feat: disable helpcenter on hacker plans (#12068)

This change blocks Help Center access for default/Hacker-plan accounts and closes the downgrade gap that could leave `help_center` enabled after a subscription falls back to the default cloud plan. Fixes: none Closes: none ## Why Default-plan accounts should not be able to access the Help Center, but the downgrade fallback path only reset the plan name and did not reconcile premium feature flags. That meant some accounts could keep `help_center` enabled even after landing back on the Hacker/default plan. ## What this change does - blocks Help Center portal and article access for default/Hacker-plan accounts - reconciles premium feature flags when a subscription falls back to the default cloud plan, so `help_center` is disabled immediately instead of waiting for a later webhook - preserves existing account `custom_attributes` during Stripe customer recreation instead of overwriting them - adds Enterprise coverage for the default-plan access checks on hosted and custom-domain Help Center routes - fixes the public access check to use the resolved portal object so blocked requests return the intended response instead of raising an error ## Validation 1. Create or use an account on the default/Hacker cloud plan with an active portal. 2. Visit the portal home page and a published article on both the Chatwoot-hosted URL and a configured custom domain. 3. Confirm the Help Center is blocked for that account. 4. Downgrade a paid account back to the default/Hacker plan through the Stripe webhook flow. 5. Confirm `help_center` is disabled right after the downgrade fallback is processed and the account can no longer access the Help Center. --------- Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com> Co-authored-by: Sojan Jose <sojan@pepalo.com>
2026-03-27 12:18:46 +05:30
parent 127ac0a6b2
commit 4381be5f3e
13 changed files with 223 additions and 121 deletions
--- a/enterprise/app/services/enterprise/billing/create_stripe_customer_service.rb
+++ b/enterprise/app/services/enterprise/billing/create_stripe_customer_service.rb
@@ -7,21 +7,12 @@ class Enterprise::Billing::CreateStripeCustomerService
    return if existing_subscription?

    customer_id = prepare_customer_id
-    subscription = Stripe::Subscription.create(
-      {
-        customer: customer_id,
-        items: [{ price: price_id, quantity: default_quantity }]
-      }
-    )
-    account.update!(
-      custom_attributes: {
-        stripe_customer_id: customer_id,
-        stripe_price_id: subscription['plan']['id'],
-        stripe_product_id: subscription['plan']['product'],
-        plan_name: default_plan['name'],
-        subscribed_quantity: subscription['quantity']
-      }
-    )
+    subscription = Stripe::Subscription.create(customer: customer_id, items: [{ price: price_id, quantity: default_quantity }])
+    custom_attributes = build_custom_attributes(customer_id, subscription)
+    custom_attributes.except!('is_creating_customer')
+
+    account.update!(custom_attributes: custom_attributes)
+    Enterprise::Billing::ReconcilePlanFeaturesService.new(account: account).perform
  end

  private
@@ -66,4 +57,23 @@ class Enterprise::Billing::CreateStripeCustomerService
    )
    subscriptions.data.present?
  end
+
+  def build_custom_attributes(customer_id, subscription)
+    (account.custom_attributes || {}).merge(
+      'stripe_customer_id' => customer_id,
+      'stripe_price_id' => subscription['plan']['id'],
+      'stripe_product_id' => subscription['plan']['product'],
+      'plan_name' => default_plan['name'],
+      'subscribed_quantity' => subscription['quantity'],
+      'subscription_status' => subscription['status'],
+      'subscription_ends_on' => subscription_ends_on(subscription)
+    )
+  end
+
+  def subscription_ends_on(subscription)
+    period_end = subscription['current_period_end']
+    return if period_end.blank?
+
+    Time.zone.at(period_end)
+  end
 end
--- a/enterprise/app/services/enterprise/billing/handle_stripe_event_service.rb
+++ b/enterprise/app/services/enterprise/billing/handle_stripe_event_service.rb
@@ -2,29 +2,9 @@ class Enterprise::Billing::HandleStripeEventService
  CLOUD_PLANS_CONFIG = 'CHATWOOT_CLOUD_PLANS'.freeze
  CAPTAIN_CLOUD_PLAN_LIMITS = 'CAPTAIN_CLOUD_PLAN_LIMITS'.freeze

