effective_orders 4.5.0

data/app/controllers/effective/carts_controller.rb

@@ -0,0 +1,85 @@
+module Effective
+  class CartsController < ApplicationController
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:carts] : EffectiveOrders.layout)
+
+    def show
+      @cart = current_cart
+      @pending_orders = Effective::Order.pending.where(user: current_user) if current_user.present?
+
+      @page_title ||= 'My Cart'
+      EffectiveOrders.authorize!(self, :show, @cart)
+    end
+
+    def destroy
+      @cart = current_cart
+
+      EffectiveOrders.authorize!(self, :destroy, @cart)
+
+      if @cart.destroy
+        flash[:success] = 'Successfully emptied cart.'
+      else
+        flash[:danger] = 'Unable to destroy cart.'
+      end
+
+      redirect_back_or_to_cart
+    end
+
+    def add_to_cart
+      @purchasable = (add_to_cart_params[:purchasable_type].constantize.find(add_to_cart_params[:purchasable_id].to_i) rescue nil)
+
+      EffectiveOrders.authorize!(self, :update, current_cart)
+
+      begin
+        raise "Please select a valid #{add_to_cart_params[:purchasable_type] || 'item' }." unless @purchasable
+
+        current_cart.add(@purchasable, quantity: [add_to_cart_params[:quantity].to_i, 1].max)
+        flash[:success] = 'Successfully added item to cart.'
+      rescue EffectiveOrders::SoldOutException
+        flash[:warning] = 'This item is sold out.'
+      rescue => e
+        flash[:danger] = 'Unable to add item to cart: ' + e.message
+      end
+
+      redirect_back_or_to_cart
+    end
+
+    def remove_from_cart
+      @cart_item = current_cart.cart_items.find(remove_from_cart_params[:id])
+
+      EffectiveOrders.authorize!(self, :update, current_cart)
+
+      if @cart_item.destroy
+        flash[:success] = 'Successfully removed item from cart.'
+      else
+        flash[:danger] = 'Unable to remove item from cart.'
+      end
+
+      redirect_back_or_to_cart
+    end
+
+    private
+
+    def current_cart
+      view_context.current_cart
+    end
+
+    def add_to_cart_params
+      params.permit(:purchasable_type, :purchasable_id, :quantity)
+    end
+
+    def remove_from_cart_params
+      params.permit(:id)
+    end
+
+    def redirect_back_or_to_cart
+      if respond_to?(:redirect_back)
+        redirect_back(fallback_location: effective_orders.cart_path)
+      elsif request.referrer.present?
+        redirect_to(:back)
+      else
+        redirect_to(effective_orders.cart_path)
+      end
+    end
+
+  end
+end

data/app/controllers/effective/concerns/purchase.rb

@@ -0,0 +1,62 @@
+module Effective
+  module Concerns
+    module Purchase
+      extend ActiveSupport::Concern
+
+      protected
+
+      def order_purchased(payment:, provider:, card: 'none', email: true, skip_buyer_validations: false, purchased_url: nil, declined_url: nil)
+        begin
+          @order.purchase!(payment: payment, provider: provider, card: card, email: email, skip_buyer_validations: skip_buyer_validations)
+
+          Effective::Cart.where(user: @order.user).destroy_all
+
+          if flash[:success].blank?
+            if EffectiveOrders.mailer[:send_order_receipt_to_buyer] && email
+              flash[:success] = "Payment successful! A receipt has been sent to #{@order.emails_send_to}"
+            else
+              flash[:success] = "Payment successful! An email receipt has not been sent."
+            end
+          end
+
+          purchased_url ||= effective_orders.purchased_order_path(':id')
+          redirect_to purchased_url.gsub(':id', @order.to_param.to_s)
+        rescue => e
+          flash[:danger] = "An error occurred while processing your payment: #{e.message}. Please try again."
+
+          declined_url ||= effective_orders.declined_order_path(':id')
+          redirect_to declined_url.gsub(':id', @order.to_param.to_s)
+        end
+      end
+
+      def order_deferred(provider:, email: true, deferred_url: nil)
+        @order.defer!(provider: provider, email: email)
+
+        Effective::Cart.where(user: @order.user).destroy_all
+
+        if flash[:success].blank?
+          if email
+            flash[:success] = "Deferred payment created! A request for payment has been sent to #{@order.emails_send_to}"
+          else
+            flash[:success] = "Deferred payment created!"
+          end
+        end
+
+        deferred_url ||= effective_orders.deferred_order_path(':id')
+        redirect_to deferred_url.gsub(':id', @order.to_param.to_s)
+      end
+
+      def order_declined(payment:, provider:, card: 'none', declined_url: nil)
+        @order.decline!(payment: payment, provider: provider, card: card)
+
+        if flash[:danger].blank?
+          flash[:danger] = 'Payment was unsuccessful. Your credit card was declined by the payment processor. Please try again.'
+        end
+
+        declined_url ||= effective_orders.declined_order_path(':id')
+        redirect_to declined_url.gsub(':id', @order.to_param.to_s)
+      end
+
+    end
+  end
+end

