End of day commit

2015-02-18 22:36:47 +01:00
parent 82670f271b
commit c1858455e9
68 changed files with 633 additions and 145 deletions
@@ -68,6 +68,9 @@ gem 'kaminari'

 gem 'rqrcode'
 gem 'mini_magick'
+gem 'active_attr'
+gem 'naught'
+gem 'cancancan'

 #gem 'geokit'
 gem 'iso_country_codes'
@@ -78,6 +78,9 @@ GEM
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    active_attr (0.8.5)
+      activemodel (>= 3.0.2, < 5.0)
+      activesupport (>= 3.0.2, < 5.0)
    active_decorator (0.4.0)
    active_model_serializers (0.9.0)
      activemodel (>= 3.2)
@@ -113,6 +116,7 @@ GEM
      sass (~> 3.4)
      thor
    builder (3.2.2)
+    cancancan (1.10.1)
    capistrano (3.3.5)
      capistrano-stats (~> 1.1.0)
      i18n
@@ -270,6 +274,7 @@ GEM
    multi_json (1.10.1)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
+    naught (1.0.0)
    net-scp (1.2.1)
      net-ssh (>= 2.6.5)
    net-ssh (2.9.2)
@@ -449,9 +454,11 @@ PLATFORMS
  ruby

 DEPENDENCIES
+  active_attr
  active_decorator
  active_model_serializers (= 0.9.0)
  bourbon
+  cancancan
  capistrano (~> 3.0)
  capistrano-local-precompile
  capistrano-rails (~> 1.1)
@@ -480,6 +487,7 @@ DEPENDENCIES
  launchy
  letter_opener
  mini_magick
+  naught
  omniauth-facebook
  omniauth-instagram
  paperclip
@@ -17,7 +17,7 @@ App.ApplicationController = Ember.Controller.extend
    # @set 'supplier', @store.find('supplier', supplier_id)
  actions:
    signOut: ->
-      window.location = Routes.destroy_supplier_session_path()
+      window.location = Routes.destroy_employee_session_path()
    markSupplierClosed: ->
      return unless supplier = @get('supplier')
      supplier.close()
@@ -1,14 +1,17 @@
 App.EmployeesIndexController = Ember.ArrayController.extend
+  needs: ['application']
  employees: (-> @get('model').sortBy('name')).property('model.@each.name')
  actions:
    newEmployee: ->
      employee = @store.createRecord('employee')
      @modal 'employee_edit',
        model: employee
+        title_path: 'employee.modal.new_title'
        close: -> employee.deleteRecord()
    editEmployee: (employee)->
      @modal 'employee_edit',
        model: employee
+        title_path: 'employee.modal.edit_title'
        close: -> employee.rollback()
    destroyEmployee: (employee)->
      @modal 'confirm',
@@ -34,3 +34,5 @@ App.modals.AddSectionController = @App.modals.BaseController.extend
        @set 'section_title', ''
        @send 'closeModal'
        @transitionToRoute 'section', s.id
+      , @save_error.bind(@)
+
@@ -19,10 +19,21 @@
    else
      underscored.capitalize().replace(/_/, ' ')
  ).property('model.id')
+  save_error: (error)->
+    switch error.status
+      when 403
+        @set 'alert_message', 'Unauthorized action'
+      else
+        @set 'alert_message', 'Something went wrong'
+  save_success: ->
+    @set 'alert_message', ''
+    @send 'closeModal'
+
  actions:
    close: ->
      if close = @get('modal_options.close')
        close.apply(@)
+      @set 'alert_message', ''
      @send 'closeModal' unless @preventClose
    closeOnOverlay: ->
      @send('close') if @get('modal_options.closeOnOverlay')
@@ -33,12 +44,13 @@
    ok: ->
      if ok = @get('modal_options.ok')
        ok.apply(@)
+      @set 'alert_message', ''
      @send 'closeModal' unless @preventClose
    confirm: -> @send('ok')
    save: ->
      if @get('model.isValid')
-        @get('model').save().then((=> @send 'closeModal' ), (-> true))
-      #@send 'closeModal' unless @preventClose
+        @get('model').save().then @save_success.bind(@), @save_error.bind(@)
+        #@send 'closeModal' unless @preventClose
    destroy: ->
      @modal 'confirm',
        title_path: @get('modal_options.destroy_text_path') || 'general.destroy.text'
@@ -1,4 +1,5 @@
 App.TablesIndexController = Ember.ArrayController.extend
+  needs: ['application']
  tables: (-> @get('model').sortBy('casted_number')).property('model.@each.number')
  actions:
    newTable: ->
@@ -0,0 +1,5 @@
+Ember.Handlebars.registerHelper 'can', (operation, resource, options)->
+  if operation is 'manage' and @get('controllers.application.employee_settings.manager')
+    options.fn @
+  else
+    options.inverse @
@@ -4,5 +4,5 @@ App.Employee= DS.Model.extend Ember.Validations.Mixin,
  email: attr 'string'