-  # Plan hierarchy: Hacker (default) -> Startups -> Business -> Enterprise
-  # Each higher tier includes all features from the lower tiers
-
-  # Basic features available starting with the Startups plan
-  STARTUP_PLAN_FEATURES = %w[
-    inbound_emails
-    help_center
-    campaigns
-    team_management
-    channel_facebook
-    channel_email
-    channel_instagram
-    captain_integration
-    advanced_search_indexing
-    advanced_search
-    linear_integration
-  ].freeze
-
-  # Additional features available starting with the Business plan
-  BUSINESS_PLAN_FEATURES = %w[sla custom_roles csat_review_notes conversation_required_attributes advanced_assignment].freeze
-
-  # Additional features available only in the Enterprise plan
-  ENTERPRISE_PLAN_FEATURES = %w[audit_logs disable_branding saml].freeze
+  STARTUP_PLAN_FEATURES = Enterprise::Billing::ReconcilePlanFeaturesService::STARTUP_PLAN_FEATURES
+  BUSINESS_PLAN_FEATURES = Enterprise::Billing::ReconcilePlanFeaturesService::BUSINESS_PLAN_FEATURES
+  ENTERPRISE_PLAN_FEATURES = Enterprise::Billing::ReconcilePlanFeaturesService::ENTERPRISE_PLAN_FEATURES

  def perform(event:)
    @event = event
@@ -49,7 +29,7 @@ class Enterprise::Billing::HandleStripeEventService

    previous_usage = capture_previous_usage
    update_account_attributes(subscription, plan)
-    update_plan_features
+    Enterprise::Billing::ReconcilePlanFeaturesService.new(account: account).perform

    if billing_period_renewed?
      ActiveRecord::Base.transaction do
@@ -94,34 +74,6 @@ class Enterprise::Billing::HandleStripeEventService
    Enterprise::Billing::CreateStripeCustomerService.new(account: account).perform
  end

-  def update_plan_features
-    if default_plan?
-      disable_all_premium_features
-    else
-      enable_features_for_current_plan
-    end
-
-    # Enable any manually managed features configured in internal_attributes
-    enable_account_manually_managed_features
-
-    account.save!
-  end
-
-  def disable_all_premium_features
-    # Disable all features (for default Hacker plan)
-    account.disable_features(*STARTUP_PLAN_FEATURES)
-    account.disable_features(*BUSINESS_PLAN_FEATURES)
-    account.disable_features(*ENTERPRISE_PLAN_FEATURES)
-  end
-
-  def enable_features_for_current_plan
-    # First disable all premium features to handle downgrades
-    disable_all_premium_features
-
-    # Then enable features based on the current plan
-    enable_plan_specific_features
-  end
-
  def handle_subscription_credits(plan, previous_usage)
    current_limits = account.limits || {}

@@ -153,19 +105,6 @@ class Enterprise::Billing::HandleStripeEventService
    config[plan_name.downcase]&.symbolize_keys
  end

