From 53f1a0a44f69b971c1d586122a18df09084b058b Mon Sep 17 00:00:00 2001
From: benji <benj_cous@hotmail.com>
Date: Tue, 2 Feb 2016 18:34:19 +0100
Subject: [PATCH] Put confirmation and maximum limit on transaction amount

---
 app/assets/javascripts/transactions.js | 11 +++++++++++
 app/controllers/users_controller.rb    |  2 +-
 app/models/user_ability.rb             |  4 +++-
 app/views/transactions/_new.html.haml  |  2 +-
 config/application.rb                  |  1 +
 5 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/app/assets/javascripts/transactions.js b/app/assets/javascripts/transactions.js
index 9e62a7c..dc81726 100644
--- a/app/assets/javascripts/transactions.js
+++ b/app/assets/javascripts/transactions.js
@@ -70,6 +70,17 @@ ready = function() {
   });
   filters_body.hide();
 
+  $(form).submit(function(e) {
+    euros = parseInt($(form).find('input[name="transaction[euros]"]').val());
+    console.log(euros);
+    if (euros < 6) {
+      return true;
+    } else {
+      e.preventDefault();
+      return confirm("Are you sure? " + euros + " monies is a lot of money ...");
+    }
+  });
+
   $(form).on("ajax:before", function(xhr, settings) {
     $(flash_success).addClass("hidden");
     $(submit_button).val("Processing");
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 652bf22..dcab0df 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -7,7 +7,7 @@ class UsersController < ApplicationController
   load_and_authorize_resource except: :show
 
   def show
-    @user = User.find_or_create_by(name: params[:id])
+    @user = User.find_by(name: params[:id])
     respond_to do |format|
       format.html { @transaction = Transaction.new }
       format.json { render json: @user }
diff --git a/app/models/user_ability.rb b/app/models/user_ability.rb
index 47af0c8..196d854 100644
--- a/app/models/user_ability.rb
+++ b/app/models/user_ability.rb
@@ -6,6 +6,8 @@ class UserAbility
 
     can :manage, :all if user.penning?
     can :read, user, id: user.id
-    can :create, Transaction, debtor: user
+    can :create, Transaction do |t|
+      t.debtor == user && t.amount <= Rails.application.config.maximum_amount
+    end
   end
 end
diff --git a/app/views/transactions/_new.html.haml b/app/views/transactions/_new.html.haml
index 8738b17..b304df0 100644
--- a/app/views/transactions/_new.html.haml
+++ b/app/views/transactions/_new.html.haml
@@ -14,5 +14,5 @@
       %span.glyphicon.glyphicon-euro
     = f.number_field :euros, value: amount(@transaction.amount),
         placeholder: "Bedrag", step: 0.01, min: (0.01 unless current_user.penning),
-        class: "form-control", size: 20, max: 100, required: true
+        class: "form-control", size: 20, max: Rails.application.config.maximum_amount/100, required: true
   = f.submit "Send it!", class: "pure-button pure-button-primary btn"
diff --git a/config/application.rb b/config/application.rb
index 90e0743..59faa91 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -25,5 +25,6 @@ module Tab
 
     # Which is the lowest balance you should be ashamed of.
     config.shameful_balance = 5000 # In eurocents!
+    config.maximum_amount = 3000
   end
 end