diff options
| author | jessib <jessib@riseup.net> | 2013-10-10 11:35:26 -0700 |
|---|---|---|
| committer | jessib <jessib@riseup.net> | 2013-10-10 11:35:26 -0700 |
| commit | 51f93fc87c9cadbe52877ddc3e7c5fd07866b397 (patch) | |
| tree | 86098fd4f837151e8e292fbd39d92b1fc1f7819a | |
| parent | 5627b01230cdfa918ad144b26183b4c0bf151360 (diff) | |
Admins can cancel pastdue subscriptions, but users cannot cancel their own pastdue subscription, as then admins won't be able to search for them.
| -rw-r--r-- | billing/app/controllers/billing_admin_controller.rb | 1 | ||||
| -rw-r--r-- | billing/app/controllers/subscriptions_controller.rb | 7 | ||||
| -rw-r--r-- | billing/app/views/subscriptions/show.html.haml | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/billing/app/controllers/billing_admin_controller.rb b/billing/app/controllers/billing_admin_controller.rb index 2a5165c..419a937 100644 --- a/billing/app/controllers/billing_admin_controller.rb +++ b/billing/app/controllers/billing_admin_controller.rb @@ -8,6 +8,7 @@ class BillingAdminController < BillingBaseController @all_past_due = Braintree::Subscription.search do |search| search.status.is Braintree::Subscription::Status::PastDue + #cannot search by balance. end end diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb index 4758adb..3fd5ae5 100644 --- a/billing/app/controllers/subscriptions_controller.rb +++ b/billing/app/controllers/subscriptions_controller.rb @@ -1,6 +1,7 @@ class SubscriptionsController < BillingBaseController before_filter :authorize before_filter :fetch_subscription, :only => [:show, :destroy] + before_filter :only_admin_active_pending, :only => [:destroy] before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create] # for now, admins cannot create or destroy subscriptions for others: before_filter :confirm_self, :only => [:new, :create] @@ -38,9 +39,13 @@ class SubscriptionsController < BillingBaseController end + def only_admin_active_pending + access_denied unless admin? or ['Pending', 'Active'].include? @subscription.status + end + def confirm_no_pending_active_pastdue_subscription @customer = Customer.find_by_user_id(@user.id) - if subscription = @customer.subscriptions # will return active subscription, if it exists + if subscription = @customer.subscriptions # will return pending, active or pastdue subscription, if it exists redirect_to user_subscription_path(@user, subscription.id), :notice => 'You already have a subscription' end end diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml index b258e47..f4d644a 100644 --- a/billing/app/views/subscriptions/show.html.haml +++ b/billing/app/views/subscriptions/show.html.haml @@ -3,4 +3,4 @@ Current Subscription = render :partial => "subscription_details", :locals => {:subscription => @subscription} -= link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if ['Active', 'Pending'].include? @subscription.status # permission check or should that just be on show? # should you be able to cancel pending subscription? += link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if ['Active', 'Pending'].include? @subscription.status or admin? # permission check or should that just be on show? # should you be able to cancel pending subscription? |