add suppliers/lists ui styling and security fixes

app/controllers/suppliers/lists_controller.rb

@@ -0,0 +1,83 @@
+module Suppliers
+  class ListsController < Suppliers::ApplicationController
+    # GET /lists
+    # GET /lists.json
+    def index
+      @date = params[:date].present? ? (Date.parse(params[:date]) rescue Date.today) : Date.today
+      @time = @date.to_time(:utc)
+      @start_time = @time.beginning_of_day
+      @end_time = @time.end_of_day
+      if current_supplier.night_offset.present?
+        @start_time += current_supplier.night_offset.to_f.hours
+        @end_time += current_supplier.night_offset.to_f.hours
+      end
+      @lists  = List.for_user_created_at current_user, @start_time..@end_time
+
+      respond_to do |format|
+        format.html # index.html.erb
+        format.json { render json: @lists }
+      end
+    end
+
+    # GET /lists/1
+    # GET /lists/1.json
+    def show
+      @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
+      respond_to do |format|
+        format.html {}
+        format.json do
+          render json: @list.with_orders_as_json
+        end
+      end
+    end
+
+    # GET /lists/new
+    # GET /lists/new.json
+    def new
+      @list = List.new
+      @list.section_id = params[:section_id].presence
+
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @list }
+      end
+    end
+
+    # GET /lists/1/edit
+    def edit
+      @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
+      @tables = current_supplier.active_tables
+    end
+
+    # PUT /lists/1
+    # PUT /lists/1.json
+    def update
+      @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
+
+      respond_to do |format|
+        if @list.update_attributes(params[:list])
+          format.html { redirect_to [:suppliers, @list], notice: t('action.update.successfull', model: List.model_name.human) }
+          format.json { head :no_content }
+          format.js { head :no_content }
+        else
+          @tables = current_supplier.active_tables
+          format.html { render action: "edit" }
+          format.json { render json: @list.errors, status: :unprocessable_entity }
+          format.js { head :no_content }
+        end
+      end
+    end
+
+    # DELETE /lists/1
+    # DELETE /lists/1.json
+    def destroy
+      @list = List.find_by_supplier_id_and_id(current_supplier.id, params[:id])
+      @list.destroy
+
+      respond_to do |format|
+        format.html { redirect_to suppliers_lists_url, notice: t('action.destroy.successfull', model: List.model_name.human) }
+        format.json { head :no_content }
+      end
+    end
+  end
+end