engines/billing/app/controllers/subscriptions_controller.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

class SubscriptionsController < BillingBaseController
  before_filter :require_login
  before_filter :fetch_subscription, :only => [:show, :destroy]
  before_filter :confirm_cancel_subscription, :only => [:destroy]
  before_filter :confirm_self_or_admin, :only => [:index]
  before_filter :confirm_no_pending_active_pastdue_subscription, :only => [:new, :create]
  # for now, admins cannot create or destroy subscriptions for others:
  before_filter :confirm_self, :only => [:new, :create]

  def new
    # don't show link to subscribe if they are already subscribed?
    credit_card = @customer.default_credit_card #safe to assume default?
    @payment_method_token = credit_card.token
    @plans = Braintree::Plan.all
  end

  # show has no content, so not needed at this point.

  def create
    @result = Braintree::Subscription.create( :payment_method_token => params[:payment_method_token], :plan_id => params[:plan_id] )
    #if you want to test pastdue, can add :price => '2001', :trial_period => true,:trial_duration => 1,:trial_duration_unit => "day" and then wait a day
  end

  def destroy
    @result = Braintree::Subscription.cancel params[:id]
  end

  def index
    customer = Customer.find_by_user_id(@user.id)
    @subscriptions = customer.subscriptions(nil, false)
  end

  private

  def fetch_subscription
    @subscription = Braintree::Subscription.find params[:id]
    @credit_card = Braintree::CreditCard.find @subscription.payment_method_token
    @subscription_customer_id = @credit_card.customer_id
    current_user_customer = Customer.find_by_user_id(current_user.id)
    access_denied unless admin? or (current_user_customer and current_user_customer.braintree_customer_id == @subscription_customer_id)

  end

  def confirm_cancel_subscription
    access_denied unless view_context.allow_cancel_subscription(@subscription)
  end

  def confirm_no_pending_active_pastdue_subscription
    @customer = Customer.find_by_user_id(@user.id)
    if subscription = @customer.subscriptions # will return pending, active or pastdue subscription, if it exists
      redirect_to user_subscription_path(@user, subscription.id), :notice => 'You already have a subscription'
    end
  end

  def confirm_self
    @user == current_user
  end

  def confirm_self_or_admin
    access_denied unless confirm_self or admin?
  end

end