summaryrefslogtreecommitdiff
path: root/billing/app/controllers/subscriptions_controller.rb
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-08-06 14:21:08 -0700
committerjessib <jessib@riseup.net>2013-08-06 14:21:08 -0700
commit6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f (patch)
tree501cd66ee60980711983a6860ea00fcaf2dd8639 /billing/app/controllers/subscriptions_controller.rb
parent926ab284677079c8ea02013e8af0647d3a1ce516 (diff)
Some more tweaks to have billing code work, and allow admins to view but not edit for other users.
Diffstat (limited to 'billing/app/controllers/subscriptions_controller.rb')
-rw-r--r--billing/app/controllers/subscriptions_controller.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 38dbff1..8030c88 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -21,7 +21,7 @@ class SubscriptionsController < BillingBaseController
end
def index
- customer = Customer.find_by_user_id(current_user.id)
+ customer = Customer.find_by_user_id(@user.id)
@subscriptions = customer.subscriptions(nil, false)
end
@@ -31,7 +31,7 @@ class SubscriptionsController < BillingBaseController
@subscription = Braintree::Subscription.find params[:id]
@subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
@customer = Customer.find_by_user_id(current_user.id)
- access_denied unless @customer and @customer.braintree_customer_id == @subscription_customer_id
+ access_denied unless admin? or (@customer and @customer.braintree_customer_id == @subscription_customer_id)
# TODO: will presumably want to allow admins to view/cancel subscriptions for all users
end