Merge branch 'master' into cookies_banner

app/assets/javascripts/darkswarm/controllers/authorised_shops_controller.js.coffee

@@ -0,0 +1,3 @@
+angular.module("Darkswarm").controller "AuthorisedShopsCtrl", ($scope, Customers, Shops) ->
+  $scope.customers = Customers.index()
+  $scope.shopsByID = Shops.byID

app/assets/javascripts/darkswarm/directives/help_modal.js.coffee

@@ -0,0 +1,10 @@
+Darkswarm.directive "helpModal", ($modal, $compile, $templateCache)->
+  restrict: 'A'
+  scope:
+    helpText: "@helpModal"
+
+  link: (scope, elem, attrs, ctrl)->
+    compiled = $compile($templateCache.get('help-modal.html'))(scope)
+
+    elem.on "click", =>
+      $modal.open(controller: ctrl, template: compiled, scope: scope, windowClass: 'help-modal small')

app/assets/javascripts/darkswarm/directives/stripe_elements.js.coffee

@@ -10,7 +10,7 @@ Darkswarm.directive "stripeElements", ($injector, StripeElements) ->
       stripe = $injector.get('stripeObject')
 
       card = stripe.elements().create 'card',
-        hidePostalCode: false
+        hidePostalCode: true
         style:
           base:
             fontFamily: "Roboto, Arial, sans-serif"

app/assets/javascripts/darkswarm/services/customer.js.coffee

@@ -0,0 +1,20 @@
+angular.module("Darkswarm").factory 'Customer', ($resource, RailsFlashLoader) ->
+  Customer = $resource('/api/customers/:id/:action.json', {}, {
+    'index':
+      method: 'GET'
+      isArray: true
+    'update':
+      method: 'PUT'
+      params:
+        id: '@id'
+      transformRequest: (data, headersGetter) ->
+        angular.toJson(customer: data)
+  })
+
+  Customer.prototype.update = ->
+    @$update().then (response) =>
+      RailsFlashLoader.loadFlash({success: t('js.changes_saved')})
+    , (response) =>
+      RailsFlashLoader.loadFlash({error: response.data.error})
+
+  Customer

app/assets/javascripts/darkswarm/services/customers.js.coffee

@@ -0,0 +1,14 @@
+angular.module("Darkswarm").factory 'Customers', (Customer) ->
+  new class Customers
+    all: []
+    byID: {}
+
+    index: (params={}) ->
+      return @all if @all.length
+      Customer.index params, (data) => @load(data)
+      @all
+
+    load: (customers) ->
+      for customer in customers
+        @all.push customer
+        @byID[customer.id] = customer

app/assets/javascripts/darkswarm/services/shops.js.coffee

@@ -0,0 +1,13 @@
+angular.module("Darkswarm").factory 'Shops', ($injector) ->
+  new class Shops
+    all: []
+    byID: {}
+
+    constructor: ->
+      if $injector.has('shops')
+        @load($injector.get('shops'))
+
+    load: (shops) ->
+      for shop in shops
+        @all.push shop
+        @byID[shop.id] = shop

app/assets/javascripts/templates/help-modal.html.haml

@@ -0,0 +1,9 @@
+.row.help-icon
+  .small-12.text-center
+    %i.ofn-i_013-help
+.row.help-text
+  .small-12.columns.text-center
+    {{ helpText }}
+.row.text-center
+  %button.primary.small{ ng: { click: '$close()' } }
+    = t(:ok)

app/assets/stylesheets/darkswarm/account.css.scss

@@ -28,6 +28,12 @@
       margin-bottom: 0px;
     }
   }
+
+  .authorised_shops{
+    table {
+      width: 100%;
+    }
+  }
 }
 
 .orders {

app/assets/stylesheets/darkswarm/help-modal.css.scss

@@ -0,0 +1,9 @@
+.help-modal {
+  .help-text {
+    font-size: 1rem;
+    margin: 20px 0px;
+  }
+  .help-icon {
+    font-size: 4rem;
+  }
+}

app/assets/stylesheets/darkswarm/ui.css.scss

@@ -87,6 +87,9 @@ button.success, .button.success {
   &.tiny {
     padding: 0rem;
     margin: 0;
+  }
+
+  &.right {
     float: right;
   }
 

app/controllers/admin/order_cycles_controller.rb

@@ -2,7 +2,7 @@ module Admin
   class OrderCyclesController < ResourceController
     include OrderCyclesHelper
 
