caboose-cms 0.5.162 → 0.5.163

data/app/controllers/caboose/register_controller.rb

@@ -27,22 +27,23 @@ module Caboose
         pass1       = params[:pass1]
         pass2       = params[:pass2]
                           
-        if first_name.nil? || first_name.strip.length == 0       then resp.error = "Your first name is required."
-        elsif last_name.nil? || last_name.strip.length == 0      then resp.error = "Your last name is required."
-        elsif email.nil? || email.strip.length == 0              then resp.error = "Your email address is required."
-        elsif User.where(:email => email.strip.downcase).exists? then resp.error = "A user with that email address already exists."
-        elsif phone.nil? || phone.strip.length < 10              then resp.error = "Your phone number is required. Please include your area code."
-        elsif pass1.nil? || pass1.strip.length < 8               then resp.error = "Your password must be at least 8 characters."
-        elsif pass2.nil? || pass1 != pass2                       then resp.error = "Your passwords don't match."
+        if first_name.nil? || first_name.strip.length == 0                             then resp.error = "Your first name is required."
+        elsif last_name.nil? || last_name.strip.length == 0                            then resp.error = "Your last name is required."
+        elsif email.nil? || email.strip.length == 0                                    then resp.error = "Your email address is required."
+        elsif User.where(:site_id => @site.id, :email => email.strip.downcase).exists? then resp.error = "A user with that email address already exists."
+        elsif phone.nil? || phone.strip.length < 10                                    then resp.error = "Your phone number is required. Please include your area code."
+        elsif pass1.nil? || pass1.strip.length < 8                                     then resp.error = "Your password must be at least 8 characters."
+        elsif pass2.nil? || pass1 != pass2                                             then resp.error = "Your passwords don't match."
         else
           
           u = Caboose::User.new
+          u.site_id       = @site.id
           u.first_name    = first_name
           u.last_name     = last_name
           u.email         = email.strip.downcase
           u.phone         = phone
           u.password      = Digest::SHA1.hexdigest(Caboose::salt + pass1)
-          u.date_created  = DateTime.now
+          u.date_created  = DateTime.now          
           u.save
           
           # Go ahead and log the user in

data/app/controllers/caboose/shipping_addresses_controller.rb

@@ -39,6 +39,55 @@ module Caboose
       resp.success = save && sa.save      
       render :json => resp
     end
+    
+    #===========================================================================
+    
+    # GET /my-account/orders/:order_id/shipping-address/json
+    def my_account_json
+      return if !logged_in?    
+      order = Order.find(params[:order_id])      
+      if order.customer_id != logged_in_user.id        
+        render :json => { :error => "The given order does not belong to you." } 
+        return
+      end
+      render :json => order.shipping_address      
+    end
+    
+    # PUT /my-account/orders/:order_id/shipping-address
+    def my_account_update
+      return if !logged_in?
+      
+      resp = Caboose::StdClass.new
+      order = Order.find(params[:order_id])
+      if order.customer_id != logged_in_user.id        
+        render :json => { :error => "The given order does not belong to you." } 
+        return
+      end
+
+      sa = order.shipping_address      
+      save = true    
+      params.each do |name, value|
+        case name          
+          when 'name'           then sa.name          = value          
+          when 'first_name'     then sa.first_name    = value
+          when 'last_name'      then sa.last_name     = value
+          when 'street'         then sa.street        = value
+          when 'address1'       then sa.address1      = value
+          when 'address2'       then sa.address2      = value
+          when 'company'        then sa.company       = value
+          when 'city'           then sa.city          = value
+          when 'state'          then sa.state         = value
+          when 'province'       then sa.province      = value
+          when 'province_code'  then sa.province_code = value
+          when 'zip'            then sa.zip           = value
+          when 'country'        then sa.country       = value
+          when 'country_code'   then sa.country_code  = value
+          when 'phone'          then sa.phone         = value
+        end
+      end                
+      resp.success = save && sa.save      
+      render :json => resp
+    end
         
   end
 end

data/app/models/caboose/authenticator.rb

@@ -8,8 +8,8 @@ class Caboose::Authenticator
     )
     pass = Digest::SHA1.hexdigest(Caboose::salt + password)
     
