effective_orders 4.6.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/MIT-LICENSE +1 -1
- data/README.md +11 -86
- data/app/controllers/admin/customers_controller.rb +5 -16
- data/app/controllers/admin/order_items_controller.rb +6 -9
- data/app/controllers/admin/orders_controller.rb +17 -81
- data/app/controllers/effective/carts_controller.rb +10 -6
- data/app/controllers/effective/customers_controller.rb +4 -2
- data/app/controllers/effective/orders_controller.rb +27 -23
- data/app/controllers/effective/providers/cheque.rb +3 -1
- data/app/controllers/effective/providers/free.rb +3 -1
- data/app/controllers/effective/providers/mark_as_paid.rb +4 -2
- data/app/controllers/effective/providers/moneris.rb +3 -1
- data/app/controllers/effective/providers/paypal.rb +3 -2
- data/app/controllers/effective/providers/phone.rb +3 -1
- data/app/controllers/effective/providers/pretend.rb +3 -1
- data/app/controllers/effective/providers/refund.rb +3 -1
- data/app/controllers/effective/providers/stripe.rb +3 -1
- data/app/controllers/effective/subscripter_controller.rb +4 -2
- data/app/controllers/effective/webhooks_controller.rb +12 -3
- data/app/datatables/admin/effective_customers_datatable.rb +7 -3
- data/app/datatables/admin/effective_orders_datatable.rb +2 -2
- data/app/datatables/effective_orders_datatable.rb +1 -1
- data/app/mailers/effective/orders_mailer.rb +131 -96
- data/app/models/concerns/acts_as_purchasable.rb +0 -11
- data/app/models/concerns/acts_as_subscribable.rb +0 -6
- data/app/models/effective/cart.rb +7 -5
- data/app/models/effective/cart_item.rb +7 -4
- data/app/models/effective/customer.rb +7 -6
- data/app/models/effective/order.rb +51 -38
- data/app/models/effective/order_item.rb +10 -8
- data/app/models/effective/product.rb +9 -6
- data/app/models/effective/subscription.rb +13 -12
- data/app/views/admin/orders/_form.html.haml +5 -9
- data/app/views/admin/orders/_order_item_fields.html.haml +8 -12
- data/app/views/effective/orders/_checkout_step2.html.haml +1 -2
- data/app/views/effective/orders/_order_actions.html.haml +1 -1
- data/config/effective_orders.rb +8 -32
- data/config/routes.rb +16 -17
- data/db/migrate/01_create_effective_orders.rb.erb +4 -0
- data/lib/effective_orders.rb +34 -76
- data/lib/effective_orders/engine.rb +0 -7
- data/lib/effective_orders/version.rb +1 -1
- data/lib/generators/templates/effective_orders_mailer_preview.rb +13 -13
- data/lib/tasks/effective_orders_tasks.rake +2 -2
- metadata +1 -2
- data/app/models/effective/access_denied.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f8f7d52a67d1ce51884188e1731619ec49e06862122a47c7ef6453a53b1a841
|
4
|
+
data.tar.gz: f6326e488f80799a0b5425d319a0a576053a5f73d51967931d1b0b58281b5ce5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f21b668907138f9d2257215ee2446064bceaccfe69bb4553923fac8c018f0309cf050a4aa26322d37bde38b67de363057cbdc5982bb30c085f09e4dae5b4dcca
|
7
|
+
data.tar.gz: 5d78b1895cd76eafbb041324e5bc4be940a191c8d5a48ea3f5458af1d72c05b1cea9dafd0fbdab41bf56105a8f6ae0b28b5bb4ee9f47e7243c8fe76d04e25533
|
data/MIT-LICENSE
CHANGED
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Carts, Orders, and collecting payment via Stripe, PayPal and Moneris.
|
4
4
|
|
5
|
-
A Rails Engine to handle the purchase workflow in a Rails
|
5
|
+
A Rails Engine to handle the purchase workflow in a Rails application.
|
6
6
|
|
7
7
|
Also works with Stripe Subscriptions.
|
8
8
|
|
@@ -10,17 +10,9 @@ Sends order receipt emails automatically.
