Add a where_user_not_locked Person scope and chain it onto the
non-admin relation_scope so that profiles whose user account is
locked are excluded. People with no user record are still included.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* add pay gem

* pay gem migrations

* add pay_customer to person

* create allocations migration

* change payments to sti

* add refunds migration

* fix migration

* update models to use allocations

* add allocation index with cash and check payment form

* create allocation form

* us turbo stream replace

* change payment totals to allocations_sum

* clean up new payment form

* add stimulus selection for payer typer

* fix toggle of payer type search

* fix form style

* add dollars to UI

* add dollars to allocations and add payment index pagination

* titlize payment type

* display amount input with decimal

* add allocated amount to payment

* handle allocation payment transaction

* allocate payments manually

* add refunds to payments

* show refunds and allocation source

* add refund method

* add revert of allocation

* add event cost validation for allocation

* add flash errors

* show reverted reference

* fix allocated amount update

* change to amount remaining

* update flash with remaining on payment

* add stripe env

* add stripe checkout

* create payment when pay charge is paid

* add stripe refund id to refunds

* order payment lists newest first

* fix amount cents remaning for new payments

* refactor search type selector to be generic

* add join scope to remote search concern

* create payment seeds

* add seed for unallocation

* fix event create seed

* add cursor to revert button

* more refund query to controller

* add search boxes for payments

* fix search on amount remaining

* fix dropdown toggle

* add turbo frame results

* exclude remove select input typing from auto submit

* fix payment type select

* fix new payment form type select

* use turbo frame top for payment view link

* remove redudant payment name

* hard code stripe name

* comments

* fix check for nil on event allocation

* rubocop

* add turbo flash to allocations

* add allocation validation

* add search to allocations

* fix turbo frame on allocation search

* move search box columns

* add placeholder for type select

* clear search

* check for outlet

* justify end for clear filters buttons

* use model card helper

* clean up

* Fix system notifications showing Oopsie error (#1488)

* Fix system notifications showing "Oopsie!" by adopting lazy-load pattern

The notifications index rendered data inline inside a turbo frame while
also setting a src attribute to re-fetch the same data. If the redundant
request failed, the turbo:frame-missing handler replaced the content
with an error message. Aligns with the lazy-load pattern used by other
controllers (stories, people, etc.) — skeleton on initial load, data
fetched via turbo frame request.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Add turbo_frame: _top to links inside notifications turbo frame

Links inside the notifications_results turbo frame were being
intercepted by Turbo, which tried to load the target page inside
the frame. The show page and polymorphic record pages don't contain
a matching turbo frame, triggering the turbo:frame-missing handler
and showing the "Oopsie!" error.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* Bump vulnerable gems flagged by bundler-audit (#1495)

Updates addressable, net-imap, nokogiri, rack, and rack-session to
patched versions to clear CVE advisories from the scan_ruby CI job.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* Bump actions/upload-artifact from 4 to 7 (#1485)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Hide locked users' profiles from the non-admin people index (#1489)

Add a where_user_not_locked Person scope and chain it onto the
non-admin relation_scope so that profiles whose user account is
locked are excluded. People with no user record are still included.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* create scholarship migration

* add scholarship controller and model

* add scholarship admin ui

* add scholarship crud

* remove event_reg_id from scholarship

* change allocation heading

* add discounts

* change payment payer from polymorphic to person and/or organization

* add all option to search payer type

* schema

* update nav buttons

* move amount calc to model

* clean up

* allocation results break out of turbo frame

* use results template

* clean up index action on allocation

* update reminder to work with payments

* fix simple specs

* remove feature flag

* remove auto refund

* rubocop

* handle brakeman warnings

* handle polymorphic paths for show

* add tests

* add allocation error message

* validate greated than 0 payment

* fix fully allocated regs

* add tests

* add scholarship recipient

* add stripe checkout to event reg

* handle payment for remaining cost

* add payment comments

* add amount remaining to source column

* add stripe refunds

* add refund specs

* fix spec

* spec

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: maebeale <maebeale@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>