From b790bc01e7a1eb145f4de479e88e29c867ababa6 Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sbx.pm>
Date: Mon, 15 Jun 2020 16:56:43 +0200
Subject: [PATCH] fix access to /admin/invoices for managers

---
 app/policies/payment_policy.rb | 2 +-
 app/policies/setting_policy.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/policies/payment_policy.rb b/app/policies/payment_policy.rb
index 168f64399..43bceab32 100644
--- a/app/policies/payment_policy.rb
+++ b/app/policies/payment_policy.rb
@@ -3,6 +3,6 @@
 # Check the access policies for API::PaymentsController
 class PaymentPolicy < ApplicationPolicy
   def online_payment_status?
-    user.admin?
+    user.admin? || user.manager?
   end
 end
diff --git a/app/policies/setting_policy.rb b/app/policies/setting_policy.rb
index b49408d8a..a59466210 100644
--- a/app/policies/setting_policy.rb
+++ b/app/policies/setting_policy.rb
@@ -24,7 +24,7 @@ class SettingPolicy < ApplicationPolicy
   end
 
   def test_present?
-    user&.admin? || SettingPolicy.public_whitelist.push('openlab_app_secret').include?(record.name)
+    user&.admin? || SettingPolicy.public_whitelist.concat(%w[openlab_app_secret stripe_secret_key]).include?(record.name)
   end
 
   ##