|
|
10
10
|
|
11
11
|
Has Order History, My Purchases, My Sales and Admin screens.
|
12
12
|
|
13
|
-
##
|
13
|
+
## effective_orders 5.0
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
```
|
18
|
-
add_column :customers, :payment_method_id, :string
|
19
|
-
```
|
20
|
-
|
21
|
-
## effective_orders 4.0
|
22
|
-
|
23
|
-
This is the 4.0 series of effective_orders.
|
15
|
+
This is the 5.0 series of effective_orders.
|
24
16
|
|
25
17
|
This requires Twitter Bootstrap 4 and Rails 5.1+
|
26
18
|
|
@@ -160,32 +152,18 @@ Once the database has been migrated, it is time to scaffold/build the CRUD Produ
|
|
160
152
|
|
161
153
|
### Products#new/#edit
|
162
154
|
|
163
|
-
Use an [
|
155
|
+
Use an [effective_bootstrap](https://github.com/code-and-effect/effective_bootstrap#effective-price) f.price_field input to enter the price.
|
164
156
|
|
165
157
|
It displays the underlying Integer price as a currency formatted value, ensures that a properly formatted price is entered by the user, and POSTs the appropriate Integer value back to the server.
|
166
158
|
|
167
159
|
This is available for simple_form, formtastic and Rails default FormBuilder.
|
168
160
|
|
169
161
|
```haml
|
170
|
-
=
|
171
|
-
= f.
|
172
|
-
= f.
|
173
|
-
= f.
|
174
|
-
= f.
|
175
|
-
```
|
176
|
-
|
177
|
-
or
|
178
|
-
|
179
|
-
```ruby
|
180
|
-
= semantic_form_for(@product) do |f|
|
181
|
-
= f.input :price, as: :effective_price
|
182
|
-
```
|
183
|
-
|
184
|
-
or
|
185
|
-
|
186
|
-
```haml
|
187
|
-
= form_for(@product) do |f|
|
188
|
-
= f.effective_price :price
|
162
|
+
= effective_form_with(model: @product) do |f|
|
163
|
+
= f.text_field :name
|
164
|
+
= f.checkbox :tax_exempt
|
165
|
+
= f.price_field :price
|
166
|
+
= f.submit
|
189
167
|
```
|
190
168
|
|
191
169
|
### Products#show
|
@@ -287,8 +265,6 @@ end
|
|
287
265
|
|
288
266
|
Of course, there's no mechanism here to prevent someone from just copy&pasting this URL to a friend.
|
289
267
|
|
290
|
-
If you're interested in that kind of restricted-download functionality, please check out [effective_assets](https://github.com/code-and-effect/effective_assets) and the authenticated-read temporary URLs.
|
291
|
-
|
292
268
|
|
293
269
|
### Tax Exempt
|
294
270
|
|
@@ -367,54 +343,7 @@ end
|
|
367
343
|
|
368
344
|
## Authorization
|
369
345
|
|
370
|
-
All authorization checks are handled via the
|
371
|
-
|
372
|
-
It is intended for flow through to CanCan or Pundit, but neither of those gems are required.
|
373
|
-
|
374
|
-
This method is called by the controller action with the appropriate action and resource.
|
375
|
-
|
376
|
-
Action will be one of [:index, :show, :new, :create, :edit, :update, :destroy]
|
377
|
-
|
378
|
-
Resource will the appropriate Effective::Order, Effective::Cart or Effective::Subscription ActiveRecord object or class
|
379
|
-
|
380
|
-
The authorization method is defined in the initializer file:
|
381
|
-
|
382
|
-
```ruby
|
383
|
-
# As a Proc (with CanCan)
|
384
|
-
config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) }
|
385
|
-
```
|
386
|
-
|
387
|
-
```ruby
|
388
|
-
# As a Custom Method
|
389
|
-
config.authorization_method = :my_authorization_method
|
390
|
-
```
|
391
|
-
|
392
|
-
and then in your application_controller.rb:
|
393
|
-
|
394
|
-
```ruby
|
395
|
-
def my_authorization_method(action, resource)
|
396
|
-
current_user.is?(:admin) || EffectivePunditPolicy.new(current_user, resource).send('#{action}?')
