caboose-cms 0.8.67 → 0.8.68

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 650fd50d2cc40e1d916e15ed23930f3cff2427d6
-  data.tar.gz: 0cb4538479b27adf6d72fd3dcf640afdac72d071
+  metadata.gz: f3be7648fb20dea0f63181aa3fc29816743639b3
+  data.tar.gz: 378b44904c3a735619e44c5a150ed12ff50e4c4b
 SHA512:
-  metadata.gz: 5f745259efc0b4cfd3e37cce5ccfcf73903497a0f5c2c0f8ddc1798072425f41f34bd71684f94d7e2d32c2473d06e4f3e2324a9b03b19a5507f578788db9c91b
-  data.tar.gz: f0c6a9d6ef387930ea19b0dc393de4da1246fc386ca666a2d9d204d52dea90ffa1309b85c0cf11f39a6fabdf2edfc736bbcef9c919352a5cc847bf59a6679245
+  metadata.gz: f7e3584b65a103265aeeee1d52353053dd3d5277d552b3bc9e16a63be3e5ec03c4be2338c6d2db8787a71d246b8c8f9555784b4cb1e8390ec522518dd02b6933
+  data.tar.gz: 03a0db1c20df423d62d674fd7c3d16f49ecff43d14b55f9267850be35c2dd91ee3f067ff1447eef5f5c99616b7438b13c7dabb3627ed264ab4d1e35ba2bf51af

data/app/assets/javascripts/caboose/admin_edit_invoice.js

@@ -296,9 +296,12 @@ InvoiceController.prototype = {
         requires_shipping ? that.noneditable_shipping_address() : "This invoice doesn't require shipping."
       ));
     }
-    //.append($('<td/>').attr('valign', 'top').attr('id', 'billing_address'  ).append(that.noneditable_billing_address()))        
+    //.append($('<td/>').attr('valign', 'top').attr('id', 'billing_address'  ).append(that.noneditable_billing_address()))
+    
+    var c = that.invoice.customer;         
     tr.append($('<td/>').attr('valign', 'top').append($('<div/>').attr('id', 'invoice_' + that.invoice.id + '_status')))
       .append($('<td/>').attr('valign', 'top')
+        .append($('<div/>').append(c && c.card_last4 ? "Card on file: " + c.card_brand + " ending in " + c.card_last4 : "No card on file."))       
         .append($('<div/>').attr('id', 'invoice_' + that.invoice.id + '_payment_terms'))
         .append($('<div/>').attr('id', 'invoice_' + that.invoice.id + '_payment_terms'))
         .append($('<div/>').attr('id', 'invoice_' + that.invoice.id + '_financial_status'))
@@ -764,7 +767,12 @@ InvoiceController.prototype = {
     var p = $('<p/>');
     p.append($('<input/>').attr('type', 'button').val('< Back').click(function() { window.location = '/admin/invoices'; })).append(' ');
     if (that.invoice.total > 0 && that.invoice.financial_status == 'pending')    
-      p.append($('<input/>').attr('type', 'button').val('Send for Payment').click(function() { that.send_for_authorization(); })).append(' ');        
+    {      
+      if (that.invoice.customer.card_last4)
+        p.append($('<input/>').attr('type', 'button').val('Charge Card on File').click(function() { that.authorize_and_capture(); })).append(' ');
+      else
+        p.append($('<input/>').attr('type', 'button').val('Send for Payment').click(function() { that.send_for_authorization(); })).append(' ');
+    }
     if (that.invoice.total > 0 && (that.invoice.financial_status == 'captured' || that.invoice.financial_status == 'paid by check' || that.invoice.financial_status == 'paid by other means'))    
       p.append($('<input/>').attr('type', 'button').val('Send Receipt to Customer' ).click(function() { that.send_receipt();   })).append(' ');
     p.append($('<input/>').attr('type', 'button').val('Add Item'                 ).click(function() { that.add_variant();     })).append(' ');
@@ -1032,6 +1040,30 @@ InvoiceController.prototype = {
     });
   },
   
+  authorize_and_capture: function(confirm)
+  {
+    var that = this;    
+    if (!confirm)
+    {    
+      var c = that.invoice.customer;
+      var p = $('<p/>').addClass('note confirm')
+        .append("Are you sure you want to authorize and capture $" + curr(that.invoice.total) + " to customer's " + c.card_brand + " ending in " + c.card_last4 + "?<br/><br/>")
+        .append($('<input/>').attr('type','button').val('Yes').click(function() { that.authorize_and_capture(true); }))
+        .append(' ')                
+        .append($('<input/>').attr('type','button').val('No').click(function() { $('#message').empty(); }));
+      $('#message').empty().append(p);
+      return;
+    }
+    $('#message').html("<p class='loading'>Charging card on file...</p>");
+    $.ajax({
+      url: '/admin/invoices/' + that.invoice.id + '/authorize-and-capture',
+      success: function(resp) {
+        if (resp.error)   { that.flash_error(resp.error); }
+        if (resp.success) { that.refresh(function() { that.flash_success("The customer's card on file has been charged successfuly."); }); }        
+      }
+    });
+  },
+  
   send_receipt: function(confirm)
   {
     var that = this;    

data/app/assets/javascripts/caboose/checkout/stripe_payment_method_controller.js

@@ -10,6 +10,8 @@ StripePaymentMethodController.prototype = {
   card_last4: false,
   card_name: false,
   card_zip: false,
+  refresh_url: '/checkout/stripe/json',
+  after_update_url: '/checkout/stripe-details',
   
