effective_orders 4.6.3 → 5.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0619b2dc6fc02860fcf6100f107133d2bb47133cb43eb03e60905a1932acca06'
-  data.tar.gz: a2cb49a3e9fba575b7f95941b64f58b02bd81e4030b4ddb14130ea2fb3f041f3
+  metadata.gz: '09e7e3354a9268cf3f5c7f000fe685c96c63e519c37269e534fb41669654c2ac'
+  data.tar.gz: b117ad0187b25c59a496c658eee479af26bf0843951676065e7bc82633e9803f
 SHA512:
-  metadata.gz: 8b39ed3047b11b55ddb153a4465c3c31e11304cef618eb70ed1eb237f522e1ddd7267cd1507b7a2c25ee737dc3f31654940c676a9ef4419565f7b776f4a5622c
-  data.tar.gz: 36a94c2eb539e2beb23996fb97d14b2befe62ae9154cd1cd578cac1bf9f886f0a9c3eca05f453b92d4bd4fdf6c17f84c621cce270732e70360cb272ee1db6ddd
+  metadata.gz: 22e01baa9aeced210808a95d75fd18ef77a40d5de9f0ae34c6c6e86a42f4e51292d5dfa43d43d1647f5ba6a0dcd06532511571c6d72bd04de811294d453f1134
+  data.tar.gz: bb0995769c746838c40cd58e905f6c1079db824ab521342bd59c9b2b492c8805d7b55e2f0568cf86b2f3db14c727f61c1c97fe96831d95db359e1812e1296cb5

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2018 Code and Effect Inc.
+Copyright 2021 Code and Effect Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -2,7 +2,7 @@
 
 Carts, Orders, and collecting payment via Stripe, PayPal and Moneris.
 
-A Rails Engine to handle the purchase workflow in a Rails 3.2.x / Rails 4 application.
+A Rails Engine to handle the purchase workflow in a Rails application.
 
 Also works with Stripe Subscriptions.
 
@@ -10,17 +10,9 @@ Sends order receipt emails automatically.
 
 Has Order History, My Purchases, My Sales and Admin screens.
 
-## Upgrade to effective_orders 4.3
+## effective_orders 5.0
 
-Add the migration
-
-```
-add_column :customers, :payment_method_id, :string
-```
-
-## effective_orders 4.0
-
-This is the 4.0 series of effective_orders.
+This is the 5.0 series of effective_orders.
 
 This requires Twitter Bootstrap 4 and Rails 5.1+
 
@@ -160,32 +152,18 @@ Once the database has been migrated, it is time to scaffold/build the CRUD Produ
 
 ### Products#new/#edit
 
-Use an [effective_form_inputs](https://github.com/code-and-effect/effective_form_inputs#effective-price) effective_price input to enter the price.
+Use an [effective_bootstrap](https://github.com/code-and-effect/effective_bootstrap#effective-price) f.price_field input to enter the price.
 
 It displays the underlying Integer price as a currency formatted value, ensures that a properly formatted price is entered by the user, and POSTs the appropriate Integer value back to the server.
 
 This is available for simple_form, formtastic and Rails default FormBuilder.
 
 ```haml
-= simple_form_for(@product) do |f|
-  = f.input :name
-  = f.input :tax_exempt
-  = f.input :price, as: :effective_price
-  = f.button :submit
-```
-
-or
-
-```ruby
-= semantic_form_for(@product) do |f|
-  = f.input :price, as: :effective_price
-```
-
-or
-
-```haml
-= form_for(@product) do |f|
-  = f.effective_price :price
+= effective_form_with(model: @product) do |f|
+  = f.text_field :name
+  = f.checkbox :tax_exempt
+  = f.price_field :price
+  = f.submit
 ```
 
 ### Products#show
@@ -287,8 +265,6 @@ end
 
 Of course, there's no mechanism here to prevent someone from just copy&pasting this URL to a friend.
 
