Change inheritance of StripeAccountsController

2026-03-01 02:03:22 +00:00 · 2017-10-12 21:35:31 +11:00
parent 0b8b5e694e
commit f2ad087be5
3 changed files with 33 additions and 32 deletions
--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -1,9 +1,7 @@
 require 'stripe/account_connector'

 module Admin
-  class StripeAccountsController < BaseController
-    protect_from_forgery except: :destroy_from_webhook
-
+  class StripeAccountsController < Spree::Admin::BaseController
    def connect
      payload = params.slice(:enterprise_id)
      key = Openfoodnetwork::Application.config.secret_token
@@ -41,5 +39,11 @@ module Admin
        render json: { status: :access_revoked }
      end
    end
+
+    private
+
+    def model_class
+      StripeAccount
+    end
  end
 end
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -124,7 +124,7 @@ class AbilityDecorator
      column_preference.user == user
    end

-    can [:status, :destroy], StripeAccount do |stripe_account|
+    can [:admin, :connect, :status, :destroy], StripeAccount do |stripe_account|
      user.enterprises.include? stripe_account.enterprise
    end
  end
--- a/spec/controllers/admin/stripe_accounts_controller_spec.rb
+++ b/spec/controllers/admin/stripe_accounts_controller_spec.rb
@@ -77,55 +77,52 @@ describe Admin::StripeAccountsController, type: :controller do
  end

  describe "#status" do
-    let(:params) { { format: :json } }
+    let(:params) { { format: :json, enterprise_id: enterprise.id } }

    before do
      allow(Stripe).to receive(:api_key) { "sk_test_12345" }
      Spree::Config.set(stripe_connect_enabled: false)
    end

-    context "when Stripe is not enabled" do
-      it "returns with a status of 'stripe_disabled'" do
+    context "when I don't manage the specified enterprise" do
+      let(:user) { create(:user) }
+
+      before do
+        allow(controller).to receive(:spree_current_user) { user }
+      end
+
+      it "redirects to unauthorized" do
        spree_get :status, params
-        json_response = JSON.parse(response.body)
-        expect(json_response["status"]).to eq "stripe_disabled"
+        expect(response).to redirect_to spree.unauthorized_path
      end
    end

-    context "when Stripe is enabled" do
-      before { Spree::Config.set(stripe_connect_enabled: true) }
+    context "when I manage the specified enterprise" do
+      before do
+        allow(controller).to receive(:spree_current_user) { enterprise.owner }
+      end

-      context "but no stripe account is associated with the specified enterprise" do
-        it "returns with a status of 'account_missing'" do
+      context "when Stripe is not enabled" do
+        it "returns with a status of 'stripe_disabled'" do
          spree_get :status, params
          json_response = JSON.parse(response.body)
-          expect(json_response["status"]).to eq "account_missing"
+          expect(json_response["status"]).to eq "stripe_disabled"
        end
      end

-      context "and a stripe account is associated with the specified enterprise" do
-        let!(:account) { create(:stripe_account, stripe_user_id: "acc_123", enterprise: enterprise) }
+      context "when Stripe is enabled" do
+        before { Spree::Config.set(stripe_connect_enabled: true) }

-        context "but I don't manage the enterprise" do
-          let(:user) { create(:user) }
-          let(:enterprise2) { create(:enterprise) }
-          before do
-            user.owned_enterprises << enterprise2
-            params[:enterprise_id] = enterprise.id
-            allow(controller).to receive(:spree_current_user) { user }
-          end
-
-          it "redirects to unauthorized" do
+        context "when no stripe account is associated with the specified enterprise" do
+          it "returns with a status of 'account_missing'" do
            spree_get :status, params
-            expect(response).to redirect_to spree.unauthorized_path
+            json_response = JSON.parse(response.body)
+            expect(json_response["status"]).to eq "account_missing"
          end
        end

-        context "and I manage the enterprise" do
-          before do
-            params[:enterprise_id] = enterprise.id
-            allow(controller).to receive(:spree_current_user) { enterprise.owner }
-          end
+        context "when a stripe account is associated with the specified enterprise" do
+          let!(:account) { create(:stripe_account, stripe_user_id: "acc_123", enterprise: enterprise) }

          context "but access has been revoked or does not exist on stripe's servers" do
            before do