From 6f5e2c2cdcbdb9ea4aca71f0bde2a935d979da3f Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Tue, 6 Aug 2013 14:21:08 -0700
Subject: Some more tweaks to have billing code work, and allow admins to view
 but not edit for other users.

---
 billing/app/controllers/subscriptions_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'billing/app/controllers/subscriptions_controller.rb')

diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 38dbff1..8030c88 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -21,7 +21,7 @@ class SubscriptionsController < BillingBaseController
   end
 
   def index
-    customer = Customer.find_by_user_id(current_user.id)
+    customer = Customer.find_by_user_id(@user.id)
     @subscriptions = customer.subscriptions(nil, false)
   end
 
@@ -31,7 +31,7 @@ class SubscriptionsController < BillingBaseController
     @subscription = Braintree::Subscription.find params[:id]
     @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
     @customer = Customer.find_by_user_id(current_user.id)
-    access_denied unless @customer and @customer.braintree_customer_id == @subscription_customer_id
+    access_denied unless admin? or (@customer and @customer.braintree_customer_id == @subscription_customer_id)
     # TODO: will presumably want to allow admins to view/cancel subscriptions for all users
   end
 
-- 
cgit v1.2.3