From d4283be8b1e33d30d2a1c0f638a713c5e81cc916 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 8 Aug 2013 11:48:16 -0700 Subject: Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user. --- billing/app/controllers/billing_base_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'billing/app/controllers/billing_base_controller.rb') diff --git a/billing/app/controllers/billing_base_controller.rb b/billing/app/controllers/billing_base_controller.rb index f6e233b..06820a6 100644 --- a/billing/app/controllers/billing_base_controller.rb +++ b/billing/app/controllers/billing_base_controller.rb @@ -7,11 +7,15 @@ class BillingBaseController < ApplicationController def assign_user if params[:user_id] @user = User.find_by_param(params[:user_id]) - elsif params[:action] == "confirm" # confirms will come back with different ID set, so check for this first + elsif params[:action] == "confirm" or params[:action] == "destroy" # confirms and subscription deletes will come back with different ID set, so check for this first # This is only for cases where an admin cannot apply action for customer, but should be all confirms @user = current_user elsif params[:id] @user = User.find_by_param(params[:id]) + else + # TODO + # hacky, what are cases where @user hasn't yet been set? certainly some cases with subscriptions and payments + @user = current_user end end -- cgit v1.2.3