diff options
| author | jessib <jessib@riseup.net> | 2013-10-15 15:08:35 -0700 |
|---|---|---|
| committer | jessib <jessib@riseup.net> | 2013-10-15 15:08:35 -0700 |
| commit | a6f32017f5c7802798f10e2f4041037fb5684def (patch) | |
| tree | 42c3f2ee38de60fe5e66d25ec4a2b8a23eec934f /billing/app | |
| parent | 51f93fc87c9cadbe52877ddc3e7c5fd07866b397 (diff) | |
Add permissions to subscriptions index, and fix test to stub the subscription's balance.
Diffstat (limited to 'billing/app')
| -rw-r--r-- | billing/app/controllers/subscriptions_controller.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb index 3fd5ae5..0a1c733 100644 --- a/billing/app/controllers/subscriptions_controller.rb +++ b/billing/app/controllers/subscriptions_controller.rb @@ -2,6 +2,7 @@ class SubscriptionsController < BillingBaseController before_filter :authorize before_filter :fetch_subscription, :only => [:show, :destroy] before_filter :only_admin_active_pending, :only => [:destroy] + before_filter :confirm_self_or_admin, :only => [:index] before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create] # for now, admins cannot create or destroy subscriptions for others: before_filter :confirm_self, :only => [:new, :create] @@ -17,6 +18,7 @@ class SubscriptionsController < BillingBaseController def create @result = Braintree::Subscription.create( :payment_method_token => params[:payment_method_token], :plan_id => params[:plan_id] ) + #if you want to test pastdue, can add :price => '2001', :trial_period => true,:trial_duration => 1,:trial_duration_unit => "day" and then wait a day end def destroy @@ -54,4 +56,8 @@ class SubscriptionsController < BillingBaseController @user == current_user end + def confirm_self_or_admin + access_denied unless confirm_self or admin? + end + end |