effective_orders 4.6.1 → 4.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5693e3ae8df0c31b622cb87ab3297f991e35621f41abd0e9ca02566e1d8777d7
-  data.tar.gz: 6053ce889d3d2e5ffb398a3d01ae0354633c4fcef5a0492c579c3babfc3cd2d1
+  metadata.gz: 07ed479ba56ebd55dae9b20168feec83435c0264cf7b00738a4438aa5104024e
+  data.tar.gz: 5756b29a14db32c53571fe75991285ed9864864e9a245b2b051886a68ed19229
 SHA512:
-  metadata.gz: 61f708843535a4ae2f13cb0b6071378b38be77c9a88d6677f83451829191904b8ded3416c330a3e48549531a99b3bfd6d852338952c5444d766e980a03c64708
-  data.tar.gz: 6b995206b0b6e944ba78000b79eea0c674f1bbbbc574ef2432399c6f64d9554a11904e419adb65fd14ec7363dadb2565ee5616f4070ac3f4cdaf2ac9f34d83b1
+  metadata.gz: 8de08c2426a57c57176a585131e211242fad9cb9f3bb18bac6216375798388e951021f6a58354be3c0810c3fa59b9d4b8f4505aae9f24b6377b34c0db8793a3d
+  data.tar.gz: 9a9bba6683d48272c12f4e509617afa99f1721bc53bd448e3689b07782d9b6e8a31cf28b29a031bf0be00ce621f0405eef56d2ca06c1323ec4f306d8a3852c53

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2021 Code and Effect Inc.
+Copyright 2018 Code and Effect Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -2,7 +2,7 @@
 
 Carts, Orders, and collecting payment via Stripe, PayPal and Moneris.
 
-A Rails Engine to handle the purchase workflow in a Rails application.
+A Rails Engine to handle the purchase workflow in a Rails 3.2.x / Rails 4 application.
 
 Also works with Stripe Subscriptions.
 
@@ -10,9 +10,17 @@ Sends order receipt emails automatically.
 
 Has Order History, My Purchases, My Sales and Admin screens.
 
-## effective_orders 5.0
+## Upgrade to effective_orders 4.3
 
-This is the 5.0 series of effective_orders.
+Add the migration
+
+```
+add_column :customers, :payment_method_id, :string
+```
+
+## effective_orders 4.0
+
+This is the 4.0 series of effective_orders.
 
 This requires Twitter Bootstrap 4 and Rails 5.1+
 
@@ -152,18 +160,32 @@ Once the database has been migrated, it is time to scaffold/build the CRUD Produ
 
 ### Products#new/#edit
 
-Use an [effective_bootstrap](https://github.com/code-and-effect/effective_bootstrap#effective-price) f.price_field input to enter the price.
+Use an [effective_form_inputs](https://github.com/code-and-effect/effective_form_inputs#effective-price) effective_price input to enter the price.
 
 It displays the underlying Integer price as a currency formatted value, ensures that a properly formatted price is entered by the user, and POSTs the appropriate Integer value back to the server.
 
 This is available for simple_form, formtastic and Rails default FormBuilder.
 
 ```haml
-= effective_form_with(model: @product) do |f|
-  = f.text_field :name
-  = f.checkbox :tax_exempt
-  = f.price_field :price
-  = f.submit
+= simple_form_for(@product) do |f|
+  = f.input :name
+  = f.input :tax_exempt
+  = f.input :price, as: :effective_price
+  = f.button :submit
+```
+
+or
+
+```ruby
+= semantic_form_for(@product) do |f|
+  = f.input :price, as: :effective_price
+```
+
+or
+
+```haml
+= form_for(@product) do |f|
+  = f.effective_price :price
 ```
 
 ### Products#show
@@ -265,6 +287,8 @@ end
 
 Of course, there's no mechanism here to prevent someone from just copy&pasting this URL to a friend.
 