  validations:
-    name:
-      presence: true
+    name: {presence: true}
+    email: {format: /.+@.+\..{2,4}/}
@@ -1,5 +1,5 @@
 attr = DS.attr
-App.ProductCategory = DS.Model.extend
+App.ProductCategory = DS.Model.extend Ember.Validations.Mixin,
  name: attr('string')
  products: DS.hasMany('product')
  supplier: DS.belongsTo 'supplier'
@@ -25,3 +25,6 @@ App.ProductCategory = DS.Model.extend
    unless @get('full_day')
      result += "<span class=\"time-range\">#{day_minutes_to_time @get('start_from')} - #{day_minutes_to_time @get('end_on')}</span>"
    new Ember.Handlebars.SafeString result
+
+  validations:
+    name: {presence: true}
@@ -1,7 +1,6 @@
 attr = DS.attr
 App.Supplier = DS.Model.extend
  name: attr 'string'
-  email: attr 'string'
  time_zone: attr 'string'
  address: attr 'string'
  house_number: attr 'number'
@@ -2,18 +2,22 @@ App.ApplicationRoute = Ember.Route.extend
  beforeModel: ->
    # Preload only active lists and orders
    @supplier = @store.push 'supplier', supplier_object
-    @product_categories = @store.find 'product_category'
-    @sections = @store.find 'section'
-    Ember.RSVP.all([@product_categories, @sections]).then (results)=>
-       @store.find('list', state: 'active').then (lists) -> lists.invoke('get', 'table')
-       @lists = @store.all 'list'
+    @employee = @store.push 'employee', employee_object
+    #@product_categories = @store.find 'product_category'
+    #@sections = @store.find 'section'
+    #Ember.RSVP.all([@product_categories, @sections]).then (results)=>
+    @supplier.reload().then =>
+       @store.find('list', state: 'active') #.then (lists) -> lists.invoke('get', 'table')
+       #@lists = @store.all 'list'
    # product_categories = controller.set 'product_categories', @store.all('product_category')
    #@store.find 'order', state: 'active' included in list
  setupController: (controller)->
    controller.set 'supplier', @supplier
+    controller.set 'employee', @employee
+    controller.set 'employee_settings', Ember.Object.create(employee_settings)
    # @set 'supplier', @store.find('supplier', supplier_id)
-    controller.set 'sections', @sections
-    controller.set 'product_categories', @product_categories
+    #controller.set 'sections', @sections
+    #controller.set 'product_categories', @product_categories

