Spruce up Timeline UI (#58) The `activity`, `activity-group`, and `date-marker` UIs couple together to create, what's unofficially referred to as, The Timeline UI. These components have been neglected for a long time... until now! Curt Howard * Update inventory docs for Workarea 3.5 (#98) Add coverage of inventory collection status, a new concept in Workarea 3.5 Chris Cressman * Update search docs for Workarea 3.5 (#97) * Remove references to Storefront autocomplete * Update examples to reflect release-specific search documents * Call out the impact of current release and current segments on search documents Chris Cressman * Remove Refund Tests Since we're no longer able to regenerate VCR cassettes at-will (due to credentials needing to be scrubbed before pushing to GitHub), this configuration setting is no longer necessary, and furthermore, could potentially prevent legitimate tests from running and catching bugs in the wild. They're only used in one plugin, so remove the tests from base and copy them into the plugin. Tom Scott * Refine fullfillment UI around skus and tokens * Change package messaging for items with no carrier and tracking number * Add table of fulfillment tokens associated to an order * Fix paginating fulfillment tokens Closes #93 Matt Duffy * Remove Schema.org structured data from unspiderable pages There seems to be little reason to bloat the markup of pages explicitly disallowed in our default `robots.txt` file. Closes #82 Curt Howard * Remove /wish_lists entry from Robots.txt This was a relic from a more monolithic age and will be readded by workarea-commerce/workarea-wish-lists#2. Closes #106 Curt Howard * Add config field to limit total item count for a single cart Matt Duffy * Update docs to reflect changes in Workarea 3.5 * Storefront price partial removed * `Workarea.with_config` obsoleted by automatic resetting of configuration between tests * Changes to headless Chrome configuration * Changes to Sidekiq queues * Addition of `query_cache` Sidekiq option Chris Cressman * Add Workarea 3.5 release notes * Add 3.5 release notes doc * Link to 3.5 release notes doc from release notes index * Rename and modify 3.5 upgrade guide for consistency with 3.4 upgrade guide * Cross-reference 3.5 release notes and upgrade guide * Clean up upgrade guide * Fix title of doc added for v3.5 Chris Cressman * Factor release id into discount cache keys closes #43 Matt Duffy * Update content block helper to use view helper cache method. This was previously using Rails low level caching, which does not factor in varies headers or prevent caching for admins. Matt Duffy * Fix showing comments without authors in admin Comments generated in plugins don't have an author; update the view to handle rendering when the `author_id` is nil. Eric Pigeon * add query_cache flag to index workers Matt Duffy * Eliminate n+1 query from ProductPrimaryNavigation Matt Duffy * Eliminate n+1 query from FeaturedCategorization Matt Duffy * Add query cache middleware for sidekiq to provide options for enabling query caches Matt Duffy * Use the same Mongo connection options for the index enforcement warning. Fixes #31 Ben Crouse * Only check notablescan in development #31 Jesse McPherson * Completely remove jQuery UI Autocomplete Curt Howard * Remove Search Autocomplete Porting to https://github.com/workarea-commerce/workarea-classic-search-autocomplete Curt Howard * Update sales report queries and metric indexes for cancellations (#14) Matt Duffy * Remove Search Autocomplete (#16) This functionality is being moved to `workarea-classic-search-autocomplete` to maintain compatibility. Going forward, a new improved `workarea-search-autocomplete` is the preferred search autocomplete for Workarea. It's much improved. Curt Howard * Remove artifact from conflict resolution Jake Beresford * Initial commit for v3.5 Ben Crouse Workarea 3.4.20 (2019-10-30) -------------------------------------------------------------------------------- * Fix logout from pages without authenticity tokens On pages without authenticity tokens (like HTTP cached pages), clicking log out won't work because Rails is checking for that. This disables that check for logout to fix. WORKAREA-66 Ben Crouse * [DOCS] Fix/improve various docs based on community feedback Navigating the Code * Fix typos and difficult wording * More clearly define the term "meta-gem" Seeds: * Remove vestiges of previous build system * Make some code blocks easier to copy and paste * Update plugin examples to use only plugins that are published to RubyGems.org