|
397
|
-
end
|
398
|
-
```
|
399
|
-
|
400
|
-
or disabled entirely:
|
401
|
-
|
402
|
-
```ruby
|
403
|
-
config.authorization_method = false
|
404
|
-
```
|
405
|
-
|
406
|
-
If the method or proc returns false (user is not authorized) an Effective::AccessDenied exception will be raised
|
407
|
-
|
408
|
-
You can rescue from this exception by adding the following to your application_controller.rb:
|
409
|
-
|
410
|
-
```ruby
|
411
|
-
rescue_from Effective::AccessDenied do |exception|
|
412
|
-
respond_to do |format|
|
413
|
-
format.html { render 'static_pages/access_denied', status: 403 }
|
414
|
-
format.any { render text: 'Access Denied', status: 403 }
|
415
|
-
end
|
416
|
-
end
|
417
|
-
```
|
346
|
+
All authorization checks are handled via the effective_resources gem found in the `config/initializers/effective_resources.rb` file.
|
418
347
|
|
419
348
|
### Permissions
|
420
349
|
|
@@ -452,7 +381,6 @@ Only when the user proceeds to Checkout will they be required to login.
|
|
452
381
|
Upon log in, the session Cart will be assigned to that User's ID, and if the User had a previous existing cart, all CartItems will be merged.
|
453
382
|
|
454
383
|
|
455
|
-
|
456
384
|
You shouldn't need to deal with the Cart object at all, except to make a link from your Site Menu to the 'My Cart' page (as documented above).
|
457
385
|
|
458
386
|
However, if you want to render a Cart on another page, or play with the Cart object directly, you totally can.
|
@@ -500,9 +428,6 @@ If you are using effective_orders to roll your own custom payment workflow, you
|
|
500
428
|
|
501
429
|
Emails will be sent immediately unless `config.mailer[:deliver_method] == :deliver_later`.
|
502
430
|
|
503
|
-
If you are using [Delayed::Job](https://github.com/collectiveidea/delayed_job) to send emails in a background process then you should set the `delayed_job_deliver` option so that `config.mailer[:delayed_job_deliver] == true`.
|
504
|
-
|
505
|
-
|
506
431
|
### Effective::Order Model
|
507
432
|
|
508
433
|
There may be times where you want to deal with the `Effective::Order` object directly.
|
@@ -997,7 +922,7 @@ You should generate separate private and public certificates/keys for this and i
|
|
997
922
|
|
998
923
|
## License
|
999
924
|
|
1000
|
-
MIT License.
|
925
|
+
MIT License. Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
|
1001
926
|
|
1002
927
|
## Contributing
|
1003
928
|
|
@@ -1,23 +1,12 @@
|
|
1
1
|
module Admin
|
2
2
|
class CustomersController < ApplicationController
|
3
|
-
before_action
|
3
|
+
before_action(:authenticate_user!) if defined?(Devise)
|
4
|
+
before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
|
4
5
|
|
5
|
-
|
6
|
+
include Effective::CrudController
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
@page_title = 'Customers'
|
11
|
-
|
12
|
-
EffectiveOrders.authorize!(self, :admin, :effective_orders)
|
13
|
-
EffectiveOrders.authorize!(self, :index, Effective::Customer)
|
14
|
-
end
|
15
|
-
|
16
|
-
def show
|
17
|
-
@customer = Effective::Customer.find(params[:id])
|
18
|
-
|
19
|
-
@page_title ||= @customer.to_s
|
20
|
-
EffectiveOrders.authorize!(self, :show, Effective::Customer)
|
8
|
+
if (config = EffectiveOrders.layout)
|
9
|
+
layout(config.kind_of?(Hash) ? config[:admin] : config)
|
21
10
|
end
|
22
11
|
|
23
12
|
end
|
@@ -1,16 +1,13 @@
|
|
1
1
|
module Admin
|
2
2
|
class OrderItemsController < ApplicationController
