rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-03-21 12:29:03 +01:00
Code Issues Releases Activity

add checkout policy

Browse Source
This commit is contained in:
Du Peng 2022-08-27 18:59:59 +02:00
parent c80198603e
commit ea535d86b2
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/api/checkout_controller.rb
View File

@ -8,7 +8,8 @@ class API::CheckoutController < API::ApiController
before_action :ensure_order
def payment
if order.statistic_profile_id.nil? && current_user.privileged?
authorize @current_order, policy_class: CheckoutPolicy
if @current_order.statistic_profile_id.nil? && current_user.privileged?
user = User.find(params[:customer_id])
@current_order.statistic_profile = user.statistic_profile
end
@ -20,6 +21,7 @@ class API::CheckoutController < API::ApiController
end
def confirm_payment
authorize @current_order, policy_class: CheckoutPolicy
res = Checkout::PaymentService.new.confirm_payment(@current_order, current_user, params[:coupon_code], params[:payment_id])
render json: res
rescue StandardError => e

10
app/policies/checkout_policy.rb Normal file
View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
# Check the access policies for API::CheckoutController
class CheckoutPolicy < ApplicationPolicy
%w[payment confirm_payment].each do |action|
define_method "#{action}?" do
return user.privileged? || (record.statistic_profile_id == user.statistic_profile.id)
end
end
end