-If you're interested in that kind of restricted-download functionality, please check out [effective_assets](https://github.com/code-and-effect/effective_assets) and the authenticated-read temporary URLs.
-
 
 ### Tax Exempt
 
@@ -367,54 +343,7 @@ end
 
 ## Authorization
 
-All authorization checks are handled via the config.authorization_method found in the `config/initializers/effective_orders.rb` file.
-
-It is intended for flow through to CanCan or Pundit, but neither of those gems are required.
-
-This method is called by the controller action with the appropriate action and resource.
-
-Action will be one of [:index, :show, :new, :create, :edit, :update, :destroy]
-
-Resource will the appropriate Effective::Order, Effective::Cart or Effective::Subscription ActiveRecord object or class
-
-The authorization method is defined in the initializer file:
-
-```ruby
-# As a Proc (with CanCan)
-config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) }
-```
-
-```ruby
-# As a Custom Method
-config.authorization_method = :my_authorization_method
-```
-
-and then in your application_controller.rb:
-
-```ruby
-def my_authorization_method(action, resource)
-  current_user.is?(:admin) || EffectivePunditPolicy.new(current_user, resource).send('#{action}?')
-end
-```
-
-or disabled entirely:
-
-```ruby
-config.authorization_method = false
-```
-
-If the method or proc returns false (user is not authorized) an Effective::AccessDenied exception will be raised
-
-You can rescue from this exception by adding the following to your application_controller.rb:
-
-```ruby
-rescue_from Effective::AccessDenied do |exception|
-  respond_to do |format|
-    format.html { render 'static_pages/access_denied', status: 403 }
-    format.any { render text: 'Access Denied', status: 403 }
-  end
-end
-```
+All authorization checks are handled via the effective_resources gem found in the `config/initializers/effective_resources.rb` file.
 
 ### Permissions
 
@@ -422,7 +351,10 @@ The permissions you actually want to define for a regular user are as follows (u
 
 ```ruby
 can [:manage], Effective::Cart, user_id: user.id
+
 can [:manage], Effective::Order, user_id: user.id # Orders cannot be deleted
+cannot [:edit, :update], Effective::Order, state: 'purchased'
+
 can [:manage], Effective::Subscription, user_id: user.id
 ```
 
@@ -452,7 +384,6 @@ Only when the user proceeds to Checkout will they be required to login.
 Upon log in, the session Cart will be assigned to that User's ID, and if the User had a previous existing cart, all CartItems will be merged.
 
 
-
 You shouldn't need to deal with the Cart object at all, except to make a link from your Site Menu to the 'My Cart' page (as documented above).
 
 However, if you want to render a Cart on another page, or play with the Cart object directly, you totally can.
@@ -500,9 +431,6 @@ If you are using effective_orders to roll your own custom payment workflow, you
 
 Emails will be sent immediately unless `config.mailer[:deliver_method] == :deliver_later`.
 
-If you are using [Delayed::Job](https://github.com/collectiveidea/delayed_job) to send emails in a background process then you should set the `delayed_job_deliver` option so that `config.mailer[:delayed_job_deliver] == true`.
-
-
 ### Effective::Order Model
 
 There may be times where you want to deal with the `Effective::Order` object directly.
@@ -997,7 +925,7 @@ You should generate separate private and public certificates/keys for this and i
 
 ## License
 
-MIT License.  Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
+MIT License. Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
 
 ## Contributing
 

data/app/controllers/admin/customers_controller.rb

@@ -1,23 +1,12 @@
 module Admin
   class CustomersController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
 
-    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_customers] : EffectiveOrders.layout)
+    include Effective::CrudController
 
-    def index
-      @datatable = Admin::EffectiveCustomersDatatable.new(self)
-
-      @page_title = 'Customers'
-
-      EffectiveOrders.authorize!(self, :admin, :effective_orders)
-      EffectiveOrders.authorize!(self, :index, Effective::Customer)
-    end
-
-    def show
-      @customer = Effective::Customer.find(params[:id])
-
-      @page_title ||= @customer.to_s
-      EffectiveOrders.authorize!(self, :show, Effective::Customer)
+    if (config = EffectiveOrders.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
     end
 
   end

data/app/controllers/admin/order_items_controller.rb

@@ -1,16 +1,13 @@
 module Admin
   class OrderItemsController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
 
-    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_orders] : EffectiveOrders.layout)
+    include Effective::CrudController
 
-    def index
-      @datatable = Admin::EffectiveOrderItemsDatatable.new(self)
-
-      @page_title = 'Order Items'
-
-      EffectiveOrders.authorize!(self, :admin, :effective_orders)
-      EffectiveOrders.authorize!(self, :index, Effective::OrderItem)
+    if (config = EffectiveOrders.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
     end
+
   end
 end

data/app/controllers/admin/orders_controller.rb

@@ -1,32 +1,21 @@
 module Admin
   class OrdersController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_orders) }
 
-    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:admin_orders] : EffectiveOrders.layout)
+    include Effective::CrudController
 
