summaryrefslogtreecommitdiff
path: root/billing/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'billing/app/controllers')
-rw-r--r--billing/app/controllers/subscriptions_controller.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 3fd5ae5..0a1c733 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -2,6 +2,7 @@ class SubscriptionsController < BillingBaseController
before_filter :authorize
before_filter :fetch_subscription, :only => [:show, :destroy]
before_filter :only_admin_active_pending, :only => [:destroy]
+ before_filter :confirm_self_or_admin, :only => [:index]
before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create]
# for now, admins cannot create or destroy subscriptions for others:
before_filter :confirm_self, :only => [:new, :create]
@@ -17,6 +18,7 @@ class SubscriptionsController < BillingBaseController
def create
@result = Braintree::Subscription.create( :payment_method_token => params[:payment_method_token], :plan_id => params[:plan_id] )
+ #if you want to test pastdue, can add :price => '2001', :trial_period => true,:trial_duration => 1,:trial_duration_unit => "day" and then wait a day
end
def destroy
@@ -54,4 +56,8 @@ class SubscriptionsController < BillingBaseController
@user == current_user
end
+ def confirm_self_or_admin
+ access_denied unless confirm_self or admin?
+ end
+
end