    faye = new Faye.Client(event_host)
    faye.subscribe "/supplier/#{supplier_object.id}", (e)=>
@@ -15,7 +15,9 @@
              = employee.email
              = errors employee.errors.email
            td.actions
-              a.table-edit{ action 'editEmployee' employee }: span
-              a.table-destroy{ action 'destroyEmployee' employee }: span
+              can manage sections
+                a.table-edit{ action 'editEmployee' employee }: span
+                a.table-destroy{ action 'destroyEmployee' employee }: span
  .form-actions
-    a.form-action-new.new-employee-button{action "newEmployee"}= t 'employee.new_button'
+    can manage employees
+      a.form-action-new.new-employee-button{action "newEmployee"}= t 'employee.new_button'
@@ -0,0 +1 @@
+span= view.text
@@ -6,13 +6,16 @@
 each product_category in sorted_product_categories
  .row.product_category-container: .small-12.columns
    .product_category-header
-      a.move{action "moveProductCategory" product_category} href="#"
+      can manage menu
+        a.move{action "moveProductCategory" product_category} href="#"
      span.title= product_category.name
      span.availability= product_category.availability_text
-      a.edit-product-category-button{action "editProductCategory" product_category} href="#"
-      a.add-product-product_category-button{action "addProduct" product_category} href="#": span
+      can manage menu
+        a.edit-product-category-button{action "editProductCategory" product_category} href="#"
+        a.add-product-product_category-button{action "addProduct" product_category} href="#": span
    each product in product_category.sorted_products
      = menu-product product=product code_filter=product_code_filter
-.row
-  .small-12.columns
-    a.new-product_category-button{action "newProductCategory"} href="#" = t 'product_category.new_button'
+can manage menu
+  .row
+    .small-12.columns
+      a.new-product_category-button{action "newProductCategory"} href="#" = t 'product_category.new_button'
@@ -1,4 +1,4 @@
-p=t 'employee.edit.modal.body_header'
+p=t 'employee.modal.body_header'
 .form-row.name
  .form-label=t 'attributes.employee.name'
  .form-field
@@ -7,8 +7,9 @@ p=t 'employee.edit.modal.body_header'
 .form-row.name
  .form-label=t 'attributes.employee.email'
  .form-field
-    = input type="email" valueBinding="model.email"
+    = input type="email" valueBinding="model.email" action="save"
    = errors model.errors.email
 hr
-button.modal-close{action "close"}=t 'section.add_employees.modal.close_button'
-button.modal-confirm.right{action "save"}=t 'section.add_employees.modal.add_button'
+button.modal-close{action "close"}=t 'employee.modal.close_button'
+button.modal-confirm.right{action "save"} disabled=model.isInvalid
+  =t 'employee.modal.save_button'
@@ -1,6 +1,6 @@
 .form-row.name
  .form-label.half=t 'attributes.product_category.name'
-  .form-field.half= input valueBinding="model.name"
+  .form-field.half= input valueBinding="model.name" action="save"
 .row
  .small-12.medium-6.columns
    unless model.supplier.week_starts_on_monday
@@ -2,4 +2,5 @@ p=t 'product_category.modal.new.body_header'
 = partial "modals/product_category_form"
 hr
 button.modal-close{action "close"}=t 'product_category.modal.new.close_button'
-button.modal-save.right{action "save"}=t 'product_category.modal.new.save_button'
+button.modal-save.right{action "save"} disabled=model.isInvalid
+  =t 'product_category.modal.new.save_button'
@@ -2,22 +2,24 @@
  = link-to 'sections' class="goto-sections-index-tab-header": span
  each section in sections
    = view "section-tab-header" context=section
-  a.add-section{action "addSection"}: span
-.section-manage-tables.pull-right
-  App.DropdownLink title="Action"
-    ul
-      li: a{action "addTables"}: span.section-add-tables-icon=t 'section.add_tables.button_label'
-      li: a{action "arrangeTables"}: span.section-arrange-tables-icon=t 'section.arrange_tables.modal.title'
-      li: a href="{{route 'qr_codes_suppliers_tables_path' section_id=id}}" target="_blank": span.qr-icon=t 'table.print_qr_codes'
-      li: a.section-destroy{action "destroySection"}: span.section-remove-icon=t 'helpers.links.destroy'
-  if editmode
-    = input type="text" valueBinding="title" class="section-edit-title-field"
-    App.NumberField valueBinding="width" class="dimension section-edit-width-field"
-    span.fa.fa-lg.fa-times
-    App.NumberField valueBinding="height" class="dimension section-edit-height-field"
-    a.section-rollback-button{ action "rollbackEditable" }: span
-    a.section-normal-mode-button{ action "finishEditable" }: span
-  else
-    a.section-edit-mode-button{ action "makeEditable" }: span
+  can manage sections
+    a.add-section{action "addSection"}: span
+can manage sections
+  .section-manage-tables.pull-right
+    App.DropdownLink title="Action"
+      ul
+        li: a{action "addTables"}: span.section-add-tables-icon=t 'section.add_tables.button_label'
+        li: a{action "arrangeTables"}: span.section-arrange-tables-icon=t 'section.arrange_tables.modal.title'
+        li: a href="{{route 'qr_codes_suppliers_tables_path' section_id=id}}" target="_blank": span.qr-icon=t 'table.print_qr_codes'
+        li: a.section-destroy{action "destroySection"}: span.section-remove-icon=t 'helpers.links.destroy'
+    if editmode
+      = input type="text" valueBinding="title" class="section-edit-title-field"
+      App.NumberField valueBinding="width" class="dimension section-edit-width-field"
+      span.fa.fa-lg.fa-times
+      App.NumberField valueBinding="height" class="dimension section-edit-height-field"
+      a.section-rollback-button{ action "rollbackEditable" }: span
+      a.section-normal-mode-button{ action "finishEditable" }: span
+    else
+      a.section-edit-mode-button{ action "makeEditable" }: span
 = view "section-tables" contentBinding="tables"

@@ -36,5 +36,6 @@
  else
    .row: .small-12.columns
      .panel=t 'section.none_found'
-  .form-actions
-    a.form-action-new{action "addSection"}=t 'helpers.links.new'
+  can manage sections
+    .form-actions
+      a.form-action-new{action "addSection"}=t 'helpers.links.new'
@@ -18,10 +18,12 @@
                  = table.section.title
            /td.timestamp=time table.created_at
            td.actions
-              a.table-edit{ action 'editTable' table }: span
-              a.table-destroy{ action 'destroyTable' table }: span
+              can manage tables
+                a.table-edit{ action 'editTable' table }: span
+                a.table-destroy{ action 'destroyTable' table }: span
  .form-actions
-    a.form-action-new.new-table-button{action "newTable"}= t 'table.new_button'
+    can manage tables
+      a.form-action-new.new-table-button{action "newTable"}= t 'table.new_button'
    if tables
      a.table-qr-codes{path qr_codes_suppliers_tables} target="_blank"
        span.qr-icon
@@ -2,7 +2,7 @@ App.BooleanButtonView = Ember.View.extend
  tagName: 'a'
  href: '#'
  classNames: "button"
-  # templateName: "form_elements/boolean_switch"
+  templateName: "form_elements/boolean_button"
  #template: Ember.Handlebars.compile "<span>{{view.text}}</span>"
  classNameBindings: ['rounded:round', 'active:active:disabled']

