Push the risk analysis details to the payment partial

elia · elia · commit 8f8a331be1f0 · 2023-02-02T11:45:04.000+01:00
AVS and CVV are a legacy coming from an age in which everything could
be done with ActiveMerchant and PCI compliance didn't exist.

Moving away from specific risk checks paves the way for payment-method
specific risky checks and display, although the underlying tables
didn't change.
diff --git a/backend/app/controllers/spree/admin/payments_controller.rb b/backend/app/controllers/spree/admin/payments_controller.rb
@@ -11,6 +11,8 @@ class PaymentsController < Spree::Admin::BaseController
       before_action :load_data
       before_action :require_bill_address, only: [:index]
 
+      helper ::Spree::Admin::OrdersHelper
+
       respond_to :html
 
       def index
diff --git a/backend/app/views/spree/admin/orders/_risk_analysis.html.erb b/backend/app/views/spree/admin/orders/_risk_analysis.html.erb
@@ -1,52 +1,26 @@
-<% latest_payment = @order.payments.reorder("created_at DESC").first %>
+<details id="risk_analysis">
+  <summary><%= t('spree.risk_analysis') %>: <%= t('spree.risky') %></summary>
 
-<fieldset class="no-border-bottom" id="risk_analysis">
-  <legend><%= "#{t('spree.risk_analysis')}: #{t('spree.not') unless @order.is_risky?} #{t('spree.risky')}" %></legend>
   <table>
     <thead>
+      <th><%= t('spree.payment') %></th>
       <th><%= t('spree.risk') %></th>
       <th><%= t('spree.status') %></th>
     </thead>
-    <tbody id="risk-analysis" data-hook="order_details_adjustments" class="with-border">
-      <tr class="">
-        <td><strong>
-          <%= t('spree.failed_payment_attempts') %>:
-        </strong></td>
-        <td>
-          <span class="pill pill-<%= @order.payments.failed.count > 0 ? 'warning' : 'complete' %>">
-            <%= t(
-              'spree.payments_failed_count',
-              count: @order.payments.failed.count
-            ) %>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td><strong><%= t('spree.avs_response') %>:</strong></td>
-        <td>
-          <span class="pill pill-<%= latest_payment.is_avs_risky? ? 'warning' : 'complete' %>">
-            <% if latest_payment.is_avs_risky? %>
-              <%= avs_response_code[latest_payment.avs_response] %>
-            <% else %>
-              <%= t('spree.success') %>
-            <% end %>
-          </span>
-        </td>
-      </tr>
-
-      <tr>
-        <td><strong><%= t('spree.cvv_response') %>:</strong></td>
-        <td>
-          <span class="pill pill-<%= latest_payment.is_cvv_risky? ? 'warning' : 'complete' %>">
-            <% if latest_payment.is_cvv_risky? %>
-              <%= cvv_response_code[latest_payment.cvv_response_code] %>
-            <% else %>
-              <%= t('spree.success') %>
-            <% end %>
-          </span>
-        </td>
-      </tr>
+    <tbody id="risk-analysis" data-hook="order_details_adjustments"  class="with-border">
+      <% order.payments.risky.each do |payment| %>
+        <tr class="">
+          <td><%= link_to payment.number, admin_order_payment_path(order, payment) %></td>
+          <td>
+            <span class="pill pill-warning"><%= t('spree.risky') %></span>
+          </td>
+          <td>
+            <span class="pill pill-<%= payment.state %>">
+              <%= t(payment.state, scope: 'spree.payment_states') %>
+            </span>
+          </td>
+        </tr>
+      <% end %>
     </tbody>
   </table>
-</fieldset>
+</details>
diff --git a/backend/app/views/spree/admin/orders/cart.html.erb b/backend/app/views/spree/admin/orders/cart.html.erb
@@ -16,7 +16,7 @@
 </div>
 
 <% if @order.is_risky? %>
-  <%= render 'spree/admin/orders/risk_analysis' %>
+  <%= render 'spree/admin/orders/risk_analysis', order: @order %>
 <% end %>
 
