From a6f32017f5c7802798f10e2f4041037fb5684def Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Tue, 15 Oct 2013 15:08:35 -0700
Subject: Add permissions to subscriptions index, and fix test to stub the
 subscription's balance.

---
 billing/app/controllers/subscriptions_controller.rb |  6 ++++++
 billing/test/integration/subscription_test.rb       | 12 +++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

(limited to 'billing')

diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 3fd5ae5..0a1c733 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -2,6 +2,7 @@ class SubscriptionsController < BillingBaseController
   before_filter :authorize
   before_filter :fetch_subscription, :only => [:show, :destroy]
   before_filter :only_admin_active_pending, :only => [:destroy]
+  before_filter :confirm_self_or_admin, :only => [:index]
   before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create]
   # for now, admins cannot create or destroy subscriptions for others:
   before_filter :confirm_self, :only => [:new, :create]
@@ -17,6 +18,7 @@ class SubscriptionsController < BillingBaseController
 
   def create
     @result = Braintree::Subscription.create( :payment_method_token => params[:payment_method_token], :plan_id => params[:plan_id] )
+    #if you want to test pastdue, can add :price => '2001', :trial_period => true,:trial_duration => 1,:trial_duration_unit => "day" and then wait a day
   end
 
   def destroy
@@ -54,4 +56,8 @@ class SubscriptionsController < BillingBaseController
     @user == current_user
   end
 
+  def confirm_self_or_admin
+    access_denied unless confirm_self or admin?
+  end
+
 end
diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb
index b893896..6356177 100644
--- a/billing/test/integration/subscription_test.rb
+++ b/billing/test/integration/subscription_test.rb
@@ -10,28 +10,34 @@ class SubscriptionTest < ActionDispatch::IntegrationTest
 
   setup do
     Warden.test_mode!
-    @admin = stub_record :user, :admin => true
+    @admin = User.find_by_login('admin') || FactoryGirl.create(:user, login: 'admin')
     @customer = stub_customer
     @braintree_customer = @customer.braintree_customer
     response = Braintree::Subscription.create plan_id: '5',
-      payment_method_token: @braintree_customer.credit_cards.first.token
+      payment_method_token: @braintree_customer.credit_cards.first.token,
+      price: '10'
     @subscription = response.subscription
     Capybara.current_driver = Capybara.javascript_driver
   end
 
   teardown do
     Warden.test_reset!
+    @admin.destroy
   end
 
-  test "admin can see subscription for another" do
+  test "admin can see all subscriptions for another" do
     login_as @admin
     @customer.stubs(:subscriptions).returns([@subscription])
+    @subscription.stubs(:balance).returns 0
     visit user_subscriptions_path(@customer.user_id)
     assert page.has_content?("Subscriptions")
     assert page.has_content?("Status: Active")
     page.save_screenshot('/tmp/subscriptions.png')
   end
 
+  # test "user cannot see all subscriptions for other user" do
+  #end
+
   #test "admin cannot add subscription for another" do
   #end
 
-- 
cgit v1.2.3