diff options
-rw-r--r-- | billing/app/controllers/subscriptions_controller.rb | 6 | ||||
-rw-r--r-- | billing/test/integration/subscription_test.rb | 12 |
2 files changed, 15 insertions, 3 deletions
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb index 3fd5ae5..0a1c733 100644 --- a/billing/app/controllers/subscriptions_controller.rb +++ b/billing/app/controllers/subscriptions_controller.rb @@ -2,6 +2,7 @@ class SubscriptionsController < BillingBaseController before_filter :authorize before_filter :fetch_subscription, :only => [:show, :destroy] before_filter :only_admin_active_pending, :only => [:destroy] + before_filter :confirm_self_or_admin, :only => [:index] before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create] # for now, admins cannot create or destroy subscriptions for others: before_filter :confirm_self, :only => [:new, :create] @@ -17,6 +18,7 @@ class SubscriptionsController < BillingBaseController def create @result = Braintree::Subscription.create( :payment_method_token => params[:payment_method_token], :plan_id => params[:plan_id] ) + #if you want to test pastdue, can add :price => '2001', :trial_period => true,:trial_duration => 1,:trial_duration_unit => "day" and then wait a day end def destroy @@ -54,4 +56,8 @@ class SubscriptionsController < BillingBaseController @user == current_user end + def confirm_self_or_admin + access_denied unless confirm_self or admin? + end + end diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb index b893896..6356177 100644 --- a/billing/test/integration/subscription_test.rb +++ b/billing/test/integration/subscription_test.rb @@ -10,28 +10,34 @@ class SubscriptionTest < ActionDispatch::IntegrationTest setup do Warden.test_mode! - @admin = stub_record :user, :admin => true + @admin = User.find_by_login('admin') || FactoryGirl.create(:user, login: 'admin') @customer = stub_customer @braintree_customer = @customer.braintree_customer response = Braintree::Subscription.create plan_id: '5', - payment_method_token: @braintree_customer.credit_cards.first.token + payment_method_token: @braintree_customer.credit_cards.first.token, + price: '10' @subscription = response.subscription Capybara.current_driver = Capybara.javascript_driver end teardown do Warden.test_reset! + @admin.destroy end - test "admin can see subscription for another" do + test "admin can see all subscriptions for another" do login_as @admin @customer.stubs(:subscriptions).returns([@subscription]) + @subscription.stubs(:balance).returns 0 visit user_subscriptions_path(@customer.user_id) assert page.has_content?("Subscriptions") assert page.has_content?("Status: Active") page.save_screenshot('/tmp/subscriptions.png') end + # test "user cannot see all subscriptions for other user" do + #end + #test "admin cannot add subscription for another" do #end |