From 1d52045fe474c2e2e742477d54fe7acc8e0f9f1b Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 25 Mar 2013 14:18:14 -0700 Subject: One Braintree customer per user, and some permissions checks (will need to change for admins.) --- billing/app/controllers/customer_controller.rb | 30 ++++++++++++++++---------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'billing/app/controllers') diff --git a/billing/app/controllers/customer_controller.rb b/billing/app/controllers/customer_controller.rb index bdb89f7..e6bf76b 100644 --- a/billing/app/controllers/customer_controller.rb +++ b/billing/app/controllers/customer_controller.rb @@ -2,19 +2,27 @@ class CustomerController < ApplicationController before_filter :authorize def new - @tr_data = Braintree::TransparentRedirect. - create_customer_data(:redirect_url => confirm_customer_url) - end + if customer = Customer.find_by_user_id(current_user.id) + redirect_to edit_customer_path(customer.braintree_customer_id) + else + @tr_data = Braintree::TransparentRedirect. + create_customer_data(:redirect_url => confirm_customer_url) + end + end def edit - customer = Customer.find_by_user_id(current_user.id) - #current_customer.with_braintree_data! - # @credit_card = current_customer.default_credit_card - @braintree_data = Braintree::Customer.find(customer.braintree_customer_id) - @default_cc = @braintree_data.credit_cards.find { |cc| cc.default? } - @tr_data = Braintree::TransparentRedirect. - update_customer_data(:redirect_url => confirm_customer_url, - :customer_id => customer.braintree_customer_id) + if (params[:id] == Customer.find_by_user_id(current_user.id).braintree_customer_id) + #current_customer.with_braintree_data! + # @credit_card = current_customer.default_credit_card + @braintree_data = Braintree::Customer.find(params[:id]) + @default_cc = @braintree_data.credit_cards.find { |cc| cc.default? } + @tr_data = Braintree::TransparentRedirect. + update_customer_data(:redirect_url => confirm_customer_url, + :customer_id => params[:id]) + else + # TODO: will want to have case for admins, presumably + access_denied + end end def confirm -- cgit v1.2.3