summaryrefslogtreecommitdiff
path: root/app/models/solidus_subscriptions/subscription.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/solidus_subscriptions/subscription.rb')
-rw-r--r--app/models/solidus_subscriptions/subscription.rb11
1 files changed, 11 insertions, 0 deletions
diff --git a/app/models/solidus_subscriptions/subscription.rb b/app/models/solidus_subscriptions/subscription.rb
index df82447..7e98f82 100644
--- a/app/models/solidus_subscriptions/subscription.rb
+++ b/app/models/solidus_subscriptions/subscription.rb
@@ -28,6 +28,8 @@ module SolidusSubscriptions
validates :payment_source, presence: true, if: -> { payment_method&.source_required? }
validates :currency, inclusion: { in: ::Money::Currency.all.map(&:iso_code) }
+ validate :validate_payment_source_ownership
+
accepts_nested_attributes_for :shipping_address
accepts_nested_attributes_for :billing_address
accepts_nested_attributes_for :line_items, allow_destroy: true, reject_if: ->(p) { p[:quantity].blank? }
@@ -273,6 +275,15 @@ module SolidusSubscriptions
private
+ def validate_payment_source_ownership
+ return if payment_source.blank?
+
+ if payment_source.respond_to?(:user_id) &&
+ payment_source.user_id != user_id
+ errors.add(:payment_source, :not_owned_by_user)
+ end
+ end
+
def check_successive_skips_exceeded
return unless SolidusSubscriptions.configuration.maximum_successive_skips
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 16:01:24 +0000