+If you're interested in that kind of restricted-download functionality, please check out [effective_assets](https://github.com/code-and-effect/effective_assets) and the authenticated-read temporary URLs.
+
 
 ### Tax Exempt
 
@@ -343,7 +367,54 @@ end
 
 ## Authorization
 
-All authorization checks are handled via the effective_resources gem found in the `config/initializers/effective_resources.rb` file.
+All authorization checks are handled via the config.authorization_method found in the `config/initializers/effective_orders.rb` file.
+
+It is intended for flow through to CanCan or Pundit, but neither of those gems are required.
+
+This method is called by the controller action with the appropriate action and resource.
+
+Action will be one of [:index, :show, :new, :create, :edit, :update, :destroy]
+
+Resource will the appropriate Effective::Order, Effective::Cart or Effective::Subscription ActiveRecord object or class
+
+The authorization method is defined in the initializer file:
+
+```ruby
+# As a Proc (with CanCan)
+config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) }
+```
+
+```ruby
+# As a Custom Method
+config.authorization_method = :my_authorization_method
+```
+
+and then in your application_controller.rb:
+
+```ruby
+def my_authorization_method(action, resource)
+  current_user.is?(:admin) || EffectivePunditPolicy.new(current_user, resource).send('#{action}?')
+end
+```
+
+or disabled entirely:
+
+```ruby
+config.authorization_method = false
+```
+
+If the method or proc returns false (user is not authorized) an Effective::AccessDenied exception will be raised
+
+You can rescue from this exception by adding the following to your application_controller.rb:
+
+```ruby
+rescue_from Effective::AccessDenied do |exception|
+  respond_to do |format|
+    format.html { render 'static_pages/access_denied', status: 403 }
+    format.any { render text: 'Access Denied', status: 403 }
+  end
+end
+```
 
 ### Permissions
 
@@ -381,6 +452,7 @@ Only when the user proceeds to Checkout will they be required to login.
 Upon log in, the session Cart will be assigned to that User's ID, and if the User had a previous existing cart, all CartItems will be merged.
 
 
+
 You shouldn't need to deal with the Cart object at all, except to make a link from your Site Menu to the 'My Cart' page (as documented above).
 
 However, if you want to render a Cart on another page, or play with the Cart object directly, you totally can.
@@ -428,6 +500,9 @@ If you are using effective_orders to roll your own custom payment workflow, you
 
 Emails will be sent immediately unless `config.mailer[:deliver_method] == :deliver_later`.
 
+If you are using [Delayed::Job](https://github.com/collectiveidea/delayed_job) to send emails in a background process then you should set the `delayed_job_deliver` option so that `config.mailer[:delayed_job_deliver] == true`.
+
+
 ### Effective::Order Model
 
 There may be times where you want to deal with the `Effective::Order` object directly.
@@ -922,7 +997,7 @@ You should generate separate private and public certificates/keys for this and i
 
 ## License
 
-MIT License. Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
+MIT License.  Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
 
 ## Contributing
 

data/app/controllers/admin/customers_controller.rb

@@ -1,12 +1,23 @@
 module Admin
   class CustomersController < ApplicationController
-    before_action(:authenticate_user!) if defined?(Devise)
-    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
+    before_action :authenticate_user!
 
-    include Effective::CrudController
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_customers] : EffectiveOrders.layout)
 
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? config[:admin] : config)
+    def index
+      @datatable = Admin::EffectiveCustomersDatatable.new(self)
+
+      @page_title = 'Customers'
+
+      EffectiveOrders.authorize!(self, :admin, :effective_orders)
+      EffectiveOrders.authorize!(self, :index, Effective::Customer)
+    end
+
+    def show
+      @customer = Effective::Customer.find(params[:id])
+
+      @page_title ||= @customer.to_s
+      EffectiveOrders.authorize!(self, :show, Effective::Customer)
     end
 
   end

data/app/controllers/admin/order_items_controller.rb

@@ -1,13 +1,16 @@
 module Admin
   class OrderItemsController < ApplicationController
-    before_action(:authenticate_user!) if defined?(Devise)
-    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
+    before_action :authenticate_user!
 
-    include Effective::CrudController
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_orders] : EffectiveOrders.layout)
 
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? config[:admin] : config)
-    end
+    def index
+      @datatable = Admin::EffectiveOrderItemsDatatable.new(self)
+
+      @page_title = 'Order Items'
 
+      EffectiveOrders.authorize!(self, :admin, :effective_orders)
+      EffectiveOrders.authorize!(self, :index, Effective::OrderItem)
+    end
   end
 end

data/app/controllers/admin/orders_controller.rb

@@ -1,21 +1,32 @@
 module Admin
   class OrdersController < ApplicationController
-    before_action(:authenticate_user!) if defined?(Devise)
-    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
+    before_action :authenticate_user!
 
