supplier client sections working with problematic authentication still active

2020-02-27 15:44:43 -05:00
parent 9e86b18c3e
commit 2149345d3d
33 changed files with 456 additions and 281 deletions
@@ -10,3 +10,5 @@
 //= link supplier/foundation1/application.css
 //
 //= link supplier/app/application.js
+//
+//= link qr_sheet/application.css
@@ -1,18 +1,18 @@
 #= require_self
 #= require md5
 #= require handlebars
-#= require ember
-#= require ember-data
-#= require active-model-adapter
-#= require ember-validations
-#= require ember-template-compiler
+# require ember
+# require ember-data
+# require active-model-adapter
+# require ember-validations
+# require ember-template-compiler
 #= require_directory ./modifications
 #= require ./app
-#= require shared-ember-helpers/all
+# require shared-ember-helpers/all
 #= require_directory ./mixins
 #= require_directory ./services
 #= require ./controllers/modals/base_controller
-#= require ion.sound
+# require ion.sound
 #= require_tree .

@$assets_path = '/assets/'
@@ -1,3 +1,4 @@
+#import Ember from 'ember'
 ComponentExtensions = Ember.Mixin.create
  modal: (name, options={})->
    target = App.__container__.lookup('route:application')
@@ -18,7 +18,7 @@ private
  def authenticate_employee!
    if auth_token = params[:auth_token].presence
      raise CanCan::AccessDenied unless employee = Employee.find_by_authentication_token(auth_token)
-      sign_in employee
+      bypass_sign_in employee
    else
      super
    end
@@ -49,18 +49,23 @@ class DashboardController < ApplicationController
    code = "q.mozo.bar/s?t=#{@table.id}"
    size = RQRCode.minimum_qr_size_from_string(code)
    respond_to do |format|
-      format.html
-      format.svg { render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true }
+      format.html {
+        render text: "Pending table_qr_image"
+      }
+      format.svg {
+        render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true
+      }
      format.png do
-        #render qrcode: code, level: :l, table_number: @table.number, qcontainer: true
-        size = RQRCode.minimum_qr_size_from_string(code)
-        level = :l
-        qrcode = RQRCode::QRCode.new(code, size: size, level: level)
-        svg    = RQRCode::Renderers::SVG::render(qrcode)
-        svg_file = Tempfile.new(['table_qr', '.svg']){|f| f.puts svg}
-        png_target = svg_file.path.sub /svg$/, 'png'
+        render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true
+        ##render qrcode: code, level: :l, table_number: @table.number, qcontainer: true
+        #size = RQRCode.minimum_qr_size_from_string(code)
+        #level = :l
+        #qrcode = RQRCode::QRCode.new(code, size: size, level: level)
+        #svg    = RQRCode::Renderers::SVG::render(qrcode)
+        #svg_file = Tempfile.new(['table_qr', '.svg']){|f| f.puts svg}
+        #png_target = svg_file.path.sub /svg$/, 'png'

-        render nothing: true
+        #render nothing: true
      end
    end
  end
@@ -15,17 +15,24 @@ module Suppliers
    rescue_from CanCan::AccessDenied do |exception|
      respond_to do |format|
        format.html { redirect_to root_path, alert: 'Action forbidden'}
-        format.json { render json: {errors: "403 Forbidden"}, status: :forbidden }
+        format.json { render json: {errors: "403 Forbidden", ok: false}, status: :forbidden }
      end
    end

    # GET
+    #NOTE: temporary solution for development, if I am in production something is wrong
    def employee_and_supplier
      employee = current_employee || Employee.find_by_email('bterkuile@gmail.com')
+      raise CanCan::AccessDenied unless employee.present?
      supplier = current_supplier || employee.suppliers.first
+      employee.enrich_with_settings supplier.settings_for(employee)
+      FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
+        relation_result = supplier.public_send(relation_name)
+        relation_result.include_relations(includes) if relation_result.is_a?(Array)
+      end
      render json: {
        employee: JSONAPI::Serializer.serialize(employee, serializer: Suppliers::EmployeeSerializer),
-        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer),
+        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
        auth_token: employee.authentication_token,
      }
    end
@@ -12,18 +12,21 @@ module Suppliers
      render json: @employee_shifts
    end
    def create
+      @employee_shift = EmployeeShift.new(employee_shift_params)
      @employee_shift.supplier = current_supplier
      @employee_shift.save
      render json: @employee_shift
    end

    def update
+      @employee_shift = EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @employee_shift.update employee_shift_params
      render json: @employee_shift
    end

    def destroy
      head :forbidden and return unless @employee_shift.supplier_id == current_supplier.id
+      @employee_shift= EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @employee_shift.destroy
      head :no_content
    end
@@ -43,7 +43,7 @@ module Suppliers
    # GET /product_categories/new
    # GET /product_categories/new.json
    def new
-      @product_category = ProductCategory.new
+      @product_category = ProductCategory.new supplier: current_supplier

      respond_to do |format|
        format.html # new.html.erb
@@ -53,6 +53,7 @@ module Suppliers
    def destroy
      #@product_variant = ProductVariant.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @product_variant = ProductVariant.find(params[:id])
+      head :forbidden and return unless @product_variant.supplier_id == current_supplier.id
      @product_variant.destroy
      head :no_content
    end
@@ -29,7 +29,7 @@ module Suppliers
    # GET /products/new
    # GET /products/new.json
    def new
-      @product = Product.new
+      @product = Product.new supplier: current_supplier
      @product.add_product_category ProductCategory.find_by_supplier_id_and_id!(current_supplier.id, params[:product_category_id]) if params[:product_category_id].present?