   init: function(params)
   {
@@ -22,7 +24,7 @@ StripePaymentMethodController.prototype = {
   {
     var that = this;
     $.ajax({
-      url: '/checkout/stripe/json',
+      url: that.refresh_url,
       type: 'get',          
       success: function(resp) {        
         that.stripe_key   = resp.stripe_key;
@@ -143,7 +145,7 @@ StripePaymentMethodController.prototype = {
         that.card_brand = resp.card.brand;
         that.card_last4 = resp.card.last4;                                
         $.ajax({
-          url: '/checkout/stripe-details',
+          url: that.after_update_url,
           type: 'put',
           data: { token: resp.id, card: resp.card },
           success: function(resp2) {

data/app/controllers/caboose/checkout_controller.rb

@@ -140,18 +140,11 @@ module Caboose
       end
       
       if c.nil?
-        begin
-          c = Stripe::Customer.create(
-            :source => params[:token],
-            :email => u.email,
-            :metadata => { :user_id => u.id }          
-          )
-        rescue Stripe::CardError => e
-          render :json => {
-            :error => e.message
-          }
-          return
-        end          
+        c = Stripe::Customer.create(
+          :source => params[:token],
+          :email => u.email,
+          :metadata => { :user_id => u.id }          
+        )
       end
       
       u.stripe_customer_id = c.id
@@ -217,7 +210,7 @@ module Caboose
               :amount            => c.amount/100.0,              
               :date_processed    => DateTime.now.utc,              
               :success           => c.status == 'succeeded'
-            )                        
+            )
         end
         
         if !ot.success

data/app/controllers/caboose/invoices_controller.rb

@@ -113,6 +113,26 @@ module Caboose
       render :json => resp
     end
     
+    # @route GET /admin/invoices/:id/authorize-and-capture
+    def admin_authorize_and_capture
+      return if !user_is_allowed('invoices', 'edit')
+           
+      invoice = Invoice.find(params[:id])
+      resp = invoice.authorize_and_capture   
+      
+      # Send out emails
+      #begin
+      #  InvoicesMailer.configure_for_site(@site.id).customer_new_invoice(@invoice).deliver
+      #  InvoicesMailer.configure_for_site(@site.id).fulfillment_new_invoice(@invoice).deliver
+      #rescue
+      #  puts "=================================================================="
+      #  puts "Error sending out invoice confirmation emails for invoice ID #{@invoice.id}"
+      #  puts "=================================================================="
+      #end
+      
+      render :json => resp
+    end
+    
     # @route GET /admin/invoices/:id/void
     def admin_void
       return if !user_is_allowed('invoices', 'edit')

data/app/controllers/caboose/users_controller.rb

@@ -54,6 +54,21 @@ module Caboose
       render :json => u.as_json(:include => :roles)
     end
     
+    # @route GET /admin/users/:id/stripe/json
+    def admin_stripe_json_single
+      return if !user_is_allowed('users', 'view')
+      sc = @site.store_config
+      u = User.find(params[:id])
+      render :json => {
+        :stripe_key     => sc.stripe_publishable_key.strip,        
+        :customer_id    => u.stripe_customer_id,                   
+        :card_last4     => u.card_last4,     
+        :card_brand     => u.card_brand,       
+        :card_exp_month => u.card_exp_month, 
+        :card_exp_year  => u.card_exp_year
+      }          
+    end
+    
     # @route GET /admin/users/new
     def admin_new
       return if !user_is_allowed('users', 'add')
@@ -73,7 +88,21 @@ module Caboose
       @roles = Role.roles_with_user(@edituser.id)
     end
     
-    # @route GET /admin/users/:id/edit-password
+    # @route GET /admin/users/:id/roles
+    def admin_edit_roles
+      return if !user_is_allowed('users', 'edit')
+      @edituser = User.find(params[:id])    
+      @all_roles = Role.tree(@site.id)
+      @roles = Role.roles_with_user(@edituser.id)
+    end
+    
+    # @route GET /admin/users/:id/payment-method
+    def admin_edit_payment_method
+      return if !user_is_allowed('users', 'edit')
+      @edituser = User.find(params[:id])          
+    end
+    
+    # @route GET /admin/users/:id/password
     def admin_edit_password
       return if !user_is_allowed('users', 'edit')
       @edituser = User.find(params[:id])
@@ -83,6 +112,12 @@ module Caboose
       o = [('a'..'z'),('A'..'Z'),('0'..'9')].map { |i| i.to_a }.flatten
       return (0...length).map { o[rand(o.length)] }.join
     end
+    
+    # @route GET /admin/users/:id/delete
+    def admin_delete_form
+      return if !user_is_allowed('users', 'edit')
+      @edituser = User.find(params[:id])
+    end
           
     # @route POST /admin/users/import
     def admin_import
@@ -212,7 +247,31 @@ module Caboose
     	  	when "roles"
     	  	  user.roles = [];
     	  	  value.each { |rid| user.roles << Role.find(rid) } unless value.nil?
-    	  	  resp.attribute = { 'text' => user.roles.collect{ |r| r.name }.join(', ') }    		  
+    	  	  resp.attribute = { 'text' => user.roles.collect{ |r| r.name }.join(', ') }
+    	  	
+    	  	when 'card'
+    	  	  
+    	  	  sc = @site.store_config      
+    	  	  Stripe.api_key = sc.stripe_secret_key.strip    	  	              
+      
+    	  	  c = nil
+            if user.stripe_customer_id
+              c = Stripe::Customer.retrieve(user.stripe_customer_id)
+              begin          
+                c.source = params[:token]
+                c.save
+              rescue          
+                c = nil
+              end
+            end                  
+            c = Stripe::Customer.create(:source => params[:token], :email => user.email, :metadata => { :user_id => user.id }) if c.nil?                  
+            user.stripe_customer_id = c.id
+            user.card_last4     = params[:card][:last4]
+            user.card_brand     = params[:card][:brand]  
+            user.card_exp_month = params[:card][:exp_month]
+            user.card_exp_year  = params[:card][:exp_year]
+            user.save
+            
     	  end
     	end
     	