Create a New App: * Update introduction and outline to latest style * Fix incorrect command for seeding * Make code blocks easier to copy and paste * Explain how to get help if experiencing issues WORKAREA-62 Chris Cressman * Bump Loofah dependency to fix bundler-audit error Ben Crouse * Mount api engine in routes during workarea:install if api is installed Matt Duffy * Update Docker image build workflow Matt Duffy * Update demo Dockerfile to use plugins WORKAREA-7 Matt Duffy * Update README with docker memory messaging WORKAREA-8 Matt Duffy * Modify SystemTest to help increase reliability of #within_frame * Move #wait_for_iframe to SystemTest class * Add #within_frame to methods that wait for xhr requests * Use #wait_for_iframe on spotty ImpersonationSystem Test Matt Duffy Workarea 3.4.19 (2019-10-16) -------------------------------------------------------------------------------- * Fix missing aspect ratio magic attribute This magic attribute doesn't need to be calculated, it's the inverse of the aspect ratio we already have. Ben Crouse * v3.4.19 Patch Release Notes Tom Scott * Improve Mailer Documentation Direct readers to ActionMailer resources when they're looking to create new mailers rather than style or modify existing ones. Also added some information about unit testing mailer classes. Tom Scott * Lock Down Sprockets to v3.7.2 Sprockets v4.0 was released on 10/8/2019, which removed the `.register_engine` method that is depended on by many extensions to Sprockets at the current moment. Lock down Sprockets to v3.7.2 to avoid these issues, which will show up when the app is loaded or tests are run. WORKAREA-18 Tom Scott * Keep `_id` Suffix In Customized Fields When adding a customized field to a `Customizations` class that ends in `_id`, Workarea was previously stripping this suffix from the computed instance variable name that is converted into snake case from any kind of input. This causes issues because the data doesn't appear to be making it into customizations, but is really there under a different instance variable name. To resolve the issue, Workarea is now using the `#underscore` String helper prior to calling `#optionize`, which will cause the value to be properly cased before it's displayed to the end user. (#144) Tom Scott * Fix Self-Referential Category Rules Adding the same ID to a category product rule matching the product list that contains it results in some wonky results coming back. This was originally diagnosed as an issue when combining category rules, but in reality, it has to do with an admin mis-using the product rules interface and perhaps accidentally using the category's own ID in a product rule. To prevent this from happening, prevent the category's own ID from being selectable in the admin interface. (#52) Tom Scott * Improve order of changesets in Timeline UI (#124) The Timeline UI should now display: 1. Unscheduled changesets 1. Scheduled changesets, ordered by the release's publish date, descending 1. Today (if applicable) 1. Historical changesets Curt Howard Workarea 3.4.18 (2019-10-01) -------------------------------------------------------------------------------- * Fix test failure due to iframe loading This test has started failing due to Capybara or Selenium not finding the release select in the iframe. A simple sleep fixes the problem, we weren't able to track down a proper cause. We'll be refactoring the admin toolbar away from an iframe in v3.6, so this will be a temporary hack to fix. We'll remove this at that point in time. Ben Crouse * Fix Faraday dependency issue Curt Howard Workarea 3.4.17 (2019-10-01) -------------------------------------------------------------------------------- * Add Inverse Aspect Ratio To Product Image Fields (#118) Populate the `:image_inverse_aspect_ratio` automatically using Dragonfly, in order to reduce the amount of requests made to S3 in order to find out this information. (#116) Tom Scott * Exclude docs/ from the gem build Matt Duffy * Ensure Tags Are Unique When inserting tags into a taggable document, make sure their values are unique. This addresses an issue where incorrect tag counts were being displayed on the storefront. Fixes #112 Tom Scott * Display Referrer URL in tooltip on Order Attributes in Admin Due to the length of URLs being displayed on Order Attributes in the admin they will potentially break layout. Now they are displayed within a tooltip behind a "View" link click. The resulting tooltip will prompt the user to copy the contents of a text box containing the URL. Fixes #60 