Refactor for authorization sanity
This commit is contained in:
@@ -27,7 +27,7 @@ class DashboardController < ApplicationController
|
||||
if Rails.env.test?
|
||||
@tables = Table.all
|
||||
else
|
||||
@tables = (current_supplier || Supplier.first).tables.sample(5) | List.active.map(&:table) | Supplier.find_by_email('supplier2@mozo.bar').tables.sample(3)
|
||||
@tables = (Supplier.last || Supplier.first).tables.sample(5) | List.active.map(&:table) | Supplier.find_by_email('supplier2@mozo.bar').tables.sample(3)
|
||||
end
|
||||
respond_to do |format|
|
||||
format.html { render layout: 'phone' }
|
||||
|
||||
@@ -1,7 +1,4 @@
|
||||
class SupplierController < Suppliers::ApplicationController
|
||||
before_filter :setup_employee_and_supplier!
|
||||
layout 'supplier/app'
|
||||
|
||||
def home
|
||||
end
|
||||
|
||||
@@ -38,11 +35,11 @@ class SupplierController < Suppliers::ApplicationController
|
||||
|
||||
def mark_as_open
|
||||
current_supplier.mark_as_open!
|
||||
redirect_to :back
|
||||
head :ok
|
||||
end
|
||||
def mark_as_closed
|
||||
current_supplier.mark_as_closed!
|
||||
redirect_to :back
|
||||
head :ok
|
||||
end
|
||||
# GET /suppliers/1/active_orders
|
||||
# GET /suppliers/1/active_orders.json
|
||||
@@ -97,20 +94,6 @@ class SupplierController < Suppliers::ApplicationController
|
||||
end
|
||||
end
|
||||
|
||||
# POST /supplier/close_list
|
||||
def close_list
|
||||
@list = List.find_by_supplier_id_and_id(current_supplier.id, params[:list_id])
|
||||
@list.close!
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
# POST /supplier/mark_list_as_helped
|
||||
def mark_list_as_helped
|
||||
@list = List.find_by_supplier_id_and_id(current_supplier.id, params[:list_id])
|
||||
@list.is_helped!
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
#POST /supplier/remove_list_needs_payment
|
||||
def remove_list_needs_payment
|
||||
@list = List.find_by_supplier_id_and_id(current_supplier.id, params[:list_id])
|
||||
@@ -118,20 +101,6 @@ class SupplierController < Suppliers::ApplicationController
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
# POST /orders/1/is_being_processed
|
||||
def mark_order_in_process
|
||||
@order = Order.find_by_supplier_id_and_id!(current_supplier.id, params[:order_id])
|
||||
@order.is_being_processed!
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
# POST /orders/1/is_delivered
|
||||
def order_is_delivered
|
||||
@order = Order.find_by_supplier_id_and_id(current_supplier.id, params[:order_id])
|
||||
@order.is_delivered!
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def supplier_params
|
||||
|
||||
@@ -2,23 +2,26 @@ module Suppliers
|
||||
class ApplicationController < ::ApplicationController
|
||||
before_action :setup_employee_and_supplier!
|
||||
load_and_authorize_resource
|
||||
attr_reader :current_supplier, :employee_settings
|
||||
helper_method :current_supplier, :employee_settings
|
||||
attr_reader :current_supplier
|
||||
helper_method :current_supplier
|
||||
layout 'supplier/app'
|
||||
|
||||
rescue_from 'RestClient::Conflict' do |e|
|
||||
#binding.pry
|
||||
end
|
||||
rescue_from CanCan::AccessDenied do |exception|
|
||||
render json: {}, status: :forbidden
|
||||
respond_to do |format|
|
||||
format.html { redirect_to root_path, alert: 'Action forbidden'}
|
||||
format.json { render json: {}, status: :forbidden }
|
||||
end
|
||||
end
|
||||
|
||||
def setup_employee_and_supplier!
|
||||
authenticate_employee!
|
||||
find_current_supplier!
|
||||
return unless current_supplier.present?
|
||||
@employee_settings = current_supplier.employee_settings.for_employee( current_employee )
|
||||
@current_ability = ::Ability.new(@employee_settings)
|
||||
current_employee.enrich_with_settings current_supplier.settings_for(current_employee)
|
||||
@current_ability = ::Ability.new( current_employee )
|
||||
end
|
||||
|
||||
|
||||
|
||||
@@ -142,6 +142,19 @@ module Suppliers
|
||||
format.json { head :no_content }
|
||||
end
|
||||
end
|
||||
# POST /supplier/lists/1/close
|
||||
def close
|
||||
@list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
|
||||
@list.close!
|
||||
head :ok
|
||||
end
|
||||
|
||||
# POST /supplier/lists/1/mark_helped
|
||||
def mark_helped
|
||||
@list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
|
||||
@list.mark_helped!
|
||||
head :ok
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
|
||||
@@ -27,5 +27,19 @@ module Suppliers
|
||||
format.json { render json: @order }
|
||||
end
|
||||
end
|
||||
# POST /orders/1/mark_in_process
|
||||
def mark_in_process
|
||||
@order = Order.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
@order.is_being_processed!
|
||||
head :ok
|
||||
end
|
||||
|
||||
# POST /orders/1/is_delivered
|
||||
def mark_delivered
|
||||
@order = Order.find_by_supplier_id_and_id(current_supplier.id, params[:id])
|
||||
@order.is_delivered!
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user