From 51f93fc87c9cadbe52877ddc3e7c5fd07866b397 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Thu, 10 Oct 2013 11:35:26 -0700
Subject: Admins can cancel pastdue subscriptions, but users cannot cancel
 their own pastdue subscription, as then admins won't be able to search for
 them.

---
 billing/app/controllers/billing_admin_controller.rb | 1 +
 billing/app/controllers/subscriptions_controller.rb | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'billing/app/controllers')

diff --git a/billing/app/controllers/billing_admin_controller.rb b/billing/app/controllers/billing_admin_controller.rb
index 2a5165c..419a937 100644
--- a/billing/app/controllers/billing_admin_controller.rb
+++ b/billing/app/controllers/billing_admin_controller.rb
@@ -8,6 +8,7 @@ class BillingAdminController < BillingBaseController
 
     @all_past_due = Braintree::Subscription.search do |search|
       search.status.is Braintree::Subscription::Status::PastDue
+      #cannot search by balance.
     end
   end
 
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 4758adb..3fd5ae5 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -1,6 +1,7 @@
 class SubscriptionsController < BillingBaseController
   before_filter :authorize
   before_filter :fetch_subscription, :only => [:show, :destroy]
+  before_filter :only_admin_active_pending, :only => [:destroy]
   before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create]
   # for now, admins cannot create or destroy subscriptions for others:
   before_filter :confirm_self, :only => [:new, :create]
@@ -38,9 +39,13 @@ class SubscriptionsController < BillingBaseController
 
   end
 
+  def only_admin_active_pending
+    access_denied unless admin? or ['Pending', 'Active'].include? @subscription.status
+  end
+
   def confirm_no_pending_active_pastdue_subscription
     @customer = Customer.find_by_user_id(@user.id)
-    if subscription = @customer.subscriptions # will return active subscription, if it exists
+    if subscription = @customer.subscriptions # will return pending, active or pastdue subscription, if it exists
       redirect_to user_subscription_path(@user, subscription.id), :notice => 'You already have a subscription'
     end
   end
-- 
cgit v1.2.3