Add 'creator' role (#579)

* Only let admins allow stripe and subscribables * Redirect user to stripe checkout to purchase subscription * Add 'creator' role * Cleaner code for createAdminSidebar function
GoteoFoundation · Dec 11, 2023 · db44068 · db44068
1 parent 5084a28
commit db44068
Show file tree

Hide file tree

Showing 10 changed files with 105 additions and 41 deletions.
diff --git a/Resources/roles.yml b/Resources/roles.yml
@@ -12,6 +12,12 @@ user: # This user is assigned automatically to all users regardless the user_rol
         - remove-project # remove own project, this permission is implicit
     level: 0 # Order of the role, roles with supperior level can do some actions over this
 
+creator:
+    extends: user # inhertis permissions from role "user"
+    perms:
+        - highlight-project # can feature own projects in their creator profile
+    level: 10
+
 vip:
     extends: user # inherits permissions from role "user"
     perms:

diff --git a/Resources/templates/responsive/dashboard/subscriptions/subscription.php b/Resources/templates/responsive/dashboard/subscriptions/subscription.php
@@ -15,7 +15,6 @@
                 <td><?= $subscription['id'] ?></td>
             </tr>
             <tr>
-                <td>Creada</td>
                 <td><?= $this->t('subscription-data-start-date') ?></td>
                 <td><?= \date_formater(date('Y-m-d', $subscription['start_date'])) ?></td>
             </tr>

diff --git a/src/Goteo/Controller/AdminController.php b/src/Goteo/Controller/AdminController.php
@@ -16,6 +16,7 @@
 use Goteo\Application\Message;
 use Goteo\Application\Session;
 use Goteo\Application\View;
+use Goteo\Controller\Admin\AdminControllerInterface;
 use Goteo\Core\Controller;
 use Goteo\Library\Feed;
 use Goteo\Library\Text;
@@ -135,39 +136,54 @@ public function routingAction(Request $request, $id, $uri = '') {
         throw new NotFoundHttpException("Admin module [$id] not found");
     }
 
-    public static function createAdminSidebar (User $user, $uri = '') {
-
+    public static function createAdminSidebar(User $user, $uri = '')
+    {
         $prefix = '/admin';
 
         foreach (static::$subcontrollers as $id => $class) {
-            if(in_array('Goteo\Controller\Admin\AdminControllerInterface', class_implements($class))) {
+            if(in_array(AdminControllerInterface::class, class_implements($class))) {
                 if(!$class::isAllowed($user)) continue;
 
                 $label = $class::getLabel('html');
-                $cls = strpos($label, '<i') === false ? 'nopadding' : '';
+
                 if($sidebar = $class::getSidebar()) {
+
                     $paths = [];
                     // Submodules returning a custom menu will have its own group
                     foreach($sidebar as $link => $route) {
                         // TODO: Apply isAllowed($user, uri)
                         if(!is_array($route)) {
                             $route = ['text' => $route, 'link' => $link];
                         }
-                        $c = $route['class'] ? $route['class'] : (strpos($route['text'], '<i') === false ? 'nopadding' : '');
 
-                        if(!$route['id']) $route['id'] = $route['link'];
+                        if(!\array_key_exists('id', $route)) {
+                            $route['id'] = $route['link'];
+                        }
 
-                        $paths[] = ['text' => $route['text'], 'link' => $prefix . $route['link'], 'id' => $route['id'], 'class' => $c];
+                        $paths[] = [
+                            'id' => $route['id'],
+                            'text' => $route['text'],
+                            'link' => $prefix . $route['link'],
+                            'class' => $route['class'] 
+                                ? $route['class'] 
+                                : (strpos($route['text'], '<i') === false ? 'nopadding' : '')
+                        ];
                     }
 
                     $modules[$id] = $paths;
                 } else {
                     $group = $class::getGroup();
-                    $init_route = ['text' => $label, 'link' => "$prefix/$id", 'id' => "/$id", 'class' => $cls];
-                    $modules[$group ? $group : 'main'][] = $init_route;
+                    $modules[$group ? $group : 'main'][] = [
+                        'id' => "/$id",
+                        'text' => $label,
+                        'link' => "$prefix/$id",
+                        'class' => strpos($label, '<i') === false ? 'nopadding' : ''
+                    ];
                 }
             }
+
             // Old sub-controllers
+            // For some reason, they fail to allow superusers when they have additional roles
             elseif ($class::isAllowed($user, Config::get('node'))) {
                 $group = 'others';
                 foreach(self::$legacy_groups as $g => $ms) {
@@ -178,9 +194,17 @@ public static function createAdminSidebar (User $user, $uri = '') {
                         }
                     }
                 }
-                $modules[$group][] = ['text' => $class::getLabel(), 'link' => "$prefix/$id", 'id' => "/$id", 'class' => 'nopadding'];
+
+                $modules[$group][] = [
+                    'text' => $class::getLabel(),
+                    'link' => "$prefix/$id",
+                    'id' => "/$id",
+                    'class' => 'nopadding'
+                ];
+
             }
         }
+
         // group the modules that don't define a custom menu
         $index = 1;
         $zone = '';

