End of day commit

app/controllers/suppliers/application_controller.rb

@@ -1,11 +1,40 @@
 module Suppliers
   class ApplicationController < ::ApplicationController
-    before_filter :authenticate_supplier!
+    before_action :setup_employee_and_supplier!
+    load_and_authorize_resource
+    attr_reader :current_supplier, :employee_settings
+    helper_method :current_supplier, :employee_settings
     layout 'supplier/app'
 
     rescue_from 'RestClient::Conflict' do |e|
       #binding.pry
     end
+    rescue_from CanCan::AccessDenied do |exception|
+      render json: {}, status: :forbidden
+    end
 
+    def setup_employee_and_supplier!
+      authenticate_employee!
+      find_current_supplier!
+      return unless current_supplier.present?
+      @employee_settings = current_supplier.employee_settings.for_employee( current_employee )
+      @current_ability = ::Ability.new(@employee_settings)
+    end
+
+
+    def find_current_supplier!
+      return current_supplier if current_supplier.present?
+      if session[:supplier_id]
+        supplier = Supplier.find(session[:supplier_id])
+        if supplier.employee_ids.include?(current_employee.id)
+          @current_supplier = supplier
+        else
+          render nothing: true, status: :unauthorized
+        end
+      else
+        @current_supplier = current_employee.suppliers.first
+        session[:supplier_id] = @current_supplier.try(:id)
+      end
+    end
   end
 end