Merge branch 'ipn' of github.com:zyphlar/Open-Source-Access-Control-Web-Interface into ipn

Gemfile

@@ -1,5 +1,7 @@
 source 'https://rubygems.org'
 
+#ruby '1.9.3'
+
 gem 'rails', '3.2.3'
 
 # Bundle edge Rails instead:
@@ -40,7 +42,7 @@ gem 'bcrypt-ruby', '~> 3.0.0'
 # gem 'capistrano'
 
 # To use debugger
-# gem 'ruby-debug'
+#gem 'debugger'
 
 #gem "paperclip", "~> 3.0"
 gem 'gravtastic'

app/assets/javascripts/ipn.js.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/

app/assets/stylesheets/application.css

@@ -12,3 +12,37 @@
  *= require_tree .
 */
 .caption { display: inline-block; background-color: #eee; border: 1px solid #333; border-radius: 5px; margin-bottom: 1em; }
+.btn {
+display: inline-block;
+padding: 4px 10px 4px;
+margin-bottom: 0;
+font-size: 13px;
+line-height: 18px;
+color: #333;
+text-align: center;
+text-decoration: none;
+text-shadow: 0 1px 1px rgba(255,255,255,.75);
+vertical-align: middle;
+background-color: #f5f5f5;
+background-image: -moz-linear-gradient(top, #fff, #e6e6e6);
+background-image: -ms-linear-gradient(top, #fff, #e6e6e6);
+background-image: -webkit-gradient(linear,0 0,0 100%,from( #fff),to( #e6e6e6));
+background-image: -webkit-linear-gradient(top, #fff, #e6e6e6);
+background-image: -o-linear-gradient(top, #fff, #e6e6e6);
+background-image: linear-gradient(top, #fff, #e6e6e6);
+background-repeat: repeat-x;
+filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);
+border-color: #e6e6e6 #e6e6e6 #bfbfbf;
+border-color: rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);
+filter: progid:DXImageTransform.Microsoft.gradient(enabled=false);
+border: 1px solid #ccc;
+border-bottom-color: #bbb;
+-webkit-border-radius: 4px;
+-moz-border-radius: 4px;
+border-radius: 4px;
+-webkit-box-shadow: inset 0 1px 0 rgba(255,255,255,.2),0 1px 2px rgba(0,0,0,.05);
+-moz-box-shadow: inset 0 1px 0 rgba(255,255,255,.2),0 1px 2px rgba(0,0,0,.05);
+box-shadow: inset 0 1px 0 rgba(255,255,255,.2),0 1px 2px rgba(0,0,0,.05);
+cursor: pointer;
+filter: progid:DXImageTransform.Microsoft.gradient(enabled=false);
+}

app/assets/stylesheets/ipn.css.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Ipn controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/controllers/cards_controller.rb

@@ -10,12 +10,16 @@ class CardsController < ApplicationController
     @cards = @cards.sort_by{|e| e[:id]}
 
     if can? :read, DoorLog then
+     Rails.logger.info "CARD STATS:"
       most_active_count = 0
       @most_active_card = nil
       @cards.each do |card|
         card_num_R = card.card_number.to_i(16)%32767
-        card[:accesses_this_week] = DoorLog.where('key = "R" AND data =? AND created_at > ?', card_num_R, DateTime.now - 7.days).order("created_at DESC").count
+        Rails.logger.info card_num_R
+        card[:accesses_this_week] = DoorLog.where('key = "G" AND data =? AND created_at > ?', card_num_R, DateTime.now - 7.days).order("created_at DESC").count
+        Rails.logger.info card[:accesses_this_week]
         if(card[:accesses_this_week] > most_active_count) then 
+          Rails.logger.info "ACTIVE"
           most_active_count = card[:accesses_this_week]
           @most_active_card = card
         end

app/controllers/ipns_controller.rb

@@ -0,0 +1,54 @@
+class IpnsController < ApplicationController
+  load_and_authorize_resource :ipn, :except => [:new, :create]
+  before_filter :authenticate_user!, :except => [:new, :create]
+
+  protect_from_forgery :except => [:create]
+
+  def index
+    @ipns = Ipn.all
+  end
+
+  def show
+  end
+
+  def new
+  end
+
+  def create
+    @ipn = Ipn.new_from_dynamic_params(params)
+    @ipn.data = params.to_json
+    @ipn.save
+    render :nothing => true
+    #unless @ipn.validate!
+    #  Rails.logger.error "Unable to validate IPN: #{@ipn.inspect}"
+    #end
+  end
+
+  def import
+    @ipn = Ipn.new_from_dynamic_params(params)
+    @ipn.data = params.to_json
+    @ipn.save
+    redirect_to ipn_path(@ipn)
+    #unless @ipn.validate!
+    #  Rails.logger.error "Unable to validate IPN: #{@ipn.inspect}"
+    #end
+  end
+
+  def validate
+    if @ipn.validate!
+      redirect_to ipns_url, :notice => 'Valid!' 
+    else
+      redirect_to ipns_url, :notice => 'INVALID'
+    end
+  end
+
+  def link
+    result = @ipn.link_payment
+    if result.first
+      redirect_to ipns_url, :notice => 'Payment was successfully linked.' 
+    else
+      redirect_to ipns_url, :notice => result.last
+    end
+  end
+
+end

app/controllers/macs_controller.rb

@@ -1,5 +1,15 @@
 class MacsController < ApplicationController
-load_and_authorize_resource :mac, :except => [:index, :scan, :import]
+rescue_from CanCan::AccessDenied do |exception|
+  today = Date.today
+  event = Date.new(2013,9,1)
+
+  if today == event
+    redirect_to main_app.root_url, :alert => "CryptoParty today; no MAC scanning. Sorry, NSA!"
+  else
+    redirect_to main_app.root_url, :alert => "Nothing to see here!"
+  end
+end
+load_and_authorize_resource :mac
 load_and_authorize_resource :user, :through => :mac, :except => [:index, :show, :scan, :import]
 