data/app/models/caboose/core_plugin.rb

@@ -71,5 +71,9 @@ class Caboose::CorePlugin < Caboose::CaboosePlugin
   def self.request_protocol(current_value, request)
     return current_value
   end
+  
+  def self.admin_user_tabs(tabs, user, site)
+    return tabs    
+  end
 
 end

data/app/models/caboose/invoice.rb

@@ -289,7 +289,58 @@ module Caboose
         return true if li.variant.taxable && li.variant.taxable == true
       end
       return false
-    end        
+    end
+    
+    # Authorize and capture funds
+    def authorize_and_capture
+      
+      resp = StdClass.new                        
+      if self.financial_status == Invoice::FINANCIAL_STATUS_CAPTURED
+        resp.error = "Funds for this invoice have already been captured."
+      else
+                        
+        sc = self.site.store_config                
+        case sc.pp_name                                    
+          when StoreConfig::PAYMENT_PROCESSOR_STRIPE
+                                                                              
+            Stripe.api_key = sc.stripe_secret_key.strip
+            bt = nil
+            begin
+              c = Stripe::Charge.create(
+                :amount => (self.total * 100).to_i,
+                :currency => 'usd',
+                :customer => self.customer.stripe_customer_id,
+                :capture => true,
+                :metadata => { :invoice_id => self.id },
+                :statement_descriptor => "Invoice ##{self.id}"
+              )                        
+            rescue Exception => ex
+              resp.error = "Error during capture process\n#{ex.message}"                
+            end            
+            if resp.error.nil?
+              InvoiceTransaction.create(
+                :invoice_id => self.id,
+                :transaction_id => c.id,
+                :transaction_type => InvoiceTransaction::TYPE_AUTHCAP,
+                :payment_processor => sc.pp_name,
+                :amount => c.amount / 100.0,
+                :captured => true,
+                :date_processed => DateTime.now.utc,
+                :success => c.status == 'succeeded'
+              )
+              if c.status == 'succeeded'
+                self.financial_status = Invoice::FINANCIAL_STATUS_CAPTURED
+                self.save
+                resp.success = true
+              else
+                resp.error = "Error capturing funds."
+              end
+            end
+                      
+        end        
+      end      
+      return resp
+    end
 
     # Capture funds from a previously authorized transaction
     def capture_funds

data/app/views/caboose/users/_admin_header.html.erb

@@ -4,22 +4,23 @@
 <%= javascript_include_tag "caboose/model/all" %>
 <% end %>
 
-<h1>Edit Advertiser</h1>
+<h1>Edit User - <%= @edituser.first_name %> <%= @edituser.last_name %></h1>
 <ul id='tabs'>
 <%
 tabs = {                             
-  'General'            => "/admin/advertisers/#{@advertiser.id}",
-  'Authorize.net Info' => "/admin/advertisers/#{@advertiser.id}/authnet",
-  'Users'              => "/admin/advertisers/#{@advertiser.id}/users",
-  'Campaigns'          => "/admin/advertisers/#{@advertiser.id}/campaigns",  
-  'Invoices'           => "/admin/advertisers/#{@advertiser.id}/invoices",
-  'Delete'             => "/admin/advertisers/#{@advertiser.id}/delete"  
+  'General'         => "/admin/users/#{@edituser.id}",
+  'Payment Method'  => "/admin/users/#{@edituser.id}/payment-method",
+  'Login Logs'      => "/admin/login-logs?user_id=#{@edituser.id}",
+  'Password'        => "/admin/users/#{@edituser.id}/password",
+  'Roles'           => "/admin/users/#{@edituser.id}/roles",    
+  'Delete'          => "/admin/users/#{@edituser.id}/delete"  
 }
+tabs = Caboose.plugin_hook('admin_user_tabs', tabs, @edituser, @site)
 %>
 <% tabs.each do |text, href| %>
 <% selected = true if request.fullpath == href || (text != 'General' && request.fullpath.starts_with?(href)) %>
 <li<% if selected %> class='selected'<% end %>><a href='<%= href %>'><%= raw text %></a></li>
 <% end %>
-<li class='back'><input type='button' value='< Back' onclick="window.location='/admin/advertisers';" /></li>
+<li class='back'><input type='button' value='< Back' onclick="window.location='/admin/users';" /></li>
 </ul>
 <div id='content2'>

data/app/views/caboose/users/admin_delete_form.html.erb

@@ -0,0 +1,59 @@
+
+<%= render :partial => 'caboose/users/admin_header' %>
+
+<h1>Delete User</h1>
+
+<div id='message'>
+<input type='button' value='Delete User'              onclick="delete_user(<%= @edituser.id %>);" />
+</div>
+
+<%= render :partial => 'caboose/users/admin_footer' %>
+
+<% content_for :caboose_css do %>
+<style type='text/css'>
+</style>
+<% end %>
+<% content_for :caboose_js do %>
+<%= javascript_include_tag "caboose/model/all" %>
+<script type="text/javascript">
+
+$(document).ready(function() {
+  new ModelBinder({
+    name: 'User',
+    id: <%= @edituser.id %>,
+    update_url: '/admin/users/<%= @edituser.id %>',
+    authenticity_token: '<%= form_authenticity_token %>',
+    attributes: [
+      { name: 'first_name' , nice_name: 'First name', type: 'text'     , value: <%= raw Caboose.json(@edituser.first_name) %>, width: 280 },
+      { name: 'last_name'  , nice_name: 'Last name' , type: 'text'     , value: <%= raw Caboose.json(@edituser.last_name)  %>, width: 280 },
+      { name: 'username'   , nice_name: 'Username'  , type: 'text'     , value: <%= raw Caboose.json(@edituser.username)   %>, width: 280 },
+      { name: 'email'      , nice_name: 'Email'     , type: 'text'     , value: <%= raw Caboose.json(@edituser.email)      %>, width: 280 },
+      { name: 'locked'     , nice_name: 'Locked'    , type: 'checkbox' , value: <%= @edituser.locked ? 1 : 0               %>, width: 280 }
+    ]    
+  });  
+});
+
+function delete_user(user_id, confirm)
+{
+  if (!confirm)
+  {
+    var p = $('<p/>').addClass('note confirm')
+      .append('Are you sure you want to delete the user? ')
+      .append($('<input/>').attr('type','button').val('Yes').click(function() { delete_user(user_id, true); })).append(' ')
+      .append($('<input/>').attr('type','button').val('No').click(function() { $('#message').empty(); }));
+    $('#message').empty().append(p);
+    return;
+  }
+  $('#message').html("<p class='loading'>Deleting user...</p>");
+  $.ajax({
+    url: '/admin/users/' + user_id,
+    type: 'delete',
+    success: function(resp) {
+      if (resp.error) $('#message').html("<p class='note error'>" + resp.error + "</p>");
+      if (resp.redirect) window.location = resp.redirect;
+    }
+  });
+}
+
+</script>
+<% end %>