data/app/controllers/effective/customers_controller.rb

@@ -0,0 +1,20 @@
+module Effective
+  class CustomersController < ApplicationController
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:customers] : EffectiveOrders.layout)
+
+    include Effective::CrudController
+
+    submit :save, 'Save', success: -> { 'Successfully updated card.' }
+    page_title 'Customer Settings'
+
+    def resource
+      @customer = Effective::Customer.where(user: current_user).first!
+      @subscripter ||= Effective::Subscripter.new(customer: @customer, current_user: current_user)
+    end
+
+    # StrongParameters
+    def customer_params
+      params.require(:effective_subscripter).permit(:stripe_token)
+    end
+  end
+end

data/app/controllers/effective/orders_controller.rb

@@ -0,0 +1,162 @@
+module Effective
+  class OrdersController < ApplicationController
+    include Concerns::Purchase
+
+    include Providers::Cheque if EffectiveOrders.cheque?
+    include Providers::Free if EffectiveOrders.free?
+    include Providers::MarkAsPaid if EffectiveOrders.mark_as_paid?
+    include Providers::Moneris if EffectiveOrders.moneris?
+    include Providers::Paypal if EffectiveOrders.paypal?
+    include Providers::Phone if EffectiveOrders.phone?
+    include Providers::Pretend if EffectiveOrders.pretend?
+    include Providers::Refund if EffectiveOrders.refund?
+    include Providers::Stripe if EffectiveOrders.stripe?
+
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:orders] : EffectiveOrders.layout)
+
+    before_action :authenticate_user!, except: [:ccbill_postback, :free, :paypal_postback, :moneris_postback, :pretend]
+    before_action :set_page_title, except: [:show]
+
+    # If you want to use the Add to Cart -> Checkout flow
+    # Add one or more items however you do.
+    # redirect_to effective_orders.new_order_path, which is here.
+    # This is the entry point for any Checkout button.
+    # It displayes an order based on the cart
+    # Always step1
+    def new
+      @order ||= Effective::Order.new(view_context.current_cart)
+
+      EffectiveOrders.authorize!(self, :new, @order)
+
+      unless @order.valid?
+        flash[:danger] = "Unable to proceed: #{flash_errors(@order)}. Please try again."
+        redirect_to(effective_orders.cart_path)
+        return
+      end
+    end
+
+    # Confirms an order from the cart.
+    def create
+      @order ||= Effective::Order.new(view_context.current_cart)
+      EffectiveOrders.authorize!(self, :create, @order)
+
+      @order.assign_attributes(checkout_params)
+
+      if (@order.confirm! rescue false)
+        redirect_to(effective_orders.order_path(@order))
+      else
+        flash.now[:danger] = "Unable to proceed: #{flash_errors(@order)}. Please try again."
+        render :new
+      end
+    end
+
+    # If you want to use the order = Effective::Order.new(@thing); order.save! flow
+    # Add one or more items to the order.
+    # redirect_to effective_orders.order_path(order), which is here
+    # This is the entry point for an existing order.
+    # Might render step1 or step2
+    def show
+      @order = Effective::Order.find(params[:id])
+      EffectiveOrders.authorize!(self, :show, @order)
+
+      @page_title ||= ((@order.user == current_user && !@order.purchased?) ? 'Checkout' : @order.to_s)
+    end
+
+    # Always step1
+    def edit
+      @order ||= Effective::Order.find(params[:id])
+      EffectiveOrders.authorize!(self, :edit, @order)