|
3
|
-
before_action
|
3
|
+
before_action(:authenticate_user!) if defined?(Devise)
|
4
|
+
before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
|
4
5
|
|
5
|
-
|
6
|
+
include Effective::CrudController
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
@page_title = 'Order Items'
|
11
|
-
|
12
|
-
EffectiveOrders.authorize!(self, :admin, :effective_orders)
|
13
|
-
EffectiveOrders.authorize!(self, :index, Effective::OrderItem)
|
8
|
+
if (config = EffectiveOrders.layout)
|
9
|
+
layout(config.kind_of?(Hash) ? config[:admin] : config)
|
14
10
|
end
|
11
|
+
|
15
12
|
end
|
16
13
|
end
|
@@ -1,32 +1,21 @@
|
|
1
1
|
module Admin
|
2
2
|
class OrdersController < ApplicationController
|
3
|
-
before_action
|
3
|
+
before_action(:authenticate_user!) if defined?(Devise)
|
4
|
+
before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
|
4
5
|
|
5
|
-
|
6
|
+
include Effective::CrudController
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
if params[:user_id]
|
11
|
-
@order.user = User.where(id: params[:user_id]).first
|
12
|
-
end
|
13
|
-
|
14
|
-
if params[:duplicate_id]
|
15
|
-
@duplicate = Effective::Order.deep.find(params[:duplicate_id])
|
16
|
-
EffectiveOrders.authorize!(self, :show, @duplicate)
|
17
|
-
|
18
|
-
@order.add(@duplicate)
|
19
|
-
end
|
20
|
-
|
21
|
-
@page_title = 'New Order'
|
22
|
-
|
23
|
-
raise 'please install cocoon gem to use this page' unless defined?(Cocoon)
|
24
|
-
|
25
|
-
authorize_effective_order!
|
8
|
+
if (config = EffectiveOrders.layout)
|
9
|
+
layout(config.kind_of?(Hash) ? config[:admin] : config)
|
26
10
|
end
|
27
11
|
|
12
|
+
submit :save, 'Continue', redirect: :index
|
13
|
+
submit :save, 'Add New', redirect: -> { effective_orders.new_admin_order_path(user_id: resource.user&.to_param) }
|
14
|
+
submit :save, 'Duplicate', redirect: -> { effective_posts.new_admin_post_path(duplicate_id: resource.id) }
|
15
|
+
submit :save, 'Checkout', redirect: -> { effective_orders.checkout_admin_order_path(resource) }
|
16
|
+
|
28
17
|
def create
|
29
|
-
@user =
|
18
|
+
@user = current_user.class.find_by_id(order_params[:user_id])
|
30
19
|
@order = Effective::Order.new(user: @user)
|
31
20
|
|
32
21
|
authorize_effective_order!
|
@@ -54,46 +43,10 @@ module Admin
|
|
54
43
|
end
|
55
44
|
|
56
45
|
@page_title = 'New Order'
|
57
|
-
flash.now[:danger] = flash_danger(@order)
|
46
|
+
flash.now[:danger] = flash_danger(@order) + error.to_s
|
58
47
|
render :new
|
59
48
|
end
|
60
49
|
|
61
|
-
def edit
|
62
|
-
@order = Effective::Order.find(params[:id])
|
63
|
-
@page_title ||= @order.to_s
|
64
|
-
|
65
|
-
authorize_effective_order!
|
66
|
-
end
|
67
|
-
|
68
|
-
def update
|
69
|
-
@order = Effective::Order.find(params[:id])
|
70
|
-
|
71
|
-
@page_title ||= @order.to_s
|
72
|
-
|
73
|
-
authorize_effective_order!
|
74
|
-
|
75
|
-
Effective::Order.transaction do
|
76
|
-
begin
|
77
|
-
@order.assign_attributes(order_params)
|
78
|
-
@order.save!
|
79
|
-
redirect_to(admin_redirect_path) and return
|
80
|
-
rescue => e
|
81
|
-
raise ActiveRecord::Rollback
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
flash.now[:danger] = "Unable to update order: #{@order.errors.full_messages.to_sentence}"
|
86
|
-
render :edit
|
87
|
-
end
|
88
|
-
|
89
|
-
def show
|
90
|
-
@order = Effective::Order.find(params[:id])
|
91
|
-
|
92
|
-
@page_title ||= @order.to_s
|
93
|
-
|
94
|
-
authorize_effective_order!
