Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user.

author: jessib <jessib@riseup.net> 2013-08-08 11:48:16 -0700
committer: jessib <jessib@riseup.net> 2013-08-08 11:48:16 -0700
commit: d4283be8b1e33d30d2a1c0f638a713c5e81cc916 (patch)
tree: e7b28f284083eb4ac57f14d7c6a83f77621253f9 /billing/app/controllers/billing_base_controller.rb
parent: 6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb
index f6e233b..06820a6 100644
--- a/billing/app/controllers/billing_base_controller.rb
+++ b/billing/app/controllers/billing_base_controller.rb
@@ -7,11 +7,15 @@ class BillingBaseController < ApplicationController
   def assign_user
     if params[:user_id]
       @user = User.find_by_param(params[:user_id])
-    elsif params[:action] == "confirm" # confirms will come back with different ID set, so check for this first 
+    elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first
       # This is only for cases where an admin cannot apply action for customer, but should be all confirms
       @user = current_user
     elsif params[:id]
       @user = User.find_by_param(params[:id])
+    else
+      # TODO
+      # hacky, what are cases where @user hasn't yet been set? certainly some cases with subscriptions and payments
+      @user = current_user
     end
   end
author	jessib <jessib@riseup.net>	2013-08-08 11:48:16 -0700
committer	jessib <jessib@riseup.net>	2013-08-08 11:48:16 -0700
commit	d4283be8b1e33d30d2a1c0f638a713c5e81cc916 (patch)
tree	e7b28f284083eb4ac57f14d7c6a83f77621253f9 /billing/app/controllers/billing_base_controller.rb
parent	6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f (diff)