data/app/views/caboose/users/admin_edit.html.erb

@@ -2,28 +2,17 @@
 gravatar_id = Digest::MD5.hexdigest(@edituser.email.downcase)
 pic = "http://gravatar.com/avatar/#{gravatar_id}.png?s=150" #&d=/assets/caboose/default_user_pic.png"  
 %>
-<h1>Edit User</h1>
+
+<%= render :partial => 'caboose/users/admin_header' %>
+
 <p id='gravatar'><img src='<%= pic %>' /><a href='http://gravatar.com'>Update on gravatar</a></p>
 <p><div id='user_<%= @edituser.id %>_first_name' ></div></p>
 <p><div id='user_<%= @edituser.id %>_last_name'  ></div></p>
 <p><div id='user_<%= @edituser.id %>_username'   ></div></p>
 <p><div id='user_<%= @edituser.id %>_email'      ></div></p>
 <p><div id='user_<%= @edituser.id %>_locked'     ></div></p>
-<div id='roles'>
-<table class='data'>
-<% Caboose::Role.flat_tree(@site.id).each do |r| %>
-<% is_member = Caboose::RoleMembership.where(:role_id => r.id, :user_id => @edituser.id).exists? %>
-<tr><td><input type='checkbox' name='role<%= r.id %>' <%= is_member ? "checked='true'" : '' %> onclick="toggle_role(<%= @edituser.id %>, <%= r.id %>, $(this).prop('checked'));" /></td><td><%= r.name %></td></tr>
-<% end %>
-</table>
-</div>
-<div id='message'></div>
-<div id='controls'>
-<input type='button' value='Back'                     onclick="window.location='/admin/users';" />
-<input type='button' value='Login Logs for this User' onclick="window.location='/admin/login-logs?user_id=<%= @edituser.id %>';" />
-<input type='button' value='Reset Password'           onclick="window.location='/admin/users/<%= @edituser.id %>/edit-password';" />
-<input type='button' value='Delete User'              onclick="delete_user(<%= @edituser.id %>);" />
-</div>
+
+<%= render :partial => 'caboose/users/admin_footer' %>
 
 <% content_for :caboose_css do %>
 <style type='text/css'>
@@ -51,44 +40,12 @@ $(document).ready(function() {
   });  
 });
 
-function delete_user(user_id, confirm)
-{
-  if (!confirm)
-  {
-    var p = $('<p/>').addClass('note confirm')
-      .append('Are you sure you want to delete the user? ')
-      .append($('<input/>').attr('type','button').val('Yes').click(function() { delete_user(user_id, true); })).append(' ')
-      .append($('<input/>').attr('type','button').val('No').click(function() { $('#message').empty(); }));
-    $('#message').empty().append(p);
-    return;
-  }
-  $('#message').html("<p class='loading'>Deleting user...</p>");
-  $.ajax({
-    url: '/admin/users/' + user_id,
-    type: 'delete',
-    success: function(resp) {
-      if (resp.error) $('#message').html("<p class='note error'>" + resp.error + "</p>");
-      if (resp.redirect) window.location = resp.redirect;
-    }
-  });
-}
-
-function toggle_role(user_id, role_id, checked)
-{
-  $.ajax({
-    url: '/admin/users/' + user_id +'/roles/' + role_id,
-    type: checked ? 'post' : 'delete',    
-    succes: function(resp) { }
-  });
-}
-
 </script>
 <% end %>
 
 <% content_for :caboose_css do %>
 <style type='text/css'>
-#gravatar {
-  float: right;
+#gravatar {  
   width: 150px;
   text-align: right;
   margin: 0 4px 0 0;

data/app/views/caboose/users/admin_edit_password.html.erb

@@ -1,14 +1,15 @@
 
-<h1>Reset Password for <%= "#{@edituser.first_name} #{@edituser.last_name}" %></h1>
+<%= render :partial => 'caboose/users/admin_header' %>
+
+<h2>Reset Password for <%= "#{@edituser.first_name} #{@edituser.last_name}" %></h2>
 <form action='/admin/users/<%= @edituser.id %>' method='put' id='password_form'>
 <input type='hidden' name='authenticity_token' value='<%= form_authenticity_token %>' />
 <p><input type='password' name='password'   id='password'   value="" placeholder='Password' /></p>
 <p><input type='password' name='password2'  id='password2'  value="" placeholder='Confirm password' /></p>
 <div id='message'></div>
-<p>
-<input type='button' value='Back' onclick="window.location='/admin/users/<%= @edituser.id %>';" />
-<input type='button' value='Update Password' onclick="update_password();" />
-</p>
+<p><input type='button' value='Update Password' onclick="update_password();" /></p>
+
+<%= render :partial => 'caboose/users/admin_footer' %>
 