Curt Howard * Fix incorrect URL for workarea support on CLI documentation Matt Duffy * Add checkout confirmation append point (#76) Adds append point below default order confirmation text. Jeff Yucis * Fix blank default category in admin ProductViewModel (#55) `ProductViewModel#default_category` now protects against a `nil` value for the default category before passing its value into a view model. Fixes #33 Tom Scott * Replace App Template Command With Install Generator in Upgrade Docs In the upgrade guide for v3.4, we're instructing users to apply an app template which no longer exists. Instead of using the app template, we now rely on a generator called `workarea:install` to place the expected files into your Rails app directory, so update the command in docs to avoid confusion. Tom Scott * Improve plugin template * Updates usage documentation at top of template * Properly namespace directories under `app/assets` * Set starting version to `1.0.0.pre` * Point to HTTPS GitHub url instead of SSH * Clean up generated README * Add LICENSE * Link license in gemspec and README * Fix indentation and whitespace issues in gemspec * Remove `script/` directory * Clean up generated gitignore * Fix link to developer documentation in README * Fix flagrant quote fail for required Rails engines Closes #25 Curt Howard Workarea 3.4.16 (2019-09-17) -------------------------------------------------------------------------------- * Ensure test only asserts product details for product system test * Parse URL When Ensuring CORS for Direct Uploads The `request.url` returns the full URL, with path included. This isn't valid for a CORS header, which needs just the scheme, host, and port if it's non-standard. Update the `DirectUpload.ensure_cors!` method to parse out those pieces of the URL and re-assemble it for the CORS header and ID. * Use current URL for direct upload CORS headers (#20) Direct uploads can fail locally if your `Workarea.config.host` is not set to the domain you are currently using in the browser. To prevent this, instead of reading from the configuration when ensuring CORS headers on the S3 bucket, use the URL from the request for S3 CORS config. Addresses a problem whereby changing the domain (either accidentally or on-purpose) causes direct uploads to fail, since it can't create the proper CORS headers needed to transmit files into the bucket directly. Workarea 3.4.15 (2019-09-04) -------------------------------------------------------------------------------- * Customize Search Queries That Return an Exact Match (#22) It's currently possible to customize search queries that return an exact match, but instead of seeing the customized results when you run the query, you'll be redirected to the product page since the `StorefrontSearch::ExactMatches` middleware stops further middleware execution and sets a redirect to the product path. To resolve the issue, Workarea will now ignore this middleware if a customization is present on the search response. Discovered by @ryaan-anthony of **Syatt Media**. Thanks Ryan! * Add Generic Activity Partials (#4) Empty results were still being seen in the trash when a model that doesn't explicitly have an activity partial defined is encountered. This is due to the `render_activity_entry` helper rescuing an `ActionView::TemplateError` to return a blank string. To resolve this issue, models that are tracked by `Mongoid::AuditLog`, without an explicit activity partial defined will be rendered using a generic partial, showing the class name and ID of the audited model, as something to render in the listing so that pages of blank results aren't shown. * Remove minitest plugin (#12) This existed for CI purposes on Bamboo, and we don't need it here after moving to Github. It has been moved the `workarea-ci` gem for backwards compatibility. * Fix Deep Duplication of Swappable Lists (#13) The `Workarea::SwappableList` class does not get duplicated correctly when `Workarea.config.deep_dup` is used. This was observed while using multi-site and attempting to change a swappable list for only one site. Define the `#deep_dup` method to return a new object instead of referencing the existing one. * Publish Releases In Background Job When a release is published, but has too many changes, it can cause a request timeout because it can't be fully published within the allotted 15 seconds in production. To prevent this, Workarea now runs all release publishing in a background job. The success flash message for when a release is published has been updated to inform users