From 50de35911ddf64a32b23b8416b1e77b91b90555f Mon Sep 17 00:00:00 2001
From: Luis Castro <luiscastroem@gmail.com>
Date: Tue, 6 Aug 2019 14:23:39 +0200
Subject: [PATCH] feat(billings): add strong params

---
 .../billing_subscriptions_controller.rb          |  6 ++++++
 app/models/billing_plan.rb                       | 16 +++++++---------
 app/models/billing_subscription.rb               | 10 ++++------
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/app/controllers/billing_subscriptions_controller.rb b/app/controllers/billing_subscriptions_controller.rb
index 258d3756..af1fbf26 100644
--- a/app/controllers/billing_subscriptions_controller.rb
+++ b/app/controllers/billing_subscriptions_controller.rb
@@ -34,4 +34,10 @@ class BillingSubscriptionsController < ApplicationController
     @billing_plan = @nonprofit.billing_plan
     @billing_subscription = @nonprofit.billing_subscription
   end
+
+  private
+
+  def required_params
+    params.permit(:nonprofit_id, :billing_plan_id, :stripe_subscription_id, :status)
+  end
 end
diff --git a/app/models/billing_plan.rb b/app/models/billing_plan.rb
index ce5eec79..5b671256 100644
--- a/app/models/billing_plan.rb
+++ b/app/models/billing_plan.rb
@@ -2,18 +2,16 @@
 
 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class BillingPlan < ApplicationRecord
+  # :name, #str: readable name
+  # :tier, #int: 0-4 (0: Free, 1: Fundraising, 2: Supporter Management)
+  # :amount, #int (cents)
+  # :stripe_plan_id, #str (matches plan ID in Stripe) Not needed if it's not a paying subscription
+  # :interval, #str ('monthly', 'annual')
+  # :percentage_fee # 0.038
+
   Names = ['Starter', 'Fundraising', 'Supporter Management'].freeze
   DefaultAmounts = [0, 9900, 29_900].freeze # in pennies
 
-  # TODO
-  # attr_accessible \
-  #   :name, #str: readable name
-  #   :tier, #int: 0-4 (0: Free, 1: Fundraising, 2: Supporter Management)
-  #   :amount, #int (cents)
-  #   :stripe_plan_id, #str (matches plan ID in Stripe) Not needed if it's not a paying subscription
-  #   :interval, #str ('monthly', 'annual')
-  #   :percentage_fee # 0.038
-
   has_many :billing_subscriptions
 
   validates :name, presence: true
diff --git a/app/models/billing_subscription.rb b/app/models/billing_subscription.rb
index 66b08ede..b12cc5f9 100644
--- a/app/models/billing_subscription.rb
+++ b/app/models/billing_subscription.rb
@@ -2,12 +2,10 @@
 
 # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
 class BillingSubscription < ApplicationRecord
-  # TODO
-  # attr_accessible \
-  #   :nonprofit_id, :nonprofit,
-  #   :billing_plan_id, :billing_plan,
-  #   :stripe_subscription_id,
-  #   :status # trialing, active, past_due, canceled, or unpaid
+  # :nonprofit_id, :nonprofit,
+  # :billing_plan_id, :billing_plan,
+  # :stripe_subscription_id,
+  # :status # trialing, active, past_due, canceled, or unpaid
 
   attr_accessor :stripe_plan_id, :manual
   belongs_to :nonprofit