 <% content_for :caboose_js do %>
 <script type="text/javascript">

data/app/views/caboose/users/admin_edit_payment_method.html.erb

@@ -0,0 +1,52 @@
+
+<%= render :partial => 'caboose/users/admin_header' %>
+
+<div id='payment_method_container'></div>
+ 
+<%= render :partial => 'caboose/users/admin_footer' %>
+
+<% content_for :caboose_css do %>
+<style type='text/css'>
+
+.stripe_form { width: 400px; }
+.stripe_form .card_number_container { position: relative; width: 100%; }                                 .stripe_form .card_number_container input { padding-left: 30px; height: 37px;            font-size: 15px; width: 100%; border-color: #b9b9b9; border-style: solid; border-width: 1px 1px 0px 1px; }
+.stripe_form .card_exp_container    { position: relative; width: 50% !important; float: left; }          .stripe_form .card_exp_container    input { padding-left: 30px; height: 37px;            font-size: 15px; width: 100%; border-color: #b9b9b9; border-style: solid; border-width: 1px 1px 0px 1px; }
+.stripe_form .card_cvc_container    { position: relative; width: 50%; float: left; }                     .stripe_form .card_cvc_container    input { padding-left: 30px; height: 37px;            font-size: 15px; width: 100%; border-color: #b9b9b9; border-style: solid; border-width: 1px 1px 0px 0px; }
+.stripe_form .card_name_container   { position: relative; width: 50%; float: left; }                     .stripe_form .card_name_container   input { padding-left: 10px; height: 37px !important; font-size: 15px; width: 100%; border-color: #b9b9b9; border-style: solid; border-width: 1px 0px 1px 1px; }
+.stripe_form .card_zip_container    { position: relative; width: 50%; float: left; margin-bottom: 4px; } .stripe_form .card_zip_container    input { padding-left: 10px; height: 37px;            font-size: 15px; width: 100%; border-color: #b9b9b9; border-style: solid; border-width: 1px 1px 1px 0px; }
+
+.stripe_form .card_number_container .icon { position: absolute; top: 3px; left: 1px; transform-origin: 50% 50% 0; pointer-events: none; }
+.stripe_form .card_exp_container    .icon { position: absolute; top: 3px; left: 1px; transform-origin: 50% 50% 0; pointer-events: none; }
+.stripe_form .card_cvc_container    .icon { position: absolute; top: 3px; left: 1px; transform-origin: 50% 50% 0; pointer-events: none; }
+
+.stripe_form .note { width: 100%; margin-bottom: 10px !important; text-align: center; }
+.stripe_form .payment_controls { clear: left; margin-top: 4px !important; }
+
+</style>
+<%= stylesheet_link_tag "caboose/my_account", :media => "all" %>
+<% end %>
+
+<% content_for :caboose_js do %>
+<%= javascript_include_tag 'https://js.stripe.com/v2/' %>
+<%= javascript_include_tag 'caboose/checkout/stripe_payment_method_controller' %>
+<%= javascript_include_tag 'caboose/model/all' %>
+<%= javascript_include_tag 'caboose/united_states' %>
+<%= javascript_include_tag 'caboose/jquery.payment' %>
+<%= javascript_include_tag 'caboose/card' %>
+<script type='text/javascript'>
+
+var controller = false;
+$(document).ready(function() {
+  controller = new StripePaymentMethodController({    
+    cc: {
+      invoice: { total: 1.00 },
+      print_ready_message: function() {},      
+    },
+    refresh_url: '/admin/users/<%= @edituser.id %>/stripe/json',
+    after_update_url: '/admin/users/<%= @edituser.id %>'
+  });
+  controller.print();
+});
+
+</script>
+<% end %>

data/app/views/caboose/users/admin_edit_roles.html.erb

@@ -0,0 +1,35 @@
+
+<%= render :partial => 'caboose/users/admin_header' %>
+
+<div id='roles'>
+<table class='data'>
+<% Caboose::Role.flat_tree(@site.id).each do |r| %>
+<% is_member = Caboose::RoleMembership.where(:role_id => r.id, :user_id => @edituser.id).exists? %>
+<tr><td><input type='checkbox' name='role<%= r.id %>' <%= is_member ? "checked='true'" : '' %> onclick="toggle_role(<%= @edituser.id %>, <%= r.id %>, $(this).prop('checked'));" /></td><td><%= r.name %></td></tr>
+<% end %>
+</table>
+</div>
+
+<%= render :partial => 'caboose/users/admin_footer' %>
+
+<% content_for :caboose_css do %>
+<style type='text/css'>
+#content input[type=checkbox] { position: relative; }
+#roles {}
+</style>
+<% end %>
+<% content_for :caboose_js do %>
+<%= javascript_include_tag "caboose/model/all" %>
+<script type="text/javascript">
+
+function toggle_role(user_id, role_id, checked)
+{
+  $.ajax({
+    url: '/admin/users/' + user_id +'/roles/' + role_id,
+    type: checked ? 'post' : 'delete',    
+    succes: function(resp) { }
+  });
+}
+
+</script>
+<% end %>