-    def new
-      @order = Effective::Order.new
-
-      if params[:user_id]
-        @order.user = User.where(id: params[:user_id]).first
-      end
-
-      if params[:duplicate_id]
-        @duplicate = Effective::Order.deep.find(params[:duplicate_id])
-        EffectiveOrders.authorize!(self, :show, @duplicate)
-
-        @order.add(@duplicate)
-      end
-
-      @page_title = 'New Order'
-
-      raise 'please install cocoon gem to use this page' unless defined?(Cocoon)
-
-      authorize_effective_order!
+    if (config = EffectiveOrders.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
     end
 
+    submit :save, 'Continue', redirect: :index
+    submit :save, 'Add New', redirect: -> { effective_orders.new_admin_order_path(user_id: resource.user&.to_param) }
+    submit :save, 'Duplicate', redirect: -> { effective_posts.new_admin_post_path(duplicate_id: resource.id) }
+    submit :save, 'Checkout', redirect: -> { effective_orders.checkout_admin_order_path(resource) }
+
     def create
-      @user = User.find_by_id(order_params[:user_id])
+      @user = current_user.class.find_by_id(order_params[:user_id])
       @order = Effective::Order.new(user: @user)
 
       authorize_effective_order!
@@ -54,50 +43,14 @@ module Admin
       end
 
       @page_title = 'New Order'
-      flash.now[:danger] = flash_danger(@order)
+      flash.now[:danger] = flash_danger(@order) + error.to_s
       render :new
     end
 
-    def edit
-      @order = Effective::Order.find(params[:id])
-      @page_title ||= @order.to_s
-
-      authorize_effective_order!
-    end
-
-    def update
-      @order = Effective::Order.find(params[:id])
-
-      @page_title ||= @order.to_s
-
-      authorize_effective_order!
-
-      Effective::Order.transaction do
-        begin
-          @order.assign_attributes(order_params)
-          @order.save!
-          redirect_to(admin_redirect_path) and return
-        rescue => e
-          raise ActiveRecord::Rollback
-        end
-      end
-
-      flash.now[:danger] = "Unable to update order: #{@order.errors.full_messages.to_sentence}"
-      render :edit
-    end
-
-    def show
-      @order = Effective::Order.find(params[:id])
-
-      @page_title ||= @order.to_s
-
-      authorize_effective_order!
-    end
-
     # The show page posts to this action
     # See Effective::OrdersController checkout
     def checkout
-      @order = Effective::Order.find(params[:id])
+      @order = Effective::Order.not_purchased.find(params[:id])
 
       authorize_effective_order!
 
@@ -122,14 +75,6 @@ module Admin
       render :checkout
     end
 
-    def index
-      @datatable = Admin::EffectiveOrdersDatatable.new(self)
-
-      @page_title = 'Orders'
-
-      authorize_effective_order!
-    end
-
     def destroy
       @order = Effective::Order.all.not_purchased.find(params[:id])
 
@@ -179,12 +124,12 @@ module Admin
     private
 
     def order_params
-      params.require(:effective_order).permit(:user_id, :cc,
+      params.require(:effective_order).permit(:user_id, :user_type, :cc,
         :send_payment_request_to_buyer, :note_internal, :note_to_buyer,
         :payment_provider, :payment_card, :payment, :send_mark_as_paid_email_to_buyer,
         order_items_attributes: [
           :quantity, :_destroy, purchasable_attributes: [
-            :name, :price, :tax_exempt
+            :name, :qb_item_name, :price, :tax_exempt
           ]
         ]
       )
@@ -195,27 +140,18 @@ module Admin
     end
 
     def authorize_effective_order!
-      EffectiveOrders.authorize!(self, :admin, :effective_orders)
-      EffectiveOrders.authorize!(self, action_name.to_sym, @order || Effective::Order)
+      EffectiveResources.authorize!(self, action_name.to_sym, @order || Effective::Order)
     end
 
     def admin_redirect_path
-      # Allow an app to define effective_orders_admin_redirect_path in their ApplicationController
-      path = if self.respond_to?(:effective_orders_admin_redirect_path)
-        effective_orders_admin_redirect_path(params[:commit], @order)
-      end
-
-      return path if path.present?
-
       case params[:commit].to_s
       when 'Save'               ; effective_orders.admin_order_path(@order)
-
       when 'Continue'           ; effective_orders.admin_orders_path
       when 'Add New'            ; effective_orders.new_admin_order_path(user_id: @order.user.try(:to_param))
       when 'Duplicate'          ; effective_orders.new_admin_order_path(duplicate_id: @order.to_param)
       when 'Checkout'           ; effective_orders.checkout_admin_order_path(@order.to_param)
-
-      else effective_orders.admin_order_path(@order)
+      else
+        effective_orders.admin_order_path(@order)
       end
     end
 

