我有一个结账页面,访问者可以在其中输入优惠券,从而获得折扣。此外,我还有一个包含所有可能的有效操作代码的操作代码模型,这些操作代码是由管理员生成的。人们可以提交一张优惠券,然后按下按钮后,它应该验证优惠券,如果有效,就会自动更新价格。我已尝试按照答案 here 中的步骤进行操作,但我不完全确定如何执行此操作。
当然,这应该以安全的方式完成。我最初的计划是通过 Javascript,但这里的答案让我确信这应该在 Controller 中完成(并且可能使用 Javascript 来更新结账 View 上显示的金额?)。
我应该如何调整下面的代码以包含优惠券以及我应该包含哪些 Javascript?就像现在一样,当我按下优惠券按钮时什么也没有发生。
路由,在提交新用户时执行def checkout
:
post 'signup/register' => 'organizations#checkout', as: 'signup_checkout'
保存新用户并生成结帐(付款) View 的 Controller 方法。它设置各种结帐变量:
def checkout
@organization = Organization.new(organizationnew_params)
if @organization.save
@organization.members.each do |single_member|
single_member.send_activation_email
end
@actioncode = Actioncode.new
@amount = 100.00
@currency = "EUR"
@description = @organization.id
@transaction_description = "My description"
@transaction_type = "S"
@hash = hash(@description, @amount, @currency, @transaction_type)
render 'checkout' # This renders the checkout view.
else
render 'new_premium'
end
end
表单 View ,其中前四行生成操作代码/优惠券的表单:
<%= form_for @actioncode, method: :post, url: {action: "check_actioncode", :controller => 'actioncodes'}, remote: true do |f| %>
<%= f.text_field :actioncode, :placeholder => "Enter your coupon" %>
<%= f.submit "Submit Coupon Code" %>
<% end %>
<form action="https://secure.paylane.com/order/cart.html" method="post" >
<%= "If you have a coupon, please enter that first. The amount due is #{@currency} #{number_with_precision(@amount, precision: 2)}. The button below will bring you to the secure environment of PayLane where you can select your payment method." %>
<!-- form adapted from http://devzone.paylane.com/secure-form-guide/implementation/ -->
<input type="hidden" name="amount" value=@amount />
<input type="hidden" name="currency" value=@currency />
<input type="hidden" name="merchant_id" value=PAYLANE_ID />
<input type="hidden" name="description" value=@description />
<input type="hidden" name="transaction_description" value=@transaction_description />
<input type="hidden" name="transaction_type" value=@transaction_type />
<input type="hidden" name="back_url" value="https://mysite/signup/confirmation" />
<input type="hidden" name="language" value="en" />
<input type="hidden" name="hash" value=@hash />
<input type="hidden" name="customer_email" <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2b5d4a475e4e166b464e46494e59054e464a4247" rel="noreferrer noopener nofollow">[email protected]</a> />
<button type="submit">Pay with PayLane</button>
</form>
路线,在提交优惠券按钮时执行:
post 'check_actioncode' => 'actioncodes#check_actioncode'
按下操作代码/优惠券按钮时执行的 Controller 方法:
def check_actioncode
@actioncode = Actioncode.where(:actioncode => params[:actioncode][:actioncode]).first
respond_to do |format|
unless @actioncode.empty?
unless @actioncode.price.empty?
@amount = @actioncode.price # It it safe this way, or should (part of) the method be private?
format.js {} # What should the js file look like to update the values in the checkout view?
render 'checkout' # To reload page with the updated price/amount?
else
unless @actioncode.discount.empty?
@amount = @amount * (100 - @actioncode.discount) # Not sure how to do this. The first @amount should be yhr new amount, while the second @amount should be the initial amount.
format.js {}
render 'checkout'
else
flash.now[:danger] = "Action code offers no discount"
end
end
else
flash.now[:danger] = "Action code not found or expired"
end
end
end
删除了最初的 Javascript 代码,因为答案表明这不是更新金额等安全方法。
最佳答案
有几件事需要注意,你永远不会将操作代码带入 UI。人们肯定会破解这个!
function validate(actioncode) {
//Here make a call to your backend to validate. I RECOMMEND NOT TO DO IT IN UI.
//Return somevalue
//if you have the data in UI, you can use if(validActionCodes.indexOf(actioncode))
if (isActionValid)
window.alert("Action Code Accepted! Click the Buy Now button to finalize the payment");
} else {
window.alert("Sorry, The Action Code you entered is invalid. Please check and try again!");
}
}
关于javascript - 验证优惠券代码并更新价格的 Controller 方法/Javascript,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30143794/