diff options
author | jessib <jessib@riseup.net> | 2013-08-06 14:21:08 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-08-06 14:21:08 -0700 |
commit | 6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f (patch) | |
tree | 501cd66ee60980711983a6860ea00fcaf2dd8639 /billing/app/controllers/billing_base_controller.rb | |
parent | 926ab284677079c8ea02013e8af0647d3a1ce516 (diff) |
Some more tweaks to have billing code work, and allow admins to view but not edit for other users.
Diffstat (limited to 'billing/app/controllers/billing_base_controller.rb')
-rw-r--r-- | billing/app/controllers/billing_base_controller.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb index 67dff72..f6e233b 100644 --- a/billing/app/controllers/billing_base_controller.rb +++ b/billing/app/controllers/billing_base_controller.rb @@ -4,12 +4,14 @@ class BillingBaseController < ApplicationController helper 'billing' # required for navigation to work. - #TODO doesn't work for admins def assign_user - if params[:id] + if params[:user_id] + @user = User.find_by_param(params[:user_id]) + elsif params[:action] == "confirm" # confirms will come back with different ID set, so check for this first + # This is only for cases where an admin cannot apply action for customer, but should be all confirms + @user = current_user + elsif params[:id] @user = User.find_by_param(params[:id]) - else - @user = current_user #TODO not always correct for admins viewing another user! end end |