 <div data-hook="admin_order_edit_form">
diff --git a/backend/app/views/spree/admin/orders/edit.html.erb b/backend/app/views/spree/admin/orders/edit.html.erb
@@ -15,7 +15,7 @@
 </div>
 
 <% if @order.is_risky? %>
-  <%= render 'spree/admin/orders/risk_analysis' %>
+  <%= render 'spree/admin/orders/risk_analysis', order: @order %>
 <% end %>
 
 <div data-hook="admin_order_edit_sub_header"></div>
diff --git a/backend/app/views/spree/admin/payments/_list.html.erb b/backend/app/views/spree/admin/payments/_list.html.erb
@@ -22,7 +22,10 @@
   <tbody>
     <% payments.each do |payment| %>
       <tr id="<%= dom_id(payment) %>" data-hook="payments_row" class="payment vertical-middle" data-payment-id="<%= payment.id %>">
-        <td><%= link_to payment.number, spree.admin_order_payment_path(@order, payment) %></td>
+        <td>
+          <%= tag :i, class: "fa fa-warning red", title: t('spree.risky') if payment.risky? %>
+          <%= link_to payment.number, spree.admin_order_payment_path(@order, payment) %>
+        </td>
         <td><%= l(payment.created_at, format: :short) %></td>
         <td><%= payment.payment_method.name %></td>
         <td><%= payment.transaction_id %></td>
diff --git a/backend/app/views/spree/admin/payments/source_views/_gateway.html.erb b/backend/app/views/spree/admin/payments/source_views/_gateway.html.erb
@@ -15,10 +15,53 @@
 
         <dt><%= Spree::CreditCard.human_attribute_name(:expiration) %>:</dt>
         <dd><%= payment.source.month %>/<%= payment.source.year %></dd>
+
+        <% if payment.source.address %>
+          <dt><%= Spree::CreditCard.human_attribute_name(:source_address) %>:</dt>
+          <dd><%= render partial: 'spree/admin/shared/address', locals: {address: payment.source.address} %></dd>
+        <% end %>
+      </dl>
+    </div>
+
+    <div class="col-2">
+    </div>
+
+    <div class="col-4">
+      <dl>
+        <dt><%= Spree::CreditCard.human_attribute_name(:code) %>:</dt>
+        <dd><%= payment.number %></dd>
+
+        <dt><%= t('spree.risk_analysis') %></dt>
+        <dd>
+          <span class="pill pill-<%= payment.risky? ? 'error' : 'complete' %>">
+            <%= "#{t('spree.not') unless payment.risky?} #{t('spree.risky').downcase}".capitalize %>
+          </span>
+        </dd>
+
+        <dt><%= t('spree.status')%></dt>
+        <dd><span class="pill pill-<%= payment.state %>"><%= t(payment.state, scope: 'spree.payment_states') %></span></dd>
+
+
+        <dt><%= Spree::CreditCard.human_attribute_name(:avs_response) %>:</dt>
+        <dd>
+          <%= content_tag(
+            :span,
+            payment.is_avs_risky? ? t('spree.failure') : t('spree.success'),
+            class: "pill pill-#{payment.is_avs_risky? ? 'warning' : 'complete'}",
+            title: avs_response_code[payment.avs_response],
+          ) %>
+        </dd>
+
+        <dt><%= Spree::CreditCard.human_attribute_name(:cvv_response_code) %>:</dt>
+        <dd>
+          <%= content_tag(
+            :span,
+            payment.is_cvv_risky? ? t('spree.failure') : t('spree.success'),
+            class: "pill pill-#{payment.is_cvv_risky? ? 'warning' : 'complete'}",
+            title: cvv_response_code[payment.cvv_response_code],
+          ) %>
+        </dd>
       </dl>
-      <% if payment.source.address %>
-        <%= render partial: 'spree/admin/shared/address', locals: {address: payment.source.address} %>
-      <% end %>
     </div>
   </div>
 </fieldset>