 #require "active_record"

app/controllers/payments_controller.rb

@@ -5,7 +5,7 @@ class PaymentsController < ApplicationController
 
   # Load users and certs based on current ability
   before_filter do
-    @users = User.accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
+    @users = User.where(:hidden => false).where("member_level > 10").accessible_by(current_ability).sort_by(&:name_with_payee_and_member_level)
   end
 
   before_filter :only => [:create, :update] do

app/controllers/user_certifications_controller.rb

@@ -6,7 +6,7 @@ class UserCertificationsController < ApplicationController
 
   # Load users and certs based on current ability
   before_filter :only => [:new, :edit, :create, :update] do
-    @users = User.accessible_by(current_ability).sort_by(&:name)
+    @users = User.where(:hidden => [false,nil]).accessible_by(current_ability).sort_by(&:name)
     @certifications = Certification.accessible_by(current_ability).sort_by(&:name)
   end
   

app/controllers/users_controller.rb

@@ -43,6 +43,14 @@ class UsersController < ApplicationController
     end
   end
 
+  # GET /user_summary/1
+  def user_summary
+    respond_to do |format|
+      format.html { render :partial => "user_summary" } # show.html.erb
+      format.json { render :json => @user }
+    end 
+  end
+
   # GET /users/new
   # GET /users/new.json
   def new
@@ -61,7 +69,7 @@ class UsersController < ApplicationController
   def create
     respond_to do |format|
       if @user.save
-        format.html { redirect_to users_url, :notice => 'User was successfully created.' }
+        format.html { redirect_to @user, :notice => 'User was successfully created.' }
         format.json { render :json => @user, :status => :created, :location => @user }
       else
         format.html { render :action => "new" }
@@ -75,7 +83,7 @@ class UsersController < ApplicationController
   def update
     respond_to do |format|
       if @user.update_attributes(params[:user])
-        format.html { redirect_to users_url, :notice => 'User was successfully updated.' }
+        format.html { redirect_to @user, :notice => 'User was successfully updated.' }
         format.json { head :no_content }
       else
         format.html { render :action => "edit" }
@@ -84,6 +92,37 @@ class UsersController < ApplicationController
     end
   end
 
+  # GET /users/merge
+  def merge_view
+    @users = @users.sort_by(&:name)
+
+    respond_to do |format|
+      format.html # merge_view.html.erb
+    end
+  end
+
+  # POST /users/merge
+  def merge_action
+    @user_to_keep = User.find(params[:user][:to_keep])
+    Rails.logger.info "USER TO KEEP:"
+    Rails.logger.info @user_to_keep.inspect
+    @user_to_merge = User.find(params[:user][:to_merge])
+    Rails.logger.info "USER TO MERGE:"
+    Rails.logger.info @user_to_merge.inspect
+
+    @user_to_keep.absorb_user(@user_to_merge)
+
+    Rails.logger.info "RESULT:"
+    Rails.logger.info @user_to_keep.inspect
+    Rails.logger.info @user_to_keep.cards.inspect
+    Rails.logger.info @user_to_keep.user_certifications.inspect
+    Rails.logger.info @user_to_keep.payments.inspect
+
+    respond_to do |format|
+      format.html { redirect_to @user_to_keep, :notice => 'Users successfully merged.' }
+    end
+  end
+
   # DELETE /users/1
   # DELETE /users/1.json
   def destroy

app/helpers/ipn_helper.rb

@@ -0,0 +1,2 @@
+module IpnHelper
+end

app/models/ability.rb

@@ -3,14 +3,20 @@ class Ability
 
   def initialize(user)
     # Anonymous can read mac
+    today = Date.today
+    event = Date.new(2013,9,1)
+    
+    unless today == event
       can :read, Mac
+      can :scan, Mac # Need anonymous so CRON can scan
+    end
 
     if !user.nil?
 
       # By default, users can only see their own stuff
       can :read, Card, :user_id => user.id
       can :read, Certification
-      can :read_details, Mac
+      can :read_details, Mac unless today == event
       can [:update], Mac, :user_id => nil
       can [:create,:update], Mac, :user_id => user.id
       can :read, User, :id => user.id #TODO: why can users update themselves?
@@ -20,7 +26,8 @@ class Ability
       if user.instructor? 
         can :manage, Certification
         can [:create,:read], User, :hidden => [nil,false]
-        can :manage, UserCertification
+        can [:create,:read], UserCertification
+        can [:update,:destroy], UserCertification, :created_by => user.id
       end
       # Users can see others' stuff if they've been oriented
       unless user.orientation.blank?
@@ -39,12 +46,12 @@ class Ability
       end
 
