subscriptions_controller.rb 3.96 KB
Newer Older
1 2 3 4
# frozen_string_literal: true

class SubscriptionsController < ApplicationController
  layout 'checkout'
5
  skip_before_action :authenticate_user!, only: [:new, :buy_minutes]
6

7 8
  before_action :load_eligible_groups, only: %i[new buy_minutes]

9 10
  feature_category :purchase

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
  content_security_policy do |p|
    next if p.directives.blank?

    default_script_src = p.directives['script-src'] || p.directives['default-src']
    script_src_values = Array.wrap(default_script_src) | ["'self'", "'unsafe-eval'", 'https://*.zuora.com']

    default_frame_src = p.directives['frame-src'] || p.directives['default-src']
    frame_src_values = Array.wrap(default_frame_src) | ["'self'", 'https://*.zuora.com']

    default_child_src = p.directives['child-src'] || p.directives['default-src']
    child_src_values = Array.wrap(default_child_src) | ["'self'", 'https://*.zuora.com']

    p.script_src(*script_src_values)
    p.frame_src(*frame_src_values)
    p.child_src(*child_src_values)
  end

28
  def new
29 30
    redirect_unauthenticated_user('checkout')
  end
31

32 33 34
  def buy_minutes
    render_404 unless Feature.enabled?(:new_route_ci_minutes_purchase, default_enabled: :yaml)
    redirect_unauthenticated_user
35
  end
36 37 38 39 40 41 42 43 44 45 46

  def payment_form
    response = client.payment_form_params(params[:id])
    render json: response[:data]
  end

  def payment_method
    response = client.payment_method(params[:id])
    render json: response[:data]
  end

47 48
  def create
    current_user.update(setup_for_company: true) if params[:setup_for_company]
49
    group = params[:selected_group] ? find_group : create_group
50

51 52
    return not_found if group.nil?
    return render json: group.errors.to_json unless group.persisted?
53 54 55 56 57 58 59 60

    response = Subscriptions::CreateService.new(
      current_user,
      group: group,
      customer_params: customer_params,
      subscription_params: subscription_params
    ).execute

61
    if response[:success]
62
      plan_id, quantity = subscription_params.values_at(:plan_id, :quantity)
63
      redirect_location = if params[:selected_group]
64
                            group_path(group, plan_id: plan_id, purchased_quantity: quantity)
65 66 67 68
                          else
                            edit_subscriptions_group_path(group.path, plan_id: plan_id, quantity: quantity, new_user: params[:new_user])
                          end

69
      response[:data] = { location: redirect_location }
70 71
    end

72 73 74
    render json: response[:data]
  end

75 76
  private

77 78 79 80 81 82 83 84
  def customer_params
    params.require(:customer).permit(:country, :address_1, :address_2, :city, :state, :zip_code, :company)
  end

  def subscription_params
    params.require(:subscription).permit(:plan_id, :payment_method_id, :quantity)
  end

85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
  def find_group
    selected_group = current_user.manageable_groups.top_most.find(params[:selected_group])

    result = GitlabSubscriptions::FilterPurchaseEligibleNamespacesService
      .new(user: current_user, namespaces: Array(selected_group))
      .execute

    result.success? ? result.payload.first : nil
  end

  def create_group
    name = Namespace.clean_name(params[:setup_for_company] ? customer_params[:company] : current_user.name)
    path = Namespace.clean_path(name)

    Groups::CreateService.new(current_user, name: name, path: path).execute
  end

102 103 104
  def client
    Gitlab::SubscriptionPortal::Client
  end
105 106 107 108

  def customer_portal_new_subscription_url
    "#{EE::SUBSCRIPTIONS_URL}/subscriptions/new?plan_id=#{params[:plan_id]}&transaction=create_subscription"
  end
109 110 111 112 113 114 115

  def redirect_unauthenticated_user(from = action_name)
    return if current_user

    store_location_for :user, request.fullpath
    redirect_to new_user_registration_path(redirect_from: from)
  end
116 117 118 119 120 121 122 123 124 125 126 127

  def load_eligible_groups
    return unless current_user

    candidate_groups = current_user.manageable_groups.top_most.with_counts(archived: false)

    result = GitlabSubscriptions::FilterPurchaseEligibleNamespacesService
      .new(user: current_user, namespaces: candidate_groups)
      .execute

    @eligible_groups = result.success? ? result.payload : []
  end
128
end