summaryrefslogtreecommitdiff
path: root/billing/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'billing/app/controllers')
-rw-r--r--billing/app/controllers/billing_base_controller.rb2
-rw-r--r--billing/app/controllers/subscriptions_controller.rb5
2 files changed, 4 insertions, 3 deletions
diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb
index c250831..0453677 100644
--- a/billing/app/controllers/billing_base_controller.rb
+++ b/billing/app/controllers/billing_base_controller.rb
@@ -7,7 +7,7 @@ class BillingBaseController < ApplicationController
def assign_user
if params[:user_id]
@user = User.find(params[:user_id])
- elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first
+ elsif params[:action] == "confirm"# confirms will come back with different ID set, so check for this first
# This is only for cases where an admin cannot apply action for customer, but should be all confirms
@user = current_user
elsif params[:id]
diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 4047847..7689f35 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -3,7 +3,7 @@ class SubscriptionsController < BillingBaseController
before_filter :fetch_subscription, :only => [:show, :destroy]
before_filter :confirm_no_active_subscription, :only => [:new, :create]
# for now, admins cannot create or destroy subscriptions for others:
- before_filter :confirm_self, :only => [:destroy, :new, :create]
+ before_filter :confirm_self, :only => [:new, :create]
def new
# don't show link to subscribe if they are already subscribed?
@@ -31,7 +31,8 @@ class SubscriptionsController < BillingBaseController
def fetch_subscription
@subscription = Braintree::Subscription.find params[:id]
- @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
+ @credit_card = Braintree::CreditCard.find @subscription.payment_method_token
+ @subscription_customer_id = @credit_card.customer_id
current_user_customer = Customer.find_by_user_id(current_user.id)
access_denied unless admin? or (current_user_customer and current_user_customer.braintree_customer_id == @subscription_customer_id)