-    include Effective::CrudController
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_orders] : EffectiveOrders.layout)
 
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? config[:admin] : config)
-    end
+    def new
+      @order = Effective::Order.new
+
+      if params[:user_id]
+        @order.user = User.where(id: params[:user_id]).first
+      end
+
+      if params[:duplicate_id]
+        @duplicate = Effective::Order.deep.find(params[:duplicate_id])
+        EffectiveOrders.authorize!(self, :show, @duplicate)
+
+        @order.add(@duplicate)
+      end
 
-    submit :save, 'Continue', redirect: :index
-    submit :save, 'Add New', redirect: -> { effective_orders.new_admin_order_path(user_id: resource.user&.to_param) }
-    submit :save, 'Duplicate', redirect: -> { effective_posts.new_admin_post_path(duplicate_id: resource.id) }
-    submit :save, 'Checkout', redirect: -> { effective_orders.checkout_admin_order_path(resource) }
+      @page_title = 'New Order'
+
+      raise 'please install cocoon gem to use this page' unless defined?(Cocoon)
+
+      authorize_effective_order!
+    end
 
     def create
-      @user = current_user.class.find_by_id(order_params[:user_id])
+      @user = User.find_by_id(order_params[:user_id])
       @order = Effective::Order.new(user: @user)
 
       authorize_effective_order!
@@ -43,10 +54,46 @@ module Admin
       end
 
       @page_title = 'New Order'
-      flash.now[:danger] = flash_danger(@order) + error.to_s
+      flash.now[:danger] = flash_danger(@order)
       render :new
     end
 
+    def edit
+      @order = Effective::Order.find(params[:id])
+      @page_title ||= @order.to_s
+
+      authorize_effective_order!
+    end
+
+    def update
+      @order = Effective::Order.find(params[:id])
+
+      @page_title ||= @order.to_s
+
+      authorize_effective_order!
+
+      Effective::Order.transaction do
+        begin
+          @order.assign_attributes(order_params)
+          @order.save!
+          redirect_to(admin_redirect_path) and return
+        rescue => e
+          raise ActiveRecord::Rollback
+        end
+      end
+
+      flash.now[:danger] = "Unable to update order: #{@order.errors.full_messages.to_sentence}"
+      render :edit
+    end
+
+    def show
+      @order = Effective::Order.find(params[:id])
+
+      @page_title ||= @order.to_s
+
+      authorize_effective_order!
+    end
+
     # The show page posts to this action
     # See Effective::OrdersController checkout
     def checkout
@@ -75,6 +122,14 @@ module Admin
       render :checkout
     end
 
+    def index
+      @datatable = Admin::EffectiveOrdersDatatable.new(self)
+
+      @page_title = 'Orders'
+
+      authorize_effective_order!
+    end
+
     def destroy
       @order = Effective::Order.all.not_purchased.find(params[:id])
 
@@ -124,12 +179,12 @@ module Admin
     private
 
     def order_params
-      params.require(:effective_order).permit(:user_id, :user_type, :cc,
+      params.require(:effective_order).permit(:user_id, :cc,
         :send_payment_request_to_buyer, :note_internal, :note_to_buyer,
         :payment_provider, :payment_card, :payment, :send_mark_as_paid_email_to_buyer,
         order_items_attributes: [
           :quantity, :_destroy, purchasable_attributes: [
-            :name, :qb_item_name, :price, :tax_exempt
+            :name, :price, :tax_exempt
           ]
         ]
       )
@@ -140,18 +195,27 @@ module Admin
     end
 
     def authorize_effective_order!
-      EffectiveResources.authorize!(self, action_name.to_sym, @order || Effective::Order)
+      EffectiveOrders.authorize!(self, :admin, :effective_orders)
+      EffectiveOrders.authorize!(self, action_name.to_sym, @order || Effective::Order)
     end
 
