billing: Show the billing page only to admins and billing users.

This commit is contained in:
Vishnu Ks 2018-07-11 20:06:52 +05:30 committed by Rishi Gupta
parent 377fac2864
commit 895c7703a6
3 changed files with 57 additions and 22 deletions

View File

@ -12,6 +12,7 @@
<div class="page-content">
<h1>{{ _("Billing") }}</h1>
{% if admin_access %}
Plan<br/>
{{ plan_name }}<br/>
<br/>
@ -29,6 +30,9 @@
Payment method: {{ payment_method }}.<br/>
<br/>
Contact support@zulipchat.com for billing history or to make changes to your subscription.
{% else %}
You must be an organization administrator or a billing administrator to view this page.
{% endif %}
</div>
</div>
{% endblock %}

View File

@ -129,6 +129,37 @@ class StripeTest(ZulipTestCase):
self.assertEqual(response.status_code, 302)
self.assertEqual('/billing/', response.url)
@mock.patch("zilencer.lib.stripe.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
@mock.patch("zilencer.views.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
@mock.patch("stripe.Invoice.upcoming", side_effect=mock_upcoming_invoice)
@mock.patch("stripe.Customer.retrieve", side_effect=mock_retrieve_customer)
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)
@mock.patch("stripe.Subscription.create", side_effect=mock_create_subscription)
def test_billing_page_permissions(self, mock_create_subscription: mock.Mock,
mock_create_customer: mock.Mock,
mock_retrieve_customer: mock.Mock,
mock_upcoming_invoice: mock.Mock) -> None:
# Check that non-admins can access /upgrade via /billing, when there is no Customer object
self.login(self.example_email('hamlet'))
response = self.client_get("/billing/")
self.assertEqual(response.status_code, 302)
self.assertEqual('/upgrade/', response.url)
# Check that non-admins can sign up and pay
self.client_post("/upgrade/", {'stripeToken': self.token,
'seat_count': self.quantity,
'plan': Plan.CLOUD_ANNUAL})
# Check that the non-admin hamlet can still access /billing
response = self.client_get("/billing/")
self.assert_in_success_response(["Contact support@zulipchat.com for billing"], response)
# Check admins can access billing, even though they are not the billing_user
self.login(self.example_email('iago'))
response = self.client_get("/billing/")
self.assert_in_success_response(["Contact support@zulipchat.com for billing"], response)
# Check that non-admin, non-billing_user does not have access
self.login(self.example_email("cordelia"))
response = self.client_get("/billing/")
self.assert_in_success_response(["You must be an organization administrator"], response)
@mock.patch("zilencer.lib.stripe.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
@mock.patch("zilencer.views.STRIPE_PUBLISHABLE_KEY", "stripe_publishable_key")
@mock.patch("stripe.Customer.create", side_effect=mock_create_customer)

View File

@ -199,10 +199,10 @@ def billing_home(request: HttpRequest) -> HttpResponse:
if customer is None:
return HttpResponseRedirect(reverse('zilencer.views.initial_upgrade'))
# TODO
# if not user.is_realm_admin and not user == customer.billing_user:
# context['error_message'] = _("You must be an administrator to view this page.")
# return render(request, 'zilencer/billing.html', context=context)
if not user.is_realm_admin and not user == customer.billing_user:
context = {'admin_access': False} # type: Dict[str, Any]
return render(request, 'zilencer/billing.html', context=context)
context = {'admin_access': True}
stripe_customer = get_stripe_customer(customer.stripe_customer_id)
@ -230,7 +230,7 @@ def billing_home(request: HttpRequest) -> HttpResponse:
if source is not None:
payment_method = "Card ending in %(last4)s" % {'last4': source.last4}
context = {
context.update({
'plan_name': plan_name,
'seat_count': seat_count,
'renewal_date': renewal_date,
@ -238,6 +238,6 @@ def billing_home(request: HttpRequest) -> HttpResponse:
'payment_method': payment_method,
'prorated_charges': '{:,.2f}'.format(prorated_charges),
'prorated_credits': '{:,.2f}'.format(prorated_credits),
} # type: Dict[str, Any]
})
return render(request, 'zilencer/billing.html', context=context)