-    prepend_before_filter :load_data_for_index, :only => :index
+    before_filter :load_data_for_index, only: :index
     before_filter :require_coordinator, only: :new
     before_filter :remove_protected_attrs, only: [:update]
     before_filter :require_order_cycle_set_params, only: [:bulk_update]

app/controllers/api/base_controller.rb

@@ -0,0 +1,13 @@
+# Base controller for OFN's API
+# Includes the minimum machinery required by ActiveModelSerializers
+module Api
+  class BaseController < Spree::Api::BaseController
+    # Need to include these because Spree::Api::BaseContoller inherits
+    # from ActionController::Metal rather than ActionController::Base
+    # and they are required by ActiveModelSerializers
+    include ActionController::Serialization
+    include ActionController::UrlFor
+    include Rails.application.routes.url_helpers
+    use_renderers :json
+  end
+end

app/controllers/api/customers_controller.rb

@@ -0,0 +1,19 @@
+module Api
+  class CustomersController < BaseController
+    def index
+      @customers = current_api_user.customers.of_regular_shops
+      render json: @customers, each_serializer: CustomerSerializer
+    end
+
+    def update
+      @customer = Customer.find(params[:id])
+      authorize! :update, @customer
+
+      if @customer.update_attributes(params[:customer])
+        render json: @customer, serializer: CustomerSerializer, status: 200
+      else
+        invalid_resource!(@customer)
+      end
+    end
+  end
+end

app/controllers/api/statuses_controller.rb

@@ -1,5 +1,5 @@
 module Api
-  class StatusesController < BaseController
+  class StatusesController < ::BaseController
     respond_to :json
 
     def job_queue

app/controllers/application_controller.rb

@@ -61,48 +61,9 @@ def restrict_iframes
   end
 
   def enable_embedded_shopfront
-    return unless embeddable?
-    return if embedding_without_https?
-
-    response.headers.delete 'X-Frame-Options'
-    response.headers['Content-Security-Policy'] = "frame-ancestors #{URI(request.referer).host.downcase}"
-
-    check_embedded_request
-    set_embedded_layout
-  end
-
-  def embedded_shopfront_referer
-    return if request.referer.blank?
-    domain = URI(request.referer).host.downcase
-    domain.start_with?('www.') ? domain[4..-1] : domain
-  end
-
-  def embeddable?
-    whitelist = Spree::Config[:embedded_shopfronts_whitelist]
-    domain = embedded_shopfront_referer
-    Spree::Config[:enable_embedded_shopfronts] && whitelist.present? && domain.present? && whitelist.include?(domain)
-  end
-
-  def embedding_without_https?
-    request.referer && URI(request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
-  end
-
-  def check_embedded_request
-    return unless params[:embedded_shopfront]
-
-    # Show embedded shopfront CSS
-    session[:embedded_shopfront] = true
-
-    # Get shopfront slug and set redirect path
-    if params[:controller] == 'enterprises' && params[:action] == 'shop' && params[:id]
-      slug = params[:id]
-      session[:shopfront_redirect] = '/' + slug + '/shop?embedded_shopfront=true'
-    end
-  end
-
-  def set_embedded_layout
-    return unless session[:embedded_shopfront]
-    @shopfront_layout = 'embedded'
+    embed_service = EmbeddedPageService.new(params, session, request, response)
+    embed_service.embed!
+    @shopfront_layout = 'embedded' if embed_service.use_embedded_layout?
   end
 
   def action

app/controllers/home_controller.rb

@@ -7,7 +7,7 @@ def index
     if ContentConfig.home_show_stats
       @num_distributors = Enterprise.is_distributor.activated.visible.count
       @num_producers = Enterprise.is_primary_producer.activated.visible.count
-      @num_users = Spree::User.joins(:orders).merge(Spree::Order.complete).count('DISTINCT spree_users.*')
+      @num_users = Spree::Order.complete.count('DISTINCT user_id')
       @num_orders = Spree::Order.complete.count
     end
   end

app/helpers/injection_helper.rb

@@ -69,7 +69,8 @@ def inject_orders
   end
 
   def inject_shops
-    shops = Enterprise.where(id: @orders.pluck(:distributor_id).uniq)
+    customers = spree_current_user.customers.of_regular_shops
+    shops = Enterprise.where(id: @orders.pluck(:distributor_id).uniq | customers.pluck(:enterprise_id))
     inject_json_ams "shops", shops.all, Api::ShopForOrdersSerializer
   end
 

app/models/customer.rb

@@ -23,6 +23,11 @@ class Customer < ActiveRecord::Base
 
   scope :of, ->(enterprise) { where(enterprise_id: enterprise) }
 
+  scope :of_regular_shops, lambda {
+    next scoped unless Spree::Config.accounts_distributor_id
+    where('enterprise_id <> ?', Spree::Config.accounts_distributor_id)
+  }
+
   before_create :associate_user
 
   private

app/models/spree/ability_decorator.rb

@@ -64,6 +64,10 @@ def add_shopping_abilities(user)
     can [:update, :destroy], Spree::CreditCard do |credit_card|
       credit_card.user == user
     end
+
+    can [:update], Customer do |customer|
+      customer.user == user
+    end
   end
 