-    user = Caboose::User.where(:username => username).first
-    user = Caboose::User.where(:email => username).first if user.nil?
+    user = Caboose::User.where(:username => username, :site_id => site.id).first
+    user = Caboose::User.where(:email    => username, :site_id => site.id).first if user.nil?
             
     valid_credentials = false
     if user && user.password == pass 

data/app/models/caboose/order.rb

@@ -18,7 +18,8 @@ module Caboose
     
     attr_accessible :id,
       :site_id,
-      :alternate_id,      
+      :alternate_id,
+      :order_number,      
       :subtotal,
       :tax,            
       :shipping,
@@ -235,6 +236,7 @@ module Caboose
       return false
     end
     
+    # Capture funds from a previously authorized transaction
     def capture_funds
       
       resp = StdClass.new      
@@ -249,49 +251,168 @@ module Caboose
       else
                         
         sc = self.site.store_config
+        ot = Caboose::OrderTransaction.new(
+          :order_id => self.id,
+          :date_processed => DateTime.now.utc,
+          :transaction_type => OrderTransaction::TYPE_CAPTURE,
+          :amount => self.total
+        )
+        
         case sc.pp_name
           when 'authorize.net'
             transaction = AuthorizeNet::AIM::Transaction.new(sc.pp_username, sc.pp_password)
             response = transaction.prior_auth_capture(t.transaction_id, self.total)
-                        
-            self.update_attribute(:financial_status, Order::FINANCIAL_STATUS_CAPTURED)
-            resp.success = 'Captured funds successfully'
-
-            ot = Caboose::OrderTransaction.new(
-              :order_id => self.id,
-              :date_processed => DateTime.now.utc,
-              :transaction_type => OrderTransaction::TYPE_CAPTURE
-            )
+            
             ot.success        = response.response_code && response.response_code == '1'            
             ot.transaction_id = response.transaction_id
             ot.auth_code      = response.authorization_code
-            ot.response_code  = response.response_code
-            ot.amount         = self.total
+            ot.response_code  = response.response_code            
             ot.save
-      
+                                    
+            self.update_attribute(:financial_status, Order::FINANCIAL_STATUS_CAPTURED)
+            resp.success = 'Captured funds successfully'
+                                    
+          when 'stripe'
+            # TODO: Implement capture funds for stripe
+            
           when 'payscape'
             # TODO: Implement capture funds for payscape
 
         end
-          
-        #if (order.discounts.any? && order.total < order.discounts.first.amount_current) || PaymentProcessor.capture(order)
-        #  order.financial_status = 'captured'
-        #  order.save
-        #  
-        #  if order.discounts.any?
-        #    order.update_attribute(:amount_discounted, order.discounts.first.amount_current)
-        #    order.update_gift_cards
-        #  end
-        #  
-        #  response.success = "Captured funds successfully"
-        #else
-        #  response.error = "Error capturing funds."
-        #end
         
