Move supplier full pull to being an api for the ember app and handle login and authorization a little bit better (should be even a lot better in the future)

app/controllers/supplier_controller.rb

@@ -1,5 +1,11 @@
 class SupplierController < Suppliers::ApplicationController
   def home
+    if Rails.env.development?
+      binding.pry
+      redirecto_to "http://localhost:4202/supplier#{params[:other]}"
+    else
+      render html: File.read(Rails.root.join('public/supplier/index.html'))
+    end
   end
 =begin
   # GET /suppliers/1/active_orders

app/controllers/suppliers/application_controller.rb

@@ -2,9 +2,6 @@ module Suppliers
   class ApplicationController < ::ApplicationController
     before_action :setup_employee_and_supplier!
     #load_and_authorize_resource
-    if Rails.env.development?
-      skip_before_action :setup_employee_and_supplier!, only: :employee_and_supplier
-    end
     attr_reader :current_supplier
     helper_method :current_supplier
     layout 'supplier/app'
@@ -22,25 +19,21 @@ module Suppliers
     # GET
     #NOTE: temporary solution for development, if I am in production something is wrong
     def employee_and_supplier
-      employee = current_employee || Employee.find_by_email('bterkuile@gmail.com')
-      raise CanCan::AccessDenied unless employee.present?
-      supplier = current_supplier || employee.suppliers.first
-      employee.enrich_with_settings supplier.settings_for(employee)
+      # database optimization, preloading
       FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
-        relation_result = supplier.public_send(relation_name)
+        relation_result = current_supplier.public_send(relation_name)
         relation_result.include_relations(includes) if relation_result.is_a?(Array)
       end
       render json: {
-        employee: JSONAPI::Serializer.serialize(employee, serializer: Suppliers::EmployeeSerializer),
-        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
-        auth_token: employee.authentication_token,
+        employee: JSONAPI::Serializer.serialize(current_employee, serializer: Suppliers::EmployeeSerializer),
+        supplier: JSONAPI::Serializer.serialize(current_supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
       }
     end
 
     def setup_employee_and_supplier!
       authenticate_employee!
       find_current_supplier!
-      return unless current_supplier.present?
+      raise CanCan::AccessDenied unless current_supplier.present?
       current_employee.enrich_with_settings current_supplier.settings_for(current_employee)
       raise CanCan::AccessDenied unless current_employee.active?
       @current_ability = Suppliers::Ability.new( current_employee )
@@ -55,7 +48,7 @@ module Suppliers
         if supplier.employee_ids.include?(current_employee.id)
           @current_supplier = supplier
         else
-          render nothing: true, status: :unauthorized
+          session[:supplier_id] = nil
         end
       else
         @current_supplier = current_employee.suppliers.first

app/controllers/suppliers/employee_shifts_controller.rb

@@ -25,6 +25,7 @@ module Suppliers
     end
 
     def destroy
+      @employee_shift = EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
       head :forbidden and return unless @employee_shift.supplier_id == current_supplier.id
       @employee_shift= EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
       @employee_shift.destroy
@@ -34,7 +35,13 @@ module Suppliers
     private
 
     def employee_shift_params
-      params.require(:employee_shift).permit(:start_from, :end_on, :employee_id, :description)
+      permitted_attributes = [:start_from, :end_on, :employee_id, :description, :full_day]
+      # do not raise in development and test for json communication
+      result = if request.format.json?
+        params.require(:employee_shift).slice(*permitted_attributes).permit!
+      else
+        params.require(:employee_shift).permit permitted_attributes
+      end
     end
   end
 end

app/controllers/suppliers/employees_controller.rb

@@ -11,6 +11,11 @@ module Suppliers
       render json: @employees
     end
 
+    def suppliers
+      @suppliers = current_employee.suppliers
+      render json: @suppliers, serializer: Suppliers::SupplierSerializer, is_collection: true
+    end
+
     # GET /employees/1
     # GET /employees/1.json
     def show

app/controllers/suppliers/sessions_controller.rb

@@ -1,6 +1,15 @@
 class Suppliers::SessionsController < Devise::SessionsController
   respond_to :json
 
+  def create
+    # taken from super except the respond_with
+    self.resource = warden.authenticate!(auth_options)
+    set_flash_message!(:notice, :signed_in)
+    sign_in(resource_name, resource)
+    yield resource if block_given?
+    render json: {employee_id: current_employee.id, auth_token: current_employee.authentication_token}
+  end
+
   def destroy
     session[:supplier_id] = nil
     super

app/controllers/suppliers/suppliers_controller.rb

@@ -32,7 +32,7 @@ module Suppliers
     def switch_to
       @switch_supplier = Supplier.find(params[:id])
       session[:supplier_id] = params[:id] if @switch_supplier.employee_ids.include? current_employee.id
-      redirect_to supplier_root_path(anchor: '/my-account')
+      redirect_to supplier_root_path(other: '/my-account')
     end
 
     def mark_as_open

app/models/employee_shift.rb

@@ -5,6 +5,7 @@ class EmployeeShift
   property :start_from
   property :end_on
   property :description
+  property :full_day, type: :boolean, default: false
 
   belongs_to :supplier
   belongs_to :employee
@@ -12,6 +13,7 @@ class EmployeeShift
   validates :start_from, presence: true
   validates :end_on, presence: true
 
+  view :by_supplier_id_and_id, key: [:supplier_id, :_id] # supplier safe find
   view :for_supplier_view, type: :custom, map_function: %|function(doc){
     if(doc.ruby_class == 'EmployeeShift' && doc.start_from && doc.end_on){
       emit([doc.supplier_id, doc.end_on], 1)

app/serializers/employees/employee_shift_serializer.rb

@@ -1,6 +1,6 @@
 class Employees::EmployeeShiftSerializer
   include Qwaiter::EmployeeBaseSerializer
-  attributes :start_from, :end_on, :description
+  attributes :start_from, :end_on, :description, :full_day
   has_one :supplier, serializer: Employees::SupplierSerializer
   has_one :employee, serializer: Employees::EmployeeSerializer
 end

app/serializers/suppliers/employee_serializer.rb

@@ -1,4 +1,7 @@
 class Suppliers::EmployeeSerializer
   include Qwaiter::SupplierBaseSerializer
   attributes :name, :email, :manager, :active, :color
+  has_many :suppliers, serializer: Suppliers::SupplierSerializer
+
+  related_link_for :suppliers
 end

app/serializers/suppliers/employee_shift_serializer.rb

@@ -1,6 +1,6 @@
 class Suppliers::EmployeeShiftSerializer
   include Qwaiter::SupplierBaseSerializer
-  attributes :start_from, :end_on
+  attributes :start_from, :end_on, :description, :full_day
   has_one :supplier, serializer: Suppliers::SupplierSerializer
   has_one :employee, serializer: Suppliers::EmployeeSerializer
 end