       # Prevent all destruction for now
-      cannot :destroy, User
-      cannot :destroy, Card
+      #cannot :destroy, User
+      #cannot :destroy, Card
       cannot :destroy, Certification
       cannot :destroy, Mac
       cannot :destroy, MacLog
-      cannot :destroy, UserCertification
+      #cannot :destroy, UserCertification
       cannot :destroy, DoorLog
       # no exception for destroying payments
     end 

app/models/card.rb

@@ -2,6 +2,7 @@ class Card < ActiveRecord::Base
   require 'open-uri'
 
   attr_accessible :id, :user_id, :name, :card_number, :card_permissions
+  validates_presence_of :user_id, :card_number, :card_permissions
   validates_uniqueness_of :id, :card_number
   belongs_to :user
 

app/models/ipn.rb

@@ -0,0 +1,86 @@
+require 'net/http'
+class Ipn < ActiveRecord::Base
+  attr_accessible :data
+  belongs_to :payment
+
+  after_create :create_payment
+
+  def self.new_from_dynamic_params(params)
+    ipn = Ipn.new()
+
+    ipn.attributes.each do |c|
+      unless params[c.first.to_sym].nil?
+        ipn[c.first.to_sym] = params[c.first.to_sym]
+      end
+    end
+
+    return ipn
+  end
+
+  # Post back to Paypal to make sure it's valid
+  def validate!
+    uri = URI.parse('https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate')
+
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.open_timeout = 60
+    http.read_timeout = 60
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    http.use_ssl = true
+    response = http.post(uri.request_uri, self.data,
+                         'Content-Length' => "#{self.data.size}",
+                         'User-Agent' => "Ruby on Rails"
+                       ).body
+
+    unless ["VERIFIED", "INVALID"].include?(response)
+      Rails.logger.error "Faulty paypal result: #{response}"
+      return false
+    end
+    unless response == "VERIFIED"
+      Rails.logger.error "Invalid IPN: #{response}" 
+      return false
+    end
+
+    return true
+  end
+
+  def link_payment
+    create_payment
+  end
+
+  private
+  def create_payment
+    # find user by email, then by payee
+    user = User.find_by_email(self.payer_email)
+    user = User.find_by_payee(self.payer_email) if user.nil? && self.payer_email.present?
+
+    # Only create payments if the IPN matches a member
+    if user.present?
+      # And is a payment (not a cancellation, etc)
+      payment_types = ["subscr_payment","send_money"]
+      if payment_types.include?(self.txn_type)
+        # And a member level
+        if User.member_levels[self.payment_gross.to_i].present?
+          payment = Payment.new
+          payment.date = Date.strptime(self.payment_date, "%H:%M:%S %b %e, %Y %Z")
+          payment.user_id = user.id
+          payment.amount = self.payment_gross
+          if payment.save
+            self.payment_id = payment.id
+            self.save!
+          else
+            return [false, "Unable to link payment. Payment error: #{payment.errors.full_messages.first}"]
+          end
+        else
+          return [false, "Unable to link payment. Couldn't find membership level '#{self.payment_gross.to_i}'."]
+        end
+      else
+        return [false, "Unable to link payment. Transaction is a '#{self.txn_type}' instead of '#{payment_types.inspect}'."]
+      end
+    else
+      return [false, "Unable to link payment. Couldn't find user/payee '#{self.payer_email}'."]
+    end
+
+    return [true]
+  end
+
+end

app/models/payment.rb

@@ -1,10 +1,12 @@
 class Payment < ActiveRecord::Base
   belongs_to :user
-  attr_accessible :date, :user_id, :created_by
+  has_one :ipn
+  attr_accessible :date, :user_id, :created_by, :amount
 
-  validates_presence_of :user_id, :date, :created_by
+  validates_presence_of :user_id, :date, :amount # not created_by
   validates_uniqueness_of :date, :scope => :user_id, :message => ' of payment already exists for this user.' 
 
+
   def human_date
     if date.year < DateTime.now.year
       date.strftime("%b %e, %y")

app/models/user.rb

@@ -18,6 +18,48 @@ class User < ActiveRecord::Base
 
   after_create :send_new_user_email
 
+  def absorb_user(user_to_absorb)
+    # copy all attributes except email, password, name, and anything that isn't blank on the destination
+    user_to_absorb.attributes.each_pair {|k,v|
+      unless (v.nil? || k == :id || k == :email || k == :password || k == :name || k == :password_confirmation || k == :hidden || k == 'hidden' || k == :encrypted_password || !self.attributes[k].blank? )
+        Rails.logger.info "Updating "+k.to_s+" from "+self[k].to_s
+        self[k] = v
+        Rails.logger.info "Updated "+k.to_s+" to "+self[k].to_s
+      end
+    }
+
+    self.save!
+
+    user_to_absorb.cards.each {|card| 
+      Rails.logger.info "CARD BEFORE: "+card.inspect
+      card.user_id = self.id
+      card.save!
+      Rails.logger.info "CARD AFTER: "+card.inspect
+    }
+    user_to_absorb.user_certifications.each {|user_cert|
+      Rails.logger.info "CERT BEFORE: "+user_cert.inspect
+      user_cert.user_id = self.id
+      user_cert.save!
+      Rails.logger.info "CERT AFTER: "+user_cert.inspect
+    }
+    user_to_absorb.payments.each {|payment|
+      Rails.logger.info "PAYMENT BEFORE: "+payment.inspect
+      payment.user_id = self.id
+      payment.save!
+      Rails.logger.info "PAYMENT AFTER: "+payment.inspect
+    }
+
+    user_to_absorb.destroy
+  end
+
+  def name_with_email_and_visibility
+    if hidden then
+      "#{name} (#{email}) HIDDEN"
+    else
+      "#{name} (#{email})"
+    end
+  end
+
   def name_with_payee_and_member_level
     if payee.blank? then
       "#{name} - #{member_level_string}"
@@ -43,72 +85,80 @@ class User < ActiveRecord::Base
     end
   end
 