@@ -1,6 +1,7 @@
 App.ModalView = Ember.View.extend
  layoutName: 'modals/layout'
  didInsertElement: ->
+    @$('input:first').focus()
    sortable = $('.sortable')
    controller = @get('controller')
    if sortable.length
@@ -24,6 +24,7 @@ String.prototype.capitalize = function() { return this.charAt(0).toUpperCase() +
 window.time_zones = <%= ActiveSupport::TimeZone.all.map{|tz| {name: tz.name, formatted: "GMT#{tz.formatted_offset} #{tz.name}"}}.to_json.html_safe %>;
 window.countries = <%= IsoCountryCodes.all.map{|cc| {name: cc.name}}.to_json.html_safe %>;

+
 var path_mapping = {
  user_root: '/user',
  join_occupied_table: '/user/join_occupied_table',
@@ -25,8 +25,10 @@
        +grid-column($columns: 9, $last-column:true)
    &.half
      +grid-column(6)
-    .error, .error-message
+    .error
      color: $alert-color
+  .error-message
+    color: $alert-color
  &.form-actions
    padding-top: 12px
 body
@@ -17,6 +17,8 @@
    &.full
      @media #{$large-up}
        +grid-column($columns: 9, $last-column:true)
+  .error-message
+    color: $alert-color
  &.form-actions
    padding-top: 12px

@@ -0,0 +1,106 @@
+module Admin
+  class EmployeesController < Admin::ApplicationController
+    before_filter :set_relation_options, only: [:new, :edit, :create, :update]
+    skip_before_filter :authenticate_administrator!, only: :test_login
+    skip_before_filter :set_locale, only: :test_login
+    # GET /employees
+    # GET /employees.json
+    def index
+      @employees = Employee.all
+
+      respond_to do |format|
+        format.html # index.html.erb
+        format.json { render json: @employees }
+      end
+    end
+
+    def test_login
+      if Rails.env.test? and employee = Employee.find_by_email(params[:email])
+        sign_in employee
+      end
+      render nothing: true
+    end
+
+    # GET /employees/1
+    # GET /employees/1.json
+    def show
+      @employee = Employee.find(params[:id])
+
+      respond_to do |format|
+        format.html # show.html.erb
+        format.json { render json: @employee }
+      end
+    end
+
+    # GET /employees/new
+    # GET /employees/new.json
+    def new
+      @employee = Employee.new
+
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @employee }
+      end
+    end
+
+    # GET /employees/1/edit
+    def edit
+      @employee = Employee.find(params[:id])
+    end
+
+    # POST /employees
+    # POST /employees.json
+    def create
+      @employee = Employee.new(employee_params)
+
+      respond_to do |format|
+        if @employee.save
+          format.html { redirect_to [:admin, @employee], notice: t('action.create.successfull', model: Employee.model_name.human) }
+          format.json { render json: @employee, status: :created, location: @employee }
+        else
+          format.html { render action: "new" }
+          format.json { render json: @employee.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # PUT /employees/1
+    # PUT /employees/1.json
+    def update
+      @employee = Employee.find(params[:id])
+
+      respond_to do |format|
+        if @employee.update_attributes(employee_params)
+          format.html { redirect_to [:admin, @employee], notice: t('action.update.successfull', model: Employee.model_name.human) }
+          format.json { head :no_content }
+        else
+          format.html { render action: "edit" }
+          format.json { render json: @employee.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /employees/1
+    # DELETE /employees/1.json
+    def destroy
+      @employee = Employee.find(params[:id])
+      @employee.destroy
+
+      respond_to do |format|
+        format.html { redirect_to admin_employees_path, notice: t('action.destroy.successfull', model: Employee.model_name.human) }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+
+    def set_relation_options
+      @employees = Employee.all
+      @lists = List.all
+    end
+
+    def employee_params
+      params.require(:employee).permit!
+    end
+  end
+end
@@ -2,7 +2,6 @@ module Admin
  class SuppliersController < Admin::ApplicationController
    before_filter :set_relation_options, only: [:new, :edit, :create, :update]
    skip_before_filter :authenticate_administrator!, only: :test_login
-    skip_before_filter :set_locale, only: :test_login
    # GET /suppliers
    # GET /suppliers.json
    def index
@@ -14,13 +13,6 @@ module Admin
      end
    end

