spree 0.6.0 → 0.7.0

data/CHANGELOG

@@ -1,3 +1,33 @@
+== 0.7.0
+
+* #	166	- Order numbers should also use permalink
+* #	220	- Security holes in a few controllers
+* #	234	- Sales tax should recalculate after a change in shipping address
+* #	239	- Rake task for upgrade an existing Spree deployment
+* #	242	- State events show the UTC version of the timestamp
+* #	246	- Rake tasks failing if highline is not installed on the system 
+* #	247	- Restrict shipping methods based on order contents
+* #	249	- Backorders not updated with new quantity
+* #	251	- Missing message
+* #	253	- Norwegian Translation
+* #	255	- Admin has problems with "Available On"
+* #	260	- Remove the automatic pay event from the order model
+* #	261	- Do not allow creditcard capture without a response code
+* #	263	- Support for Protx Gateway
+* #	264	- Change credit card month and year to drop down
+* #	265	- Google Analytics Order Tracking
+* #	266	- Allow quantities when adding a variant to an order
+* #	268	- Cannot cancel an incomplete order
+* #	269	- Adjusting inventory on a 1 variant product does not update backorder status properly
+* #	270	- Additional database indexes
+* #	276	- French Translation
+* #	277	- New users should be assigned the 'user' role by default
+* #	278	- Allow backordering to be set at the variant level instead of all-or-nothing
+* #	279	- No variant is pre-selected
+* #	280	- Even deleted variants are available
+* #	284	- Russian Translation
+* #	288	- Credit card information should be filtered in logs
+
 == 0.6.0
 
 * #	129 - Public extension assets don't respect order when mirrored.

data/CONTRIBUTORS

@@ -4,30 +4,48 @@ Sean Schofield is the founder of the Spree project. It was originally started in
 a Google Code project with the name Rails Cart. The name of the project was changed to Spree 
 in March 2008 in order to avoid any confusion about it being endorsed by the Ruby on Rails team.
 
-== Contributors
+== Contributors (Alphabetical)
 
 The following people have submitted changes which have been applied to the
 core:
 
-* Sean Schofield 
-* Jorge Calás Lozano
-* Sonny Cook
-* Brian Quinn
-* Paul Saieg
-* Edmundo Valle Neto
-* Gregg Pollack
-* Jon Jensen
-* Fabio Akita
-* Jason Seifer
-* Tomasz Mazur
-* mjwall
-* Manuel Stuefer
-* Eric Budd
-* Chris Gaskett
-* Will Emerson
-* Ricardo Shiota Yasuda
-* tom
-* Yves Dufour
+Ben Marini
+Bernd Ahlers
+Bobby Santiago
+Brian Quinn
+Caius Durling
+Chris Gaskett
+Dale Hofkens
+Edmundo Valle Neto
+Eric Budd
+Fabio Akita
+Gregg Pollack
+Jason Seifer
+Jon Jensen
+Jorge Calás Lozano
+Joshua Nussbaum
+Manuel Stuefer
+Nate Murray
+Paul Saieg
+Peter Berkenbosch
+Ricardo Shiota Yasuda
+Robert Kuhr
+Sean Schofield
+Sonny Cook
+Stephanie Powell
+Tomasz Mazur
+Tor Hovland
+Will Emerson
+Wynn Netherland
+Yves Dufour
+mjwall
+mwestover
+paulcc
+pierre
+ron
+spariev
+tom
+yitzhakbg
 