data/lib/caboose/version.rb

@@ -1,3 +1,3 @@
 module Caboose
-  VERSION = '0.8.67'
+  VERSION = '0.8.68'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: caboose-cms
 version: !ruby/object:Gem::Version
-  version: 0.8.67
+  version: 0.8.68
 platform: ruby
 authors:
 - William Barry
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-16 00:00:00.000000000 Z
+date: 2016-09-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pg
@@ -745,7 +745,6 @@ files:
 - app/assets/templates/caboose/product/images.jst.ejs
 - app/assets/templates/caboose/product/images_old.jst.ejs
 - app/assets/templates/caboose/product/options.jst.ejs
-- app/controllers/caboose/#checkout_controller.rb#
 - app/controllers/caboose/ab_options_controller.rb
 - app/controllers/caboose/ab_variants_controller.rb
 - app/controllers/caboose/admin_controller.rb
@@ -1210,8 +1209,11 @@ files:
 - app/views/caboose/subscriptions/admin_index.html.erb
 - app/views/caboose/users/_admin_footer.html.erb
 - app/views/caboose/users/_admin_header.html.erb
+- app/views/caboose/users/admin_delete_form.html.erb
 - app/views/caboose/users/admin_edit.html.erb
 - app/views/caboose/users/admin_edit_password.html.erb
+- app/views/caboose/users/admin_edit_payment_method.html.erb
+- app/views/caboose/users/admin_edit_roles.html.erb
 - app/views/caboose/users/admin_import_form.html.erb
 - app/views/caboose/users/admin_index.html.erb
 - app/views/caboose/users/admin_new.html.erb

