class API::SubscriptionsController < API::ApiController include FablabConfiguration before_action :set_subscription, only: %i[show edit update destroy] before_action :authenticate_user! def show authorize @subscription end def create if fablab_plans_deactivated? head 403 else method = current_user.admin? ? :local : :stripe user_id = current_user.admin? ? subscription_params[:user_id] : current_user.id @subscription = Subscription.new(subscription_params) is_subscribe = Subscriptions::Subscribe.new(user_id) .pay_and_save(@subscription, method, coupon_params[:coupon_code], true) if is_subscribe render :show, status: :created, location: @subscription else render json: @subscription.errors, status: :unprocessable_entity end end end def update authorize @subscription free_days = params[:subscription][:free] || false res = Subscriptions::Subscribe.new(@subscription.user_id) .extend_subscription(@subscription, subscription_update_params[:expired_at], free_days) if res.is_a?(Subscription) @subscription = res render status: :created elsif res render status: :ok else render status: :unprocessable_entity end end private # Use callbacks to share common setup or constraints between actions. def set_subscription @subscription = Subscription.find(params[:id]) end # Never trust parameters from the scary internet, only allow the white list through. def subscription_params params.require(:subscription).permit(:plan_id, :user_id, :card_token) end def coupon_params params.permit(:coupon_code) end def subscription_update_params params.require(:subscription).permit(:expired_at) end # TODO refactor subscriptions logic and move this in model/validator def valid_card_token?(token) Stripe::Token.retrieve(token) rescue Stripe::InvalidRequestError => e @subscription.errors[:card_token] << e.message false end end