|
95
|
-
end
|
96
|
-
|
97
50
|
# The show page posts to this action
|
98
51
|
# See Effective::OrdersController checkout
|
99
52
|
def checkout
|
@@ -122,14 +75,6 @@ module Admin
|
|
122
75
|
render :checkout
|
123
76
|
end
|
124
77
|
|
125
|
-
def index
|
126
|
-
@datatable = Admin::EffectiveOrdersDatatable.new(self)
|
127
|
-
|
128
|
-
@page_title = 'Orders'
|
129
|
-
|
130
|
-
authorize_effective_order!
|
131
|
-
end
|
132
|
-
|
133
78
|
def destroy
|
134
79
|
@order = Effective::Order.all.not_purchased.find(params[:id])
|
135
80
|
|
@@ -179,12 +124,12 @@ module Admin
|
|
179
124
|
private
|
180
125
|
|
181
126
|
def order_params
|
182
|
-
params.require(:effective_order).permit(:user_id, :cc,
|
127
|
+
params.require(:effective_order).permit(:user_id, :user_type, :cc,
|
183
128
|
:send_payment_request_to_buyer, :note_internal, :note_to_buyer,
|
184
129
|
:payment_provider, :payment_card, :payment, :send_mark_as_paid_email_to_buyer,
|
185
130
|
order_items_attributes: [
|
186
131
|
:quantity, :_destroy, purchasable_attributes: [
|
187
|
-
:name, :price, :tax_exempt
|
132
|
+
:name, :qb_item_name, :price, :tax_exempt
|
188
133
|
]
|
189
134
|
]
|
190
135
|
)
|
@@ -195,27 +140,18 @@ module Admin
|
|
195
140
|
end
|
196
141
|
|
197
142
|
def authorize_effective_order!
|
198
|
-
|
199
|
-
EffectiveOrders.authorize!(self, action_name.to_sym, @order || Effective::Order)
|
143
|
+
EffectiveResources.authorize!(self, action_name.to_sym, @order || Effective::Order)
|
200
144
|
end
|
201
145
|
|
202
146
|
def admin_redirect_path
|
203
|
-
# Allow an app to define effective_orders_admin_redirect_path in their ApplicationController
|
204
|
-
path = if self.respond_to?(:effective_orders_admin_redirect_path)
|
205
|
-
effective_orders_admin_redirect_path(params[:commit], @order)
|
206
|
-
end
|
207
|
-
|
208
|
-
return path if path.present?
|
209
|
-
|
210
147
|
case params[:commit].to_s
|
211
148
|
when 'Save' ; effective_orders.admin_order_path(@order)
|
212
|
-
|
213
149
|
when 'Continue' ; effective_orders.admin_orders_path
|
214
150
|
when 'Add New' ; effective_orders.new_admin_order_path(user_id: @order.user.try(:to_param))
|
215
151
|
when 'Duplicate' ; effective_orders.new_admin_order_path(duplicate_id: @order.to_param)
|
216
152
|
when 'Checkout' ; effective_orders.checkout_admin_order_path(@order.to_param)
|
217
|
-
|
218
|
-
|
153
|
+
else
|
154
|
+
effective_orders.admin_order_path(@order)
|
219
155
|
end
|
220
156
|
end
|
221
157
|
|
@@ -1,21 +1,25 @@
|
|
1
1
|
module Effective
|
2
2
|
class CartsController < ApplicationController
|
3
|
-
|
3
|
+
before_action(:authenticate_user!) if defined?(Devise)
|
4
4
|
|
5
|
-
|
5
|
+
include Effective::CrudController
|
6
|
+
|
7
|
+
if (config = EffectiveOrders.layout)
|
8
|
+
layout(config.kind_of?(Hash) ? (config[:carts] || config[:application]) : config)
|
9
|
+
end
|
6
10
|
|
7
11
|
def show
|
8
12
|
@cart = current_cart
|
9
13
|
@pending_orders = Effective::Order.not_purchased.where(user: current_user) if current_user.present?