 == Legacy Contributors
 

data/app/controllers/admin/creditcard_payments_controller.rb

@@ -50,9 +50,12 @@ class Admin::CreditcardPaymentsController < Admin::BaseController
     if @creditcard_payment.can_capture?      
       creditcard = @creditcard_payment.creditcard
       authorization = @creditcard_payment.find_authorization
-      creditcard.capture(authorization)
-      @creditcard_payment.amount = authorization.amount
-      @creditcard_payment.save
+      Creditcard.transaction do 
+        creditcard.order.state_events.create(:name => t('pay'), :user => current_user, :previous_state => creditcard.order.state)
+        creditcard.capture(authorization)
+        @creditcard_payment.amount = authorization.amount
+        @creditcard_payment.save
+      end
       flash[:notice] = t("credit_card_capture_complete")
     else  
       flash[:error] = t("unable_to_capture_credit_card")    
@@ -69,6 +72,10 @@ class Admin::CreditcardPaymentsController < Admin::BaseController
  
     @states = State.find_all_by_country_id(@selected_country_id, :order => 'name')  
     @countries = Country.find(:all)
+
+    month = (params[:payment_presenter] && params[:payment_presenter][:creditcard_month]) ? params[:payment_presenter][:creditcard_month].to_i : Date.today.month
+    year = (params[:payment_presenter] && params[:payment_presenter][:creditcard_year]) ? params[:payment_presenter][:creditcard_year].to_i : Date.today.year
+    @date = Date.new(year, month, 1)
   end
 
   def load_amount

data/app/controllers/admin/orders_controller.rb

@@ -24,27 +24,28 @@ class Admin::OrdersController < Admin::BaseController
   
   def resend
     OrderMailer.deliver_confirm(@order, true)
-    flash[:notice] = t('Order Email Resent')
+    flash[:notice] = t('order_email_resent')
     redirect_to :back
   end
   
   private
-  def collection   
-    default_stop = (Date.today + 1).to_s(:db)
-    @filter = params.has_key?(:filter) ? OrderFilter.new(params[:filter]) : OrderFilter.new
-
-    scope = Order.scoped(:include => [:shipments, {:creditcards => :address}])
-    scope = scope.by_number @filter.number unless @filter.number.blank?
-    scope = scope.by_customer @filter.customer unless @filter.customer.blank?
-    scope = scope.between(@filter.start, (@filter.stop.blank? ? default_stop : @filter.stop)) unless @filter.start.blank?
-    scope = scope.by_state @filter.state.classify.downcase.gsub(" ", "_") unless @filter.state.blank?
-    scope = scope.conditions "lower(addresses.firstname) LIKE ?", "%#{@filter.firstname.downcase}%" unless @filter.firstname.blank?
-    scope = scope.conditions "lower(addresses.lastname) LIKE ?", "%#{@filter.lastname.downcase}%" unless @filter.lastname.blank?
-    scope = scope.checkout_completed(@filter.checkout == '1' ? false : true)
-
-    @collection = scope.find(:all, :order => 'orders.created_at DESC', :include => :user, :page => {:size => Spree::Config[:orders_per_page], :current =>params[:p], :first => 1})
+
+  def collection
+    @search = Order.new_search(params[:search])
+
+    if params[:search].nil? || params[:search][:conditions].nil?
+      @search.conditions.checkout_complete = true
+    end
+
+    #set order by to default or form result
+    @search.order_by ||= :created_at
+    @search.order_as ||= "DESC"
+    #set results per page to default or form result
+    @search.per_page = Spree::Config[:orders_per_page]
+
+    @collection = @search.find(:all, :include => [:user, :shipments, {:creditcards => :address}] )
   end
-  
+
   # Allows extensions to add new forms of payment to provide their own display of transactions
   def initialize_txn_partials
     @txn_partials = []

data/app/controllers/admin/products_controller.rb

@@ -56,23 +56,21 @@ class Admin::ProductsController < Admin::BaseController
     end
     
     def collection
-      @name = params[:name] || ""
-      @sku = params[:sku] || ""
-      @deleted =  (params.key?(:deleted)  && params[:deleted] == "on") ? "checked" : ""
       
