Fixes for cart and payment/paypal processing

app/Http/Controllers/CheckoutController.php

@@ -42,27 +42,53 @@ class CheckoutController extends Controller
 				->with('success','Checkout saved');
 	}
 
-	public function cart_invoice(Request $request,Invoice $o=NULL)
+	/**
+	 * Add an invoice to the cart
+	 *
+	 * @param Request $request
+	 * @param Invoice $o
+	 * @return \Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View|\Illuminate\Foundation\Application
+	 * @note The route validates that the user can see the invoice
+	 */
+	public function cart_invoice(Request $request,Invoice $o)
 	{
-		if ($o) {
-			$request->session()->put('invoice.cart.'.$o->id,$o->id);
+		$request->session()->put('invoice.cart.'.$o->id,$o->id);
+
+		return view('theme.backend.adminlte.checkout.cart');
+	}
+
+	/**
+	 * Remove an item from the cart
+	 *
+	 * @param Request $request
+	 * @return string
+	 */
+	public function cart_remove(Request $request): string
+	{
+		if ($id=$request->post('id')) {
+			$cart = $request->session()->pull('invoice.cart');
+			unset($cart[$id]);
+
+			$request->session()->put('invoice.cart',$cart);
 		}
 
-		if (! $request->session()->get('invoice.cart'))
-			return redirect()
-				->to('u/home');
-
-		return view('theme.backend.adminlte.u.invoice.cart')
-			->with('invoices',Invoice::find(array_values($request->session()->get('invoice.cart'))));
+		return '';
 	}
 
-	public function fee(Request $request,Checkout $o): float
+	public function fee(Request $request): float
 	{
-		return $o->fee($request->post('total',0));
+		if ((! $request->post('checkout_id') || (! $request->post('total'))))
+			return 0;
+
+		$co = Checkout::findOrFail($request->post('checkout_id'));
+
+		return $co->fee($request->post('total'));
 	}
 
-	public function pay(Request $request,Checkout $o)
+	public function pay()
 	{
-		return redirect('pay/paypal/authorise');
+		// @todo Currently sending all payments to paypal
+		return redirect()
+			->action([PaypalController::class,'authorise']);
 	}
 }

app/Http/Controllers/PaymentController.php

@@ -3,9 +3,9 @@
 namespace App\Http\Controllers;
 
 use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Arr;
 
 use App\Http\Requests\PaymentAddEdit;
-use Illuminate\Support\Arr;
 use App\Models\{Payment,PaymentItem};
 
 class PaymentController extends Controller

app/Http/Controllers/PaypalController.php

@@ -2,8 +2,8 @@
 
 namespace App\Http\Controllers;
 
-use App\Models\PaymentItem;
 use Carbon\Carbon;
+use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Log;
 use PayPalCheckoutSdk\Core\PayPalHttpClient;
@@ -13,14 +13,13 @@ use PayPalCheckoutSdk\Orders\OrdersCreateRequest;
 use PayPalCheckoutSdk\Orders\OrdersCaptureRequest;
 use PayPalHttp\HttpException;
 
-use App\Models\Checkout;
-use App\Models\Invoice;
-use App\Models\Payment;
+use App\Models\{Checkout,Invoice,Payment,PaymentItem};
 
 class PaypalController extends Controller
 {
-	private $client;
-	private $o = NULL;
+	private PayPalHttpClient $client;
+
+	protected const cart_url = 'u/checkout/cart';
 
 	// Create a new instance with our paypal credentials
 	public function __construct()
@@ -31,27 +30,30 @@ class PaypalController extends Controller
 			$environment = new ProductionEnvironment(config('paypal.live_client_id'),config('paypal.live_secret'));
 
 		$this->client = new PayPalHttpClient($environment);
-		$this->o = Checkout::where('name','paypal')->firstOrFail();
 	}
 
-	public function cancel(Request $request)
+	public function cancel()
 	{
-		return redirect()->to('u/invoice/cart');
+		return redirect()
+			->to(self::cart_url);
 	}
 
 	/**
 	 * Authorize a paypal payment, and redirect the user to pay.
 	 *
-	 * @param Request $request
-	 * @return \Illuminate\Http\RedirectResponse
+	 * @return RedirectResponse
+	 * @throws \PayPalHttp\IOException
 	 */
-	public function authorise(Request $request)
+	public function authorise()
 	{
+		$co = Checkout::where('name','ilike','paypal')->firstOrFail();
+
 		$currency = 'AUD'; // @todo TO determine from DB.;
-		$cart = $request->session()->get('invoice.cart');
+		$cart = request()->session()->get('invoice.cart');
 
 		if (! $cart)
-			return redirect()->to('u/home');
+			return redirect()
+				->to('u/home');
 
 		$invoices = Invoice::find($cart);
 
@@ -61,7 +63,7 @@ class PaypalController extends Controller
 		// Paypal Purchase Units
 		$items = collect();
 		foreach ($invoices as $io) {
-			$fee = $this->o->fee($io->due,count($cart));
+			$fee = $co->fee($io->due,count($cart));
 			$total = round($io->due+$fee,2);
 