       end
       
       return resp
     end
+        
+    # Void an authorized order
+    def void
+            
+      resp = StdClass.new
+      t = OrderTransaction.where(:order_id => self.id, :transaction_type => OrderTransaction::TYPE_AUTHORIZE, :success => true).first
+      
+      if self.financial_status == Order::FINANCIAL_STATUS_CAPTURED
+        resp.error = "This order has already been captured, you will need to refund instead"
+      elsif t.nil?
+        resp.error = "This order doesn't seem to be authorized."
+      else
+                
+        sc = self.site.store_config
+        ot = Caboose::OrderTransaction.new(
+          :order_id => self.id,
+          :date_processed => DateTime.now.utc,
+          :transaction_type => OrderTransaction::TYPE_VOID,
+          :amount => self.total
+        )
+        
+        case sc.pp_name
+          when 'authorize.net'        
+                    
+            response = AuthorizeNet::SIM::Transaction.new(
+              sc.pp_username, 
+              sc.pp_password,                      
+              self.total,
+              :transaction_type => OrderTransaction::TYPE_VOID,
+              :transaction_id => t.transaction_id
+            )                    
+            order.update_attributes(
+              :financial_status => Order::FINANCIAL_STATUS_VOIDED,
+              :status => Order::STATUS_CANCELED
+            )
+            self.save          
+            # TODO: Add the variant quantities ordered back        
+            resp.success = "Order voided successfully"
+                        
+            ot.success        = response.response_code && response.response_code == '1'            
+            ot.transaction_id = response.transaction_id
+            #ot.auth_code      = response.authorization_code
+            ot.response_code  = response.response_code            
+            ot.save
+          
+          when 'stripe'
+            # TODO: Implement void order for strip
+            
+          when 'payscape'
+            # TODO: Implement void order for payscape
+            
+        end
+        
+      end
+      return resp      
+    end
+      
+    #def refund
+    #      
+    #  resp = StdClass.new
+    #  t = OrderTransaction.where(:order_id => self.id, :transaction_type => OrderTransaction::TYPE_CAPTURE, :success => true).first
+    #      
+    #  if self.financial_status != Order::FINANCIAL_STATUS_CAPTURED
+    #    resp.error = "This order hasn't been captured yet, you will need to void instead"
+    #  else
+    #    
+    #    sc = self.site.store_config
+    #    case sc.pp_name
+    #      when 'authorize.net'
+    #      
+    #    if PaymentProcessor.refund(order)
+    #      order.update_attributes(
+    #        :financial_status => Order::FINANCIAL_STATUS_REFUNDED,
+    #        :status => Order::STATUS_CANCELED
+    #      )
+    #      
+    #      response.success = 'Order refunded successfully'
+    #    else
+    #      response.error = 'Error refunding order'
+    #    end
+    #    
+    #    #if order.calculate_net < (order.amount_discounted || 0) || PaymentProcessor.refund(order)
+    #    #  order.financial_status = 'refunded'
+    #    #  order.status = 'refunded'
+    #    #  order.save
+    #    #  
+    #    #  if order.discounts.any?
+    #    #    discount = order.discounts.first
+    #    #    amount_to_refund = order.calculate_net < order.amount_discounted ? order.calculate_net : order.amount_discounted
+    #    #    discount.update_attribute(:amount_current, amount_to_refund + discount.amount_current)
+    #    #  end
+    #    #  
+    #    #  response.success = "Order refunded successfully"
+    #    #else
+    #    #  response.error = "Error refunding order."
+    #    #end
+    #  end
+    #
+    #  render json: response
+    #  
+    #  # return if !user_is_allowed('orders', 'edit')
+    #  #     
+    #  # response = Caboose::StdClass.new({
+    #  #   'refresh' => nil,
+    #  #   'error' => nil,
+    #  #   'success' => nil
+    #  # })
+    #  #     
+    #  # order = Order.find(params[:id])
+    #  #     
+    #  # if order.financial_status != 'captured'
+    #  #   response.error = "This order hasn't been captured yet, you will need to void instead"
+    #  # else
+    #  #   if PaymentProcessor.refund(order)
+    #  #     order.financial_status = 'refunded'
+    #  #     order.status = 'refunded'
+    #  #     order.save
+    #  #     
+    #  #     # Add the variant quantities ordered back
+    #  #     order.cancel
+    #  #     
+    #  #     response.success = "Order refunded successfully"
+    #  #   else
+    #  #     response.error = "Error refunding order."
+    #  #   end
+    #  # end
+    #  #     
+    #  # render :json => response
+    #end
     
