The payment resources should check whether the "place" transition is allowed

Initial proposal at this point, requires tests.

Wondering between throwing a BadRequestHttpException or an UnprocessableEntityHttpException. We seem to be a bit inconsistent here.

I think we should go with UnprocessableEntityHttpException according to the specs as a 400 response code indicates that the request is malformed while UnprocessableEntityHttpException seems to be what should be used in case of validation errors.

Decided to go ahead with this.

Automatically closed - issue fixed for 2 weeks with no activity.