 			$items->push([
@@ -100,7 +102,7 @@ class PaypalController extends Controller
 
 		$data->put('application_context',[
 			'return_url' => url('pay/paypal/capture'),
-			'cancel_url' => url('u/invoice/cart'),
+			'cancel_url' => url(self::cart_url),
 		]);
 
 		$paypal->body = $data->toArray();
@@ -111,12 +113,16 @@ class PaypalController extends Controller
 		} catch (HttpException $e) {
 			Log::error('Paypal Exception',['request'=>$paypal,'response'=>$e->getMessage()]);
 
-			return redirect()->to('u/invoice/cart')->withErrors('Paypal Exception: '.$e->getCode());
+			return redirect()
+				->to(self::cart_url)
+				->withErrors('Paypal Exception: '.$e->getCode());
 
 		} catch (\HttpException $e) {
-			Log::error('HTTP Exception',['request'=>$request,'response'=>$e->getMessage()]);
+			Log::error('HTTP Exception',['request'=>$this->client,'response'=>$e->getMessage()]);
 
-			return redirect()->to('u/invoice/cart')->withErrors('HTTP Exception: '.$e->getCode());
+			return redirect()
+				->to(self::cart_url)
+				->withErrors('HTTP Exception: '.$e->getCode());
 		}
 
 		// Get the approval link
@@ -128,18 +134,21 @@ class PaypalController extends Controller
 			}
 		}
 
-		if ($redirect_url) {
-			return redirect()->away($redirect_url);
-		}
+		if ($redirect_url)
+			return redirect()
+				->away($redirect_url);
 
-		return redirect()->to('u/invoice/cart')->withErrors('An error occurred with Paypal?');
+		return redirect()
+			->to(self::cart_url)
+			->withErrors('An error occurred with Paypal?');
 	}
 
 	/**
 	 * Capture a paypal payment
 	 *
 	 * @param Request $request
-	 * @return \Illuminate\Http\RedirectResponse
+	 * @return RedirectResponse
+	 * @throws \PayPalHttp\IOException
 	 */
 	public function capture(Request $request)
 	{
@@ -179,23 +188,32 @@ class PaypalController extends Controller
 			if ($redirect_url) {
 				Log::error('Paypal Capture: Redirect back to Paypal.');
 
-				return redirect()->away($redirect_url);
+				return redirect()
+					->away($redirect_url);
 			}
 
-			return redirect()->to('u/invoice/cart')->withErrors('An error occurred with Paypal?');
+			return redirect()
+				->to(self::cart_url)
+				->withErrors('An error occurred with Paypal?');
 
 		} catch (\HttpException $e) {
 			Log::error('HTTP Exception',['request'=>$paypal,'response'=>$e->getMessage()]);
 
-			return redirect()->to('u/invoice/cart')->withErrors('HTTP Exception: '.$e->getCode());
+			return redirect()
+				->to(self::cart_url)
+				->withErrors('HTTP Exception: '.$e->getCode());
 		}
 
-		if (! $response OR ! $response->result->purchase_units) {
+		if ((! $response) || (! $response->result->purchase_units)) {
 			Log::error('Paypal Capture: No Purchase Units?');
 
-			return redirect()->to('u/invoice/cart')->withErrors('Paypal Exception: NPU');
+			return redirect()
+				->to(self::cart_url)
+				->withErrors('Paypal Exception: NPU');
 		}
 
+		$co = Checkout::where('name','ilike','paypal')->firstOrFail();
+
 		// If we got here, we got a payment
 		foreach ($response->result->purchase_units as $pu) {
 			foreach ($pu->payments->captures as $cap) {
@@ -219,7 +237,7 @@ class PaypalController extends Controller
 				}
 
 				$po->paid_at = Carbon::parse($cap->create_time);
-				$po->checkout_id = $this->o->id;
+				$po->checkout_id = $co->id;
 				$po->checkout_data = $cap->id;
 
 				list($account_id,$fee) = explode(':',$cap->custom_id);
@@ -246,7 +264,11 @@ class PaypalController extends Controller
 		}
 
 		$request->session()->forget('invoice.cart');
+
 		Log::info('Paypal Payment Recorded',['po'=>$po->id]);
-		return redirect()->to('u/home')->with('success','Payment recorded thank you.');
+
+		return redirect()
+			->to('u/home')
+			->with('success','Payment recorded thank you.');
 	}
 }

app/Http/Requests/CheckoutAddEdit.php

@@ -3,7 +3,7 @@
 namespace App\Http\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Validation\Rule;
 
 /**
@@ -18,7 +18,7 @@ class CheckoutAddEdit extends FormRequest
 	 */
 	public function authorize()
 	{
-		return Auth::user()->isWholesaler();
+		return Gate::allows('wholesaler');
 	}
 
 	/**

app/Http/Requests/PaymentAddEdit.php

@@ -3,7 +3,7 @@
 namespace App\Http\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Gate;
 
 use App\Models\Invoice;
 
@@ -19,7 +19,7 @@ class PaymentAddEdit extends FormRequest
 	 */
 	public function authorize()
 	{
-		return Auth::user()->isWholesaler();
+		return Gate::allows('wholesaler');
 	}
 
 	/**