summaryrefslogtreecommitdiff
path: root/billing/app/controllers/customer_controller.rb
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-08-01 12:18:03 -0700
committerjessib <jessib@riseup.net>2013-08-01 12:18:03 -0700
commita98752629c8d04a5fde2287a924855de63321bb2 (patch)
treed76250a6c7998de9a8cff9a8912fda0c70a44057 /billing/app/controllers/customer_controller.rb
parent368dbc55966b2b74699065e07de28fe321f286b6 (diff)
Start to functionality for admins viewing billing of other users.
Diffstat (limited to 'billing/app/controllers/customer_controller.rb')
-rw-r--r--billing/app/controllers/customer_controller.rb22
1 files changed, 13 insertions, 9 deletions
diff --git a/billing/app/controllers/customer_controller.rb b/billing/app/controllers/customer_controller.rb
index 14ea8a7..f38f77e 100644
--- a/billing/app/controllers/customer_controller.rb
+++ b/billing/app/controllers/customer_controller.rb
@@ -1,10 +1,13 @@
class CustomerController < BillingBaseController
before_filter :authorize
+
def show
- customer.with_braintree_data!
- @default_cc = customer.default_credit_card #TODO not actually right way
- @active_subscription = customer.subscriptions
- @transactions = customer.braintree_customer.transactions
+ if customer = fetch_customer
+ customer.with_braintree_data!
+ @default_cc = customer.default_credit_card #TODO not actually right way
+ @active_subscription = customer.subscriptions
+ @transactions = customer.braintree_customer.transactions
+ end
end
def new
@@ -50,12 +53,13 @@ class CustomerController < BillingBaseController
:customer_id => customer.braintree_customer_id) ##??
end
- def customer
- @customer ||= Customer.find(params[:id]) if params[:id] # edit, show
- @customer ||= Customer.find_by_user_id(current_user.id) # confirm
- @customer ||= Customer.new(user: current_user)
+ def fetch_customer
+ @customer = Customer.find_by_user_id(@user.id)
+ if @user == current_user
+ @customer ||= Customer.new(user: @user)
+ end
# TODO will want case for admins, presumably
- access_denied unless @customer.user == current_user
+ access_denied unless (@customer and (@customer.user == current_user)) or admin?
return @customer
end
end