Move supplier full pull to being an api for the ember app and handle login and authorization a little bit better (should be even a lot better in the future)

app/controllers/suppliers/application_controller.rb

@@ -2,9 +2,6 @@ module Suppliers
   class ApplicationController < ::ApplicationController
     before_action :setup_employee_and_supplier!
     #load_and_authorize_resource
-    if Rails.env.development?
-      skip_before_action :setup_employee_and_supplier!, only: :employee_and_supplier
-    end
     attr_reader :current_supplier
     helper_method :current_supplier
     layout 'supplier/app'
@@ -22,25 +19,21 @@ module Suppliers
     # GET
     #NOTE: temporary solution for development, if I am in production something is wrong
     def employee_and_supplier
-      employee = current_employee || Employee.find_by_email('bterkuile@gmail.com')
-      raise CanCan::AccessDenied unless employee.present?
-      supplier = current_supplier || employee.suppliers.first
-      employee.enrich_with_settings supplier.settings_for(employee)
+      # database optimization, preloading
       FlatKeys.as_nested_structure(Supplier::PRELOAD_INCLUDES).last.each do |relation_name, includes|
-        relation_result = supplier.public_send(relation_name)
+        relation_result = current_supplier.public_send(relation_name)
         relation_result.include_relations(includes) if relation_result.is_a?(Array)
       end
       render json: {
-        employee: JSONAPI::Serializer.serialize(employee, serializer: Suppliers::EmployeeSerializer),
-        supplier: JSONAPI::Serializer.serialize(supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
-        auth_token: employee.authentication_token,
+        employee: JSONAPI::Serializer.serialize(current_employee, serializer: Suppliers::EmployeeSerializer),
+        supplier: JSONAPI::Serializer.serialize(current_supplier, serializer: Suppliers::SupplierSerializer, include: Supplier::PRELOAD_INCLUDES),
       }
     end
 
     def setup_employee_and_supplier!
       authenticate_employee!
       find_current_supplier!
-      return unless current_supplier.present?
+      raise CanCan::AccessDenied unless current_supplier.present?
       current_employee.enrich_with_settings current_supplier.settings_for(current_employee)
       raise CanCan::AccessDenied unless current_employee.active?
       @current_ability = Suppliers::Ability.new( current_employee )
@@ -55,7 +48,7 @@ module Suppliers
         if supplier.employee_ids.include?(current_employee.id)
           @current_supplier = supplier
         else
-          render nothing: true, status: :unauthorized
+          session[:supplier_id] = nil
         end
       else
         @current_supplier = current_employee.suppliers.first