   # New users can create an enterprise, and gain other permissions from doing this.

app/serializers/api/customer_serializer.rb

@@ -0,0 +1,5 @@
+module Api
+  class CustomerSerializer < ActiveModel::Serializer
+    attributes :id, :enterprise_id, :name, :code, :email, :allow_charges
+  end
+end

app/services/embedded_page_service.rb

@@ -0,0 +1,92 @@
+# Processes requests for pages embedded in iframes
+
+class EmbeddedPageService
+  def initialize(params, session, request, response)
+    @params = params
+    @session = session
+    @request = request
+    @response = response
+
+    @embedding_domain = @session[:embedding_domain]
+    @use_embedded_layout = false
+  end
+
+  def embed!
+    return unless embeddable?
+    return if embedding_without_https?
+
+    process_embedded_request
+    set_response_headers
+    set_embedded_layout
+  end
+
+  def use_embedded_layout?
+    @use_embedded_layout
+  end
+
+  private
+
+  def embeddable?
+    return true if current_referer == @request.host
+
+    domain = current_referer_without_www
+    whitelist = Spree::Config[:embedded_shopfronts_whitelist]
+
+    embedding_enabled? && whitelist.present? && domain.present? && whitelist.include?(domain)
+  end
+
+  def embedding_without_https?
+    @request.referer && URI(@request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
+  end
+
+  def process_embedded_request
+    return unless @params[:embedded_shopfront]
+
+    set_embedding_domain
+
+    @session[:embedded_shopfront] = true
+    set_logout_redirect
+  end
+
+  def set_response_headers
+    @response.headers.delete 'X-Frame-Options'
+    @response.headers['Content-Security-Policy'] = "frame-ancestors 'self' #{@embedding_domain}"
+  end
+
+  def set_embedding_domain
+    return unless @params[:embedded_shopfront]
+    return if current_referer == @request.host
+
+    @embedding_domain = current_referer
+    @session[:embedding_domain] = current_referer
+  end
+
+  def set_logout_redirect
+    return unless enterprise_slug
+    @session[:shopfront_redirect] = '/' + enterprise_slug + '/shop?embedded_shopfront=true'
+  end
+
+  def enterprise_slug
+    return false unless @params[:controller] == 'enterprises' && @params[:action] == 'shop' && @params[:id]
+    @params[:id]
+  end
+
+  def current_referer
+    return if @request.referer.blank?
+    URI(@request.referer).host.downcase
+  end
+
+  def current_referer_without_www
+    return unless current_referer
+    current_referer.start_with?('www.') ? current_referer[4..-1] : current_referer
+  end
+
+  def set_embedded_layout
+    return unless @session[:embedded_shopfront]
+    @use_embedded_layout = true
+  end
+
+  def embedding_enabled?
+    Spree::Config[:enable_embedded_shopfronts]
+  end
+end

app/views/admin/product_import/guide/_columns.html.haml

@@ -91,3 +91,10 @@
       %td (Various, see notes)
       %td Sets the product shipping category
       %td See below for a list of available categories
+    %tr
+      %td
+        %strong available_on
+      %td No
+      %td 2018-05-21
+      %td Sets the date from which the product will be available
+      %td Date format is: YYYY-MM-DD

app/views/shared/components/_show_profiles.html.haml

@@ -1,6 +1,6 @@
 .small-12.medium-6.columns.text-right
   .profile-checkbox
-    %button.button.secondary.tiny.help-btn.ng-scope{:popover => t(:components_profiles_popover, sitename: Spree::Config[:site_name]), "popover-placement" => "left"}><
+    %button.button.secondary.tiny.right.help-btn.ng-scope{:popover => t(:components_profiles_popover, sitename: Spree::Config[:site_name]), "popover-placement" => "left"}><
       %i.ofn-i_013-help
     %label
       %input{"ng-model" => "show_profiles", type: "checkbox", name: "profile"}

app/views/spree/users/_authorised_shops.html.haml

@@ -0,0 +1,13 @@
+%table
+  %tr
+    %th= t(:shop_title)
+    %th= t(:allow_charges?)
+  %tr.customer{ id: "customer{{ customer.id }}", ng: { repeat: "customer in customers" } }
+    %td.shop{ ng: { bind: 'shopsByID[customer.enterprise_id].name' } }
+    %td.allow_charges
+      %input{ type: 'checkbox',
+        name: 'allow_charges',
+        ng: { model: 'customer.allow_charges',
+          change: 'customer.update()',
+          "true-value" => "true",
+          "false-value" => "false" } }