-      if @sku.blank?
-        if @deleted.blank?
-          @collection ||= end_of_association_chain.active.by_name(@name).find(:all, :order => :name, :page => {:start => 1, :size => Spree::Config[:admin_products_per_page], :current => params[:p]})
-        else
-          @collection ||= end_of_association_chain.deleted.by_name(@name).find(:all, :order => :name, :page => {:start => 1, :size => Spree::Config[:admin_products_per_page], :current => params[:p]})  
-        end
+      #use the active named scope only if the 'show deleted' checkbox is unchecked
+      if params[:search].nil? || params[:search][:conditions].nil? || params[:search][:conditions][:deleted_at_is_not_null].blank?
+        @search = end_of_association_chain.not_deleted.new_search(params[:search])
       else
-        if @deleted.blank?
-          @collection ||= end_of_association_chain.active.by_name(@name).by_sku(@sku).find(:all, :order => :name, :page => {:start => 1, :size => Spree::Config[:admin_products_per_page], :current => params[:p]})
-        else
-          @collection ||= end_of_association_chain.deleted.by_name(@name).by_sku(@sku).find(:all, :order => :name, :page => {:start => 1, :size => Spree::Config[:admin_products_per_page], :current => params[:p]})
-        end
+        @search = end_of_association_chain.new_search(params[:search])
       end
+
+      #set order by to default or form result
+      @search.order_by ||= :name
+      @search.order_as ||= "ASC"
+      #set results per page to default or form result
+      @search.per_page = Spree::Config[:admin_products_per_page]
+      @search.include = :images
+      @collection = @search.all
     end
 
     # override rc_default build b/c we need to make sure there's an empty variant added to each product

data/app/controllers/admin/reports_controller.rb

@@ -9,26 +9,24 @@ class Admin::ReportsController < Admin::BaseController
     @reports = AVAILABLE_REPORTS
   end
   
-  def sales_total    
-    scope = Order.scoped({})
-    scope = scope.between(@filter.start, (@filter.stop.blank? ? @default_stop : @filter.stop.to_date + 1 )) unless @filter.start.blank?
+  def sales_total
 
-    @orders = scope.find(:all, :order => 'orders.created_at DESC', :page => {:size => Spree::Config[:orders_per_page], :current =>params[:p], :first => 1})    
+    @search = Order.new_search(params[:search])
+    #set order by to default or form result
+    @search.order_by ||= :created_at
+    @search.order_as ||= "DESC"
+    
+    @orders = @search.find(:all)    
 
-    @item_total = scope.sum(:item_total)
-    @ship_total = scope.sum(:ship_amount)
-    @tax_total = scope.sum(:tax_amount)
-    @sales_total = scope.sum(:total)
+    @item_total = @search.sum(:item_total)
+    @ship_total = @search.sum(:ship_amount)
+    @tax_total = @search.sum(:tax_amount)
+    @sales_total = @search.sum(:total)
   end
 
   private 
   def load_data
-    @filter = params.has_key?(:filter) ? OrderFilter.new(params[:filter]) : OrderFilter.new
-    unless @filter.valid?
-      flash.now[:error] = t('invalid_search')
-      return nil
-    end
-    @default_stop = (Date.today + 1).to_s(:db)    
+
   end  
 
 end

data/app/controllers/admin/users_controller.rb

@@ -13,11 +13,16 @@ class Admin::UsersController < Admin::BaseController
                 
   private
   def collection   
-    @filter = UserFilter.new(params[:filter])
+    @search = User.new_search(params[:search])
+    #set order by to default or form result
+    @search.order_by ||= :email
+    @search.order_as ||= "ASC"
+    #set results per page to default or form result
+    @search.per_page = Spree::Config[:admin_products_per_page]
 
