From d4283be8b1e33d30d2a1c0f638a713c5e81cc916 Mon Sep 17 00:00:00 2001 From: jessib Date: Thu, 8 Aug 2013 11:48:16 -0700 Subject: Still a bit hacky, but catching some more corner cases as far as setting the user variable, due to complication that an admin might be accessing data for another user. --- billing/app/views/subscriptions/destroy.html.haml | 2 +- billing/app/views/subscriptions/show.html.haml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'billing/app/views/subscriptions') diff --git a/billing/app/views/subscriptions/destroy.html.haml b/billing/app/views/subscriptions/destroy.html.haml index e7ed6e8..44b4333 100644 --- a/billing/app/views/subscriptions/destroy.html.haml +++ b/billing/app/views/subscriptions/destroy.html.haml @@ -4,4 +4,4 @@ Error: = @result.message %p - = link_to 'Customer Information', show_customer_path(@customer.braintree_customer_id), :class=> :btn \ No newline at end of file + = link_to 'Customer Information', show_customer_path(@user), :class=> :btn \ No newline at end of file diff --git a/billing/app/views/subscriptions/show.html.haml b/billing/app/views/subscriptions/show.html.haml index 10eb667..ebb7e0d 100644 --- a/billing/app/views/subscriptions/show.html.haml +++ b/billing/app/views/subscriptions/show.html.haml @@ -3,4 +3,5 @@ Current Subscription = render :partial => "subscription_details", :locals => {:subscription => @subscription} -= link_to t(:cancel_subscription), subscription_path, :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show? +- if @user == current_user + = link_to t(:cancel_subscription), subscription_path(@subscription.id), :confirm => t(:are_you_sure), :method => :delete, :class => 'btn btn-danger' if @subscription.status == 'Active' # permission check or should that just be on show? -- cgit v1.2.3