+    end
+
+    # Confirms the order from existing order
+    def update
+      @order ||= Effective::Order.find(params[:id])
+      EffectiveOrders.authorize!(self, :update, @order)
+
+      @order.assign_attributes(checkout_params)
+
+      if (@order.confirm! rescue false)
+        redirect_to(effective_orders.order_path(@order))
+      else
+        flash.now[:danger] = "Unable to proceed: #{flash_errors(@order)}. Please try again."
+        render :edit
+      end
+    end
+
+    # My Orders History
+    def index
+      @datatable = EffectiveOrdersDatatable.new(user_id: current_user.id)
+      EffectiveOrders.authorize!(self, :index, Effective::Order.new(user: current_user))
+    end
+
+    # Thank you for Purchasing this Order. This is where a successfully purchased order ends up
+    def purchased # Thank You!
+      @order = Effective::Order.purchased.find(params[:id])
+      EffectiveOrders.authorize!(self, :show, @order)
+    end
+
+    def deferred
+      @order = Effective::Order.deferred.find(params[:id])
+      EffectiveOrders.authorize!(self, :show, @order)
+    end
+
+    def declined
+      @order = Effective::Order.declined.find(params[:id])
+      EffectiveOrders.authorize!(self, :show, @order)
+    end
+
+    def send_buyer_receipt
+      @order = Effective::Order.find(params[:id])
+      EffectiveOrders.authorize!(self, :show, @order)
+
+      if @order.send_order_receipt_to_buyer!
+        flash[:success] = "A receipt has been sent to #{@order.emails_send_to}"
+      else
+        flash[:danger] = "Unable to send receipt."
+      end
+
+      if respond_to?(:redirect_back)
+        redirect_back(fallback_location: effective_orders.order_path(@order))
+      elsif request.referrer.present?
+        redirect_to :back
+      else
+        redirect_to effective_orders.order_path(@order)
+      end
+    end
+
+    def bulk_send_buyer_receipt
+      @orders = Effective::Order.purchased.where(id: params[:ids])
+
+      begin
+        EffectiveOrders.authorize!(self, :index, Effective::Order.new(user: current_user))
+
+        @orders.each do |order|
+          next unless EffectiveOrders.authorized?(self, :show, order)
+          order.send_order_receipt_to_buyer!
+        end
+
+        render json: { status: 200, message: "Successfully sent #{@orders.length} receipt emails"}
+      rescue => e
+        render json: { status: 500, message: "Bulk send buyer receipt error: #{e.message}" }
+      end
+    end
+
+    private
+
+    # StrongParameters
+    def checkout_params
+      params.require(:effective_order).permit(EffectiveOrders.permitted_params)
+    end
+
+    def set_page_title
+      @page_title ||= case params[:action]
+        when 'index'        ; 'Order History'
+        when 'purchased'    ; 'Thank You'
+        when 'declined'     ; 'Payment Declined'
+        when 'deferred'     ; 'Thank You'
+        else 'Checkout'
+      end
+    end
+
+  end
+end

data/app/controllers/effective/providers/cheque.rb

@@ -0,0 +1,22 @@
+module Effective
+  module Providers
+    module Cheque
+      extend ActiveSupport::Concern
+
+      def cheque
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+
+        flash[:success] = EffectiveOrders.cheque[:success]
+
+        order_deferred(provider: 'cheque', deferred_url: cheque_params[:deferred_url])
+      end
+
+      def cheque_params
+        params.require(:cheque).permit(:deferred_url)
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/free.rb