diff --git a/src/Goteo/Library/Forms/Model/ProjectCampaignForm.php b/src/Goteo/Library/Forms/Model/ProjectCampaignForm.php
@@ -16,7 +16,6 @@
 use Goteo\Library\Forms\FormProcessorInterface;
 use Goteo\Library\Forms\AbstractFormProcessor;
 use Goteo\Library\Forms\FormModelException;
-use Goteo\Model\Project;
 use Goteo\Model\Project\Conf;
 use Goteo\Util\Form\Type\BooleanType;
 use Goteo\Util\Form\Type\ChoiceType;
@@ -63,6 +62,13 @@ public function createForm(): ProjectCampaignForm
                     ],
                     'color' => 'cyan',
                     'required' => false
+                ])
+                ->add('allowStripe', BooleanType::class, [
+                    'label' => Text::get('project-campaign-use-stripe'),
+                    'data' => $account->allow_stripe,
+                    'disabled' => $this->getReadonly(),
+                    'required' => false,
+                    'color' => 'cyan'
                 ]);
         }
 
@@ -96,13 +102,6 @@ public function createForm(): ProjectCampaignForm
                 'required' => false,
                 'color' => 'cyan',
             ])
-            ->add('allowStripe', BooleanType::class, [
-                'label' => Text::get('project-campaign-use-stripe'),
-                'data' => $account->allow_stripe,
-                'disabled' => $this->getReadonly(),
-                'required' => false,
-                'color' => 'cyan'
-            ])
             ->add('spread', TextareaType::class, [
                 'label' => 'overview-field-spread',
                 'disabled' => $this->getReadonly(),
@@ -112,9 +111,7 @@ public function createForm(): ProjectCampaignForm
                     'info' => '<i class="fa fa-eye-slash"></i> '. Text::get('project-non-public-field'),
                     'rows' => 8
                 ]
-            ])
-            ;
-
+            ]);
 
         return $this;
     }

diff --git a/src/Goteo/Library/Forms/Model/ProjectRewardsForm.php b/src/Goteo/Library/Forms/Model/ProjectRewardsForm.php
@@ -23,6 +23,7 @@
 use Symfony\Component\Validator\Constraints;
 use Goteo\Library\Text;
 use Goteo\Application\Currency;
+use Goteo\Application\Session;
 use Goteo\Model\Project\Reward;
 use Goteo\Library\Forms\FormModelException;
 use Goteo\Model\Project;
@@ -129,13 +130,6 @@ public function addReward(Reward $reward) {
                 'required' => false,
                 'color' => 'cyan'
             ])
-            ->add("subscribable$suffix", BooleanType::class, [
-                'label' => false,
-                'data' => $reward->subscribable,
-                'disabled' => $subs_readonly,
-                'required' => false,
-                'color' => 'cyan'
-            ])
             ->add("reward$suffix", TextType::class, [
                 'label' => 'regular-title',
                 'data' => $reward->reward,
@@ -157,6 +151,7 @@ public function addReward(Reward $reward) {
                 ]
 
             ]);
+
         if(!$remove_readonly) {
             $this->getBuilder()
                 ->add("remove$suffix", SubmitType::class, [
@@ -169,6 +164,16 @@ public function addReward(Reward $reward) {
                         ]
                 ]);
         }
+
+        if (Session::isAdmin()) {
+            $this->getBuilder()->add("subscribable$suffix", BooleanType::class, [
+                'label' => false,
+                'data' => $reward->subscribable,
+                'disabled' => $subs_readonly,
+                'required' => false,
+                'color' => 'cyan'
+            ]);
+        }
     }
 
     public function createForm() {

diff --git a/src/Omnipay/Stripe/Subscription/Message/SubscriptionRequest.php b/src/Omnipay/Stripe/Subscription/Message/SubscriptionRequest.php
@@ -27,6 +27,9 @@ public function getData()
         return $this->data;
     }
 
+    /**
+     * @param array{user: User, invest: Invest} $data
+     */
     public function sendData($data)
     {
         $price = $this->stripe->prices->create([
@@ -36,17 +39,30 @@ public function sendData($data)
             'product' => $this->getStripeProduct($data['invest'])->id
         ]);
 