   end
 end

data/app/views/caboose/line_items/admin_new.html.erb

@@ -35,10 +35,22 @@ function show_products()
         $.each(products, function(i, p) {
           ul.append($('<li/>')
             .attr('id', 'product_id_' + p.id)
-            .data('product_id', p.id)            
+            .data('product_id', p.id)
+            .data('variant_id', p.variant_id)            
             .append($('<a/>').html(p.title).click(function(e) {
               e.preventDefault();
-              show_variants($(e.target).parent(), $(e.target).parent().data('product_id'));        
+              
+              var li = $(e.target).parent();
+              var product_id = li.data('product_id');
+              var variant_id = li.data('variant_id');              
+              
+              if (variant_id && variant_id != null)
+              {
+                parent.controller.add_variant(variant_id);
+                modal.close();
+              }
+              else              
+                show_variants(li, product_id);                                        
             }))
           );
         });
@@ -80,6 +92,7 @@ function show_variants(li, product_id)
         if (v.option2) name.push(v.option2);
         if (v.option3) name.push(v.option3);
         name = name.join(' / ');
+        if (!name || name.length == 0) name = 'Default';
         ul.append($('<li/>')
           .data('variant_id', v.id)          
           .append($('<a/>').html(name).click(function(e) {

data/app/views/caboose/my_account_orders/authnet_relay.html.erb

@@ -0,0 +1,16 @@
+<%
+# This relay page is rendered from the authorize.net server in a hidden iframe 
+# on the host application's checkout page.
+#
+# Since security rules in browsers disallow javascript access to and from 
+# iframes with pages in different domains, we need to send things back to 
+# a page on our own domain so we can bubble up the response.
+#
+%><!DOCTYPE>
+<html>
+<body>    
+<script type='text/javascript'>
+window.location = <%= raw Caboose.json(@url) %>;
+</script>
+</body>
+</html>

data/app/views/caboose/my_account_orders/authnet_response.html.erb

@@ -0,0 +1,12 @@
+<%
+# This page is rendered from the host application's domain, and thus is allowed
+# to access the parent's DOM via javascript.
+#
+%><!DOCTYPE>
+<html>
+<body>    
+<script type='text/javascript'>
+parent.relay_handler(<%= raw Caboose.json(@resp) %>);
+</script>
+</body>
+</html>

data/app/views/caboose/my_account_orders/edit.html.erb

@@ -1,124 +1,66 @@
 <%
-captured = @order.financial_status == 'captured'
-ba = @order.billing_address  
-sa = @order.shipping_address
-ba = nil if ba.first_name.nil? || ba.last_name.nil?
-sa = nil if sa.first_name.nil? || sa.last_name.nil?
+store_config = @order.site.store_config
 %>
-<input type='hidden' name='order_id'    id='order_id'     value='<%= @order.id %>' />
-
 <h1>Order #<%= @order.order_number %></h1>
 