data/app/controllers/caboose/#checkout_controller.rb#

@@ -1,464 +0,0 @@
-require 'authorize_net'
-  
-module Caboose
-  class CheckoutController < Caboose::ApplicationController
-        
-    before_filter :ensure_line_items, :only => [:step_one, :step_two]
-    protect_from_forgery
-    
-    def ensure_line_items
-      redirect_to '/checkout/empty' if @invoice.line_items.empty?
-    end
-        
-    # @route GET /checkout/json
-    def invoice_json            
-      render :json => @invoice.as_json(
-        :include => [                          
-          :customer,
-          :shipping_address,
-          :billing_address,
-          :invoice_transactions,          
-          { 
-            :line_items => { 
-              :include => { 
-                :variant => { 
-                  :include => [
-                    { :product_images => { :methods => :urls }},
-                    { :product => { :include => { :product_images => { :methods => :urls }}}}
-                  ],
-                  :methods => :title
-                }
-              }
-            }
-          },
-          { :invoice_packages => { :include => [:shipping_package, :shipping_method] }},          
-          { :discounts => { :include => :gift_card }}
-        ]        
-      )      
-    end
-    
-    # @route GET /checkout/stripe/json
-    def stripe_json
-      sc = @site.store_config
-      u = logged_in_user
-      render :json => {
-        :stripe_key     => sc.stripe_publishable_key.strip,        
-        :customer_id    => u.stripe_customer_id,                   
-        :card_last4     => u.card_last4,     
-        :card_brand     => u.card_brand,       
-        :card_exp_month => u.card_exp_month, 
-        :card_exp_year  => u.card_exp_year
-      }          
-    end
-    
-    #===========================================================================
-    
-    # Step 1 - Login or register
-    # @route GET /checkout
-    def index            
-      if logged_in?
-        if @invoice.customer_id.nil?
-          @invoice.customer_id = logged_in_user.id
-          @invoice.save
-        end                        
-        #redirect_to '/checkout/addresses'
-        #return
-        
-        @invoice.verify_invoice_packages
-        
-        # See if any there are any empty invoice packages          
-        #@invoice.invoice_packages.each do |op|
-        #  count = 0
-        #  @invoice.line_items.each do |li|
-        #    count = count + 1 if li.invoice_package_id == op.id
-        #  end
-        #  op.destroy if count == 0
-        #end
-        #
-        ## See if any line items aren't associated with an invoice package
-        #line_items_attached = true
-        #@invoice.line_items.each do |li|
-        #  line_items_attached = false if li.invoice_package_id.nil?
-        #end
-        #  
-        #ops = @invoice.invoice_packages
-        #if ops.count == 0 || !line_items_attached
-        #  @invoice.calculate
-        #  LineItem.where(:invoice_id => @invoice.id).update_all(:invoice_package_id => nil)
-        #  InvoicePackage.where(:invoice_id => @invoice.id).destroy_all          
-        #  InvoicePackage.create_for_invoice(@invoice)
-        #end
-      
-        #render :file => "caboose/checkout/checkout_#{@site.store_config.pp_name}"
-        render :file => "caboose/checkout/checkout"                                                                                                                      
-      end
-    end
-    
-    # Step 3 - Shipping method
-    # @route GET /checkout/shipping/json
-    def shipping_json
-      render :json => { :error => 'Not logged in.'          } and return if !logged_in?
-      render :json => { :error => 'No shippable items.'     } and return if !@invoice.has_shippable_items?
-      render :json => { :error => 'Empty shipping address.' } and return if @invoice.shipping_address.nil?      
-      
-      @invoice.calculate
-      
-      #ops = @invoice.invoice_packages      
-      #if params[:recalculate_invoice_packages] || ops.count == 0
-      #  # Remove any invoice packages      
-      #  LineItem.where(:invoice_id => @invoice.id).update_all(:invoice_package_id => nil)
-      #  InvoicePackage.where(:invoice_id => @invoice.id).destroy_all      
-      #    
-      #  # Calculate what shipping packages we'll need            
-      #  InvoicePackage.create_for_invoice(@invoice)
-      #end
-
-      # Now get the rates for those packages            
-      rates = ShippingCalculator.rates(@invoice)      
-      render :json => rates                  
-    end        
-        
-    # Step 5 - Update Stripe Details
-    # @route PUT /checkout/stripe-details
-    def update_stripe_details
-      render :json => false and return if !logged_in?
-      
-      sc = @site.store_config      
-      Stripe.api_key = sc.stripe_secret_key.strip
-
-      u = logged_in_user      
-      
-      c = nil
-      if u.stripe_customer_id
-        c = Stripe::Customer.retrieve(u.stripe_customer_id)
-        begin          
-          c.source = params[:token]
-          c.save
-        rescue          
-          c = nil
-        end
-      end
-      
-      if c.nil?
-        c = Stripe::Customer.create(
-          :source => params[:token],
-          :email => u.email,
-          :metadata => { :user_id => u.id }          
-        )
-      end
-      
-      u.stripe_customer_id = c.id
-      u.card_last4     = params[:card][:last4]
-      u.card_brand     = params[:card][:brand]  
-      u.card_exp_month = params[:card][:exp_month]
-      u.card_exp_year  = params[:card][:exp_year]
-      u.save
-      
-      render :json => {
-        :success => true,
-        :customer_id => u.stripe_customer_id
-      }      
-    end
-    
-    # @route POST /checkout/confirm
-    def confirm
-      render :json => { :error => 'Not logged in.'            } and return if !logged_in?
-      #render :json => { :error => 'Invalid billing address.'  } and return if @invoice.billing_address.nil?
-      render :json => { :error => 'Invalid shipping address.' } and return if @invoice.has_shippable_items? && @invoice.shipping_address.nil?      
-      render :json => { :error => 'Invalid shipping methods.' } and return if @invoice.has_shippable_items? && @invoice.has_empty_shipping_methods?      
-      
-      resp = Caboose::StdClass.new
-      sc = @site.store_config
-      
-      # Make sure all the variants still exist      
-      @invoice.line_items.each do |li|
-        v = Variant.where(:id => li.variant_id).first
-        if v.nil? || v.status == 'Deleted'
-          render :json => { :error => 'One or more of the products you are purchasing are no longer available.' }
-          return
-        end
-      end
-
-      error = false      
-      requires_payment = @invoice.line_items.count > 0 && @invoice.total > 0 && @invoice.payment_terms == Invoice::PAYMENT_TERMS_PIA       
-      if requires_payment
-      
-        ot = nil
-        case sc.pp_name
-          when StoreConfig::PAYMENT_PROCESSOR_AUTHNET
-                                    
-          when StoreConfig::PAYMENT_PROCESSOR_STRIPE
-            Stripe.api_key = sc.stripe_secret_key.strip
-            begin
-              c = Stripe::Charge.create(
-                :amount => (@invoice.total * 100).to_i,
-                :currency => 'usd',
-                :customer => logged_in_user.stripe_customer_id,
-                :capture => false,
-                :metadata => { :invoice_id => @invoice.id },
-                :statement_descriptor => "Invoice ##{@invoice.id}"
-              )
-            rescue Exception => ex
-              render :json => { :error => ex.message }
-              return
-            end
-            ot = Caboose::InvoiceTransaction.create(
-              :invoice_id        => @invoice.id,
-              :transaction_id    => c.id,
-              :transaction_type  => c.captured ? Caboose::InvoiceTransaction::TYPE_AUTHCAP : Caboose::InvoiceTransaction::TYPE_AUTHORIZE,
-              :payment_processor => sc.pp_name,
-              :amount            => c.amount/100.0,              
-              :date_processed    => DateTime.now.utc,              
-              :success           => c.status == 'succeeded'
-            )
-        end
-        
-        if !ot.success
-          render :json => { :error => error }
-          return        
-        else        
-          @invoice.financial_status = Invoice::FINANCIAL_STATUS_AUTHORIZED                                                   
-          @invoice.take_gift_card_funds
-        end
-      end
-      
-      @invoice.status = Invoice::STATUS_PENDING
-      @invoice.invoice_number = @site.store_config.next_invoice_number
-      
-      # Send out emails
-      begin
-        InvoicesMailer.configure_for_site(@site.id).customer_new_invoice(@invoice).deliver
-        InvoicesMailer.configure_for_site(@site.id).fulfillment_new_invoice(@invoice).deliver
-      rescue
-        puts "=================================================================="
