Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user.

1 files changed, 2 insertions, 2 deletions

diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 8030c88..e5af0a3 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -30,13 +30,13 @@ class SubscriptionsController < BillingBaseController
   def fetch_subscription
     @subscription = Braintree::Subscription.find params[:id]
     @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
-    @customer = Customer.find_by_user_id(current_user.id)
+    @customer = Customer.find_by_user_id(@user.id) # todo: ???
     access_denied unless admin? or (@customer and @customer.braintree_customer_id == @subscription_customer_id)
     # TODO: will presumably want to allow admins to view/cancel subscriptions for all users
   end
 
   def confirm_no_active_subscription
-    @customer = Customer.find_by_user_id(current_user.id)
+    @customer = Customer.find_by_user_id(@user.id)
     if subscription = @customer.subscriptions # will return active subscription, if it exists
       redirect_to subscription_path(subscription.id), :notice => 'You already have an active subscription'
     end