summaryrefslogtreecommitdiff
path: root/billing/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'billing/app/controllers')
-rw-r--r--billing/app/controllers/billing_base_controller.rb7
-rw-r--r--billing/app/controllers/customer_controller.rb22
2 files changed, 19 insertions, 10 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb
index dc15194..67dff72 100644
--- a/billing/app/controllers/billing_base_controller.rb
+++ b/billing/app/controllers/billing_base_controller.rb
@@ -4,8 +4,13 @@ class BillingBaseController < ApplicationController
helper 'billing'
# required for navigation to work.
+ #TODO doesn't work for admins
def assign_user
- @user = current_user
+ if params[:id]
+ @user = User.find_by_param(params[:id])
+ else
+ @user = current_user #TODO not always correct for admins viewing another user!
+ end
end
end
diff --git a/billing/app/controllers/customer_controller.rb b/billing/app/controllers/customer_controller.rb
index 14ea8a7..f38f77e 100644
--- a/billing/app/controllers/customer_controller.rb
+++ b/billing/app/controllers/customer_controller.rb
@@ -1,10 +1,13 @@
class CustomerController < BillingBaseController
before_filter :authorize
+
def show
- customer.with_braintree_data!
- @default_cc = customer.default_credit_card #TODO not actually right way
- @active_subscription = customer.subscriptions
- @transactions = customer.braintree_customer.transactions
+ if customer = fetch_customer
+ customer.with_braintree_data!
+ @default_cc = customer.default_credit_card #TODO not actually right way
+ @active_subscription = customer.subscriptions
+ @transactions = customer.braintree_customer.transactions
+ end
end
def new
@@ -50,12 +53,13 @@ class CustomerController < BillingBaseController
:customer_id => customer.braintree_customer_id) ##??
end
- def customer
- @customer ||= Customer.find(params[:id]) if params[:id] # edit, show
- @customer ||= Customer.find_by_user_id(current_user.id) # confirm
- @customer ||= Customer.new(user: current_user)
+ def fetch_customer
+ @customer = Customer.find_by_user_id(@user.id)
+ if @user == current_user
+ @customer ||= Customer.new(user: @user)
+ end
# TODO will want case for admins, presumably
- access_denied unless @customer.user == current_user
+ access_denied unless (@customer and (@customer.user == current_user)) or admin?
return @customer
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 13:41:52 +0000