Move supplier full pull to being an api for the ember app and handle login and authorization a little bit better (should be even a lot better in the future)

app/controllers/suppliers/employee_shifts_controller.rb

@@ -25,6 +25,7 @@ module Suppliers
     end
 
     def destroy
+      @employee_shift = EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
       head :forbidden and return unless @employee_shift.supplier_id == current_supplier.id
       @employee_shift= EmployeeShift.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
       @employee_shift.destroy
@@ -34,7 +35,13 @@ module Suppliers
     private
 
     def employee_shift_params
-      params.require(:employee_shift).permit(:start_from, :end_on, :employee_id, :description)
+      permitted_attributes = [:start_from, :end_on, :employee_id, :description, :full_day]
+      # do not raise in development and test for json communication
+      result = if request.format.json?
+        params.require(:employee_shift).slice(*permitted_attributes).permit!
+      else
+        params.require(:employee_shift).permit permitted_attributes
+      end
     end
   end
 end