     def admin_redirect_path
+      # Allow an app to define effective_orders_admin_redirect_path in their ApplicationController
+      path = if self.respond_to?(:effective_orders_admin_redirect_path)
+        effective_orders_admin_redirect_path(params[:commit], @order)
+      end
+
+      return path if path.present?
+
       case params[:commit].to_s
       when 'Save'               ; effective_orders.admin_order_path(@order)
+
       when 'Continue'           ; effective_orders.admin_orders_path
       when 'Add New'            ; effective_orders.new_admin_order_path(user_id: @order.user.try(:to_param))
       when 'Duplicate'          ; effective_orders.new_admin_order_path(duplicate_id: @order.to_param)
       when 'Checkout'           ; effective_orders.checkout_admin_order_path(@order.to_param)
-      else
-        effective_orders.admin_order_path(@order)
+
+      else effective_orders.admin_order_path(@order)
       end
     end
 

data/app/controllers/effective/carts_controller.rb

@@ -1,25 +1,21 @@
 module Effective
   class CartsController < ApplicationController
-    before_action(:authenticate_user!) if defined?(Devise)
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:carts] : EffectiveOrders.layout)
 
-    include Effective::CrudController
-
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? (config[:carts] || config[:application]) : config)
-    end
+    before_action :authenticate_user!
 
     def show
       @cart = current_cart
       @pending_orders = Effective::Order.not_purchased.where(user: current_user) if current_user.present?
 
       @page_title ||= 'My Cart'
-      EffectiveResources.authorize!(self, :show, @cart)
+      EffectiveOrders.authorize!(self, :show, @cart)
     end
 
     def destroy
       @cart = current_cart
 
-      EffectiveResources.authorize!(self, :destroy, @cart)
+      EffectiveOrders.authorize!(self, :destroy, @cart)
 
       if @cart.destroy
         flash[:success] = 'Successfully emptied cart.'
@@ -33,7 +29,7 @@ module Effective
     def add_to_cart
       @purchasable = (add_to_cart_params[:purchasable_type].constantize.find(add_to_cart_params[:purchasable_id].to_i) rescue nil)
 
-      EffectiveResources.authorize!(self, :update, current_cart)
+      EffectiveOrders.authorize!(self, :update, current_cart)
 
       begin
         raise "Please select a valid #{add_to_cart_params[:purchasable_type] || 'item' }." unless @purchasable
@@ -52,7 +48,7 @@ module Effective
     def remove_from_cart
       @cart_item = current_cart.cart_items.find(remove_from_cart_params[:id])
 
-      EffectiveResources.authorize!(self, :update, current_cart)
+      EffectiveOrders.authorize!(self, :update, current_cart)
 
       if @cart_item.destroy
         flash[:success] = 'Successfully removed item from cart.'

data/app/controllers/effective/customers_controller.rb

@@ -1,12 +1,10 @@
 module Effective
   class CustomersController < ApplicationController
-    before_action(:authenticate_user!) if defined?(Devise)
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:customers] : EffectiveOrders.layout)
 
     include Effective::CrudController
 
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? (config[:customers] || config[:application]) : config)
-    end
+    before_action :authenticate_user!
 
     submit :save, 'Save', success: -> { 'Successfully updated card.' }
     page_title 'Customer Settings'

data/app/controllers/effective/orders_controller.rb

@@ -2,21 +2,17 @@ module Effective
   class OrdersController < ApplicationController
     include Concerns::Purchase
 
-    include Providers::Cheque
-    include Providers::Free
-    include Providers::MarkAsPaid
-    include Providers::Moneris
-    include Providers::Paypal
-    include Providers::Phone
-    include Providers::Pretend
-    include Providers::Refund
-    include Providers::Stripe
-
-    include Effective::CrudController
-
-    if (config = EffectiveOrders.layout)
-      layout(config.kind_of?(Hash) ? (config[:orders] || config[:application]) : config)
-    end
+    include Providers::Cheque if EffectiveOrders.cheque?
+    include Providers::Free if EffectiveOrders.free?
+    include Providers::MarkAsPaid if EffectiveOrders.mark_as_paid?
+    include Providers::Moneris if EffectiveOrders.moneris?
+    include Providers::Paypal if EffectiveOrders.paypal?
+    include Providers::Phone if EffectiveOrders.phone?
+    include Providers::Pretend if EffectiveOrders.pretend?
+    include Providers::Refund if EffectiveOrders.refund?
+    include Providers::Stripe if EffectiveOrders.stripe?
+
+    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:orders] : EffectiveOrders.layout)
 