-    def test_login
-      if Rails.env.test? and supplier = Supplier.find_by_email(params[:email])
-        sign_in supplier
-      end
-      render nothing: true
-    end
-
    # GET /suppliers/1
    # GET /suppliers/1.json
    def show
@@ -0,0 +1,22 @@
+class NewSuppliersController < ApplicationController
+  def index
+    new
+    render 'new'
+  end
+
+  def new
+    @new_supplier = NewSupplier.new
+    @new_supplier.current_employee = current_employee
+  end
+
+  def create
+    @new_supplier = NewSupplier.new(params[:new_supplier])
+    @new_supplier.current_employee = current_employee
+
+    if @new_supplier.save
+      redirect_to supplier_root_path
+    else
+      render 'new'
+    end
+  end
+end
@@ -1,5 +1,5 @@
-class SupplierController < ApplicationController
-  before_filter :authenticate_supplier!
+class SupplierController < Suppliers::ApplicationController
+  before_filter :setup_employee_and_supplier!
  layout 'supplier/app'

  def home
@@ -14,7 +14,8 @@ class SupplierController < ApplicationController
  end

  def current
-    render json: SupplierSupplierSerializer.new(current_supplier).as_json
+    [current_supplier].include_relations(sections: :tables, product_categories: :products)
+    render json: Suppliers::SupplierSerializer.new(current_supplier).as_json
  end

  # POST /supplier/settings
@@ -30,7 +31,7 @@ class SupplierController < ApplicationController
      end
      format.json do
        current_supplier.update_attributes(supplier_params)
-        render json: SupplierSupplierSerializer.new(current_supplier).as_json
+        render json: Suppliers::SupplierSerializer.new(current_supplier).as_json
      end
    end
  end
@@ -1,11 +1,40 @@
 module Suppliers
  class ApplicationController < ::ApplicationController
-    before_filter :authenticate_supplier!
+    before_action :setup_employee_and_supplier!
+    load_and_authorize_resource
+    attr_reader :current_supplier, :employee_settings
+    helper_method :current_supplier, :employee_settings
    layout 'supplier/app'

    rescue_from 'RestClient::Conflict' do |e|
      #binding.pry
    end
+    rescue_from CanCan::AccessDenied do |exception|
+      render json: {}, status: :forbidden
+    end

+    def setup_employee_and_supplier!
+      authenticate_employee!
+      find_current_supplier!
+      return unless current_supplier.present?
+      @employee_settings = current_supplier.employee_settings.for_employee( current_employee )
+      @current_ability = ::Ability.new(@employee_settings)
+    end
+
+
+    def find_current_supplier!
+      return current_supplier if current_supplier.present?
+      if session[:supplier_id]
+        supplier = Supplier.find(session[:supplier_id])
+        if supplier.employee_ids.include?(current_employee.id)
+          @current_supplier = supplier
+        else
+          render nothing: true, status: :unauthorized
+        end
+      else
+        @current_supplier = current_employee.suppliers.first
+        session[:supplier_id] = @current_supplier.try(:id)
+      end
+    end
  end
 end
@@ -19,14 +19,12 @@ module Suppliers
    # POST /employees.json
    def create
      @employee = Employee.new(employee_params)
-      @employee.supplier = current_supplier

-      respond_to do |format|
-        if @employee.save
-          render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
-        else
-          render json: {errors: @employee.errors}, status: :unprocessable_entity
-        end
+      if @employee.save
+        current_supplier.add_employee @employee
+        render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
+      else
+        render json: {errors: @employee.errors}, status: :unprocessable_entity
      end
    end

@@ -17,7 +17,7 @@ module Suppliers
      #     end
      #   end
      # end
-      render json: @sections, each_serializer: SupplierExtendedSectionSerializer
+      render json: @sections, each_serializer: Suppliers::ExtendedSectionSerializer
    end

    # GET /sections/1
@@ -182,5 +182,4 @@ module ApplicationHelper
    options[:onclick] = function
    link_to title, 'javascript:void(0)', options
  end
-
 end
@@ -2,14 +2,23 @@ class Employee
  include SimplyStored::Couch
  include ActiveModel::SerializerSupport

-  devise :database_authenticatable, :recoverable, :rememberable, :trackable #, :omniauthable, :omniauth_providers => [:facebook] #, :token_authenticatable , :registerable
+  view :by_confirmation_token, key: :confirmation_token # devise confirmable
+  devise :database_authenticatable, :recoverable, :rememberable, :trackable, :registerable, :confirmable
+  property :unconfirmed_email
+
  property :name
-  property :email
+  #property :email

  view :by_email, key: :email

-  validates :email, email: true
-  belongs_to :supplier
+  class << self
+    def count_by_email(email)
+      database.view by_email(key: email, reduce: true)
+    end
+  end
+
+  #validates :email, email: true
+  has_and_belongs_to_many :suppliers, storing_keys: false
  has_many :orders
  has_and_belongs_to_many :lists, storing_keys: false

