bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor security system

Browse Source
This commit is contained in:
Benjamin ter Kuile
2012-12-11 11:27:41 +01:00
parent f19044ae6a
commit 009b84f7cd
10 changed files with 151 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/assets/javascripts/user/quser.js.coffee
+95 -60
View File
@@ -1,5 +1,5 @@
authentication_string = QMobile.authentication_string()
authentication_object = $.parseJSON(QMobile.authentication_object())
#authentication_string = QMobile.authentication_string()
#authentication_object = $.parseJSON(QMobile.authentication_object())
class Quser
format_date: (utc) ->
formatted = ''
@@ -9,7 +9,9 @@ class Quser
formatted
watch_events: ->
faye = new Faye.Client(event_host)
faye.subscribe "/user/"+QMobile.user_id(), (e)=>
user_id = Qstorage.getItem('user_id')
return unless user_id && user_id.length > 0
faye.subscribe "/user/"+user_id, (e)=>
if(e.event == 'list_closed')
#redirect_to 'user_root', {list_closed: 'true'}
redirect_to 'history_list', {list_id: e.data.id, list_closed: true}
@@ -39,23 +41,49 @@ class Quser
$('.list-total-amount').html(currency(e.data.total_amount))
console.log(e)
false
home_loader: ->
$.getJSON(data_host + '/user/list_info.json?' + authentication_string, (res) => @handle_active_list_default_actions(res))
handle_active_list: (callback) ->
$.getJSON(data_host + '/user/list_info.json?' + authentication_string, (res) =>
if(res.ok == false && res.status && res.status == 401)
direct_to_site('obtain_user_token')
else if !res.list_active
redirect_to 'user_root', {list_closed: 'true'}
return
window.active_list = res
callback.call() if callback
@handle_active_list_default_actions(res)
reset_user: ->
Qstorage.removeItem('auth_token')
Qstorage.removeItem('user_id')
authenticate_user: ->
email = $('#user-email')
password = $('#user-password')
return unless email.length && password.length
return email.focus() unless email.val() && email.val().length > 0
return password.focus() unless password.val() && password.val().length > 0
$.post(data_host + '/user/obtain_token.json', {"user[email]": email.val(), "user[password]": password.val()}, (res)=>
if res.auth_token
Qstorage.setItem('auth_token', res.auth_token)
Qstorage.setItem('user_id', res.user_id)
redirect_to 'user_root'
else
$('.user-alert').html(t('obtain_token.invalid_combination')).show()
)
false
ensure_token: (callback)->
redirect_to('obtain_token') unless Qstorage.getItem('auth_token') && typeof(Qstorage.getItem('auth_token')) == 'string' && Qstorage.getItem('auth_token').length > 0
@authentication_string = 'auth_token='+Qstorage.getItem('auth_token')
@authentication_object = {auth_token: Qstorage.getItem('auth_token')}
callback.call() if callback
home_loader: ->
@ensure_token =>
$.getJSON(data_host + '/user/list_info.json?' + @authentication_string, (res) => @handle_active_list_default_actions(res))
handle_active_list: (callback) ->
@ensure_token =>
$.getJSON(data_host + '/user/list_info.json?' + @authentication_string, (res) =>
if(res.ok == false && res.status && res.status == 401)
redirect_to('obtain_token')
else if !res.list_active
redirect_to 'user_root', {list_closed: 'true'}
return
window.active_list = res
callback.call() if callback
@handle_active_list_default_actions(res)
)
handle_active_list_default_actions: (response)->
response ||= {}
if(response.ok == false && response.status && response.status == 401)
direct_to_site('obtain_user_token')
redirect_to('obtain_token')
return
$('.table-number').text(response.table_number) if response.table_number
@@ -163,41 +191,46 @@ class Quser
return unless window.active_list && !window.active_list.needs_payment
$.post(data_host + '/user/list_needs_payment.json', authentication_object, (res) => window.active_list = res; window.Quser.list_needs_payment_default_action(res))
load_active_list: () ->
$.getJSON(data_host + '/user/active_list.json?'+authentication_string, (res) =>
window.active_list = res if res._id
unless res.list_active
redirect_to 'history_list', {list_id: window.active_list._id, list_closed: true}
return
@handle_active_list_default_actions(res)
body = $('#active-list-table tbody')
foot = $('#active-list-table tfoot')
@build_list_table(body, foot, res)
)
@ensure_token =>
$.getJSON(data_host + '/user/active_list.json?'+@authentication_string, (res) =>
if(res.ok == false && res.status && res.status == 401)
redirect_to('obtain_token')
window.active_list = res if res._id
unless res.list_active
redirect_to 'history_list', {list_id: window.active_list._id, list_closed: true}
return
@handle_active_list_default_actions(res)
body = $('#active-list-table tbody')
foot = $('#active-list-table tfoot')
@build_list_table(body, foot, res)
)
load_history_list: () ->
return unless list_id = Qstorage.list_id
$.getJSON(data_host + '/user/history_list.json?list_id='+list_id+'&'+ authentication_string, (res) =>
body = $('#history-list-table tbody')