-        $subscription = $this->stripe->subscriptions->create([
+        $session = $this->stripe->checkout->sessions->create([
             'customer' => $this->getStripeCustomer($data['user'])->id,
-            'items' => [
-                ['price' => $price->id]
-            ],
-            'payment_behavior' => 'default_incomplete',
-            'payment_settings' => ['save_default_payment_method' => 'on_subscription'],
-            'expand' => ['latest_invoice.payment_intent']
+            'success_url' => $this->getRedirectUrl('/dashboard/subscriptions'),
+            'cancel_url' => $this->getRedirectUrl('/project/', $data['invest']->getProject()->id),
+            'mode' => 'subscription',
+            'line_items' => [
+                [
+                    'price' => $price->id,
+                    'quantity' => 1
+                ]
+            ]
         ]);
 
-        return new SubscriptionResponse($this, $subscription);
+        return new SubscriptionResponse($this, $session);
+    }
+
+    private function getRedirectUrl(...$args): string
+    {
+        return sprintf(
+            '%s://%s%s',
+            isset($_SERVER['HTTPS']) ? 'https' : 'http',
+            $_SERVER['HTTP_HOST'],
+            implode('', $args)
+        );
     }
 
     private function getStripeCustomer(User $user): Customer

diff --git a/src/Omnipay/Stripe/Subscription/Message/SubscriptionResponse.php b/src/Omnipay/Stripe/Subscription/Message/SubscriptionResponse.php
@@ -3,12 +3,22 @@
 namespace Omnipay\Stripe\Subscription\Message;
 
 use Omnipay\Common\Message\AbstractResponse;
-use Stripe\Subscription;
+use Omnipay\Common\Message\RedirectResponseInterface;
 
-class SubscriptionResponse extends AbstractResponse
+class SubscriptionResponse extends AbstractResponse implements RedirectResponseInterface
 {
     public function isSuccessful()
     {
-        return $this->data instanceof Subscription;
+        return false;
+    }
+
+    public function isRedirect()
+    {
+        return true;
+    }
+
+    public function getRedirectUrl()
+    {
+        return $this->data->url;
     }
 }
diff --git a/translations/ca/roles.yml b/translations/ca/roles.yml
@@ -1,5 +1,6 @@
 ---
 role-name-user: 'Usuari sense privilegis'
+role-name-creator: 'Creador de continguts'
 role-name-vip: 'Usuari VIP (padrí)'
 role-name-translator: 'Traductor de continguts'
 role-name-checker: 'Revisor de projectes'
@@ -54,3 +55,4 @@ role-perm-name-create-matcher: 'Pot crear matchers'
 role-perm-name-edit-matcher: 'Pot editar matchers'
 role-perm-name-remove-matcher: 'Pot esborrar els seus matchers'
 role-perm-name-edit-any-matcher: 'Pot editar qualsevol matcher'
+role-perm-name-highlight-project: 'Pot incloure projectes propis al seu perfil de creador'
diff --git a/translations/en/roles.yml b/translations/en/roles.yml
@@ -1,5 +1,6 @@
 ---
 role-name-user: 'Non privileged user'
+role-name-creator: 'Content creator'
 role-name-vip: 'VIP user (godfather)'
 role-name-translator: 'Content translator'
 role-name-checker: 'Project reviewer'
@@ -55,6 +56,7 @@ role-perm-name-admin-module-workshops: 'Can access the workshop module'
 role-perm-name-admin-module-promote: 'Can access the module to promote projects to the home page'
 role-perm-name-admin-module-channels: "Can access the channel's administration modules"
 role-perm-name-receive-test-communications: 'Can receive test communications'
+role-perm-name-highlight-project: 'Can feature own projects in their creator profile'
 role-perm-name-create-matcher: 'Create own matcher'
 role-perm-name-edit-matcher: 'Edit own matcher'
 role-perm-name-remove-matcher: 'Remove own matcher'

diff --git a/translations/es/roles.yml b/translations/es/roles.yml
@@ -1,5 +1,6 @@
 ---
 role-name-user: 'Usuario sin privilegios'
+role-name-creator: 'Creador de contenidos'
 role-name-vip: 'Usuario VIP (padrino)'
 role-name-translator: 'Traductor de contenidos'
 role-name-checker: 'Revisor de proyectos'
@@ -64,4 +65,6 @@ role-perm-name-create-matcher: 'Puede crear matchers'
 role-perm-name-edit-matcher: 'Puede editar matchers'
 role-perm-name-remove-matcher: 'Puede borrar sus matchers'
 role-perm-name-edit-any-matcher: 'Puede editar cualquier matcher'
-role-perm-name-remove-any-matcher: 'Puede borrar cualquier matcher'
+role-perm-name-remove-any-matcher: 'Puede borrar cualquier matcher'
+
+role-perm-name-highlight-project: 'Puede destacar proyectos propios en su perfil de creador'