-  def enable_plan_specific_features
-    plan_name = account.custom_attributes['plan_name']
-    return if plan_name.blank?
-
-    case plan_name
-    when 'Startups' then account.enable_features(*STARTUP_PLAN_FEATURES)
-    when 'Business'
-      account.enable_features(*STARTUP_PLAN_FEATURES, *BUSINESS_PLAN_FEATURES)
-    when 'Enterprise'
-      account.enable_features(*STARTUP_PLAN_FEATURES, *BUSINESS_PLAN_FEATURES, *ENTERPRISE_PLAN_FEATURES)
-    end
-  end
-
  def subscription
    @subscription ||= @event.data.object
  end
@@ -197,19 +136,4 @@ class Enterprise::Billing::HandleStripeEventService
    cloud_plans = InstallationConfig.find_by(name: CLOUD_PLANS_CONFIG)&.value || []
    cloud_plans.find { |config| config['product_id'].include?(plan_id) }
  end
-
-  def default_plan?
-    cloud_plans = InstallationConfig.find_by(name: CLOUD_PLANS_CONFIG)&.value || []
-    default_plan = cloud_plans.first || {}
-    account.custom_attributes['plan_name'] == default_plan['name']
-  end
-
-  def enable_account_manually_managed_features
-    # Get manually managed features from internal attributes using the service
-    service = Internal::Accounts::InternalAttributesService.new(account)
-    features = service.manually_managed_features
-
-    # Enable each feature
-    account.enable_features(*features) if features.present?
-  end
 end
--- a/enterprise/app/services/enterprise/billing/reconcile_plan_features_service.rb
+++ b/enterprise/app/services/enterprise/billing/reconcile_plan_features_service.rb
@@ -0,0 +1,61 @@
+class Enterprise::Billing::ReconcilePlanFeaturesService
+  CLOUD_PLANS_CONFIG = 'CHATWOOT_CLOUD_PLANS'.freeze
+
+  # Plan hierarchy: Hacker (default) -> Startups -> Business -> Enterprise
+  # Each higher tier includes all features from the lower tiers
+  STARTUP_PLAN_FEATURES = %w[
+    inbound_emails
+    help_center
+    campaigns
+    team_management
+    channel_facebook
+    channel_email
+    channel_instagram
+    captain_integration
+    advanced_search_indexing
+    advanced_search
+    linear_integration
+  ].freeze
+
+  BUSINESS_PLAN_FEATURES = %w[sla custom_roles csat_review_notes conversation_required_attributes advanced_assignment].freeze
+  ENTERPRISE_PLAN_FEATURES = %w[audit_logs disable_branding saml].freeze
+  PREMIUM_PLAN_FEATURES = (STARTUP_PLAN_FEATURES + BUSINESS_PLAN_FEATURES + ENTERPRISE_PLAN_FEATURES).freeze
+
+  pattr_initialize [:account!]
+
+  def perform
+    account.disable_features(*PREMIUM_PLAN_FEATURES)
+    account.enable_features(*current_plan_features)
+    account.enable_features(*manually_managed_features)
+    account.save!
+  end
+
+  private
+
+  def current_plan_features
+    return [] if default_plan?
+
+    case account.custom_attributes['plan_name']
+    when 'Startups' then STARTUP_PLAN_FEATURES
+    when 'Business' then STARTUP_PLAN_FEATURES + BUSINESS_PLAN_FEATURES
+    when 'Enterprise' then PREMIUM_PLAN_FEATURES
+    else []
+    end
+  end
+
+  def default_plan?
+    default_plan_name = cloud_plans.first&.dig('name')
+    return false if default_plan_name.blank?
+
+    plan_name = account.custom_attributes['plan_name']
+    plan_name.blank? || plan_name == default_plan_name
+  end
+
+  def cloud_plans
+    @cloud_plans ||= InstallationConfig.find_by(name: CLOUD_PLANS_CONFIG)&.value || []
+  end
+
+  def manually_managed_features
+    @manually_managed_features ||= Internal::Accounts::InternalAttributesService.new(account).manually_managed_features
+  end
+end
--- a/enterprise/app/services/internal/accounts/internal_attributes_service.rb
+++ b/enterprise/app/services/internal/accounts/internal_attributes_service.rb
@@ -53,8 +53,8 @@ class Internal::Accounts::InternalAttributesService
  # Get list of valid features that can be manually managed
  def valid_feature_list
    # Business and Enterprise plan features only
-    Enterprise::Billing::HandleStripeEventService::BUSINESS_PLAN_FEATURES +
-      Enterprise::Billing::HandleStripeEventService::ENTERPRISE_PLAN_FEATURES
+    Enterprise::Billing::ReconcilePlanFeaturesService::BUSINESS_PLAN_FEATURES +
+      Enterprise::Billing::ReconcilePlanFeaturesService::ENTERPRISE_PLAN_FEATURES
  end

  # Account notes functionality removed for now