From d4283be8b1e33d30d2a1c0f638a713c5e81cc916 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Thu, 8 Aug 2013 11:48:16 -0700
Subject: Still a bit hacky, but catching some more corner cases as far as
 setting the user variable, due to complication that an admin might be
 accessing data for another user.

---
 billing/app/controllers/subscriptions_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'billing/app/controllers/subscriptions_controller.rb')

diff --git a/billing/app/controllers/subscriptions_controller.rb b/billing/app/controllers/subscriptions_controller.rb
index 8030c88..e5af0a3 100644
--- a/billing/app/controllers/subscriptions_controller.rb
+++ b/billing/app/controllers/subscriptions_controller.rb
@@ -30,13 +30,13 @@ class SubscriptionsController < BillingBaseController
   def fetch_subscription
     @subscription = Braintree::Subscription.find params[:id]
     @subscription_customer_id = @subscription.transactions.first.customer_details.id #all of subscriptions transactions should have same customer
-    @customer = Customer.find_by_user_id(current_user.id)
+    @customer = Customer.find_by_user_id(@user.id) # todo: ???
     access_denied unless admin? or (@customer and @customer.braintree_customer_id == @subscription_customer_id)
     # TODO: will presumably want to allow admins to view/cancel subscriptions for all users
   end
 
   def confirm_no_active_subscription
-    @customer = Customer.find_by_user_id(current_user.id)
+    @customer = Customer.find_by_user_id(@user.id)
     if subscription = @customer.subscriptions # will return active subscription, if it exists
       redirect_to subscription_path(subscription.id), :notice => 'You already have an active subscription'
     end
-- 
cgit v1.2.3