+  def self.member_levels
+    {25 => "Associate", 50 => "Basic", 75 => "Basic", 100 => "Plus"}
+  end
+
   def member_status
-    case self.member_level.to_i
-    when 0
-      if self.payments.count > 0 then
-       2
-      else
-       -1
-      end
-    when 1
-      1
-    when 10..24
-      10
-    when 25..999
-      if self.payments.count > 0 then
-        if self.payments.last.date < (DateTime.now - 45.days)
-          3
-        else
-          case self.member_level.to_i
-          when 25..49
-            25
-          when 50..99
-            50
-          when 100..999
-            100
-          end
-        end
-      else
-        return 0
-      end
-    end
+    results = member_status_calculation
+    return results[:rank]
   end
 
   def member_status_symbol
-    case self.member_level.to_i
-    when 0
-      if self.payments.count > 0 then
-      "<span class='hoverinfo' title='Former Member (#{(DateTime.now - self.payments.last.date).to_i} days ago)'>:(</span>"
-      else
-      "<!-- Not a member -->"
-      end
-    when 1
-      "Unable"
-    when 10..24
-      "<span class='hoverinfo' title='Volunteer'>&#9684;</span>"
-    when 25..999
-      if self.payments.count > 0 then
-        if self.payments.last.date < (DateTime.now - 45.days) 
-          "<span class='hoverinfo' title='Recently Lapsed (#{(DateTime.now - self.payments.last.date).to_i} days ago)'>&#9676;</span>"
-        else
-          case self.member_level.to_i
-          when 25..49
-            "<span class='hoverinfo' title='#{member_level_string}'>&#9681;</span>"
-          when 50..99
-            "<span class='hoverinfo' title='#{member_level_string}'>&#9685;</span>"
-          when 100..999
-            "<span class='hoverinfo' title='#{member_level_string}'>&#9679;</span>"
-          end
-        end
-      else
-        "<span class='hoverinfo' title='No Payments'>?</span>"
-      end
-    end
+    results = member_status_calculation
+    return "<img src='/#{results[:icon]}#{results[:flair]}-coin.png' title='#{results[:message]}' />"
   end
 
   private
 
+  def member_status_calculation
+    # Begin output buffer
+    message = ""
+    icon = ""
+    flair = ""
+    rank = 0
+
+    # First status item is level
+    case self.member_level.to_i
+    when 0..9
+      if self.payments.count > 0 then
+        message = "Former Member (#{(DateTime.now - self.payments.last.date).to_i} days ago)"
+        icon = :timeout
+        rank = 1
+      else
+        message = "Not a Member"
+        icon = :no
+        rank = 0
+      end
+    when 10..24
+      message = "Volunteer"
+      icon = :heart
+      rank = 101
+    when 25..49
+      message = member_level_string
+      icon = :copper
+      rank = 250
+    when 50..99
+      message = member_level_string
+      icon = :silver
+      rank = 500
+    when 100..999
+      message = member_level_string
+      icon = :gold
+      rank = 1000
+    end
+
+    # Second status item is payment status
+    case self.member_level.to_i
+    when 25..999
+      # There are payments
+      if self.payments.count > 0 then
+        # They're on time
+        if self.payments.last.date > (DateTime.now - 60.days) 
+          flair = "-paid"
+        else
+          message = "Last Payment #{(DateTime.now - self.payments.last.date).to_i/30} months ago"
+          rank = rank/10
+        end
+      else
+        message = "No Payments Recorded"
+        rank = rank/10
+      end
+    end
+
+    return {:message => message, :icon => icon, :flair => flair, :rank => rank}
+  end
+
   def send_new_user_email
     Rails.logger.info UserMailer.new_user_email(self).deliver
   end

app/models/user_certification.rb

@@ -1,8 +1,17 @@
 class UserCertification < ActiveRecord::Base
   attr_accessible :certification_id, :user_id
 
+  validates_presence_of :certification_id, :user_id
   validates_uniqueness_of :certification_id, :scope => :user_id, :message => 'already exists for this user.'  # Makes sure users don't get certified twice
 
   belongs_to :user
   belongs_to :certification
+
+  def user_name
+    if self.user.blank?
+      ""
+    else
+      self.user.name 
+    end
+  end
 end

app/views/cards/_form.html.erb

@@ -11,9 +11,10 @@
     </div>
   <% end %>
 
+  <% @card.user_id = params[:user] if params[:user].present? %>
   <div class="field">
     <%= f.label :user %><br />
-    <%= collection_select(:card, :user_id, User.all.sort_by(&:name), :id, :name) %>
+    <%= collection_select(:card, :user_id, User.all.sort_by(&:name), :id, :name, :include_blank => true) %>
   </div>
   <div class="field">
     <%= f.label :name, "Card Note" %><br />

app/views/cards/index.html.erb

@@ -28,7 +28,13 @@
 <% if !@cards.blank? %>
   <% @cards.each do |card| %>
   <tr>
-    <td><%= link_to card.user.name, card %></td>
+    <td>
+      <% if card.user.nil? %>
+        n/a
+      <% else %>
+        <%= link_to card.user.name , card %>
+      <% end %>
+    </td>
     <td><%= card.name %></td>
     <td><%= card.id %></td>
     <td><%= card.card_number %></td>

app/views/certifications/show.html.erb

@@ -8,13 +8,10 @@
   <%= simple_format @certification.description %>
 </p>
 
+<p>
   <b>Certified Users:</b>
-<ul>
-  <% @certification_users.each do |user| %>
-      <li><%= link_to user.name, user %></li>
-  <% end %>
-  <% if @certification_users.blank? then %><li>n/a</li><% end %>
-</ul>
+  <%= link_to "Click Here", user_certifications_path %>
+</p>
 
