Feed error messages through a cors wrapper so that people on other domains can see what's happening.

2014-03-17 16:57:35 -04:00 · 2014-03-17 16:57:35 -04:00 · 3b3d71bfd7
commit 3b3d71bfd7
parent 4673f40dd2
18 changed files with 162 additions and 129 deletions
--- a/endpoints/api/billing.py
+++ b/endpoints/api/billing.py
@ -1,11 +1,9 @@
-import logging
 import stripe

 from flask import request
-from flask.ext.restful import abort

 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, log_action,
-                           related_user_resource, internal_only)
+                           related_user_resource, internal_only, Unauthorized, NotFound)
 from endpoints.api.subscribe import subscribe, subscription_view
 from auth.permissions import AdministerOrganizationPermission
 from auth.auth_context import get_authenticated_user
@ -158,7 +156,7 @@ class OrganizationCard(ApiResource):
      organization = model.get_organization(orgname)
      return get_card(organization)

-    abort(403)
+    raise Unauthorized()

  @nickname('setOrgCard')
  @validate_json_request('OrgCard')
@ -172,7 +170,7 @@ class OrganizationCard(ApiResource):
      log_action('account_change_cc', orgname)
      return response

-    abort(403)
+    raise Unauthorized()


@resource('/v1/user/plan')
@ -266,7 +264,7 @@ class OrganizationPlan(ApiResource):
      organization = model.get_organization(orgname)
      return subscribe(organization, plan, token, True)  # Business plan required

-    abort(403)
+    raise Unauthorized()

  @nickname('getOrgSubscription')
  def get(self, orgname):
@ -286,7 +284,7 @@ class OrganizationPlan(ApiResource):
        'usedPrivateRepos': private_repos,
      }

-    abort(403)
+    raise Unauthorized()


@resource('/v1/user/invoices')
@ -297,7 +295,7 @@ class UserInvoiceList(ApiResource):
    """ List the invoices for the current user. """
    user = get_authenticated_user()
    if not user.stripe_id:
-      abort(404)
+      raise NotFound()
        
    return get_invoices(user.stripe_id)

@ -313,8 +311,8 @@ class OrgnaizationInvoiceList(ApiResource):
    if permission.can():
      organization = model.get_organization(orgname)
      if not organization.stripe_id:
-        abort(404)
+        raise NotFound()
        
      return get_invoices(organization.stripe_id)

-    abort(403)
+    raise Unauthorized()