-    scope = User.scoped({})
-    scope = scope.conditions "lower(email) = ?", @filter.email.downcase unless @filter.email.blank?
-    @collection = scope.find(:all, :order => 'email', :page => {:size => 15, :current =>params[:p], :first => 1})
+    @collection, @collection_count = @search.all, @search.count
+
+    #scope = scope.conditions "lower(email) = ?", @filter.email.downcase unless @filter.email.blank?
   end
 
   def load_roles
@@ -28,7 +33,7 @@ class Admin::UsersController < Admin::BaseController
     return unless params[:user]
     @user.roles.delete_all
     Role.find(:all).each { |role|
-      @user.roles << role if !params[:user]['role_' + role.name].blank?
+      @user.roles << role if !params[:user]['role_' + role.name].blank? || role.name.downcase == "user"
     }
   end
 end

data/app/controllers/admin/zones_controller.rb

@@ -30,7 +30,10 @@ class Admin::ZonesController < Admin::BaseController
   
   private
     def collection
-      @collection ||= end_of_association_chain.find(:all, :order => :name, :page => {:size => 10, :current => params[:p], :first => 1})
+      @search = end_of_association_chain.new_search(params[:search])
+      @search.order_by ||= :name
+      @search.per_page = Spree::Config[:orders_per_page]
+      @collection, @collection_count = @search.all, @search.count
     end  
 
     def load_data

data/app/controllers/application.rb

@@ -25,5 +25,4 @@ class ApplicationController < ActionController::Base
     
     @taxonomies = Taxonomy.find(:all, :include => {:root => :children})
   end
-
 end

data/app/controllers/checkout_controller.rb

@@ -0,0 +1,96 @@
+class CheckoutController < Spree::BaseController                 
+  before_filter :stop_monkey_business
+  before_filter :require_user_account
+  before_filter :load_data
+  before_filter :build_object, :except => [:new, :create]
+
+  ssl_required :new, :create
+
+  resource_controller   
+  model_name :checkout_presenter
+  object_name :checkout_presenter
+
+  # modified version of r_c create method (easier then all the before after hooks - especially for gateway error handling)
+  def create
+    build_object
+    load_object
+
+    @order.user = current_user       
+    @order.ip_address = request.env['REMOTE_ADDR']
+    
+    begin
+      if object.save
+        # remove the order from the session
+        session[:order_id] = nil if @order.checkout_complete  
+      else
+        flash[:error] = t("unable_to_save_order")
+        render :action => "new" and return
+      end       
+    rescue Spree::GatewayError => ge
+      flash.now[:error] = t("unable_to_authorize_credit_card") + ": #{ge.message}"
+      render :action => "new" and return 
+    end
+        
+    respond_to do |format|
+      format.html {redirect_to order_url(@order, :checkout_complete => true) }
+      format.js {render :json => { :order => @checkout_presenter.order_hash, 
+                                   :available_methods => @order.shipment.rates }.to_json,
+                        :layout => false}
+    end
+    
+  end         
+
+  def cvv
+    render :layout => false
+  end  
+         
+  def select_country         
+    @states = @object.bill_address.country.states#, :order => 'name')  
+    respond_to do |format|
+      format.js
+    end
+  end
+  
+  protected
+  def require_user_account
+    return if logged_in?
+    store_location
+    redirect_to signup_path 
+  end
+  
+  private
+
+  def build_object
+    @order = Order.find_by_number(params[:order_number])
+    if params[:checkout_presenter]
+      @object ||= end_of_association_chain.send parent? ? :build : :new, params[:checkout_presenter]  
+    else                       
+      # user has not yet submitted checkout parameters, we can use defaults of current_user and order objects
+      bill_address = current_user.last_address unless current_user == :false
+      bill_address ||= Address.new
+      ship_address = @order.ship_address || Address.new
+      shipping_method = @order.shipment ? @order.shipment.shipping_method : nil
+      @object ||= end_of_association_chain.send parent? ? :build : :new, {:bill_address => bill_address, 
+                                                                          :ship_address => ship_address, 
+                                                                          :shipping_method => shipping_method }
+    end     
+    @object.final_answer = params[:final_answer] unless params[:final_answer].blank? 
+    @object.order = @order      
+    @object.shipping_method = ShippingMethod.find_by_id(params[:method_id]) if params[:method_id]        
+  end
+  
+  def load_data
+    @countries = Country.find(:all).sort  
+    @shipping_countries = @object.order.shipping_countries.sort  
+    @states = Country.find(214).states.sort
+
+    month = @object.creditcard.month ? @object.creditcard.month.to_i : Date.today.month
+    year = @object.creditcard.year ? object.creditcard.year.to_i : Date.today.year
+    @date = Date.new(year, month, 1)
+  end 
+  
+  def stop_monkey_business
+    build_object
+    redirect_to order_url(@order) and return if @order.checkout_complete    
+  end
+end

