QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-07 22:34:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hide contribution payments from demo user(s) (#738)

Browse Source 
* Hide payment contribution options from demo and manually created users

Demo data users and manually created users don't have stripe_customer_id
set on their family, so they should not see payment/contribution options.

Changes:
- Add can_manage_subscription? method to Family::Subscribeable that checks
  for presence of stripe_customer_id
- Guard Settings::PaymentsController to return 403 for users without
  stripe_customer_id
- Guard SubscriptionsController#show action (Stripe portal redirect) for
  users without stripe_customer_id
- Update settings navigation to hide the payment link when
  stripe_customer_id is not present
- Add tests for the new behavior

* Fix broken test

---------

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Juan José Mata
2026-01-23 12:35:49 +01:00
committed by GitHub
parent 5ba051c8cf
commit e0fb585bda
7 changed files with 71 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
test/controllers/subscriptions_controller_test.rb
View File

@@ -11,9 +11,10 @@ class SubscriptionsControllerTest < ActionDispatch::IntegrationTest
end
test "disabled for self hosted users" do
Rails.application.config.app_mode.stubs(:self_hosted?).returns(true)
post subscription_path
assert_response :forbidden
with_self_hosting do
post subscription_path
assert_response :forbidden
end
end
# Trial subscriptions are managed internally and do NOT go through Stripe
@@ -73,4 +74,23 @@ class SubscriptionsControllerTest < ActionDispatch::IntegrationTest
assert @family.subscription.active?
assert_equal "Welcome to Sure! Your contribution is appreciated.", flash[:notice]
end
test "show action returns forbidden when family has no stripe_customer_id" do
assert_nil @family.stripe_customer_id
get subscription_path
assert_response :forbidden
end
test "show action redirects to stripe portal when family has stripe_customer_id" do
@family.update!(stripe_customer_id: "cus_test123")
@mock_stripe.expects(:create_payment_portal_session_url).with(
customer_id: "cus_test123",
return_url: settings_payment_url
).returns("https://billing.stripe.com/session/test")
get subscription_path
assert_redirected_to "https://billing.stripe.com/session/test"
end
end