 <% if can? :update, @certification %><%= link_to 'Edit', edit_certification_path(@certification) %> |<% end %>
 <%= link_to 'Back', certifications_path %>

app/views/ipns/index.html.erb

@@ -0,0 +1,33 @@
+<html><body>
+    <table>
+      <tr>
+        <th>Date</th>
+        <th>Name</th>
+        <th>Item</th>
+        <th>Amount</th>
+      </tr>
+    <% @ipns.reverse!.each do |ipn| %>
+      <tr>
+        <td><%= ipn.payment_date %></td>
+        <td><%= ipn.first_name %> <%= ipn.last_name %></td> 
+        <td><%= ipn.item_name %></td>
+        <td>
+          <% if ipn.payment_gross.blank? %>
+            <%= ipn.txn_type %>
+          <% else %>
+            <%= ipn.payment_gross %>
+          <% end %>
+        </td>
+        <td>
+          <% if ipn.payment.present? %>
+            <%= link_to "Linked Payment", ipn.payment %>
+          <% else %>
+            <%= link_to "Try to link email '#{ipn.payer_email}' at membership level '#{ipn.payment_gross.to_i}'", link_ipn_path(ipn) %>
+          <% end %>
+        </td>
+        <td><%= link_to "Details", ipn %></td>
+        <td><%= link_to "Validate", validate_ipn_path(ipn) %></td>
+      </tr>
+    <% end %>
+  </table>
+</body></html>

app/views/ipns/new.html.erb

@@ -0,0 +1,123 @@
+  <%= form_tag('/ipns') do |f| %>
+
+  <style type="text/css">
+    label { 
+      width: 10em;
+      display: inline-block;}
+  </style>
+
+  <div class="actions">
+    <%= submit_tag %>
+  </div>
+  <div class="field">
+    <%= label_tag :first_name %>
+    <%= text_field_tag :first_name, "John" %>
+  </div>
+  <div class="field">
+    <%= label_tag :last_name %>
+    <%= text_field_tag :last_name, "Smith" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payer_email %>
+    <%= text_field_tag :payer_email, "jsmith@example.com" %>
+  </div>
+  <div class="field">
+    <%= label_tag :item_name %>
+    <%= text_field_tag :item_name, "Associate Membership" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payment_gross %>
+    <%= text_field_tag :payment_gross, "25.00" %>
+  </div>
+  <div class="field">
+    <%= label_tag :transaction_subject %>
+    <%= text_field_tag :transaction_subject, "" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payment_date %>
+    <%= text_field_tag :payment_date, "20:46:54 Jun 20, 2013 PDT" %>
+  </div>
+  <div class="field">
+    <%= label_tag :txn_type %>
+    <%= text_field_tag :txn_type, "subscr_payment" %>
+  </div>
+  <div class="field">
+    <%= label_tag :subscr_id %>
+    <%= text_field_tag :subscr_id, "I-1234567890" %>
+  </div>
+  <div class="field">
+    <%= label_tag :residence_country %>
+    <%= text_field_tag :residence_country, "US" %>
+  </div>
+  <div class="field">
+    <%= label_tag :mc_currency %>
+    <%= text_field_tag :mc_currency, "USD" %>
+  </div>
+  <div class="field">
+    <%= label_tag :business %>
+    <%= text_field_tag :business, "hslfinances@gmail.com" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payment_type %>
+    <%= text_field_tag :payment_type, "instant" %>
+  </div>
+  <div class="field">
+    <%= label_tag :protection_eligibility %>
+    <%= text_field_tag :protection_eligibility, "Ineligible" %>
+  </div>
+  <div class="field">
+    <%= label_tag :verify_sign %>
+    <%= text_field_tag :verify_sign, "12ru9021j9f21j90fj1290fj2910fj0219fj0" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payer_status %>
+    <%= text_field_tag :payer_status, "verified" %>
+  </div>
+  <div class="field">
+    <%= label_tag :txn_id %>
+    <%= text_field_tag :txn_id, "1234567890" %>
+  </div>
+  <div class="field">
+    <%= label_tag :receiver_email %>
+    <%= text_field_tag :receiver_email, "hslfinances@gmail.com" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payer_id %>
+    <%= text_field_tag :payer_id, "V812314914" %>
+  </div>
+  <div class="field">
+    <%= label_tag :receiver_id %>
+    <%= text_field_tag :receiver_id, "V90R1280182" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payment_status %>
+    <%= text_field_tag :payment_status, "Completed" %>
+  </div>
+  <div class="field">
+    <%= label_tag :payment_fee %>
+    <%= text_field_tag :payment_fee, "0.85" %>
+  </div>
+  <div class="field">
+    <%= label_tag :mc_fee %>
+    <%= text_field_tag :mc_fee, "0.85" %>
+  </div>
+  <div class="field">
+    <%= label_tag :mc_gross %>
+    <%= text_field_tag :mc_gross, "25.00" %>
+  </div>
+  <div class="field">
+    <%= label_tag :charset %>
+    <%= text_field_tag :charset, "windows-1252" %>
+  </div>
+  <div class="field">
+    <%= label_tag :notify_version %>
+    <%= text_field_tag :notify_version, "3.7" %>
+  </div>
+  <div class="field">
+    <%= label_tag :ipn_track_id %>
+    <%= text_field_tag :ipn_track_id, "9d3d032d9070" %>
+  </div>
+  <div class="actions">
+    <%= submit_tag %>
+  </div>
+  <% end %>

