End of day commit

app/controllers/admin/employees_controller.rb

@@ -0,0 +1,106 @@
+module Admin
+  class EmployeesController < Admin::ApplicationController
+    before_filter :set_relation_options, only: [:new, :edit, :create, :update]
+    skip_before_filter :authenticate_administrator!, only: :test_login
+    skip_before_filter :set_locale, only: :test_login
+    # GET /employees
+    # GET /employees.json
+    def index
+      @employees = Employee.all
+
+      respond_to do |format|
+        format.html # index.html.erb
+        format.json { render json: @employees }
+      end
+    end
+
+    def test_login
+      if Rails.env.test? and employee = Employee.find_by_email(params[:email])
+        sign_in employee
+      end
+      render nothing: true
+    end
+
+    # GET /employees/1
+    # GET /employees/1.json
+    def show
+      @employee = Employee.find(params[:id])
+
+      respond_to do |format|
+        format.html # show.html.erb
+        format.json { render json: @employee }
+      end
+    end
+
+    # GET /employees/new
+    # GET /employees/new.json
+    def new
+      @employee = Employee.new
+
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @employee }
+      end
+    end
+
+    # GET /employees/1/edit
+    def edit
+      @employee = Employee.find(params[:id])
+    end
+
+    # POST /employees
+    # POST /employees.json
+    def create
+      @employee = Employee.new(employee_params)
+
+      respond_to do |format|
+        if @employee.save
+          format.html { redirect_to [:admin, @employee], notice: t('action.create.successfull', model: Employee.model_name.human) }
+          format.json { render json: @employee, status: :created, location: @employee }
+        else
+          format.html { render action: "new" }
+          format.json { render json: @employee.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # PUT /employees/1
+    # PUT /employees/1.json
+    def update
+      @employee = Employee.find(params[:id])
+
+      respond_to do |format|
+        if @employee.update_attributes(employee_params)
+          format.html { redirect_to [:admin, @employee], notice: t('action.update.successfull', model: Employee.model_name.human) }
+          format.json { head :no_content }
+        else
+          format.html { render action: "edit" }
+          format.json { render json: @employee.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /employees/1
+    # DELETE /employees/1.json
+    def destroy
+      @employee = Employee.find(params[:id])
+      @employee.destroy
+
+      respond_to do |format|
+        format.html { redirect_to admin_employees_path, notice: t('action.destroy.successfull', model: Employee.model_name.human) }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+
+    def set_relation_options
+      @employees = Employee.all
+      @lists = List.all
+    end
+
+    def employee_params
+      params.require(:employee).permit!
+    end
+  end
+end

app/controllers/admin/suppliers_controller.rb

@@ -2,7 +2,6 @@ module Admin
   class SuppliersController < Admin::ApplicationController
     before_filter :set_relation_options, only: [:new, :edit, :create, :update]
     skip_before_filter :authenticate_administrator!, only: :test_login
-    skip_before_filter :set_locale, only: :test_login
     # GET /suppliers
     # GET /suppliers.json
     def index
@@ -14,13 +13,6 @@ module Admin
       end
     end
 
-    def test_login
-      if Rails.env.test? and supplier = Supplier.find_by_email(params[:email])
-        sign_in supplier
-      end
-      render nothing: true
-    end
-
     # GET /suppliers/1
     # GET /suppliers/1.json
     def show

app/controllers/new_suppliers_controller.rb

@@ -0,0 +1,22 @@
+class NewSuppliersController < ApplicationController
+  def index
+    new
+    render 'new'
+  end
+
+  def new
+    @new_supplier = NewSupplier.new
+    @new_supplier.current_employee = current_employee
+  end
+
+  def create
+    @new_supplier = NewSupplier.new(params[:new_supplier])
+    @new_supplier.current_employee = current_employee
+
+    if @new_supplier.save
+      redirect_to supplier_root_path
+    else
+      render 'new'
+    end
+  end
+end

app/controllers/supplier_controller.rb

@@ -1,5 +1,5 @@
-class SupplierController < ApplicationController
-  before_filter :authenticate_supplier!
+class SupplierController < Suppliers::ApplicationController
+  before_filter :setup_employee_and_supplier!
   layout 'supplier/app'
 
   def home
@@ -14,7 +14,8 @@ class SupplierController < ApplicationController
   end
 
   def current
-    render json: SupplierSupplierSerializer.new(current_supplier).as_json
+    [current_supplier].include_relations(sections: :tables, product_categories: :products)
+    render json: Suppliers::SupplierSerializer.new(current_supplier).as_json
   end
 
   # POST /supplier/settings
@@ -30,7 +31,7 @@ class SupplierController < ApplicationController
       end
       format.json do
         current_supplier.update_attributes(supplier_params)
-        render json: SupplierSupplierSerializer.new(current_supplier).as_json
+        render json: Suppliers::SupplierSerializer.new(current_supplier).as_json
       end
     end
   end

app/controllers/suppliers/application_controller.rb

@@ -1,11 +1,40 @@
 module Suppliers
   class ApplicationController < ::ApplicationController
-    before_filter :authenticate_supplier!
+    before_action :setup_employee_and_supplier!
+    load_and_authorize_resource
+    attr_reader :current_supplier, :employee_settings
+    helper_method :current_supplier, :employee_settings
     layout 'supplier/app'
 
     rescue_from 'RestClient::Conflict' do |e|
       #binding.pry
     end
+    rescue_from CanCan::AccessDenied do |exception|
+      render json: {}, status: :forbidden
+    end
 
+    def setup_employee_and_supplier!
+      authenticate_employee!
+      find_current_supplier!
+      return unless current_supplier.present?
+      @employee_settings = current_supplier.employee_settings.for_employee( current_employee )
+      @current_ability = ::Ability.new(@employee_settings)
+    end
+
+
+    def find_current_supplier!
+      return current_supplier if current_supplier.present?
+      if session[:supplier_id]
+        supplier = Supplier.find(session[:supplier_id])
+        if supplier.employee_ids.include?(current_employee.id)
+          @current_supplier = supplier
+        else
+          render nothing: true, status: :unauthorized
+        end
+      else
+        @current_supplier = current_employee.suppliers.first
+        session[:supplier_id] = @current_supplier.try(:id)
+      end
+    end
   end
 end

app/controllers/suppliers/employees_controller.rb

@@ -19,14 +19,12 @@ module Suppliers
     # POST /employees.json
     def create
       @employee = Employee.new(employee_params)
-      @employee.supplier = current_supplier
 
-      respond_to do |format|
-        if @employee.save
-          render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
-        else
-          render json: {errors: @employee.errors}, status: :unprocessable_entity
-        end
+      if @employee.save
+        current_supplier.add_employee @employee
+        render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
+      else
+        render json: {errors: @employee.errors}, status: :unprocessable_entity
       end
     end
 

app/controllers/suppliers/sections_controller.rb

@@ -17,7 +17,7 @@ module Suppliers
       #     end
       #   end
       # end
-      render json: @sections, each_serializer: SupplierExtendedSectionSerializer
+      render json: @sections, each_serializer: Suppliers::ExtendedSectionSerializer
     end
 
     # GET /sections/1