diff options
author | jessib <jessib@riseup.net> | 2013-08-08 11:48:16 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-08-08 11:48:16 -0700 |
commit | d4283be8b1e33d30d2a1c0f638a713c5e81cc916 (patch) | |
tree | e7b28f284083eb4ac57f14d7c6a83f77621253f9 /billing/app/controllers/billing_base_controller.rb | |
parent | 6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f (diff) |
Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user.
Diffstat (limited to 'billing/app/controllers/billing_base_controller.rb')
-rw-r--r-- | billing/app/controllers/billing_base_controller.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb index f6e233b..06820a6 100644 --- a/billing/app/controllers/billing_base_controller.rb +++ b/billing/app/controllers/billing_base_controller.rb @@ -7,11 +7,15 @@ class BillingBaseController < ApplicationController def assign_user if params[:user_id] @user = User.find_by_param(params[:user_id]) - elsif params[:action] == "confirm" # confirms will come back with different ID set, so check for this first + elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first # This is only for cases where an admin cannot apply action for customer, but should be all confirms @user = current_user elsif params[:id] @user = User.find_by_param(params[:id]) + else + # TODO + # hacky, what are cases where @user hasn't yet been set? certainly some cases with subscriptions and payments + @user = current_user end end |