supplier client sections working with problematic authentication still active

2020-02-27 15:44:43 -05:00
parent 9e86b18c3e
commit 2149345d3d
33 changed files with 456 additions and 281 deletions
@@ -18,7 +18,7 @@ private
  def authenticate_employee!
    if auth_token = params[:auth_token].presence
      raise CanCan::AccessDenied unless employee = Employee.find_by_authentication_token(auth_token)
-      sign_in employee
+      bypass_sign_in employee
    else
      super
    end
@@ -49,18 +49,23 @@ class DashboardController < ApplicationController
    code = "q.mozo.bar/s?t=#{@table.id}"
    size = RQRCode.minimum_qr_size_from_string(code)
    respond_to do |format|
-      format.html
-      format.svg { render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true }
+      format.html {
+        render text: "Pending table_qr_image"
+      }
+      format.svg {
+        render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true
+      }
      format.png do
-        #render qrcode: code, level: :l, table_number: @table.number, qcontainer: true
-        size = RQRCode.minimum_qr_size_from_string(code)
-        level = :l
-        qrcode = RQRCode::QRCode.new(code, size: size, level: level)
-        svg    = RQRCode::Renderers::SVG::render(qrcode)
-        svg_file = Tempfile.new(['table_qr', '.svg']){|f| f.puts svg}
-        png_target = svg_file.path.sub /svg$/, 'png'
+        render qrcode: code, level: :l, unit: 10, table_number: @table.number, qcontainer: true
+        ##render qrcode: code, level: :l, table_number: @table.number, qcontainer: true
+        #size = RQRCode.minimum_qr_size_from_string(code)
+        #level = :l
+        #qrcode = RQRCode::QRCode.new(code, size: size, level: level)
+        #svg    = RQRCode::Renderers::SVG::render(qrcode)
+        #svg_file = Tempfile.new(['table_qr', '.svg']){|f| f.puts svg}
+        #png_target = svg_file.path.sub /svg$/, 'png'

-        render nothing: true
+        #render nothing: true
      end
    end
  end
@@ -15,17 +15,24 @@ module Suppliers
    rescue_from CanCan::AccessDenied do |exception|
      respond_to do |format|
        format.html { redirect_to root_path, alert: 'Action forbidden'}
-        format.json { render json: {errors: "403 Forbidden"}, status: :forbidden }
+        format.json { render json: {errors: "403 Forbidden", ok: false}, status: :forbidden }
      end
    end

    # GET
+    #NOTE: temporary solution for development, if I am in production something is wrong
    def employee_and_supplier
      employee = current_employee || Employee.find_by_email('bterkuile@gmail.com')
+      raise CanCan::AccessDenied unless employee.present?
      supplier = current_supplier || employee.suppliers.first
+      employee.enrich_with_settings supplier.settings_for(employee)
+      FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
+        relation_result = supplier.public_send(relation_name)
+        relation_result.include_relations(includes) if relation_result.is_a?(Array)
+      end
      render json: {
        employee: JSONAPI::Serializer.serialize(employee, serializer: Suppliers::EmployeeSerializer),
-        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer),
+        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
        auth_token: employee.authentication_token,
      }
    end
@@ -12,18 +12,21 @@ module Suppliers
      render json: @employee_shifts
    end
    def create
+      @employee_shift = EmployeeShift.new(employee_shift_params)
      @employee_shift.supplier = current_supplier
      @employee_shift.save
      render json: @employee_shift
    end

    def update
+      @employee_shift = EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @employee_shift.update employee_shift_params
      render json: @employee_shift
    end

    def destroy
      head :forbidden and return unless @employee_shift.supplier_id == current_supplier.id
+      @employee_shift= EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @employee_shift.destroy
      head :no_content
    end
@@ -43,7 +43,7 @@ module Suppliers
    # GET /product_categories/new
    # GET /product_categories/new.json
    def new
-      @product_category = ProductCategory.new
+      @product_category = ProductCategory.new supplier: current_supplier

      respond_to do |format|
        format.html # new.html.erb
@@ -53,6 +53,7 @@ module Suppliers
    def destroy
      #@product_variant = ProductVariant.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @product_variant = ProductVariant.find(params[:id])
+      head :forbidden and return unless @product_variant.supplier_id == current_supplier.id
      @product_variant.destroy
      head :no_content
    end
@@ -29,7 +29,7 @@ module Suppliers
    # GET /products/new
    # GET /products/new.json
    def new
-      @product = Product.new
+      @product = Product.new supplier: current_supplier
      @product.add_product_category ProductCategory.find_by_supplier_id_and_id!(current_supplier.id, params[:product_category_id]) if params[:product_category_id].present?