-        puts "Error sending out invoice confirmation emails for invoice ID #{@invoice.id}"
-        puts "=================================================================="
-      end
-      
-      # Emit invoice event      
-      Caboose.plugin_hook('invoice_authorized', @invoice) if @invoice.total > 0 
-      
-      # Save the invoice
-      @invoice.save
-      
-      # Decrement quantities of variants
-      @invoice.decrement_quantities
-      
-      # Clear the cart and re-initialize                    
-      session[:cart_id] = nil
-      init_cart
-      
-      resp.success = true
-      resp.redirect = '/checkout/thanks'      
-      render :json => resp
-    end
-    
-    # @route GET /checkout/thanks
-    def thanks
-      @logged_in_user = logged_in_user
-      
-      # Find the last invoice for the user
-      @last_invoice = Invoice.where(:customer_id => @logged_in_user.id).reorder("id desc").limit(1).first            
-      add_ga_event('Ecommerce', 'Checkout', 'Payment', (@last_invoice.total*100).to_i)
-    end
-    
-    #===========================================================================    
-    
-    # @route GET /checkout/state-options
-    def state_options                            
-      options = Caboose::States.all.collect { |abbr, state| { 'value' => abbr, 'text' => abbr }}
-      render :json => options
-    end
-        
-    # @route GET /checkout/total
-    def verify_total
-      total = 0.00
-      if logged_in?
-        @invoice.calculate
-        total = @invoice.total
-      end
-      render :json => total.to_f      
-    end
-    
-    # @route GET /checkout/address
-    def address
-      render :json => {
-        :shipping_address => @invoice.shipping_address,
-        :billing_address => @invoice.billing_address
-      }
-    end
-            
-    # @route PUT /checkout/addresses
-    def update_addresses
-      
-      # Grab or create addresses
-      shipping_address = if @invoice.shipping_address then @invoice.shipping_address else Address.new end
-      billing_address  = if @invoice.billing_address  then @invoice.billing_address  else Address.new end
-            
-      has_shippable_items = @invoice.has_shippable_items?
-        
-      # Shipping address
-      if has_shippable_items
-        shipping_address.first_name = params[:shipping][:first_name]
-        shipping_address.last_name  = params[:shipping][:last_name]
-        shipping_address.company    = params[:shipping][:company]
-        shipping_address.address1   = params[:shipping][:address1]
-        shipping_address.address2   = params[:shipping][:address2]
-        shipping_address.city       = params[:shipping][:city]
-        shipping_address.state      = params[:shipping][:state]
-        shipping_address.zip        = params[:shipping][:zip]
-      end
-      
-      # Billing address
-      if has_shippable_items && params[:use_as_billing]
-        billing_address.update_attributes(shipping_address.attributes)
-      else
-        billing_address.first_name = params[:billing][:first_name]
-        billing_address.last_name  = params[:billing][:last_name]
-        billing_address.company    = params[:billing][:company]
-        billing_address.address1   = params[:billing][:address1]
-        billing_address.address2   = params[:billing][:address2]
-        billing_address.city       = params[:billing][:city]
-        billing_address.state      = params[:billing][:state]
-        billing_address.zip        = params[:billing][:zip]
-      end
-      
-      # Save address info; generate ids      
-      render :json => { :success => false, :errors => shipping_address.errors.full_messages, :address => 'shipping' } and return if has_shippable_items && !shipping_address.save
-      render :json => { :success => false, :errors => billing_address.errors.full_messages, :address => 'billing' } and return if !billing_address.save
-      
-      # Associate address info with invoice
-      @invoice.shipping_address_id = shipping_address.id
-      @invoice.billing_address_id  = billing_address.id
-      
-      #render :json => { :redirect => 'checkout/shipping' }
-      render :json => { :success => @invoice.save, :errors => @invoice.errors.full_messages }
-    end
-    
-    # @route PUT /checkout/shipping-address
-    def update_shipping_address      
-      resp = Caboose::StdClass.new
-            
-      # Grab or create addresses
-      sa = @invoice.shipping_address
-      if sa.nil?
-        sa = Address.create
-        @invoice.shipping_address_id = sa.id
-        @invoice.save
-      end
-            
-      save = true
-      recalc_shipping = false
-      params.each do |name, value|
-        case name                              
-          when 'address1' then recalc_shipping = true if sa.address1 != value
-          when 'address2' then recalc_shipping = true if sa.address2 != value          
-          when 'city'     then recalc_shipping = true if sa.city     != value
-          when 'state'    then recalc_shipping = true if sa.state    != value          
-          when 'zip'      then recalc_shipping = true if sa.zip      != value          
-        end        
-        case name          
-          when 'name'           then sa.name          = value          
-          when 'first_name'     then sa.first_name    = value
-          when 'last_name'      then sa.last_name     = value
-          when 'street'         then sa.street        = value
-          when 'address1'       then sa.address1      = value
-          when 'address2'       then sa.address2      = value
-          when 'company'        then sa.company       = value
-          when 'city'           then sa.city          = value
-          when 'state'          then sa.state         = value
-          when 'province'       then sa.province      = value
-          when 'province_code'  then sa.province_code = value
-          when 'zip'            then sa.zip           = value
-          when 'country'        then sa.country       = value
-          when 'country_code'   then sa.country_code  = value
-          when 'phone'          then sa.phone         = value
-        end                 
-      end      
-      if recalc_shipping
-        @invoice.invoice_packages.each do |op|          
-          op.shipping_method_id = nil                         
-          op.total = nil
-          op.save
-        end
-      end
-
-      resp.success = save && sa.save      
-      render :json => resp            
-    end
-    
-    # @route PUT /checkout/billing-address
-    def update_billing_address
-      
-      # Grab or create addresses
-      ba = @invoice.billing_address
-      if ba.nil?
-        ba = Address.create
-        @invoice.billing_address_id = ba.id
-        @invoice.save
-      end
-                                                        
-      ba.first_name = params[:first_name]
-      ba.last_name  = params[:last_name]
-      ba.company    = params[:company]
-      ba.address1   = params[:address1]
-      ba.address2   = params[:address2]
-      ba.city       = params[:city]
-      ba.state      = params[:state]
-      ba.zip        = params[:zip]
-      ba.save
-                        
-      render :json => { :success => true }
-    end
-    
-    # @route POST /checkout/attach-user
-    def attach_user              
-      render :json => { :success => false, :errors => ['User is not logged in'] } and return if !logged_in?
-      @invoice.customer_id = logged_in_user.id
-      #Caboose.log("Attaching user to invoice: customer_id = #{@invoice.customer_id}")
-      render :json => { :success => @invoice.save, :errors => @invoice.errors.full_messages, :logged_in => logged_in? }
-    end
-    
-    # @route POST /checkout/guest
-    def attach_guest
-      resp = Caboose::StdClass.new      
-      email = params[:email]      
-      
-      if email != params[:confirm_email]
-        resp.error = "Emails do not match."
-      elsif Caboose::User.where(:email => email, :is_guest => false).exists?
-        resp.error = "A user with that email address already exists."
-      else
-        user = Caboose::User.where(:email => email, :is_guest => true).first
-        if user.nil?        
-          user = Caboose::User.create(:email => email)
-          user.is_guest = true
-          user.save
-          user = Caboose::User.where(:email => email).first
-        end                   
-        @invoice.customer_id = user.id
-        login_user(user)
-        
-        if !@invoice.valid?        
-          resp.errors = @invoice.errors.full_messages
-        else
-          @invoice.save
-          resp.redirect = '/checkout/addresses'
-        end
-      end
-      render :json => resp            
-    end
-    
-    # @route PUT /checkout/shipping
-    def update_shipping
-      op = InvoicePackage.find(params[:invoice_package_id])
-      op.shipping_method_id = params[:shipping_method_id]
-      op.total = params[:total]
-      op.save
-      op.invoice.calculate
-                                   
-      render :json => { :success => true }               
-    end
-        
-  end
-end