From 729f8a935acf24fd4b79c15f893976af55f6f996 Mon Sep 17 00:00:00 2001
From: Benjamin ter Kuile <bterkuile@gmail.com>
Date: Thu, 30 Aug 2012 11:35:07 +0200
Subject: [PATCH] add security

---
 app/controllers/orders_controller.rb | 1 +
 config/routes.rb                     | 4 ++--
 stories                              | 4 ++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/controllers/orders_controller.rb b/app/controllers/orders_controller.rb
index 0132515c..18d82b5d 100644
--- a/app/controllers/orders_controller.rb
+++ b/app/controllers/orders_controller.rb
@@ -86,5 +86,6 @@ class OrdersController < ApplicationController
 
   def set_relation_options
     @lists = List.all
+    @suppliers = Supplier.all
   end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 7bb7c797..b200c8de 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,7 +3,7 @@ Qrammer::Application.routes.draw do
   devise_for :suppliers
   devise_for :administrators
 
-  #authenticate :administrator do
+  authenticate :administrator do
     resources :users
     resources :tables
     resources :orders do
@@ -16,7 +16,7 @@ Qrammer::Application.routes.draw do
     resources :lists
     resources :products
     resources :product_categories
-  #end
+  end
 
   get '/supplier' => 'supplier#home', as: :supplier_root
   get '/supplier/active_orders' => 'supplier#active_orders', as: :supplier_active_orders
diff --git a/stories b/stories
index 80f2bfbc..163afae5 100644
--- a/stories
+++ b/stories
@@ -33,6 +33,10 @@ Alleen restaurant kan rekening afsluiten, als dit nog niet is gebeurd voor een t
 
 Eén lijst tegelijk actief? (wel handig en duidelijk!!!)
 
+/user/list_products_for_table
+  if occupied
+    keep checking if table is available, add order options if it is
+
 
 Sales arguments:
 - Safer because of personalized ordering, less incentive to leave without payment