app/views/ipns/show.html.erb

@@ -0,0 +1,18 @@
+<h2>IPN Details</h2>
+
+<% @ipn.attributes.except("data","payment_id").each do |attr| %>
+<p>
+  <b><%= attr.first.to_s %>:</b>
+  <%= @ipn.attributes[attr.first] %>
+</p>
+<% end %>
+<p>
+  <% if @ipn.payment.present? %>
+    <%= link_to "Linked Payment", @ipn.payment %>
+  <% else %>
+    <span class="alert">Couldn't link automatically. Please create payment manually or adjust the user account and try again to <%= link_to "link email '#{@ipn.payer_email}' at membership level '#{@ipn.payment_gross.to_i}'", link_ipn_path(@ipn) %>.</span>
+  <% end %>
+
+</p>
+
+<%= link_to "Back", ipns_path %>

app/views/layouts/application.html.erb

@@ -11,7 +11,7 @@
     <a href="/" title="Home"><img src="/assets/logo.png" id="logo" /></a>
     <%= link_to 'People', users_path if can? :read, User %>
     <%= link_to 'Access Cards', cards_path if can? :manage, Card %>
-    <% if can? :manage, UserCertification %>
+    <% if can? :create, UserCertification %>
       <%= link_to 'Cert Classes', certifications_path if can? :read, Certification %>
       <%= link_to 'User Certs', user_certifications_path if can? :create, UserCertification %>
     <% else %>

app/views/macs/scan.html.erb

@@ -1,5 +1,7 @@
 Scanning...
-<% @log.each do |log| %>
+<% if can? :read_details, Mac
+ @log.each do |log| %>
   <%= log.mac %> = 
   <%= log.ip %><br/>
-<% end %>
+<% end 
+end %>

app/views/payments/_form.html.erb

@@ -13,11 +13,15 @@
 
   <div class="field">
     <%= f.label :user_id, "User" %><br />
-    <%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %>
+    <%= collection_select(:payment, :user_id, @users, :id, :name_with_payee_and_member_level) %> (inactive members are not shown.)
   </div>
   <div class="field">
     <%= f.label :date, "Paid for month beginning" %><br />
-    <%= f.date_select :date %>
+    <%= f.date_select :date, :default => (DateTime.now - 1.month) %>
+  </div>
+  <div class="field">
+    <%= f.label :amount %><br />
+    <%= f.number_field :amount %>
   </div>
   <div class="actions">
     <%= f.submit %>

app/views/payments/index.html.erb

@@ -6,6 +6,7 @@
   <tr>
     <th>User</th>
     <th>Paid for month <br/>beginning</th>
+    <th>Amount</th>
     <th></th>
     <th></th>
     <th></th>
@@ -15,6 +16,7 @@
   <tr>
     <td><%= link_to payment.user.name_with_payee_and_member_level, payment.user unless payment.user.blank? %></td>
     <td><%= payment.human_date %></td>
+    <td><%= payment.amount %></td>
     <td><%= link_to 'Details', payment %></td>
     <td><%= link_to 'Edit', edit_payment_path(payment) %></td>
   </tr>

app/views/payments/show.html.erb

@@ -1,6 +1,6 @@
 <p>
   <b>User:</b>
-  <%= @payment.user.name_with_payee_and_member_level unless @payment.user.blank? %>
+  <%= link_to @payment.user.name_with_payee_and_member_level, @payment.user unless @payment.user.blank? %>
 </p>
 
 <p>
@@ -8,9 +8,19 @@
   <%= @payment.date %>
 </p>
 
+<p>
+  <b>Amount:</b>
+  <%= @payment.amount %>
+</p>
+
 <p>
   <b>Last Modified by:</b>
-  <%= user = @users.find{|u| u.id == @payment.created_by}; link_to user.name, user unless user.blank? %>
+  <% user = @users.find{|u| u.id == @payment.created_by} %>
+  <% if user.blank? %>
+    n/a
+  <% else %>
+    <%= link_to user.name, user %>
+  <% end %>
 </p>
 
 <p>
@@ -23,6 +33,13 @@
   <%= @payment.updated_at %>
 </p>
 
+<% if @payment.ipn.present? %>
+  <p>
+    <%= link_to "Paid via PayPal", @payment.ipn %>
+  </p>
+<% end %>
+
+
 
 <%= link_to 'Edit', edit_payment_path(@payment) %> |
 <%= link_to 'Destroy', @payment, :confirm => 'Are you sure you want to destroy this payment?', :method => :delete if can? :destroy, @payment %> | 

app/views/user_certifications/_form.html.erb

@@ -11,13 +11,14 @@
     </div>
   <% end %>
 
+  <% @user_certification.user_id = params[:user] if params[:user].present? %>
   <div class="field">
     <%= f.label :user_id, "User" %><br />
-    <%= collection_select(:user_certification, :user_id, @users, :id, :name) %>
+    <%= collection_select(:user_certification, :user_id, @users, :id, :name, :include_blank => true) %>
   </div>
   <div class="field">
     <%= f.label :certification_id, "Certification" %><br />
-    <%= collection_select(:user_certification, :certification_id, @certifications, :id, :name) %>
+    <%= collection_select(:user_certification, :certification_id, @certifications, :id, :name, :include_blank => true) %>
   </div>
   <div class="actions">
     <%= f.submit %>

app/views/user_certifications/index.html.erb

@@ -5,9 +5,9 @@
   <% @grouped_user_certs.sort.each do |cert, user_certifications| %>
   <dl class="collapsible">
     <dt><%= cert.name %></dt>
-    <% user_certifications.sort{|a,b| a.user.name <=> b.user.name}.each do |user_certification| %>
+    <% user_certifications.sort{|a,b| a.user_name <=> b.user_name}.each do |user_certification| %>
       <dd>
-        <%= link_to user_certification.user.name, user_certification %>
+        <%= link_to user_certification.user_name, user_certification %>
       </dd>
     <% end %>
   </dl>

app/views/user_certifications/show.html.erb

@@ -1,6 +1,6 @@
 <p>
   <b>User:</b>
-  <%= @user_certification.user.name %>
+  <%= link_to @user_certification.user.name, @user_certification.user %>
 </p>
 