     before_action :authenticate_user!, except: [:ccbill_postback, :free, :paypal_postback, :moneris_postback, :pretend]
     before_action :set_page_title, except: [:show]
@@ -30,7 +26,7 @@ module Effective
     def new
       @order ||= Effective::Order.new(view_context.current_cart)
 
-      EffectiveResources.authorize!(self, :new, @order)
+      EffectiveOrders.authorize!(self, :new, @order)
 
       unless @order.valid?
         flash[:danger] = "Unable to proceed: #{flash_errors(@order)}. Please try again."
@@ -42,7 +38,7 @@ module Effective
     # Confirms an order from the cart.
     def create
       @order ||= Effective::Order.new(view_context.current_cart)
-      EffectiveResources.authorize!(self, :create, @order)
+      EffectiveOrders.authorize!(self, :create, @order)
 
       @order.assign_attributes(checkout_params)
 
@@ -61,7 +57,7 @@ module Effective
     # Might render step1 or step2
     def show
       @order = Effective::Order.find(params[:id])
-      EffectiveResources.authorize!(self, :show, @order)
+      EffectiveOrders.authorize!(self, :show, @order)
 
       @page_title ||= ((@order.user == current_user && !@order.purchased?) ? 'Checkout' : @order.to_s)
     end
@@ -69,13 +65,13 @@ module Effective
     # Always step1
     def edit
       @order ||= Effective::Order.find(params[:id])
-      EffectiveResources.authorize!(self, :edit, @order)
+      EffectiveOrders.authorize!(self, :edit, @order)
     end
 
     # Confirms the order from existing order
     def update
       @order ||= Effective::Order.find(params[:id])
-      EffectiveResources.authorize!(self, :update, @order)
+      EffectiveOrders.authorize!(self, :update, @order)
 
       @order.assign_attributes(checkout_params)
 
@@ -90,28 +86,28 @@ module Effective
     # My Orders History
     def index
       @datatable = EffectiveOrdersDatatable.new(user_id: current_user.id)
-      EffectiveResources.authorize!(self, :index, Effective::Order.new(user: current_user))
+      EffectiveOrders.authorize!(self, :index, Effective::Order.new(user: current_user))
     end
 
     # Thank you for Purchasing this Order. This is where a successfully purchased order ends up
     def purchased # Thank You!
       @order = Effective::Order.purchased.find(params[:id])
-      EffectiveResources.authorize!(self, :show, @order)
+      EffectiveOrders.authorize!(self, :show, @order)
     end
 
     def deferred
       @order = Effective::Order.deferred.find(params[:id])
-      EffectiveResources.authorize!(self, :show, @order)
+      EffectiveOrders.authorize!(self, :show, @order)
     end
 
     def declined
       @order = Effective::Order.declined.find(params[:id])
-      EffectiveResources.authorize!(self, :show, @order)
+      EffectiveOrders.authorize!(self, :show, @order)
     end
 
     def send_buyer_receipt
       @order = Effective::Order.find(params[:id])
-      EffectiveResources.authorize!(self, :show, @order)
+      EffectiveOrders.authorize!(self, :show, @order)
 
       if @order.send_order_receipt_to_buyer!
         flash[:success] = "A receipt has been sent to #{@order.emails_send_to}"
@@ -132,10 +128,10 @@ module Effective
       @orders = Effective::Order.purchased.where(id: params[:ids])
 
       begin
-        EffectiveResources.authorize!(self, :index, Effective::Order.new(user: current_user))
+        EffectiveOrders.authorize!(self, :index, Effective::Order.new(user: current_user))
 
         @orders.each do |order|
-          next unless EffectiveResources.authorized?(self, :show, order)
+          next unless EffectiveOrders.authorized?(self, :show, order)
           order.send_order_receipt_to_buyer!
         end