diff --git a/app/controllers/custom_wizard/admin/api.rb b/app/controllers/custom_wizard/admin/api.rb index a913e9ca..e4ac31e9 100644 --- a/app/controllers/custom_wizard/admin/api.rb +++ b/app/controllers/custom_wizard/admin/api.rb @@ -20,6 +20,10 @@ class CustomWizard::AdminApiController < CustomWizard::AdminController raise Discourse::InvalidParameters, "An API with that name already exists: '#{current.title || current.name}'" end + unless subscription.includes?(:api, :all) + raise Discourse::InvalidParameters, "Your subscription doesn't include API features." + end + PluginStoreRow.transaction do CustomWizard::Api.set(api_params[:name], title: api_params[:title]) @@ -130,4 +134,8 @@ class CustomWizard::AdminApiController < CustomWizard::AdminController @auth_data ||= auth_data end + + def subscription + @subscription ||= CustomWizard::Subscription.new + end end diff --git a/lib/custom_wizard/subscription.rb b/lib/custom_wizard/subscription.rb index b2abb761..700e6087 100644 --- a/lib/custom_wizard/subscription.rb +++ b/lib/custom_wizard/subscription.rb @@ -87,6 +87,14 @@ class CustomWizard::Subscription business: ['*'], community: ['*'] } + }, + api: { + all: { + none: [], + standard: [], + business: ['*'], + community: ['*'] + } } } end @@ -95,7 +103,7 @@ class CustomWizard::Subscription @subscription = find_subscription end - def includes?(feature, attribute, value) + def includes?(feature, attribute, value = nil) attributes = self.class.attributes[feature] ## Attribute is not part of a subscription diff --git a/spec/fixtures/api/api.json b/spec/fixtures/api/api.json new file mode 100644 index 00000000..5c4e3bc8 --- /dev/null +++ b/spec/fixtures/api/api.json @@ -0,0 +1,7 @@ +{ + "name": "my_api", + "title": "My API", + "auth_type": "none", + "endpoints": "[{\"name\":\"my_endpoint\",\"url\":\"https://endpoint.com\",\"method\":\"POST\",\"content_type\":\"application/json\",\"success_codes\":[200]}]", + "new": "true" +} diff --git a/spec/requests/custom_wizard/admin/api_controller_spec.rb b/spec/requests/custom_wizard/admin/api_controller_spec.rb new file mode 100644 index 00000000..f95681f8 --- /dev/null +++ b/spec/requests/custom_wizard/admin/api_controller_spec.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +describe CustomWizard::AdminApiController do + fab!(:admin_user) { Fabricate(:user, admin: true) } + let(:api_json) { get_wizard_fixture("api/api") } + + before do + sign_in(admin_user) + end + + it "does not save if user does not have relevant subscription" do + put "/admin/wizards/api/:name.json", params: api_json.to_h + expect(response.status).to eq(400) + end + + it "saves when user does have relevant subscription" do + enable_subscription("business") + put "/admin/wizards/api/:name.json", params: api_json.to_h + expect(response.status).to eq(200) + end +end