@@ -3,9 +3,7 @@ class Supplier
  include ActiveModel::SerializerSupport
  include Supplier::Counters

-  view :by_confirmation_token, key: :confirmation_token # devise confirmable
-  devise :database_authenticatable, :recoverable, :rememberable, :trackable, :registerable, :confirmable
-  property :unconfirmed_email
+  #devise :database_authenticatable, :recoverable, :rememberable, :trackable, :registerable, :confirmable

  property :name
  property :open, type: :boolean, default: false
@@ -19,6 +17,7 @@ class Supplier
  property :country, default: 'Netherlands'
  property :facebook_promotion_url
  property :week_starts_on_monday, type: :boolean, default: true
+  property :employee_settings_storage

  #LOCATION
  property :lat, type: Float #, default: 52.08062426379751
@@ -41,16 +40,13 @@ class Supplier
  #has_many :lists, through: :tables
  has_many :orders, dependent: :destroy
  has_many :sections, dependent: :destroy
-  has_many :employees
+  has_and_belongs_to_many :employees, storing_keys: true

  after_create :add_section_on_create

-  view :by_email, key: :email
-
  validates :name, presence: true
-  validates :email, email: true
  validates :iens_profile, numericality: {allow_blank: true}
-  validates :password, confirmation: true, presence: {if: ->(r){ r.new_record? }}
+  #validates :password, confirmation: true, presence: {if: ->(r){ r.new_record? }}

  def location=(val)
    lat, lng = val.is_a?(Array) ? val : val.strip.split(/[ ,]+/).map(&:to_f)
@@ -62,6 +58,17 @@ class Supplier
    [lat, lng].join(',')
  end

+  def add_manager(employee)
+    add_employee employee unless employee_ids.include? employee.id
+    settings = employee_settings.for_employee(employee)
+    settings.is_manager!
+    save and employee
+  end
+
+  def employee_settings
+    SupplierEmployeesSettings.new(self)
+  end
+
  def active_orders(options = {})
    return @active_orders if @active_orders && @active_orders_options == options
    @active_orders_options = options
@@ -122,22 +129,22 @@ class Supplier
  # Options must have the confirmation_token
  #
  # Overwrite devise method for mail sending
-  def self.confirm_by_token(confirmation_token)
-    confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
-    send_creation_mail = confirmable.errors.empty? && !confirmable.confirmed?
-    confirmable.confirm! if confirmable.persisted?
-    confirmable.send_creation_notifications if send_creation_mail
-    confirmable
-  end
+  #def self.confirm_by_token(confirmation_token)
+    #confirmable = find_or_initialize_with_error_by(:confirmation_token, confirmation_token)
+    #send_creation_mail = confirmable.errors.empty? && !confirmable.confirmed?
+    #confirmable.confirm! if confirmable.persisted?
+    #confirmable.send_creation_notifications if send_creation_mail
+    #confirmable
+  #end

  # Send confirmation instructions by email
-  def send_confirmation_instructions(*args)
-    self.confirmation_token = nil if reconfirmation_required?
-    @reconfirmation_required = false
+  #def send_confirmation_instructions(*args)
+    #self.confirmation_token = nil if reconfirmation_required?
+    #@reconfirmation_required = false

-    @bypass_postpone = true and generate_confirmation_token! if self.confirmation_token.blank?
-    self.devise_mailer.confirmation_instructions(self, confirmation_token).deliver_now
-  end
+    #@bypass_postpone = true and generate_confirmation_token! if self.confirmation_token.blank?
+    #self.devise_mailer.confirmation_instructions(self, confirmation_token).deliver_now
+  #end