      respond_to do |format|
@@ -46,7 +46,7 @@ module Suppliers
    # POST /products
    # POST /products.json
    def create
-      #@product = Product.new(product_params)
+      @product = Product.new(product_params)
      @product.supplier = current_supplier

      respond_to do |format|
@@ -79,7 +79,7 @@ module Suppliers
    # DELETE /products/1
    # DELETE /products/1.json
    def destroy
-      #@product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @product.destroy
      head :no_content
    end
@@ -6,6 +6,7 @@ module Suppliers
    end

    def create
+      @section_area = SectionArea.new(section_area_params)
      @section_area.supplier = current_supplier
      if @section_area.save
        render json: @section_area
@@ -15,6 +16,7 @@ module Suppliers
    end

    def update
+      @section_area = SectionArea.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      if @section_area.update_attributes section_area_params
        render json: @section_area
      else
@@ -23,6 +25,7 @@ module Suppliers
    end

    def destroy
+      @section_area= SectionArea.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @section_area.destroy
      head :no_content
    end
@@ -6,6 +6,7 @@ module Suppliers
    end

    def create
+      @section_element = SectionElement.new(section_element_params)
      @section_element.supplier = current_supplier
      if @section_element.save
        render json: @section_element
@@ -15,6 +16,7 @@ module Suppliers
    end

    def update
+      @section_element = SectionElement.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      if @section_element.update_attributes section_element_params
        render json: @section_element
      else
@@ -23,6 +25,7 @@ module Suppliers
    end

    def destroy
+      @section_element= SectionElement.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @section_element.destroy
      head :no_content
    end
@@ -31,8 +31,7 @@ module Suppliers
    # GET /sections/new
    # GET /sections/new.json
    def new
-      @section = Section.new
-      @section.supplier = current_supplier
+      @section = Section.new supplier: current_supplier
      render json: @section
    end

@@ -6,7 +6,11 @@ module Suppliers
    end

    def show
-      current_supplier.sections.include_relations(:tables, :section_areas, :section_elements, product_categories: {products: :product_variants})
+      #current_supplier.sections.include_relations(:tables, :section_areas, :section_elements, product_categories: {products: :product_variants})
+      FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
+        relation_result = current_supplier.public_send(relation_name)
+        relation_result.include_relations(includes) if relation_result.is_a?(Array)
+      end
      #render json: JSONAPI::Serializer.serialize(current_supplier, serializer: Suppliers::SupplierSerializer, include: %w[
        #sections
        #sections.tables
@@ -16,15 +20,7 @@ module Suppliers
        #product_categories.products
        #product_categories.products.product_variants
      #]) #.new(current_supplier).as_json
-      render json: current_supplier, include: %w[
-        sections
-        sections.tables
-        sections.section_areas
-        sections.section_elements
-        product_categories
-        product_categories.products
-        product_categories.products.product_variants
-      ]
+      render json: current_supplier, include: Supplier::PRELOAD_INCLUDES
    end

    def update
@@ -12,7 +12,7 @@ module Suppliers
    # GET /tables/1
    # GET /tables/1.json
    def show
-      @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @table = Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])

      render json: @table
    end
@@ -20,7 +20,7 @@ module Suppliers
    # GET /tables/new
    # GET /tables/new.json
    def new
-      @table = Table.new
+      @table = Table.new supplier: current_supplier
      @table.section_id = params[:section_id].presence

      render json: @table
@@ -47,7 +47,7 @@ module Suppliers
    # PUT /supplier/tables/1
    # PUT /supplier/tables/1.json
    def update
-      @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @table = Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])