-<table class='order'>
-<tr>
-  <% if ba %><th>Billing Address</th><% end %>
-  <% if sa %><th>Shipping Address</th><% end %>  
-  <th>Order Status</th>
-  <th>Payment Status</th>  
-</tr>
-<tr>
-  <% if ba %><td valign='top'><%= raw ba.name_and_address %></td><% end %>
-  <% if sa %><td valign='top'><%= raw sa.name_and_address %></td><% end %>    
-  <td valign='top'><%= @order.status.capitalize %></td>    
-  <td valign='top'><%= @order.financial_status.capitalize %></td>
-</tr>
-</table><br />
-
-<table class='order' width='100%'>
-<% @order.order_packages.all.each_with_index do |op, i| %>
-  <tr><td colspan='5' class='package_header'>Package <%= (i+1) %>: <%= op.shipping_method.service_name %><br /><%= op.status %></td></tr>
-  <tr>  
-    <th>Item</th>
-    <th>Status</th>    
-    <th>Unit Price</th>
-    <th>Quantity</th>
-    <th>Subtotal</th>
-  </tr>
-  <% op.line_items.each do |li| %>
-    <% img = li.variant.product_image %>
-    <tr>        
-      <td>
-        <% if img %><img src='<%= img.url(:tiny) %>' /><% end %>
-        <% if li.variant.nil? || li.variant.product.nil? %>
-          <% if li.variant.nil? %>Unknown variant<% else %><%= li.variant.sku %><% end %>
-        <% else %>
-          <a href='/products/<%= li.variant.product.id %>'><%= li.variant.product.title  %></a><br />
-          <% if li.variant.sku && li.variant.sku.strip.length > 0 %><%= li.variant.sku %><br /><% end %>
-          <%= li.variant.title %>
-        <% end %>
-      </td>      
-      <td><%= li.status.capitalize %></td>      
-      <td style='text-align: right;'><%= number_to_currency(li.unit_price) %></td>    
-      <td style='text-align: right;'><%= li.quantity %></td>
-      <td style='text-align: right;'><%= number_to_currency(li.subtotal) %></td>
-    </tr>
-  <% end %>
-<% end %>
-<% if @order.has_downloadable_items? %>
-  <tr>  
-    <th>Item</th>
-    <th>Status</th>    
-    <th>Unit Price</th>
-    <th>Quantity</th>
-    <th>Subtotal</th>
-  </tr>
-<% end %>
-<% @order.line_items.each do |li| %>   
-  <% next if li.order_package_id %>
-  <% v = li.variant %>  
-  <% if !v.downloadable %><tr><td colspan='5'>Unpackaged Items</td></tr><% end %>
-  <% img = v.product_image %>  
-  <tr>            
-    <td>
-      <% if img %><img src='<%= img.url(:tiny) %>' /><% end %>
-      <% if v.nil? || v.product.nil? %>
-        <% if v.nil? %>Unknown variant<% else %><%= v.sku %><% end %>
-      <% else %>
-        <p><a href='/admin/products/<%= v.product.id %>'><%= v.product.title  %></a><br />
-        <% if v.sku && v.sku.strip.length > 0 %><%= v.sku %><br /><% end %>
-        <%= v.title %></p>
-      <% end %>
-      <% if v.downloadable %>
-        <% sc = @order.site.store_config %>        
-        <p><a href='<%= raw sc.pp_relay_domain %>/my-account/orders/<%= @order.id %>/line-items/<%= li.id %>/download' target="_blank">Download</a></p>
-      <% end %>
-    </td>    
-    <td><%= li.status.capitalize %></td>    
-    <td style='text-align: right;'><%= number_to_currency(li.unit_price) %></td>    
-    <td style='text-align: right;'><%= li.quantity %></td>
-    <td style='text-align: right;'><%= number_to_currency(li.subtotal) %></td>
-  </tr>
+<div id='overview_table'></div>
+<% if @order.financial_status == Caboose::Order::FINANCIAL_STATUS_PENDING %>  
+  <div id='payment_form'>    
+    <% if store_config.pp_name == 'authorize.net' %>      
+      <form id="payment" target="relay" action="https://secure.authorize.net/gateway/transact.dll" method="post">
+        <%= sim_fields(@sim_transaction) %>
+        <input type="hidden" id="x_invoice_num" name="x_invoice_num" value="<%= @order.id %>" />
+        <input type="hidden" id="x_description" name="x_after_relay" value="<%= raw store_config.pp_relay_domain      %>/my-account/orders/<%= @order.id %>/authnet-response" />        
+        <input type="hidden" id="x_first_name"  name="x_first_name"  value="<%= raw @order.billing_address.first_name %>" />
+        <input type="hidden" id="x_last_name"   name="x_last_name"   value="<%= raw @order.billing_address.last_name  %>" />       
+        <input type="hidden" id="x_address"     name="x_address"     value="<%= raw @order.billing_address.address1   %>" />      
+        <input type="hidden" id="x_city"        name="x_city"        value="<%= raw @order.billing_address.city       %>" />
+        <input type="hidden" id="x_state"       name="x_state"       value="<%= raw @order.billing_address.state      %>" />
+        <input type="hidden" id="x_zip"         name="x_zip"         value="<%= raw @order.billing_address.zip        %>" />
+                
+        <div class="field" id="credit-card">
+          <span class="field-text">Credit Card Payment</span>
+          <div class="icons"><img src="/assets/caboose/credit_cards.png" alt="Credit Cards Accepted" /></div>
+        </div>
+        <div class="field" id="card-number">
+          <span class="field-text">Card</span>
+          <input name="x_card_num" id='billing-cc-number' type="text" maxlength="16" placeholder="Card number" />
+          <div class="icons"><img src="/assets/caboose/lock.png" alt="Secure Connection" /></div>
+        </div>
+        <div class="field" id="expiry">
+          <span class="field-text">Expiration</span>
+          <input id="expiration" name="x_exp_date" type="hidden" />
+          <select id="month" name="month"><% (1..12).each do |i| %><option value="<%= (i<10 ? "0#{i}" : i) %>"><%= (i<10 ? "0#{i}" : i) %> - <%= DateTime.new(2000, i, 1).strftime("%b") %></option><% end %></select> /                                
+          <select id="year" name="year"><% (DateTime.now.year...DateTime.now.year + 20).each do |i| %><option value="<%= i-2000 %>"><%= i %></option><% end %></select>
+        </div>
+        <input type='button' value='Confirm Payment' id='payment_confirm' class='btn' />
+      </form>
+      <iframe id="relay" name="relay" style='<% if @show_relay %>display: block; width: 800px; height: 400px; border: #000 1px solid;<% else %>display: none;<% end %>'></iframe>
+    <% end %>    
+  </div>
+  <div id='payment_message'></div>
 <% end %>
-<tr><td colspan='5' class='totals_header'>Totals</td></tr>
-<tr><td colspan='4' align='right'>Subtotal                </td><td style='text-align: right;'><%= number_to_currency(@order.subtotal ) %></td></tr>
-<tr><td colspan='4' align='right'>Tax                     </td><td style='text-align: right;'><%= number_to_currency(@order.tax      ) %></td></tr>
-<tr><td colspan='4' align='right'>Shipping &amp; Handling </td><td style='text-align: right;'><%= number_to_currency(@order.shipping + @order.handling) %></td></tr>
-<tr><td colspan='4' align='right'>Discount                </td><td style='text-align: right;'><%= number_to_currency(@order.discount ) %></td></tr>  
-<tr><td colspan='4' align='right'>Total                   </td><td style='text-align: right;'><%= number_to_currency(@order.total    ) %></td></tr>
-</table>
+<div id='order_table'></div>
 <div id='message'></div>
 
