Spec employees

app/controllers/suppliers/application_controller.rb

@@ -5,6 +5,7 @@ module Suppliers
     attr_reader :current_supplier
     helper_method :current_supplier
     layout 'supplier/app'
+    class_attribute :after_authentication_hooks
 
     rescue_from 'RestClient::Conflict' do |e|
       #binding.pry
@@ -16,6 +17,11 @@ module Suppliers
       end
     end
 
+    def self.after_authentication(options, &blk)
+      self.after_authentication_hooks ||= []
+      after_authentication_hooks << {options: options, block: blk}
+    end
+
     def setup_employee_and_supplier!
       authenticate_employee!
       find_current_supplier!
@@ -23,6 +29,10 @@ module Suppliers
       current_employee.enrich_with_settings current_supplier.settings_for(current_employee)
       raise CanCan::AccessDenied unless current_employee.active?
       @current_ability = ::Ability.new( current_employee )
+      Array.wrap(after_authentication_hooks).each do |hook|
+        next if hook[:options][:only].present? && !Array.wrap(hook[:options][:only].include?(action_name.to_sym))
+        instance_eval &hook[:block]
+      end
     end
 
 

app/controllers/suppliers/employees_controller.rb

@@ -1,6 +1,9 @@
 module Suppliers
   class EmployeesController < Suppliers::ApplicationController
-
+    after_authentication only: [:show, :update, :destroy] do
+      @employee = current_supplier.get_employee params[:id]
+      render json: {}, status: 404 unless @employee.present?
+    end
     # GET /employees
     # GET /employees.json
     def index
@@ -11,7 +14,6 @@ module Suppliers
     # GET /employees/1
     # GET /employees/1.json
     def show
-      @employee = Employee.find(params[:id])
       render json: @employee, serializer: Suppliers::EmployeeSerializer
     end
 
@@ -19,7 +21,6 @@ module Suppliers
     # POST /employees.json
     def create
       @employee = Employee.find_by_email(employee_params[:email]) if employee_params[:email].present?
-      @employee ||= Employee.new(employee_params)
 
       if @employee.save
         current_supplier.add_employee @employee unless current_supplier.employee_ids.include? @employee.id # already linked
@@ -32,9 +33,7 @@ module Suppliers
     # PUT /employees/1
     # PUT /employees/1.json
     def update
-      @employee = Employee.find(params[:id])
-      render json: {}, status: 404 unless current_supplier.employee_ids.include?(@employee.id)
-      current_supplier.settings_for(@employee).update!(employee_params)
+      #current_supplier.settings_for(@employee).update!(employee_params)
       respond_to do |format|
         if @employee.update_attributes(employee_params)
           format.json { head :no_content }
@@ -47,8 +46,6 @@ module Suppliers
     # DELETE /employees/1
     # DELETE /employees/1.json
     def destroy
-      @employee = Employee.find(params[:id])
-      render json: {}, status: :forbidden unless current_supplier.employee_ids.include?(@employee.id)
       head :forbidden and return if @employee == current_employee # do not remove self at the moment
       current_supplier.remove_employee @employee