      if @table.update_attributes(table_params)
        render json: @table
@@ -10,7 +10,7 @@ class Employee
  DEFAULT_SETTINGS.each do |attribute, default_value|
    define_method(attribute) { settings.public_send attribute }
    define_method("#{attribute}=") do |value|
-      is_dirty
+      #is_dirty
      settings.set attribute, value
    end
    if default_value == true or default_value == false # boolean
@@ -17,8 +17,8 @@ class List
      #unless join_request_user_ids.include?(requester.id) or user_ids.include?(requester.id) # do not resend
      unless user_ids.include?(requester.id) # resend for the sake of it for now
        @join_requests = nil # bust cache
+        self.join_request_user_ids_will_change!
        self.join_request_user_ids |= [requester.id]
-        self.is_dirty
        if save
          broadcast_users 'user_join_request', payload: Users::JoinRequestSerializer.serialize(join_request_for_user(requester), include: %w[list user])
        end
@@ -31,7 +31,7 @@ class List
        user.active_list_id = self.id
        add_user(user)
        user.save
-        self.is_dirty
+        join_request_user_ids_will_change!
        save and broadcast_users 'join_request_approved', id: "jr-#{user.id}"
      end
    end
@@ -39,8 +39,8 @@ class List
    def reject_join_request_for_user!(user_id)
      user_id = user_id.id if user_id.is_a?(User) # allow model to be passed as argument
      if join_request_user_ids.include?(user_id)
+        join_request_user_ids_will_change!
        join_request_user_ids.delete(user_id)
-        self.is_dirty
        if save
          # user_id is not part of the list, so should be broadcasted separately
          broadcast_user user_id, 'join_request_rejected', id: "jr-#{user_id}"
@@ -13,6 +13,7 @@ class SectionArea

  view :by_supplier_id, key: :supplier_id
  view :by_section_id, key: :section_id
+  view :by_supplier_id_and_id, key: [:supplier_id, :_id]

  def self.for_supplier(supplier)
    find_all_by_supplier_id(supplier.id)
@@ -11,6 +11,7 @@ class SectionElement

  view :by_supplier_id, key: :supplier_id
  view :by_section_id, key: :section_id
+  view :by_supplier_id_and_id, key: [:supplier_id, :_id]

  def self.for_supplier(supplier)
    find_all_by_supplier_id(supplier.id)
@@ -2,6 +2,16 @@ class Supplier
  include SimplyStored::Couch
  include ActiveModel::SerializerSupport
  include Supplier::Counters
+  PRELOAD_INCLUDES = %w[
+    sections
+    sections.tables
+    sections.section_areas
+    sections.section_elements
+    product_categories
+    product_categories.products
+    product_categories.products.product_variants
+  ]
+

  #devise :database_authenticatable, :recoverable, :rememberable, :trackable, :registerable, :confirmable

@@ -0,0 +1,52 @@
+# Transform a nested tructure indicated by dots to a structure as used by the ActiveRecord includes statement
+#   - dslams
+#   - ppls.distribution_cables
+# =>
+#   [:dslams, {ppls: :distribution_cables}]
+class FlatKeys
+  class << self
+
+    def as_nested_structure(ary)
+      return ary unless ary.first.is_a?(String)
+      nested_keys, flat_keys = ary.partition{|spec| spec['.']}
+      result = flat_keys.map(&:to_sym)
+      if nested_keys.any?
+        obj = {}
+        nested_keys.map{ |key| key.split('.').map(&:to_sym) }.each do |parts|
+          traverse_nest_structure(parts, obj)
+        end
+        result -= obj.keys
+        result.push obj
+      end
+      result
+    end
+
+    def traverse_nest_structure(parts, obj)
+      key = parts.shift
+      if parts.size == 1
+        case obj[key]
+        when nil then obj[key] = parts[0]
+        when Array then obj[key] |= [parts[0]]
+        when Hash
+          raise "Colliding keys for nesting of #{key} -> #{parts[0]}" unless obj[key].has_key?(parts[0])
+        else # expect symbol
+          obj[key] = Array.wrap(obj[key]).push parts[0] unless obj[key] == parts[0] # no duplicate
+        end
+      else # parts.size > 2
+        case obj[key]
+        when nil
+          obj[key] = {}
+          traverse_nest_structure(parts, obj[key])
+        when Array
+          raise "Cannot traverse #{key} -> #{parts.join('.')} because existing array value #{obj[key].inspect}"
+        when Hash
+          traverse_nest_structure(parts, obj[key])
+        else # expect symbol
+          raise "Cannot add deeper nesting for endpoing with different name #{key} -> #{obj[key]} => #{parts.join('.')}" unless obj[key] = parts[0] # same name, allows deeper nesting
+          obj[key] = {obj[key] => nil} # prepare for nesting
+          traverse_nest_structure(parts, obj[key])
+        end
+      end
+    end
+  end
+end
@@ -112,7 +112,7 @@ class SupplierEmployeesSettings
    end

    def persist!
-      all_employees_settings.supplier.is_dirty
+      all_employees_settings.supplier.employee_settings_storage_will_change!
      all_employees_settings.supplier.save
    end

@@ -1,7 +1,7 @@
 - if @tables.any?
  ul#qr-list
    - for table in @tables
-      li= image_tag(url_for(table_qr_image_path(table_id: table.id, format: :svg)))
+      li= image_tag(url_for(table_qr_image_path(table_id: table.id, format: params[:image_type] || 'svg')))
 - else
  h3= t('supplier.table.add_tables_first.title')
  p= t('supplier.table.add_tables_first.body')