 <p>
@@ -18,8 +18,14 @@
   at <%= @user_certification.updated_at %> 
 </p>
 
-<%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
-<%= link_to 'Back', user_certifications_path %>
 <p>
-<%= link_to 'Destroy', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete if can? :destroy, @user_certification %>
+<% if can? :update, @user_certification %>
+  <%= link_to 'Edit', edit_user_certification_path(@user_certification) %> |
+<% end %>
+
+<% if can? :destroy, @user_certification %>
+  <%= link_to 'Delete', @user_certification, :confirm => "Are you sure you want to destroy this user's certification?", :method => :delete %> | 
+<% end %>
+
+<%= link_to 'Back', user_certifications_path %>
 </p>

app/views/users/_user_summary.html.erb

@@ -0,0 +1,95 @@
+<% user ||= @user #unless @user.blank? %>
+
+<p>
+  <b>Name:</b>
+  <%= user.name %>
+</p>
+
+<% if current_user.admin? then %>
+<p>
+  <b>Email:</b>
+  <%= user.email %>
+</p>
+
+<p>
+  <b>Orientation?</b>
+  <%= user.orientation.strftime("%B %d %Y") unless user.orientation.blank? %>
+</p>
+<% end %>
+
+<p>
+  <b>Waiver?</b>
+  <%= user.waiver.strftime("%B %d %Y") unless user.waiver.blank? %>
+</p>
+
+<p>
+  <b>Current Member?</b>
+  <%= raw(user.member_status_symbol) %>
+</p>
+
+<% if current_user.admin? then %>
+  <p>
+    <b>Desired Member Level:</b>
+    <%= user.member_level %>
+  </p>
+  <p>
+    <b>Payment Method:</b>
+    <%= user.payment_method %>
+  </p>
+  <p>
+    <b>Payee:</b>
+    <%= user.payee %>
+  </p>
+  <p>
+    <b>Phone:</b>
+    <%= user.phone %>
+  </p>
+<% end %>
+  <p>
+    <b>Current Skills:</b>
+    <%= simple_format user.current_skills %>
+  </p>
+  <p>
+    <b>Desired Skills:</b>
+    <%= simple_format user.desired_skills %>
+  </p>
+<p>
+  <b>Card:</b>
+  <% if current_user.admin? then %>
+    <% user.cards.each do |c| %>
+      <%= link_to c.card_number, c %><%= "," unless c == user.cards.last %>
+    <% end %>
+  <% else %>
+    <%= unless user.cards.blank? then raw("&#x2713;") end %>
+  <% end %>
+</p>
+
+<b>Certifications:</b>
+<ul>
+  <% user.certifications.each do |certification| %>
+    <li><%= link_to certification.name, certification %></li>
+  <% end %>
+  <% if user.certifications.blank? %><li>n/a</li><% end %>
+</ul>
+
+<% if current_user.admin? then %>
+<p>
+  <b>Payments:</b>
+  <ul>
+  <% user.payments.each do |payment| %>
+    <li><%= payment.date %></li>
+  <% end %>
+  </ul>
+</p>
+<% end %>
+
+<% if current_user.admin? then %>
+<p>
+  <b>Created:</b>
+  <%= user.created_at %>
+</p>
+<p>
+  <b>Last signed in:</b>
+  <%= user.current_sign_in_at %>
+</p>
+<% end %>

app/views/users/index.html.erb

@@ -3,6 +3,9 @@
 <% if can? :create, User %>
   <%= link_to 'New User', new_user_path %>
 <% end %>
+<% if can? :manage, User %>
+  | <%= link_to 'Merge Users', users_merge_path %>
+<% end %>
 <table>
   <col />
   <col />

app/views/users/merge_view.html.erb

@@ -0,0 +1,48 @@
+<style type="text/css">
+ #user_to_merge_details, #user_to_keep_details,
+ #user_to_merge_details p, #user_to_keep_details p {
+   font-size: 12px;
+   margin: 0;
+ }
+</style>
+
+<h1>Merging users</h1>
+
+<%= form_tag('/users/merge', :method => :post) do %>
+<b>Everything except the email, password, name, id, hidden, and blank values will be moved to the "user to keep" UNLESS there is a value already there. The "user to merge" will be deleted.</b>
+<table>
+<tr>
+<td>
+  <div class="field">
+    <%= label_tag :user_to_keep, "User to Keep" %><br />
+    <%= collection_select(:user, :to_keep, @users, :id, :name_with_email_and_visibility, :include_blank => true) %>
+  </div>
+  <div id="user_to_keep_details"></div>
+</td>
+<td style="font-size: 16px">&#x25C0;&#x25C0;</td>
+<td>
+  <div class="field">
+    <%= label_tag :user_to_merge, "User to Merge" %><br />
+    <%= collection_select(:user, :to_merge, @users, :id, :name_with_email_and_visibility, :include_blank => true) %>
+  </div>
+  <div id="user_to_merge_details"></div>
+</td>
+</tr>
+</table>
+
+<hr/>
+  <div class="actions">
+    <%= submit_tag "Merge" %>
+  </div>
+<% end %>
+
+<%= link_to 'Back', users_path %>
+
+<script>
+$("#user_to_keep").change(function(event,handler){
+  $("#user_to_keep_details").load("/user_summary/"+event.target.value);
+});
+$("#user_to_merge").change(function(event,handler){
+  $("#user_to_merge_details").load("/user_summary/"+event.target.value);
+});
+</script>