data/app/controllers/content_controller.rb

@@ -1,5 +1,15 @@
 class ContentController < Spree::BaseController
+  rescue_from ActionView::MissingTemplate, :with => :render_404
+
   def show
     render :action => params[:path].join('/')
-  end  
+  end
+
+  protected
+  def render_404(exception)
+    respond_to do |type|
+      type.html { render :file => "#{RAILS_ROOT}/public/404.html", :status => "404 Not Found" }
+      type.all  { render :nothing => true, :status => "404 Not Found" }
+    end
+  end
 end

data/app/controllers/orders_controller.rb

@@ -1,6 +1,5 @@
 class OrdersController < Spree::BaseController
-  before_filter :require_user_account, :only => [:checkout]
-  before_filter :load_object, :only => [:checkout]          
+#  before_filter :load_object, :only => [:checkout]          
   before_filter :prevent_editing_complete_order, :only => [:edit, :update]            
 
   ssl_required :show
@@ -13,8 +12,14 @@ class OrdersController < Spree::BaseController
   helper :products
 
   create.after do    
-    # add the specified product to the order
-    @order.add_variant(Variant.find(params[:variant][:id]))
+    # add the specified products in given quantities to the order
+    # the information is specified in a hash.
+    
+    params[:quantities].each do |product_id,vq|
+      (variant_id,quantity) = vq.split '='
+      quantity = quantity.to_i
+      @order.add_variant(Variant.find(variant_id), quantity) if quantity > 0
+    end
     @order.save
   end
 
@@ -23,26 +28,7 @@ class OrdersController < Spree::BaseController
     flash nil 
     wants.html {redirect_to edit_order_url(@order)}
   end
-                                                                           
-  edit.before { @order.edit! }
   
-  def checkout
-    if @order.state == "in_progress"
-      @order.update_attribute :user, current_user
-      @order.update_attribute :ip_address, request.env['REMOTE_ADDR']
-      @order.next! 
-    end
-    if object.checkout_complete
-      # remove the order from the session
-      session[:order_id] = nil
-      redirect_to object_url(:checkout_complete => true) and return
-    else
-      # note: controllers participating in checkout process are responsible for calling Order#next! 
-      next_url = self.send("new_order_#{object.state}_url", @order)
-      redirect_to next_url
-    end
-  end
-
   # override the default r_c flash behavior
   update.flash nil
   update.response do |wants| 
@@ -53,13 +39,6 @@ class OrdersController < Spree::BaseController
     flash nil 
     wants.html {redirect_to new_order_url}
   end
-
-  protected
-  def require_user_account
-    return if logged_in?
-    store_location
-    redirect_to signup_path 
-  end
     
   private
   def build_object        
@@ -69,7 +48,7 @@ class OrdersController < Spree::BaseController
   def object
     if params[:id]
       begin
-        @order = Order.find params[:id]
+        @order = Order.find_by_param! params[:id]
       rescue ActiveRecord::RecordNotFound
         @order = find_order
       ensure
@@ -80,6 +59,6 @@ class OrdersController < Spree::BaseController
   end   
   
   def prevent_editing_complete_order
-    redirect_to object_url unless @order.can_edit?
+    redirect_to object_url if @order.checkout_complete
   end
-end
+end