diff --git a/hc/payments/models.py b/hc/payments/models.py index eb953351..3a077d6e 100644 --- a/hc/payments/models.py +++ b/hc/payments/models.py @@ -22,6 +22,19 @@ class SubscriptionManager(models.Manager): sub, created = Subscription.objects.get_or_create(user_id=user.id) return sub + def by_transaction(self, transaction_id): + try: + tx = braintree.Transaction.find(transaction_id) + except braintree.exceptions.NotFoundError: + return None, None + + try: + sub = self.get(customer_id=tx.customer_details.id) + except Subscription.DoesNotExist: + return None, None + + return sub, tx + class Subscription(models.Model): user = models.OneToOneField(User, models.CASCADE, blank=True, null=True) @@ -43,6 +56,8 @@ class Subscription(models.Model): return 48 elif self.plan_id == "Y480": return 480 + elif self.plan_id == "T144": + return 144 return 0 @@ -51,6 +66,8 @@ class Subscription(models.Model): return "month" elif self.plan_id.startswith("Y"): return "year" + elif self.plan_id.startswith("T"): + return "3 years" raise NotImplementedError("Unexpected plan: %s" % self.plan_id) @@ -194,10 +211,3 @@ class Subscription(models.Model): self._tx = list(braintree.Transaction.search(braintree.TransactionSearch.customer_id == self.customer_id)) return self._tx - - def get_transaction(self, transaction_id): - tx = braintree.Transaction.find(transaction_id) - if tx.customer_details.id != self.customer_id: - return None - - return tx diff --git a/hc/payments/views.py b/hc/payments/views.py index c5ed8c26..408463ad 100644 --- a/hc/payments/views.py +++ b/hc/payments/views.py @@ -93,7 +93,7 @@ def log_and_bail(request, result): @require_POST def set_plan(request): plan_id = request.POST["plan_id"] - if plan_id not in ("", "P5", "P50", "Y48", "Y480"): + if plan_id not in ("", "P5", "P50", "Y48", "Y480", "T144"): return HttpResponseBadRequest() sub = Subscription.objects.for_user(request.user) @@ -117,7 +117,7 @@ def set_plan(request): # Update user's profile profile = request.user.profile - if plan_id in ("P5", "Y48"): + if plan_id in ("P5", "Y48", "T144"): profile.ping_log_limit = 1000 profile.check_limit = 500 profile.team_limit = 9 @@ -188,15 +188,20 @@ def billing_history(request): @login_required def pdf_invoice(request, transaction_id): - sub = Subscription.objects.get(user=request.user) - transaction = sub.get_transaction(transaction_id) - if transaction is None: + sub, tx = Subscription.objects.by_transaction(transaction_id) + + # Does this transaction belong to a customer we know about? + if sub is None or tx is None: + return HttpResponseForbidden() + + # Does the transaction's customer match the currently logged in user? + if sub.user != request.user and not request.user.is_superuser: return HttpResponseForbidden() response = HttpResponse(content_type='application/pdf') - filename = "MS-HC-%s.pdf" % transaction.id.upper() + filename = "MS-HC-%s.pdf" % tx.id.upper() response['Content-Disposition'] = 'attachment; filename="%s"' % filename - PdfInvoice(response).render(transaction, sub.flattened_address()) + PdfInvoice(response).render(tx, sub.flattened_address()) return response diff --git a/templates/accounts/billing.html b/templates/accounts/billing.html index 382a7044..5bbaf33d 100644 --- a/templates/accounts/billing.html +++ b/templates/accounts/billing.html @@ -46,14 +46,13 @@ {% if sub is None or sub.plan_id == "" %} Free {% else %} - {% if sub.plan_id == "P5" or sub.plan_id == "Y48" %} + {% if sub.plan_id == "P5" or sub.plan_id == "Y48" or sub.plan_id == "T144" %} Standard - {% endif %} - {% if sub.plan_id == "P50" or sub.plan_id == "Y480" %} + {% elif sub.plan_id == "P50" or sub.plan_id == "Y480" %} Plus {% endif %} - (${{ sub.price }}/{{ sub.period }}) + (${{ sub.price }} per {{ sub.period }}) {% endif %} @@ -241,6 +240,17 @@ Annual, $48/year (20% off monthly) + + +