@@ -0,0 +1,33 @@
+module Effective
+  module Providers
+    module Free
+      extend ActiveSupport::Concern
+
+      def free
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+
+        unless @order.free?
+          flash[:danger] = 'Unable to process free order with a non-zero total'
+          redirect_to effective_orders.order_path(@order)
+          return
+        end
+
+        order_purchased(
+          payment: 'free order. no payment required.',
+          provider: 'free',
+          card: 'none',
+          purchased_url: free_params[:purchased_url],
+          declined_url: free_params[:declined_url],
+          email: false
+        )
+      end
+
+      def free_params
+        params.require(:free).permit(:purchased_url, :declined_url)
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/mark_as_paid.rb

@@ -0,0 +1,33 @@
+module Effective
+  module Providers
+    module MarkAsPaid
+      extend ActiveSupport::Concern
+
+      def mark_as_paid
+        @order ||= Order.find(params[:id])
+
+        EffectiveOrders.authorize!(self, :update, @order)
+        EffectiveOrders.authorize!(self, :admin, :effective_orders)
+
+        @order.assign_attributes(mark_as_paid_params.except(:payment, :payment_provider, :payment_card))
+
+        order_purchased(
+          payment: mark_as_paid_params[:payment],
+          provider: mark_as_paid_params[:payment_provider],
+          card: mark_as_paid_params[:payment_card],
+          email: @order.send_mark_as_paid_email_to_buyer?,
+          skip_buyer_validations: true,
+          purchased_url: effective_orders.admin_order_path(@order),
+          declined_url: effective_orders.admin_order_path(@order)
+        )
+      end
+
+      def mark_as_paid_params
+        params.require(:effective_order).permit(
+          :payment, :payment_provider, :payment_card, :note_to_buyer, :send_mark_as_paid_email_to_buyer
+        )
+      end
+
+    end
+  end
+end

data/app/controllers/effective/providers/moneris.rb

@@ -0,0 +1,60 @@
+require 'net/http'
+
+module Effective
+  module Providers
+    module Moneris
+      extend ActiveSupport::Concern
+
+      included do
+        skip_before_action :verify_authenticity_token, only: [:moneris_postback]
+      end
+
+      def moneris_postback
+        @order ||= Effective::Order.find(params[:response_order_id])
+
+        (EffectiveOrders.authorize!(self, :update, @order) rescue false)
+
+        # Delete the Purchased and Declined Redirect URLs
+        purchased_url = params.delete(:rvar_purchased_url)
+        declined_url = params.delete(:rvar_declined_url)
+
+        if @order.purchased?  # Fallback to a success condition of the Order is already purchased
+          return order_purchased(payment: params, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
+        end
+
+        # Invalid Result
+        if params[:result].to_s != '1' || params[:transactionKey].blank?
+          return order_declined(payment: params, provider: 'moneris', card: params[:card], declined_url: declined_url)
+        end
+
+        # Verify response from moneris
+        payment = params.merge(verify_moneris_transaction(params[:transactionKey]))
+        valid = (1..49).include?(payment[:response_code].to_i)  # Must be > 0 and < 50 to be valid. Sometimes we get the string 'null'
+
+        if valid == false
+          return order_declined(payment: payment, provider: 'moneris', card: params[:card], declined_url: declined_url)
+        end
+
+        order_purchased(payment: payment, provider: 'moneris', card: params[:card], purchased_url: purchased_url)
+      end
+
+      private
+
+      def verify_moneris_transaction(transactionKey)
+        # Send a verification POST request
+        uri = URI.parse(EffectiveOrders.moneris[:verify_url])
+        params = { ps_store_id: EffectiveOrders.moneris[:ps_store_id], hpp_key: EffectiveOrders.moneris[:hpp_key], transactionKey: transactionKey }
+        headers = { 'Referer': effective_orders.moneris_postback_orders_url }
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+
+        body = http.post(uri.path, params.to_query, headers).body
+
+        # Parse response into a Hash
+        body.split('<br>').inject({}) { |h, i| h[i.split(' ').first.to_sym] = i.split(' ').last; h }
+      end
+
+    end
+  end
+end