From 03a643458733550a9bfb5e661e5a74b1964f021c Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Thu, 22 Aug 2013 12:21:43 -0700
Subject: Some more billing cleanup.

---
 billing/app/controllers/payments_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'billing/app/controllers/payments_controller.rb')

diff --git a/billing/app/controllers/payments_controller.rb b/billing/app/controllers/payments_controller.rb
index 226f5a0..17ac0f3 100644
--- a/billing/app/controllers/payments_controller.rb
+++ b/billing/app/controllers/payments_controller.rb
@@ -16,10 +16,10 @@ class PaymentsController < BillingBaseController
   end
 
   def index
+    access_denied unless admin? or (@user == current_user)
     customer = Customer.find_by_user_id(@user.id)
     braintree_data = Braintree::Customer.find(customer.braintree_customer_id)
     # these will be ordered by created_at descending, per http://stackoverflow.com/questions/16425475/
-    # TODO permissions
     @transactions = braintree_data.transactions
   end
 
-- 
cgit v1.2.3