data/app/controllers/effective/carts_controller.rb

@@ -1,21 +1,25 @@
 module Effective
   class CartsController < ApplicationController
-    layout (EffectiveOrders.layout.kind_of?(Hash) ? EffectiveOrders.layout[:carts] : EffectiveOrders.layout)
+    before_action(:authenticate_user!) if defined?(Devise)
 
-    before_action :authenticate_user!
+    include Effective::CrudController
+
+    if (config = EffectiveOrders.layout)
+      layout(config.kind_of?(Hash) ? (config[:carts] || config[:application]) : config)
+    end
 
     def show
       @cart = current_cart
       @pending_orders = Effective::Order.not_purchased.where(user: current_user) if current_user.present?
 
       @page_title ||= 'My Cart'
-      EffectiveOrders.authorize!(self, :show, @cart)
+      EffectiveResources.authorize!(self, :show, @cart)
     end
 
     def destroy
       @cart = current_cart
 
-      EffectiveOrders.authorize!(self, :destroy, @cart)
+      EffectiveResources.authorize!(self, :destroy, @cart)
 
       if @cart.destroy
         flash[:success] = 'Successfully emptied cart.'
@@ -29,7 +33,7 @@ module Effective
     def add_to_cart
       @purchasable = (add_to_cart_params[:purchasable_type].constantize.find(add_to_cart_params[:purchasable_id].to_i) rescue nil)
 
-      EffectiveOrders.authorize!(self, :update, current_cart)
+      EffectiveResources.authorize!(self, :update, current_cart)
 
       begin
         raise "Please select a valid #{add_to_cart_params[:purchasable_type] || 'item' }." unless @purchasable
@@ -48,7 +52,7 @@ module Effective
     def remove_from_cart
       @cart_item = current_cart.cart_items.find(remove_from_cart_params[:id])
 
-      EffectiveOrders.authorize!(self, :update, current_cart)
+      EffectiveResources.authorize!(self, :update, current_cart)
 
       if @cart_item.destroy
         flash[:success] = 'Successfully removed item from cart.'

data/app/controllers/effective/concerns/purchase.rb

@@ -5,28 +5,21 @@ module Effective
 
       protected
 
-      def order_purchased(payment:, provider:, card: 'none', email: true, skip_buyer_validations: false, purchased_url: nil, declined_url: nil)
-        begin
-          @order.purchase!(payment: payment, provider: provider, card: card, email: email, skip_buyer_validations: skip_buyer_validations)
-
-          Effective::Cart.where(user: @order.user).destroy_all
-
-          if flash[:success].blank?
-            if EffectiveOrders.mailer[:send_order_receipt_to_buyer] && email
-              flash[:success] = "Payment successful! A receipt has been sent to #{@order.emails_send_to}"
-            else
-              flash[:success] = "Payment successful! An email receipt has not been sent."
-            end
-          end
+      def order_purchased(payment:, provider:, card: 'none', email: true, skip_buyer_validations: false, purchased_url: nil)
+        @order.purchase!(payment: payment, provider: provider, card: card, email: email, skip_buyer_validations: skip_buyer_validations)
 
-          purchased_url ||= effective_orders.purchased_order_path(':id')
-          redirect_to purchased_url.gsub(':id', @order.to_param.to_s)
-        rescue => e
-          flash[:danger] = "An error occurred while processing your payment: #{e.message}. Please try again."
+        Effective::Cart.where(user: @order.user).destroy_all
 
-          declined_url ||= effective_orders.declined_order_path(':id')
-          redirect_to declined_url.gsub(':id', @order.to_param.to_s)
+        if flash[:success].blank?
+          if email && EffectiveOrders.mailer[:send_order_receipt_to_buyer]
+            flash[:success] = "Payment successful! A receipt has been sent to #{@order.emails_send_to}"
+          else
+            flash[:success] = "Payment successful! An email receipt has not been sent."
+          end
         end
+
+        purchased_url ||= effective_orders.purchased_order_path(':id')
+        redirect_to purchased_url.gsub(':id', @order.to_param.to_s)
       end
 
       def order_deferred(provider:, email: true, deferred_url: nil)