-<p>
-<input type='button' value='< Back' class='btn' onclick="window.location='/my-account/orders';" />
-</p>
-
-<% content_for :caboose_css do %>
-<style type='text/css'>
-
-table.order { border-collapse: collapse; margin-bottom: 20px; }
-table.order th { margin: 0; padding: 10px; border: #000 0px solid; font-weight: bold; text-align: center; }
-table.order td { margin: 0; padding: 10px; border: #000 1px solid; }
-table.order td img { float: left; margin-right: 10px; }
-table.order td.package_header { font-weight: bold; text-align: center; border: 0; }
-table.order td.totals_header { font-weight: bold; text-align: center; border: 0; }
-
-p { margin-bottom: 10px; }
-
-</style>
-<% end %>
+<p><input type='button' value='< Back' class='btn' onclick="window.location='/my-account/orders';" /></p>
 
 <% content_for :caboose_js do %>
+<%= javascript_include_tag 'caboose/model/all' %>
+<%= javascript_include_tag 'caboose/my_account_edit_order' %>
 <script type='text/javascript'>
 
+var controller = false;
+$(document).ready(function() {
+  controller = new MyAccountOrderController({ 
+    order_id: <%= raw Caboose.json(@order.id) %>,
+    authenticity_token: <%= raw Caboose.json(form_authenticity_token) %>
+  });
+});
+
 </script>
 <% end %>
+
+<% content_for :caboose_css do %>
+<%= stylesheet_link_tag 'caboose/my_account_edit_order' %>
+<% end %>