From 2a97fc5456e5c72ed8fa3973e0ced520dad6b924 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 30 Oct 2016 11:04:08 +0200
Subject: [PATCH] Prevent deleted invoice from being paid

---
 app/Http/Controllers/OnlinePaymentController.php | 6 +++++-
 app/Models/Invoice.php                           | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/OnlinePaymentController.php b/app/Http/Controllers/OnlinePaymentController.php
index 07013f2fe7b5..c49a4d666997 100644
--- a/app/Http/Controllers/OnlinePaymentController.php
+++ b/app/Http/Controllers/OnlinePaymentController.php
@@ -70,7 +70,7 @@ class OnlinePaymentController extends BaseController
             ]);
         }
 
-        if ( ! floatval($invitation->invoice->balance)) {
+        if ( ! $invitation->invoice->canBePaid()) {
             return redirect()->to('view/' . $invitation->invitation_key);
         }
 
@@ -103,6 +103,10 @@ class OnlinePaymentController extends BaseController
         $gatewayTypeId = Session::get($invitation->id . 'gateway_type');
         $paymentDriver = $invitation->account->paymentDriver($invitation, $gatewayTypeId);
 
+        if ( ! $invitation->invoice->canBePaid()) {
+            return redirect()->to('view/' . $invitation->invitation_key);
+        }
+
         try {
             $paymentDriver->completeOnsitePurchase($request->all());
 
diff --git a/app/Models/Invoice.php b/app/Models/Invoice.php
index 14b3d68a90c6..ad20fc1830e2 100644
--- a/app/Models/Invoice.php
+++ b/app/Models/Invoice.php
@@ -514,6 +514,11 @@ class Invoice extends EntityModel implements BalanceAffecting
         return storage_path() . '/pdfcache/cache-' . $this->id . '.pdf';
     }
 
+    public function canBePaid()
+    {
+        return floatval($this->balance) > 0 && ! $this->is_deleted;
+    }
+
     /**
      * @param $invoice
      * @return string