Group plan subscription (#8153)

* Added payment to groups and pay with group plan with Stripe * Added edit card for Stripe * Added stripe cancel * Added subscribe with Amazon payments * Added Amazon cancel for group subscription * Added group subscription with paypal * Added paypal cancel * Added ipn cancel for Group plan * Added a subscription tab and hid only the task tab when group is not subscribed * Fixed linting issues * Fixed tests * Added payment unit tests * Added back refresh after stripe payment * Fixed style issues * Limited grouop query fields and checked access * Abstracted subscription schema * Added year group plan and more access checks * Maded purchase fields private * Removed id and timestampes * Added else checks to ensure user subscription is not altered. Removed active field from group model * Added toJSONTransform function * Moved plan active check to other toJson function * Added check to see if purchaed has been populated * Added purchase details to private * Added correct data usage when paying for group sub
2025-12-17 06:37:23 +01:00 · 2016-11-01 21:51:30 +01:00
parent 7f38c61c70
commit d8c37f6e2d
14 changed files with 558 additions and 118 deletions
--- a/website/server/controllers/top-level/payments/stripe.js
+++ b/website/server/controllers/top-level/payments/stripe.js
@@ -3,11 +3,16 @@ import shared from '../../../../common';
 import {
  BadRequest,
  NotAuthorized,
+  NotFound,
 } from '../../../libs/errors';
 import { model as Coupon } from '../../../models/coupon';
 import payments from '../../../libs/payments';
 import nconf from 'nconf';
 import { model as User } from '../../../models/user';
+import {
+  model as Group,
+  basicFields as basicGroupFields,
+} from '../../../models/group';
 import cc from 'coupon-code';
 import {
  authWithHeaders,
@@ -41,6 +46,7 @@ api.checkout = {
    let user = res.locals.user;
    let gift = req.query.gift ? JSON.parse(req.query.gift) : undefined;
    let sub = req.query.sub ? shared.content.subscriptionBlocks[req.query.sub] : false;
+    let groupId = req.query.groupId;
    let coupon;
    let response;

@@ -84,6 +90,7 @@ api.checkout = {
        paymentMethod: 'Stripe',
        sub,
        headers: req.headers,
+        groupId,
      });
    } else {
      let method = 'buyGems';
@@ -124,8 +131,26 @@ api.subscribeEdit = {
  middlewares: [authWithHeaders()],
  async handler (req, res) {
    let token = req.body.id;
+    let groupId = req.body.groupId;
    let user = res.locals.user;
-    let customerId = user.purchased.plan.customerId;
+    let customerId;
+
+    //  If we are buying a group subscription
+    if (groupId) {
+      let groupFields = basicGroupFields.concat(' purchased');
+      let group = await Group.getGroup({user, groupId, populateLeader: false, groupFields});
+
+      if (!group) {
+        throw new NotFound(res.t('groupNotFound'));
+      }
+
+      if (!group.leader === user._id) {
+        throw new NotAuthorized(res.t('onlyGroupLeaderCanManageSubscription'));
+      }
+      customerId = group.purchased.plan.customerId;
+    } else {
+      customerId = user.purchased.plan.customerId;
+    }

    if (!customerId) throw new NotAuthorized(res.t('missingSubscription'));
    if (!token) throw new BadRequest('Missing req.body.id');
@@ -150,13 +175,39 @@ api.subscribeCancel = {
  middlewares: [authWithUrl],
  async handler (req, res) {
    let user = res.locals.user;
-    if (!user.purchased.plan.customerId) throw new NotAuthorized(res.t('missingSubscription'));
+    let groupId = req.query.groupId;
+    let customerId;

-    let customer = await stripe.customers.retrieve(user.purchased.plan.customerId);
-    await stripe.customers.del(user.purchased.plan.customerId);
+    if (groupId) {
+      let groupFields = basicGroupFields.concat(' purchased');
+      let group = await Group.getGroup({user, groupId, populateLeader: false, groupFields});
+
+      if (!group) {
+        throw new NotFound(res.t('groupNotFound'));
+      }
+
+      if (!group.leader === user._id) {
+        throw new NotAuthorized(res.t('onlyGroupLeaderCanManageSubscription'));
+      }
+      customerId = group.purchased.plan.customerId;
+    } else {
+      customerId = user.purchased.plan.customerId;
+    }
+
+    if (!customerId) throw new NotAuthorized(res.t('missingSubscription'));
+
+    let customer = await stripe.customers.retrieve(customerId);
+
+    let subscription = customer.subscription;
+    if (!subscription) {
+      subscription = customer.subscriptions.data[0];
+    }
+
+    await stripe.customers.del(customerId);
    await payments.cancelSubscription({
      user,
-      nextBill: customer.subscription.current_period_end * 1000, // timestamp in seconds
+      groupId,
+      nextBill: subscription.current_period_end * 1000, // timestamp in seconds
      paymentMethod: 'Stripe',
    });