  def find_order(id)
    order = Order.find(id)
@@ -0,0 +1,71 @@
+class SupplierEmployeesSettings
+  attr_reader :dictionary, :employee_ids, :supplier
+  def initialize(supplier)
+    @supplier = supplier
+    @dictionary = supplier.employee_settings_storage || {}
+    @employee_ids = supplier.employee_ids || []
+  end
+
+  def for_employee(employee_id)
+    employee_id = employee_id.id if employee_id.is_a?(Employee)
+    if employee_ids.include? employee_id
+      SupplierEmployeeSettings.new(self, employee_id, dictionary[employee_id])
+    else
+      SupplierEmployeeSettings::NullObject.new
+    end
+  end
+
+  def [](val)
+    val = val.to_s
+    if dictionary[val].is_a? SettingsPersistor
+      dictionary[val]
+    else
+      dictionary[val] = SettingsPersistor.new(self, dictionary[val])
+    end
+  end
+
+  def persist
+    supplier.employee_settings_storage = dictionary
+  end
+
+  def method_missing(m, *args)
+    dictionary.send(m, *args)
+  end
+
+  class SettingsPersistor < Hash
+    attr_reader :all_employees_settings
+    def initialize(all_employees_settings, options = {})
+      @all_employees_settings = all_employees_settings
+      self.replace options if options.is_a? Hash
+    end
+
+    def []=(*args)
+      super
+      all_employees_settings.persist
+    end
+  end
+
+  class SupplierEmployeeSettings
+    delegate :as_json, :to_json, to: :settings
+    DEFAULTS = {
+      'manager' => false
+    }
+    attr_reader :id, :settings, :all_employees_settings
+    class NullObject < ::NullObject
+    end
+
+    def initialize(all_employees_settings, employee_id, settings = {})
+      @all_employees_settings = all_employees_settings
+      @id = employee_id
+      @settings = DEFAULTS.merge(settings || {})
+    end
+
+    def manager?
+      settings['manager']
+    end
+
+    def is_manager!
+      all_employees_settings[id]['manager'] = true
+    end
+  end
+end
@@ -1,6 +0,0 @@
-class SupplierExtendedSectionSerializer < Qwaiter::Serializer
-  root 'section'
-  embed :ids, include: true
-  attributes :title, :path, :width, :height
-  has_many :tables, serializer: SupplierExtendedTableSerializer
-end
@@ -1,10 +0,0 @@
-class SupplierSupplierSerializer < Qwaiter::Serializer
-  self.root = :supplier
-  attributes :extended_version, :open, :name, :lat, :lng, :email, :time_zone, :address, :house_number, :house_number_addition, :postal_code, :city, :country,
-    :facebook_promotion_url, :iens_profile, :week_starts_on_monday, :orders_in_process_count, :orders_placed_count
-
-  def extended_version
-    false
-  end
-
-end
@@ -2,5 +2,5 @@ class SupplierTableSerializer < Qwaiter::Serializer
  self.root = :table
  embed :ids, include: true
  attributes :number, :width, :height, :position_x, :position_y, :section_id, :needs_help
-  has_one :supplier, serializer: SupplierSupplierSerializer
+  has_one :supplier, serializer: Suppliers::SupplierSerializer
 end
@@ -1,6 +1,5 @@
 class Suppliers::EmployeeSerializer < Qwaiter::Serializer
  self.root = :employee
  embed :ids, include: true
-  attributes :supplier_id, :name, :email
-  has_many :orders
+  attributes :name, :email
 end
@@ -0,0 +1,6 @@
+class Suppliers::ExtendedSectionSerializer < Qwaiter::Serializer
+  root 'section'
+  embed :ids, include: true
+  attributes :title, :path, :width, :height
+  has_many :tables, serializer: Suppliers::ExtendedTableSerializer
+end
@@ -1,4 +1,4 @@
-class SupplierExtendedTableSerializer < Qwaiter::Serializer
+class Suppliers::ExtendedTableSerializer < Qwaiter::Serializer
  root 'table'
  embed :ids, include: true
  attributes :number, :width, :height, :position_x, :position_y, :section_id#, :active_list_id
@@ -0,0 +1,12 @@
+class Suppliers::SupplierSerializer < Qwaiter::Serializer
+  self.root = :supplier
+  embed :ids, include: true
+  attributes :extended_version, :open, :name, :lat, :lng, :time_zone, :address, :house_number, :house_number_addition, :postal_code, :city, :country,
+    :facebook_promotion_url, :iens_profile, :week_starts_on_monday, :orders_in_process_count, :orders_placed_count
+
+  def extended_version
+    true
+  end
+  has_many :sections, serializer: Suppliers::ExtendedSectionSerializer
+  has_many :product_categories
+end
@@ -0,0 +1,11 @@
+class Ability
+  include CanCan::Ability
+  def initialize(settings)
+    settings ||= SupplierEmployeesSettings.new(Supplier.new).for_employee(nil)
+    if settings.manager?
+      can :manage, :all
+    else
+      can :read, :all
+    end
+  end
+end
@@ -0,0 +1,46 @@
+class NewSupplier
+  include ActiveAttr::Model
+  attr_accessor :current_employee
+
+  attribute :supplier_name
+  attribute :email
+  attribute :password
+  attribute :password_confirmation
+
+  without_current_supplier = { unless: 'current_employee.present?' }
+  validates :supplier_name, presence: true