|
10
14
|
|
11
15
|
@page_title ||= 'My Cart'
|
12
|
-
|
16
|
+
EffectiveResources.authorize!(self, :show, @cart)
|
13
17
|
end
|
14
18
|
|
15
19
|
def destroy
|
16
20
|
@cart = current_cart
|
17
21
|
|
18
|
-
|
22
|
+
EffectiveResources.authorize!(self, :destroy, @cart)
|
19
23
|
|
20
24
|
if @cart.destroy
|
21
25
|
flash[:success] = 'Successfully emptied cart.'
|
@@ -29,7 +33,7 @@ module Effective
|
|
29
33
|
def add_to_cart
|
30
34
|
@purchasable = (add_to_cart_params[:purchasable_type].constantize.find(add_to_cart_params[:purchasable_id].to_i) rescue nil)
|
31
35
|
|
32
|
-
|
36
|
+
EffectiveResources.authorize!(self, :update, current_cart)
|
33
37
|
|
34
38
|
begin
|
35
39
|
raise "Please select a valid #{add_to_cart_params[:purchasable_type] || 'item' }." unless @purchasable
|
@@ -48,7 +52,7 @@ module Effective
|
|
48
52
|
def remove_from_cart
|
49
53
|
@cart_item = current_cart.cart_items.find(remove_from_cart_params[:id])
|
50
54
|
|
51
|
-
|
55
|
+
EffectiveResources.authorize!(self, :update, current_cart)
|
52
56
|
|
53
57
|
if @cart_item.destroy
|
54
58
|
flash[:success] = 'Successfully removed item from cart.'
|
@@ -1,10 +1,12 @@
|
|
1
1
|
module Effective
|
2
2
|
class CustomersController < ApplicationController
|
3
|
-
|
3
|
+
before_action(:authenticate_user!) if defined?(Devise)
|
4
4
|
|
5
5
|
include Effective::CrudController
|
6
6
|
|
7
|
-
|
7
|
+
if (config = EffectiveOrders.layout)
|
8
|
+
layout(config.kind_of?(Hash) ? (config[:customers] || config[:application]) : config)
|
9
|
+
end
|
8
10
|
|
9
11
|
submit :save, 'Save', success: -> { 'Successfully updated card.' }
|
10
12
|
page_title 'Customer Settings'
|
@@ -2,17 +2,21 @@ module Effective
|
|
2
2
|
class OrdersController < ApplicationController
|
3
3
|
include Concerns::Purchase
|
4
4
|
|
5
|
-
include Providers::Cheque
|
6
|
-
include Providers::Free
|
7
|
-
include Providers::MarkAsPaid
|
8
|
-
include Providers::Moneris
|
9
|
-
include Providers::Paypal
|
10
|
-
include Providers::Phone
|
11
|
-
include Providers::Pretend
|
12
|
-
include Providers::Refund
|
13
|
-
include Providers::Stripe
|
14
|
-
|
15
|
-
|
5
|
+
include Providers::Cheque
|
6
|
+
include Providers::Free
|
7
|
+
include Providers::MarkAsPaid
|
8
|
+
include Providers::Moneris
|
9
|
+
include Providers::Paypal
|
10
|
+
include Providers::Phone
|
11
|
+
include Providers::Pretend
|
12
|
+
include Providers::Refund
|
13
|
+
include Providers::Stripe
|
14
|
+
|
15
|
+
include Effective::CrudController
|
16
|
+
|
17
|
+
if (config = EffectiveOrders.layout)
|
18
|
+
layout(config.kind_of?(Hash) ? (config[:orders] || config[:application]) : config)
|
19
|
+
end
|
16
20
|
|
17
21
|
before_action :authenticate_user!, except: [:ccbill_postback, :free, :paypal_postback, :moneris_postback, :pretend]
|
18
22
|
before_action :set_page_title, except: [:show]
|
@@ -26,7 +30,7 @@ module Effective
|
|
26
30
|
def new
|
27
31
|
@order ||= Effective::Order.new(view_context.current_cart)
|
28
32
|
|
29
|
-
|
33
|
+
EffectiveResources.authorize!(self, :new, @order)
|
30
34
|
|
31
35
|
unless @order.valid?