foot = $('#history-list-table tfoot')
@build_list_table(body, foot, res)
$('.list-created-at').text(@format_date(res.created_at))
$('.list-closed-at').text(@format_date(res.closed_at))
$('.supplier-name').text(res.supplier_name)
)
@ensure_token =>
$.getJSON(data_host + '/user/history_list.json?list_id='+list_id+'&'+ @authentication_string, (res) =>
body = $('#history-list-table tbody')
foot = $('#history-list-table tfoot')
@build_list_table(body, foot, res)
$('.list-created-at').text(@format_date(res.created_at))
$('.list-closed-at').text(@format_date(res.closed_at))
$('.supplier-name').text(res.supplier_name)
)
load_list_history: ->
page = Qstorage.page || 1
page = parseInt(page)
$.getJSON(data_host + '/user/list_history.json?'+authentication_string+'&page='+page, (res) =>
@paginate(res, @load_list_history)
container = $('#list-history-container').html('')
for list in res.lists
li = $('<li></li>').appendTo(container)
link = $('<a href="#"></a>').appendTo(li)
link.click(-> redirect_to 'history_list', list_id: list._id)
txt = list.supplier_name
txt += ' - '
txt += @format_date(list.created_at)
link.text(txt)
)
@ensure_token =>
page = Qstorage.getItem('page') || 1
page = parseInt(page)
$.getJSON(data_host + '/user/list_history.json?'+@authentication_string+'&page='+page, (res) =>
@paginate(res, @load_list_history)
container = $('#list-history-container').html('')
for list in res.lists
li = $('<li></li>').appendTo(container)
link = $('<a href="#"></a>').appendTo(li)
link.click(-> redirect_to 'history_list', list_id: list._id)
txt = list.supplier_name
txt += ' - '
txt += @format_date(list.created_at)
link.text(txt)
)
paginate: (wrapper, callback) ->
container = $('nav.pagination')
container.html('')
@@ -235,12 +268,13 @@ class Quser
$('.list-total-amount').html(currency(m_obj.total_amount))
order_selected_products: ()->
return if $.isEmptyObject(window.active_products_list)
h = {}
h['table_id'] = Qstorage.getItem('table_id') if Qstorage.getItem('table_id')
for product_id, number of window.active_products_list
h['products['+product_id+']'] = number
$.post(data_host + '/user/order_selected_products', $.extend(h, authentication_object), ((res) => @handle_response(res)), 'json')
@ensure_token =>
return if $.isEmptyObject(window.active_products_list)
h = {}
h['table_id'] = Qstorage.getItem('table_id') if Qstorage.getItem('table_id')
for product_id, number of window.active_products_list
h['products['+product_id+']'] = number
$.post(data_host + '/user/order_selected_products', $.extend(h, @authentication_object), ((res) => @handle_response(res)), 'json')
handle_response: (res) ->
if(typeof(res) == 'string')
return unless res.length
@@ -268,10 +302,11 @@ class Quser
Qupdate('#active-order-container')
load_active_list_products: ->
@populate_products_table('/user/list_products.json?'+authentication_string)
@populate_products_table('/user/list_products.json?'+@authentication_string)
load_table_products: ->
return redirect_to 'user_root', {message: 'cannot_identify_table'} unless Qstorage.table_id
@populate_products_table('/user/list_products_for_table.json?'+authentication_string+'&table_id='+Qstorage.table_id)
@ensure_token =>
return redirect_to 'user_root', {message: 'cannot_identify_table'} unless Qstorage.table_id
@populate_products_table('/user/list_products_for_table.json?'+@authentication_string+'&table_id='+Qstorage.table_id)
populate_products_table: (src)->
$.getJSON(data_host + src, (res) =>
include_order_buttons = res.my_list || !res.table_occupied
@@ -317,7 +352,7 @@ class Quser
actions_for_table: (table)->
table = JSON.parse(table) if typeof(table) == 'string'
Qstorage.table_id = table.table_id
$.getJSON(data_host + '/user/table_info.json?'+authentication_string+'&table_id='+table.table_id, (res)=>
$.getJSON(data_host + '/user/table_info.json?'+@authentication_string+'&table_id='+table.table_id, (res)=>
if res.current_table_id
if res.other_supplier
redirect_to 'user_root', {message: 'table_is_from_other_supplier'}
@@ -337,7 +372,7 @@ class Quser
## Offer to move table
Qwaiter.confirm(
ok: ->
$.post(data_host + '/user/move_table', $.extend({table_id: table.table_id}, authentication_object), (res2)->
$.post(data_host + '/user/move_table', $.extend({table_id: table.table_id}, @authentication_object), (res2)->
if res2.occupied
redirect_to 'user_root', {message: 'move_table.cannot_move_to_occupied_tabe'}
else
@@ -371,7 +406,7 @@ class Quser
cont.html('')
cont.append $($('<img />').attr('src', "#{$asset_path}spinner.gif"))
cont.append $($('<p>').html(t('join_request.waiting_for_confirmation')))
$.post(data_host + '/user/join_occupied_table', $.extend({table_id: table_id}, authentication_object))
$.post(data_host + '/user/join_occupied_table', $.extend({table_id: table_id}, @authentication_object))
#setInterval('Quser.check_if_can_join_occupied_table("'+table_id+'")', 7500)
add_product: (product_id, count) ->
count ||= 1