8cada58820
Audit logging is designed to be simple to use. You call the audit_log method with the object affected and the action taken on it: ```ruby audit_log(vm, "create") ``` If additional objects are affected by the same action, then you can include them in the third argument: ```ruby audit_log(ps, "connect", subnet) ``` This implements an audit logging check similar to the recently added authorization check. All successful non-GET requests to the application are checked for audit logging, and will fail in non-frozen tests if an audit logging method is not called. Currently, only create/destroy actions are logged. Audit logging in other cases is ignored. However, this approach was necessary to check that no cases that should result in audit logging were missed. It also allows for easily flipping the switch to audit log all route actions.
49 lines
1.8 KiB
Ruby
49 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Clover
|
|
hash_branch(:project_prefix, "discount-code") do |r|
|
|
r.web do
|
|
authorize("Project:billing", @project.id)
|
|
billing_path = "#{@project.path}/billing"
|
|
|
|
r.post true do
|
|
discount_code = r.params["discount_code"].to_s.strip.downcase
|
|
Validation.validate_short_text(discount_code, "discount_code")
|
|
|
|
# Check if the discount code exists
|
|
discount = DiscountCode.first(code: discount_code) { expires_at > Time.now.utc }
|
|
unless discount
|
|
flash["error"] = "Discount code not found."
|
|
Clog.emit("Invalid discount code attempted") { {invalid_discount_code: {project_id: @project.id, code: discount_code}} }
|
|
r.redirect billing_path
|
|
end
|
|
|
|
begin
|
|
DB.transaction do
|
|
hash = ProjectDiscountCode.dataset.returning.insert(
|
|
id: ProjectDiscountCode.generate_uuid,
|
|
project_id: @project.id,
|
|
discount_code_id: discount.id
|
|
).first
|
|
@project.this.update(credit: Sequel[:credit] + discount.credit_amount.to_f)
|
|
audit_log(ProjectDiscountCode.call(hash), "create")
|
|
end
|
|
rescue Sequel::UniqueConstraintViolation
|
|
flash["error"] = "Discount code has already been applied to this project."
|
|
else
|
|
unless @project.billing_info
|
|
stripe_customer = Stripe::Customer.create(name: current_account.name, email: current_account.email)
|
|
DB.transaction do
|
|
billing_info = BillingInfo.create_with_id(stripe_id: stripe_customer["id"])
|
|
@project.update(billing_info_id: billing_info.id)
|
|
end
|
|
end
|
|
flash["notice"] = "Discount code successfully applied."
|
|
end
|
|
|
|
r.redirect billing_path
|
|
end
|
|
end
|
|
end
|
|
end
|