      respond_to do |format|
@@ -46,7 +46,7 @@ module Suppliers
    # POST /products
    # POST /products.json
    def create
-      #@product = Product.new(product_params)
+      @product = Product.new(product_params)
      @product.supplier = current_supplier

      respond_to do |format|
@@ -79,7 +79,7 @@ module Suppliers
    # DELETE /products/1
    # DELETE /products/1.json
    def destroy
-      #@product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @product = Product.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @product.destroy
      head :no_content
    end
@@ -6,6 +6,7 @@ module Suppliers
    end

    def create
+      @section_area = SectionArea.new(section_area_params)
      @section_area.supplier = current_supplier
      if @section_area.save
        render json: @section_area
@@ -15,6 +16,7 @@ module Suppliers
    end

    def update
+      @section_area = SectionArea.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      if @section_area.update_attributes section_area_params
        render json: @section_area
      else
@@ -23,6 +25,7 @@ module Suppliers
    end

    def destroy
+      @section_area= SectionArea.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @section_area.destroy
      head :no_content
    end
@@ -6,6 +6,7 @@ module Suppliers
    end

    def create
+      @section_element = SectionElement.new(section_element_params)
      @section_element.supplier = current_supplier
      if @section_element.save
        render json: @section_element
@@ -15,6 +16,7 @@ module Suppliers
    end

    def update
+      @section_element = SectionElement.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      if @section_element.update_attributes section_element_params
        render json: @section_element
      else
@@ -23,6 +25,7 @@ module Suppliers
    end

    def destroy
+      @section_element= SectionElement.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
      @section_element.destroy
      head :no_content
    end
@@ -31,8 +31,7 @@ module Suppliers
    # GET /sections/new
    # GET /sections/new.json
    def new
-      @section = Section.new
-      @section.supplier = current_supplier
+      @section = Section.new supplier: current_supplier
      render json: @section
    end

@@ -6,7 +6,11 @@ module Suppliers
    end

    def show
-      current_supplier.sections.include_relations(:tables, :section_areas, :section_elements, product_categories: {products: :product_variants})
+      #current_supplier.sections.include_relations(:tables, :section_areas, :section_elements, product_categories: {products: :product_variants})
+      FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
+        relation_result = current_supplier.public_send(relation_name)
+        relation_result.include_relations(includes) if relation_result.is_a?(Array)
+      end
      #render json: JSONAPI::Serializer.serialize(current_supplier, serializer: Suppliers::SupplierSerializer, include: %w[
        #sections
        #sections.tables
@@ -16,15 +20,7 @@ module Suppliers
        #product_categories.products
        #product_categories.products.product_variants
      #]) #.new(current_supplier).as_json
-      render json: current_supplier, include: %w[
-        sections
-        sections.tables
-        sections.section_areas
-        sections.section_elements
-        product_categories
-        product_categories.products
-        product_categories.products.product_variants
-      ]
+      render json: current_supplier, include: Supplier::PRELOAD_INCLUDES
    end

    def update
@@ -12,7 +12,7 @@ module Suppliers
    # GET /tables/1
    # GET /tables/1.json
    def show
-      @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @table = Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])

      render json: @table
    end
@@ -20,7 +20,7 @@ module Suppliers
    # GET /tables/new
    # GET /tables/new.json
    def new
-      @table = Table.new
+      @table = Table.new supplier: current_supplier
      @table.section_id = params[:section_id].presence

      render json: @table
@@ -47,7 +47,7 @@ module Suppliers
    # PUT /supplier/tables/1
    # PUT /supplier/tables/1.json
    def update
-      @table= Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
+      @table = Table.find_by_supplier_id_and_id!(current_supplier.id, params[:id])

      if @table.update_attributes(table_params)
        render json: @table