that changes may take a little while to apply. Fixes #1 Workarea 3.4.14 (2019-08-26) -------------------------------------------------------------------------------- * Fix a test that doesn't reset state Workarea 3.4.13 (2019-08-26) -------------------------------------------------------------------------------- * Remove references to v2 from Developer docs * Fix Incorrect Currency in Mongoid Money Types Workarea's default values for the Money fields in `Pricing::Override` didn't previously change currency when `Money.default_currency` is re-configured in process (like in the case of a multi-site application with multiple currencies). Ensure that the correct currency is used by using an Integer type as the default, which will get converted into a Money type at runtime. * Change URL used to download product images for seed data * Get GitHub Actions CI up and running Workarea 3.4.12 (2019-08-21) -------------------------------------------------------------------------------- * Remove hardcoded IP addresses (#36) The hosting team will have to add these manually going forward. Ben Crouse * Add license (#33) Jason Hill * Add documentation for Workarea Themes (#15) Jake Beresford * Update release task & plugin template (#20) Also fixes github source in Gemfile for plugin template Curt Howard * Fix pathnames in doc The current publishing system requires this doc to use root-relative pathnames when linking to internal documents. Update all pathnames accordingly. Chris Cressman * Enforce positive sale prices in sample data ECOMMERCE-7062 Jeff Yucis * Pretty up seed data (#22) * Add product sample images to seeds * Add intrinsic ratio support for product images Allows product images from any aspect ratio to be displayed out-of-the-box. * Update system content seeds * Add configurable seeds taxonomy Ben Crouse * Show relevant flash message when no shipping options are available. Improves UX when a user is sent back to the address step when there are no available shipping options for their shipping address. ECOMMERCE-6992 Jeff Yucis * Modify metrics and reports to filter out records with no values ECOMMERCE-7036 Matt Duffy * Improve 'Add a Content Block Type' doc Update doc based on feedback, specifically: * Fix link to content block DSL explanation and usage examples. * Make link to content blocks DSL usage examples more prominent. * Reference an initializer with further content block DSL examples. * Explain how to output content block data in a view without a view model. * Explain how to use `local_assigns` to test data in a view if no view model. ECOMMERCE-7059 Chris Cressman * Remove unneeded Report::SearchesWithoutResults Matt Duffy * Render Shipping Details Append Point On Index Move the **admin.shipping_details** append point from `shippings#show` (which is no longer rendered) over to `shippings#index`. Remove the `shippings#show` partial to reduce confusion since it is no longer being used. ECOMMERCE-7061 Tom Scott * Add upgrade guides index page to docs site Provide an index page of upgrade guides so that external docs (specifically the docs for the upgrade plugin) can link to it. Also update the 3.4 upgrade guide to follow the file and document naming conventions used by the release notes. ECOMMERCE-7057 Chris Cressman * Fix Internal Server Error Page Not Rendering JSON When an Internal Server Error is requested via `/500.json`, another error occurs when attempting to render the view for that request, because there's no `internal` template. This is not how our error handler is supposed to work, any format should be acceptable to render a 404 or 500. The syntax of the `respond_to` block in `#render_error_page` has been altered so that Workarea serves the custom content HTML when an HTML error occurs (e.g., most user-facing browser errors), and an empty body with a 500 error in the status code is returned for all other formats. ECOMMERCE-7034 Tom Scott * Remove data linting doc This doc caused some confusion, and this feature is scheduled to be removed from Workarea, so remove this doc. ECOMMERCE-7058 Chris Cressman * Add inventory documentation Add new docs: * Inventory * Integrate an Inventory Management System * Define & Configure Inventory Policies ECOMMERCE-6971 Chris Cressman * Fix Order Status Lookup Route The `/orders/status/:order_id/:postal_code` was being resolved by the `#show` action of OrdersController, when it really should be served by `#lookup`. Change the route and add a test ensuring that the route is being handled properly. Discovered by **Andy Sides** of BVAccel. Thanks Andy! ECOMMERCE-7040 Tom Scott * Prevent Empty Results In Trash Remove a check for whether a given audit log entry is `#restorable?