|
32
36
|
flash[:danger] = "Unable to proceed: #{flash_errors(@order)}. Please try again."
|
@@ -38,7 +42,7 @@ module Effective
|
|
38
42
|
# Confirms an order from the cart.
|
39
43
|
def create
|
40
44
|
@order ||= Effective::Order.new(view_context.current_cart)
|
41
|
-
|
45
|
+
EffectiveResources.authorize!(self, :create, @order)
|
42
46
|
|
43
47
|
@order.assign_attributes(checkout_params)
|
44
48
|
|
@@ -57,7 +61,7 @@ module Effective
|
|
57
61
|
# Might render step1 or step2
|
58
62
|
def show
|
59
63
|
@order = Effective::Order.find(params[:id])
|
60
|
-
|
64
|
+
EffectiveResources.authorize!(self, :show, @order)
|
61
65
|
|
62
66
|
@page_title ||= ((@order.user == current_user && !@order.purchased?) ? 'Checkout' : @order.to_s)
|
63
67
|
end
|
@@ -65,13 +69,13 @@ module Effective
|
|
65
69
|
# Always step1
|
66
70
|
def edit
|
67
71
|
@order ||= Effective::Order.find(params[:id])
|
68
|
-
|
72
|
+
EffectiveResources.authorize!(self, :edit, @order)
|
69
73
|
end
|
70
74
|
|
71
75
|
# Confirms the order from existing order
|
72
76
|
def update
|
73
77
|
@order ||= Effective::Order.find(params[:id])
|
74
|
-
|
78
|
+
EffectiveResources.authorize!(self, :update, @order)
|
75
79
|
|
76
80
|
@order.assign_attributes(checkout_params)
|
77
81
|
|
@@ -86,28 +90,28 @@ module Effective
|
|
86
90
|
# My Orders History
|
87
91
|
def index
|
88
92
|
@datatable = EffectiveOrdersDatatable.new(user_id: current_user.id)
|
89
|
-
|
93
|
+
EffectiveResources.authorize!(self, :index, Effective::Order.new(user: current_user))
|
90
94
|
end
|
91
95
|
|
92
96
|
# Thank you for Purchasing this Order. This is where a successfully purchased order ends up
|
93
97
|
def purchased # Thank You!
|
94
98
|
@order = Effective::Order.purchased.find(params[:id])
|
95
|
-
|
99
|
+
EffectiveResources.authorize!(self, :show, @order)
|
96
100
|
end
|
97
101
|
|
98
102
|
def deferred
|
99
103
|
@order = Effective::Order.deferred.find(params[:id])
|
100
|
-
|
104
|
+
EffectiveResources.authorize!(self, :show, @order)
|
101
105
|
end
|
102
106
|
|
103
107
|
def declined
|
104
108
|
@order = Effective::Order.declined.find(params[:id])
|
105
|
-
|
109
|
+
EffectiveResources.authorize!(self, :show, @order)
|
106
110
|
end
|
107
111
|
|
108
112
|
def send_buyer_receipt
|
109
113
|
@order = Effective::Order.find(params[:id])
|
110
|
-
|
114
|
+
EffectiveResources.authorize!(self, :show, @order)
|
111
115
|
|
112
116
|
if @order.send_order_receipt_to_buyer!
|
113
117
|
flash[:success] = "A receipt has been sent to #{@order.emails_send_to}"
|
@@ -128,10 +132,10 @@ module Effective
|
|
128
132
|
@orders = Effective::Order.purchased.where(id: params[:ids])
|
129
133
|
|
130
134
|
begin
|
131
|
-
|
135
|
+
EffectiveResources.authorize!(self, :index, Effective::Order.new(user: current_user))
|
132
136
|
|
133
137
|
@orders.each do |order|
|
134
|
-
next unless
|
138
|
+
next unless EffectiveResources.authorized?(self, :show, order)
|
135
139
|
order.send_order_receipt_to_buyer!
|
136
140
|
end
|
137
141
|
|