app/views/users/show.html.erb

@@ -74,17 +74,19 @@
   </p>
 <% end %>
 <p>
-  <b>Card:</b>
+  <b>Card:  </b><%= link_to "+ Add", (new_card_path+"?user="+@user.id.to_s), :class => 'btn' if can? :create, Card %>
   <% if current_user.admin? then %>
+    <ul>
     <% @user.cards.each do |c| %>
-      <%= link_to c.card_number, c %><%= "," unless c == @user.cards.last %>
+      <li><%= link_to c.card_number, c %><%= "," unless c == @user.cards.last %></li>
     <% end %>
+    </ul>
   <% else %>
     <%= unless @user.cards.blank? then raw("&#x2713;") end %>
   <% end %>
 </p>
 
-<b>Certifications:</b>
+<b>Certifications:  </b><%= link_to "+ Add", (new_user_certification_path+"?user="+@user.id.to_s), :class => 'btn' if can? :create, UserCertification %>
 <ul>
   <% @user.certifications.each do |certification| %>
     <li><%= link_to certification.name, certification %></li>
@@ -108,6 +110,10 @@
   <b>Created:</b>
   <%= @user.created_at %>
 </p>
+<p>
+  <b>Last signed in:</b>
+  <%= @user.current_sign_in_at %>
+</p>
 <% end %>
 
 <% if can? :update, @user then %><%= link_to 'Edit', edit_user_path(@user) %> |<% end %>

config/database.yml

@@ -23,3 +23,9 @@ production:
   database: db/production.sqlite3
   pool: 5
   timeout: 5000
+#  adapter: postgresql
+#  encoding: unicode
+#  database: members
+#  pool: 5
+#  username: postgres
+#  password: 

config/routes.rb

@@ -1,4 +1,8 @@
 Dooraccess::Application.routes.draw do
+  match 'ipns/import' => 'ipns#import', :as => :import_ipn
+  resources :ipns
+  match 'ipns/:id/link' => 'ipns#link', :as => :link_ipn
+  match 'ipns/:id/validate' => 'ipns#validate', :as => :validate_ipn
 
   resources :payments
 
@@ -18,6 +22,9 @@ Dooraccess::Application.routes.draw do
       end
   end
 
+  match 'user_summary/:id' => 'users#user_summary' # User summary view
+  match 'users/merge' => 'users#merge_view', :via => :get # Merge view
+  match 'users/merge' => 'users#merge_action', :via => :post # Merge action
   resources :users
   match 'users/create' => 'users#create', :via => :post  # Use POST users/create instead of POST users to avoid devise conflict
 

db/migrate/20130824062334_create_ipns.rb

@@ -0,0 +1,24 @@
+class CreateIpns < ActiveRecord::Migration
+  def change
+    create_table :ipns do |t|
+      t.integer :payment_id
+      t.text :data
+      t.string :txn_id
+      t.string :txn_type
+      t.string :first_name
+      t.string :last_name
+      t.string :payer_business_name
+      t.string :payer_email
+      t.string :payer_id
+      t.string :auth_amount
+      t.string :payment_date
+      t.string :payment_fee
+      t.string :payment_gross
+      t.string :payment_status
+      t.string :item_name
+      t.string :payment_type
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20130824072157_add_amount_to_payments.rb

@@ -0,0 +1,5 @@
+class AddAmountToPayments < ActiveRecord::Migration
+  def change
+    add_column :payments, :amount, :decimal
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130212083412) do
+ActiveRecord::Schema.define(:version => 20130824072157) do
 
   create_table "cards", :force => true do |t|
     t.string   "card_number"
@@ -35,6 +35,27 @@ ActiveRecord::Schema.define(:version => 20130212083412) do
     t.datetime "updated_at", :null => false
   end
 
+  create_table "ipns", :force => true do |t|
+    t.integer  "payment_id"
+    t.text     "data"
+    t.string   "txn_id"
+    t.string   "txn_type"
+    t.string   "first_name"
+    t.string   "last_name"
+    t.string   "payer_business_name"
+    t.string   "payer_email"
+    t.string   "payer_id"
+    t.string   "auth_amount"
+    t.string   "payment_date"
+    t.string   "payment_fee"
+    t.string   "payment_gross"
+    t.string   "payment_status"
+    t.string   "item_name"
+    t.string   "payment_type"
+    t.datetime "created_at",          :null => false
+    t.datetime "updated_at",          :null => false
+  end
+
   create_table "mac_logs", :force => true do |t|
     t.string   "mac"
     t.string   "ip"
@@ -64,6 +85,7 @@ ActiveRecord::Schema.define(:version => 20130212083412) do
     t.datetime "created_at", :null => false
     t.datetime "updated_at", :null => false
     t.integer  "created_by"
+    t.decimal  "amount"
   end
 
   add_index "payments", ["user_id"], :name => "index_payments_on_user_id"

test/fixtures/ipns.yml

@@ -0,0 +1,7 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
+
+one:
+  data: MyText
+
+two:
+  data: MyText

test/functional/ipn_controller_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class IpnControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end

test/unit/helpers/ipn_helper_test.rb

@@ -0,0 +1,4 @@
+require 'test_helper'
+
+class IpnHelperTest < ActionView::TestCase
+end

test/unit/ipn_test.rb

@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class IpnTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end