summaryrefslogtreecommitdiff
path: root/billing
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-10-10 11:35:26 -0700
committerjessib <jessib@riseup.net>2013-10-10 11:35:26 -0700
commit51f93fc87c9cadbe52877ddc3e7c5fd07866b397 (patch)
tree86098fd4f837151e8e292fbd39d92b1fc1f7819a /billing
parent5627b01230cdfa918ad144b26183b4c0bf151360 (diff)
Admins can cancel pastdue subscriptions, but users cannot cancel their own pastdue subscription, as then admins won't be able to search for them.
Diffstat (limited to 'billing')
-rw-r--r--billing/app/controllers/billing_admin_controller.rb1
-rw-r--r--billing/app/controllers/subscriptions_controller.rb7
-rw-r--r--billing/app/views/subscriptions/show.html.haml2
3 files changed, 8 insertions, 2 deletions
diff --git a/billing/app/controllers/billing_admin_controller.rb b/billing/app/controllers/billing_admin_controller.rb
index 2a5165c..419a937 100644
--- a/billing/app/controllers/billing_admin_controller.rb
+++ b/billing/app/controllers/billing_admin_controller.rb
@@ -8,6 +8,7 @@ class BillingAdminController < BillingBaseController
@all_past_due = Braintree::Subscription.search do |search|
search.status.is Braintree::Subscription::Status::PastDue
+ #cannot search by balance.
end
end
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 4758adb..3fd5ae5 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -1,6 +1,7 @@
class SubscriptionsController < BillingBaseController
before_filter :authorize
before_filter :fetch_subscription, :only => [:show, :destroy]
+ before_filter :only_admin_active_pending, :only => [:destroy]
before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create]
# for now, admins cannot create or destroy subscriptions for others:
before_filter :confirm_self, :only => [:new, :create]
@@ -38,9 +39,13 @@ class SubscriptionsController < BillingBaseController
end
+ def only_admin_active_pending
+ access_denied unless admin? or ['Pending', 'Active'].include? @subscription.status
+ end
+
def confirm_no_pending_active_pastdue_subscription
@customer = Customer.find_by_user_id(@user.id)
- if subscription = @customer.subscriptions # will return active subscription, if it exists
+ if subscription = @customer.subscriptions # will return pending, active or pastdue subscription, if it exists
redirect_to user_subscription_path(@user, subscription.id), :notice => 'You already have a subscription'
end
end
diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml
index b258e47..f4d644a 100644
--- a/billing/app/views/subscriptions/show.html.haml
+++ b/billing/app/views/subscriptions/show.html.haml
@@ -3,4 +3,4 @@
Current
Subscription
= render :partial => "subscription_details", :locals => {:subscription => @subscription}
-= link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if ['Active', 'Pending'].include? @subscription.status # permission check or should that just be on show? # should you be able to cancel pending subscription?
+= link_to t(:cancel_subscription), user_subscription_path(@user, @subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if ['Active', 'Pending'].include? @subscription.status or admin? # permission check or should that just be on show? # should you be able to cancel pending subscription?