` in on the **/admin/trash** page to prevent empty results clogging up the pagination. Without this, admins will see blank pages if they delete enough nav taxon/release records at the same time. ECOMMERCE-7019 Tom Scott * Add hosting docs (#14) Ben Crouse * Remove ci gem, add lint configs to root directory (#18) Matt Duffy * Update Contributing Guides (#8) Update the guides in the "Contribute" section of Workarea's documentation to reflect the new process of GitHub Issues, Pull Requests, and the "fork-and-pull" model that developers will be using to contribute code and docs to the platform from now on. This also includes a bit about using `puma-dev` to preview documentation locally, because I thought that was useful. Closes #7 Tom Scott * Remove help articles (#13) * Remove all Help articles These articles are largely outdated and provide little more than basic, general information about the expected user input on a given page. For more complex actions in the Admin we favor tooltips. This work does include one help article, How To Create Help Articles, to allow Admins and Developers a chance to build out this section for their specific purposes. Closes #5 * Fix output of Help Article code blocks By using Redcarpet to render supplied markdown, rather than Haml's `:markdown` filter, we can force the article's output through the renderer's `hard_wrap` option, which will preserve intended whitespace throughout the article. Curt Howard * Add third party integration overview guide (#6) Ben Crouse * Add article Navigating the Code (#3) Matt Duffy * Add security policy (#1) Ben Crouse * Update installation process * Remove app_template.rb * Add `workarea:install` generator * Update documentation to reflect change closes #13 Matt Duffy * Add Maintenance Policy to docs Resolves #10 Curt Howard * Add Code of Conduct Introduce the Contributor Covenant Code of Conduct to encourage people from all walks of life to contribute to the project. Closes #4 Tom Scott Workarea 3.4.11 (2019-08-06) -------------------------------------------------------------------------------- * Use `#camelize` over `#classify` when loading report class for export The use of `#classify` causes errors to be thrown during export of a report class that is plural, e.g. WishListProducts. This causes the export to fail and the user to not receive the export email. ECOMMERCE-7032 Matt Duffy * Update 'Customize a Helper' doc * Add additional use case of adding a new helper from a plugin * Add additional example that uses a decorator to extend the controller * Link to relevant Rails docs and Workarea docs * Clearly state the problems and solutions ECOMMERCE-6974 Chris Cressman * Add 'Order Pricing' documentation Add new document and diagrams ECOMMERCE-6970 Chris Cressman * Improve Accuracy of CSV Import Test The unit test written for configuring the charset of any CSV files imported into the system was not accurate, as it was not actually testing what would happen if the configuration was in place. The test continued to pass, however, becuase it turns out that it's very difficult to conjure up an ASCII string in Ruby, which is purely UTF8. Even editing the CSV file in Vim produced a compatible String when read into Ruby, so the test still wasn't accurate. The only way to get the test to fail in an expected way was to actually include the CSV file given to us from URBN, which was quickly fixed by setting the `:encoding` option on CSV imports. ECOMMERCE-7012 Tom Scott * Filter Blank Data From Average Order Value Report Since the Average Order Value report divides orders by revenue in a MongoDB aggregation, neither of these numbers can be 0, otherwise a divide by zero error is thrown. To prevent this, Workarea now omits any `Metrics::SalesByDay` documents from the aggregation if their orders and/or revenue are 0. ECOMMERCE-7016 Tom Scott * Update GeoIP Headers For apps that are using the GeoIP 2 database, the headers have changed to a slightly different syntax, and some of them output different values than they used to. Update `Workarea::Geolocation` to handle both versions of the GeoIP database and to look up the subdivision code by its name through the Countries gem. ECOMMERCE-7015 Tom Scott Workarea 3.4.10 (2019-07-23) -------------------------------------------------------------------------------- * Allow Development Access to Assets Admin Index Developers shouldn't need an AWS keypair to view the **/admin/content_assets** index. Workarea will now only call `DirectUpload.ensure_cors!