Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user.

5 files changed, 8 insertions, 7 deletions

diff --git a/billing/app/views/customer/confirm.html.haml b/billing/app/views/customer/confirm.html.haml
index 49a1e91..877a8ac 100644
--- a/billing/app/views/customer/confirm.html.haml
+++ b/billing/app/views/customer/confirm.html.haml
@@ -10,5 +10,5 @@
   %dt Credit Card
   - @result.customer.credit_cards.each do |cc|
     %dd= cc.masked_number
-- customer = Customer.find_by_user_id(current_user.id)
+- customer = Customer.find_by_user_id(@user.id)
 = link_to 'View Customer Info', show_customer_path(@user.id), :class=> :btn
\ No newline at end of file
diff --git a/billing/app/views/customer/edit.html.haml b/billing/app/views/customer/edit.html.haml
index 8a232c5..e882d53 100644
--- a/billing/app/views/customer/edit.html.haml
+++ b/billing/app/views/customer/edit.html.haml
@@ -20,4 +20,4 @@
   = hidden_field_tag :tr_data, @tr_data
   .form-actions
     = f.submit t(:save_customer_info), :class => 'btn btn-primary'
-    = link_to t(:cancel), show_customer_path(@customer), :class=> :btn
+    = link_to t(:cancel), show_customer_path(@user), :class=> :btn
diff --git a/billing/app/views/payments/confirm.html.haml b/billing/app/views/payments/confirm.html.haml
index 9479eb9..640c30a 100644
--- a/billing/app/views/payments/confirm.html.haml
+++ b/billing/app/views/payments/confirm.html.haml
@@ -24,6 +24,6 @@
   %tr
     %td Card Type:
     %td= h @result.transaction.credit_card_details.card_type
-- if current_user
-  - customer = Customer.find_by_user_id(current_user.id)
-  = link_to 'View Customer Info', show_customer_path(customer.braintree_customer_id), :class=> :btn
\ No newline at end of file
+- if logged_in?
+  - customer = Customer.find_by_user_id(@user.id)
+  = link_to 'View Customer Info', show_customer_path(@user.id), :class=> :btn
\ No newline at end of file
diff --git a/billing/app/views/subscriptions/destroy.html.haml b/billing/app/views/subscriptions/destroy.html.haml
index e7ed6e8..44b4333 100644
--- a/billing/app/views/subscriptions/destroy.html.haml
+++ b/billing/app/views/subscriptions/destroy.html.haml
@@ -4,4 +4,4 @@
   Error:
   = @result.message
 %p
-  = link_to 'Customer Information', show_customer_path(@customer.braintree_customer_id), :class=> :btn
\ No newline at end of file
+  = link_to 'Customer Information', show_customer_path(@user), :class=> :btn
\ No newline at end of file
diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml
index 10eb667..ebb7e0d 100644
--- a/billing/app/views/subscriptions/show.html.haml
+++ b/billing/app/views/subscriptions/show.html.haml
@@ -3,4 +3,5 @@
     Current
   Subscription
 = render :partial => "subscription_details",  :locals => {:subscription => @subscription}
-= link_to t(:cancel_subscription), subscription_path,  :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?
+- if @user == current_user
+  = link_to t(:cancel_subscription), subscription_path(@subscription.id),  :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show?