Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-23 20:00:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Prevent users from changing the url to access a payment method whose limits don't support the current invoice

Browse Source
This commit is contained in:
Joshua Dwire 2016-09-08 22:19:51 -04:00
parent ca71ea5622
commit 286f9e8902
3 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/ClientPortalController.php
View File

@ -173,8 +173,8 @@ class ClientPortalController extends BaseController
foreach ($account->account_gateways as $accountGateway) { foreach ($account->account_gateways as $accountGateway) {
$paymentDriver = $accountGateway->paymentDriver($invitation); $paymentDriver = $accountGateway->paymentDriver($invitation);
$links = array_merge($links, $paymentDriver->tokenLinks($invitation->invoice)); $links = array_merge($links, $paymentDriver->tokenLinks());
$links = array_merge($links, $paymentDriver->paymentLinks($invitation->invoice)); $links = array_merge($links, $paymentDriver->paymentLinks());
} }
return $links; return $links;

19
app/Ninja/PaymentDrivers/BasePaymentDriver.php
View File

@ -121,6 +121,12 @@ class BasePaymentDriver
$gateway = $this->accountGateway->gateway; $gateway = $this->accountGateway->gateway;
if ( ! $this->meetsGatewayTypeLimits($this->gatewayType)) {
// The customer must have hacked the URL
Session::flash('error', trans('texts.limits_not_met'));
return redirect()->to('view/' . $this->invitation->invitation_key);
}
if ($this->isGatewayType(GATEWAY_TYPE_TOKEN) || $gateway->is_offsite) { if ($this->isGatewayType(GATEWAY_TYPE_TOKEN) || $gateway->is_offsite) {
if (Session::has('error')) { if (Session::has('error')) {
Session::reflash(); Session::reflash();
@ -735,7 +741,7 @@ class BasePaymentDriver
return $this->createPayment($ref); return $this->createPayment($ref);
} }
public function tokenLinks($invoice) public function tokenLinks()
{ {
if ( ! $this->customer()) { if ( ! $this->customer()) {
return []; return [];
@ -749,7 +755,7 @@ class BasePaymentDriver
continue; continue;
} }
if ( !$this->invoiceMeetsGatewayTypeLimits($invoice, $paymentMethod->payment_type->gateway_type_id) ) { if ( ! $this->meetsGatewayTypeLimits($paymentMethod->payment_type->gateway_type_id)) {
continue; continue;
} }
@ -776,7 +782,7 @@ class BasePaymentDriver
return $links; return $links;
} }
public function paymentLinks($invoice) public function paymentLinks()
{ {
$links = []; $links = [];
@ -785,7 +791,7 @@ class BasePaymentDriver
continue; continue;
} }
if ( !$this->invoiceMeetsGatewayTypeLimits($invoice, $gatewayTypeId) ) { if ( ! $this->meetsGatewayTypeLimits($gatewayTypeId)) {
continue; continue;
} }
@ -798,7 +804,8 @@ class BasePaymentDriver
return $links; return $links;
} }
protected function invoiceMeetsGatewayTypeLimits( $invoice, $gatewayTypeId ) { protected function meetsGatewayTypeLimits($gatewayTypeId)
{
if ( !$gatewayTypeId ) { if ( !$gatewayTypeId ) {
return true; return true;
} }
@ -807,6 +814,8 @@ class BasePaymentDriver
'=', $gatewayTypeId)->first(); '=', $gatewayTypeId)->first();
if ($accountGatewaySettings) { if ($accountGatewaySettings) {
$invoice = $this->invoice();
if ($accountGatewaySettings->min_limit && $invoice->balance < $accountGatewaySettings->min_limit) { if ($accountGatewaySettings->min_limit && $invoice->balance < $accountGatewaySettings->min_limit) {
return false; return false;
} }

1
resources/lang/en/texts.php
View File

@ -2106,6 +2106,7 @@ $LANG = array(
'enable_max' => 'Enable max', 'enable_max' => 'Enable max',
'min' => 'Min', 'min' => 'Min',
'max' => 'Max', 'max' => 'Max',
'limits_not_met' => 'This invoice does not meet the limits for that payment type.',
); );