Groups can prevent members from getting gems (#8870)

* add possibility for group to block members from getting gems * fixes * fix tests * adds some tests * unit tests * finish unit tests * remove old code
2025-12-17 22:57:21 +01:00 · 2017-07-16 18:23:57 +02:00
parent fe9521a63f
commit 78ba596504
20 changed files with 339 additions and 16 deletions
--- a/website/server/libs/amazonPayments.js
+++ b/website/server/libs/amazonPayments.js
@@ -97,6 +97,8 @@ api.checkout = async function checkout (options = {}) {
  let amount = 5;

  if (gift) {
+    gift.member = await User.findById(gift.uuid).exec();
+
    if (gift.type === this.constants.GIFT_TYPE_GEMS) {
      if (gift.gems.amount <= 0) {
        throw new BadRequest(i18n.t('badAmountOfGemsToPurchase'));
@@ -107,6 +109,12 @@ api.checkout = async function checkout (options = {}) {
    }
  }

+  if (!gift || gift.type === this.constants.GIFT_TYPE_GEMS) {
+    const receiver = gift ? gift.member : user;
+    const receiverCanGetGems = await receiver.canGetGems();
+    if (!receiverCanGetGems) throw new NotAuthorized(i18n.t('groupPolicyCannotGetGems', receiver.preferences.language));
+  }
+
  await this.setOrderReferenceDetails({
    AmazonOrderReferenceId: orderReferenceId,
    OrderReferenceAttributes: {
--- a/website/server/libs/applePayments.js
+++ b/website/server/libs/applePayments.js
@@ -21,6 +21,9 @@ api.constants = {
 };

 api.verifyGemPurchase = async function verifyGemPurchase (user, receipt, headers) {
+  const userCanGetGems = await user.canGetGems();
+  if (!userCanGetGems) throw new NotAuthorized(shared.i18n.t('groupPolicyCannotGetGems', user.preferences.language));
+
  await iap.setup();
  let appleRes = await iap.validate(iap.APPLE, receipt);
  let isValidated = iap.isValidated(appleRes);
--- a/website/server/libs/googlePayments.js
+++ b/website/server/libs/googlePayments.js
@@ -20,6 +20,9 @@ api.constants = {
 };

 api.verifyGemPurchase = async function verifyGemPurchase (user, receipt, signature, headers) {
+  const userCanGetGems = await user.canGetGems();
+  if (!userCanGetGems) throw new NotAuthorized(shared.i18n.t('groupPolicyCannotGetGems', user.preferences.language));
+
  await iap.setup();

  let testObj = {
--- a/website/server/libs/paypalPayments.js
+++ b/website/server/libs/paypalPayments.js
@@ -70,11 +70,15 @@ api.paypalBillingAgreementCancel = Bluebird.promisify(paypal.billingAgreement.ca
 api.ipnVerifyAsync = Bluebird.promisify(ipn.verify, {context: ipn});

 api.checkout = async function checkout (options = {}) {
-  let {gift} = options;
+  let {gift, user} = options;

  let amount = 5.00;
  let description = 'Habitica Gems';
+
  if (gift) {
+    const member = await User.findById(gift.uuid).exec();
+    gift.member = member;
+
    if (gift.type === 'gems') {
      if (gift.gems.amount <= 0) {
        throw new BadRequest(i18n.t('badAmountOfGemsToPurchase'));
@@ -87,6 +91,14 @@ api.checkout = async function checkout (options = {}) {
    }
  }

+
+  if (!gift || gift.type === 'gems') {
+    const receiver = gift ? gift.member : user;
+    const receiverCanGetGems = await receiver.canGetGems();
+    if (!receiverCanGetGems) throw new NotAuthorized(shared.i18n.t('groupPolicyCannotGetGems', receiver.preferences.language));
+  }
+
+
  let createPayment = {
    intent: 'sale',
    payer: { payment_method: this.constants.PAYMENT_METHOD },
--- a/website/server/libs/stripePayments.js
+++ b/website/server/libs/stripePayments.js
@@ -76,6 +76,11 @@ api.checkout = async function checkout (options, stripeInc) {

  if (!token) throw new BadRequest('Missing req.body.id');

+  if (gift) {
+    const member = await User.findById(gift.uuid).exec();
+    gift.member = member;
+  }
+
  if (sub) {
    if (sub.discount) {
      if (!coupon) throw new BadRequest(shared.i18n.t('couponCodeRequired'));
@@ -114,6 +119,12 @@ api.checkout = async function checkout (options, stripeInc) {
      }
    }

+    if (!gift || gift.type === 'gems') {
+      const receiver = gift ? gift.member : user;
+      const receiverCanGetGems = await receiver.canGetGems();
+      if (!receiverCanGetGems) throw new NotAuthorized(shared.i18n.t('groupPolicyCannotGetGems', receiver.preferences.language));
+    }
+
    response = await stripeApi.charges.create({
      amount,
      currency: 'usd',
@@ -141,8 +152,6 @@ api.checkout = async function checkout (options, stripeInc) {
    };

    if (gift) {
-      let member = await User.findById(gift.uuid).exec();
-      gift.member = member;
      if (gift.type === 'subscription') method = 'createSubscription';
      data.paymentMethod = 'Gift';
    }