` if the S3 bucket has been configured, so one can still browse the page. ECOMMERCE-7014 Tom Scott * Replace "Views" with "Searches" on Search Insights For insights revolving around search, use the more apt term "Searches", which maps to the actual `searches` in the resultset, instead of "Views". This fixes an issue where insights with blank views/searches were showing up on the search dashboards. ECOMMERCE-7007 Tom Scott * Improve "Commerce Model" diagram & text Rename "Commerce Flow" to "Commerce Model" to reflect intended future usage. Expand steps/actions to reflect existing narratives in products and orders docs. Use simpler line drawing to improve clarity. ECOMMERCE-6954 Chris Cressman * Omit `nil` Options From Product Cache Key The `#details_in_options` method, meant for including any options passed to the `CacheKey` so long as they appear in details, would error if the name of an option was `nil`. Workarea now ensures that those options will be omitted. ECOMMERCE-6986 Tom Scott * Remove Support For Restoring Taxons Without Parents `Navigation::Taxon` documents whose parents no longer exist cannot be restored because they are too dependent on their external relations, such as `:parent_ids`. This causes issues on restore when one attempts to restore a child taxon without restoring its parent. To prevent this potential issue, taxons are never allowed to be restored from the trash. The recommended alternative is to just create another taxon. ECOMMERCE-6983 Tom Scott * Improve busting cache This may be getting backed up in Sidekiq, and admins expect it to be happening in real-time. Also bust shipping service cache when destroyed. ECOMMERCE-6981 Ben Crouse Workarea 3.4.9 (2019-07-09) -------------------------------------------------------------------------------- * Update Puma and loosen constraint This gem is fairly stable and doesn't follow strict semantic versioning anyways. This was requested by the hosting team. ECOMMERCE-6984 Ben Crouse * Add documentation for themes ECOMMERCE-6932 Jake Beresford * Fix Encoding Errors on Product Import Allow users to specify a source encoding for CSV files that are being imported into the application. UTF-8 encoding is still enforced, since that's the charset Workarea renders content with in the browser, but the source can now be configured to prevent errors when importing CSV. ECOMMERCE-6963 Tom Scott * Store headless chrome options before passing into Capybara driver Capybara.register_driver does not execute the passed block immediately, which can cause issues with the aliasing of Workarea.config.headless_chrome_options, particularly with multi-site where the config is duplicated. ECOMMERCE-6969 Matt Duffy * Fix Sidekiq autoconfiguration The main changes here are: * Allow configuring pool timeout * Fix configuring the client, not the server where we need more control on the pool * Remove fancy-pants process scaling, too complex and broken * Allow configuration of PID file and queues from ENV vars ECOMMERCE-6967 Ben Crouse * Prevent error when starting taxon is deleted from taxonomy * Adjust logic for show_starting_taxon to account for changes in the taxonomy tree ECOMMERCE-6961 Jake Beresford * Fixes incorrect syntax in JS adapter generator template ECOMMERCE-6964 Jake Beresford * Make Quick Start guide less OS X centric ECOMMERCE-6864 Curt Howard Workarea 3.4.8 (2019-06-25) -------------------------------------------------------------------------------- * Fix time zone configuration article Rails needs this to be configured earlier than in an initializer, so this needs to be in general Rails config in `config/application.rb`. When done in an initializer, `Time.zone` will not be set accurately, so models loaded out of the database will have `Time` fields in UTC. Ben Crouse * Add 'Commerce Flow' doc Add diagram of commerce flow and a mapping of its concepts to relevant code paths. ECOMMERCE-6954 Chris Cressman * Add view model interface diagram Add new section to 'View Models' doc, which illustrates the creation of the view model interface and the view receiving the interface as an instance variable. ECOMMERCE-6955 Chris Cressman * Add Pagination to Shipping Services Admin Index When an application has more than 100 shipping services in the database, only the first 100 would show on the index. Additionally, such a large query should be paginated. Render the `workarea/admin/shared/pagination` partial at the bottom of the `