+  validates :email, email: without_current_supplier
+  validates :password, presence: without_current_supplier, confirmation: without_current_supplier
+
+  validate :supplier_name_uniqueness
+  validate :employee_uniqueness
+
+  def save
+    if valid?
+      persist!
+      true
+    else
+      false
+    end
+  end
+
+  private
+
+  def persist!
+    employee = Employee.new unconfirmed_email: email, password: password, password_confirmation: password_confirmation
+    raise "Cannot create employee with #{attributes.inspect}" unless employee.save
+    supplier = Supplier.create name: supplier_name
+    supplier.add_manager employee
+  end
+
+  def employee_uniqueness
+    return if current_employee.present?
+    errors.add :email, :taken if Employee.count_by_email(email) > 0
+  end
+
+  def supplier_name_uniqueness
+    return unless current_employee.present? and supplier_name.present?
+    current_suppliers = current_employee.suppliers
+    errors.add :base, 'You already have a supplier with that name' if current_suppliers.map(&:name).include? supplier_name
+  end
+end
@@ -0,0 +1,23 @@
+NullObject = Naught.build do |config|
+  config.black_hole
+  config.define_explicit_conversions
+  config.define_implicit_conversions
+end
+
+class NullObject
+  def presence
+    nil
+  end
+  def present?
+    false
+  end
+  def blank?
+    true
+  end
+  def empty?
+    true
+  end
+  def any?
+    false
+  end
+end
@@ -3,4 +3,5 @@ p= t('devise.mailer.confirmation_instructions.supplier.salutation', email: @reso
 p=raw t \
  'devise.mailer.confirmation_instructions.supplier.body',
  unconfirmed_email: @resource.unconfirmed_email,
-  confirm_url: confirmation_url(@resource, :confirmation_token => @resource.confirmation_token)
+  confirm_url: confirmation_url(@resource, confirmation_token: @token)
+p Boe
@@ -0,0 +1,28 @@
+.row
+  .large-7.large-offset-1.columns
+    = form_for @new_supplier do |f|
+      = f.row :supplier_name
+        .large-4.columns= f.label :supplier_name
+        .large-4.columns= f.text_field :supplier_name
+        .large-4.columns= f.error_message :supplier_name
+      = f.row :email
+        .large-4.columns= f.label :email
+        .large-4.columns
+          - if @new_supplier.current_employee.present?
+            = @new_supplier.current_employee.email
+          - else
+            = f.email_field :email
+        .large-4.columns= f.error_message :email
+      - if not @new_supplier.current_employee.present?
+        = f.row :password
+          .large-4.columns= f.label :password
+          .large-4.columns= f.text_field :password
+          .large-4.columns= f.error_message :password
+        = f.row :password_confirmation
+          .large-4.columns= f.label :password_confirmation
+          .large-4.columns= f.text_field :password_confirmation
+          .large-4.columns= f.error_message :password_confirmation
+
+      .form-actions
+        = f.submit class: 'button'
+
@@ -1,7 +1,9 @@
 <script>
 //var $locale = '<%= I18n.locale %>';
 //var supplier_id = '<%= current_supplier.id %>';
-var supplier_object=<%= SupplierSupplierSerializer.new(current_supplier).as_json(root: false).to_json.html_safe %>;
+var supplier_object=<%= {id: current_supplier.id}.to_json.html_safe %>;
+var employee_object=<%=raw current_employee.attributes.slice(:name, :email).merge(id: current_employee.id).to_json %>;
+var employee_settings=<%= raw employee_settings.to_json %>;
 var data_host = '';
 var event_host = '<%= Qwaiter.event_host %>';
 //var datepicker_options = {dateFormat: 'yy-mm-dd', firstDay: <%= current_supplier.week_starts_on_monday? ? 1 : 0 %>};
@@ -3,4 +3,4 @@ p= t('devise.mailer.confirmation_instructions.salutation', email: @resource.emai
 p=raw t \
  'devise.mailer.confirmation_instructions.body',
  unconfirmed_email: @resource.unconfirmed_email,
-  confirm_url: confirmation_url(@resource, :confirmation_token => @resource.confirmation_token)
+  confirm_url: confirmation_url(@resource, :confirmation_token => @token)
@@ -186,7 +186,7 @@ Devise.setup do |config|
  # Time interval you can reset your password with a reset password key.
  # Don't put a too small interval or your users won't have the time to
  # change their passwords.
-  config.reset_password_within = 6.hours
+  config.reset_password_within = 6.days

  # ==> Configuration for :encryptable
  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
@@ -0,0 +1,5 @@
+class NilClass
+  def include?(*args)
+    false
+  end
+end
@@ -3,6 +3,7 @@ en:
    models:
      user: User
      supplier: Restaurant
+      new_supplier: New restaurant
      table: Table
      list: List
      product: Product
@@ -15,6 +16,7 @@ en:
      plural:
        user: Users
        supplier: Restaurants
+        new_supplier: New restaurants
        table: Tables
        list: Lists
        product: Products
@@ -67,3 +69,6 @@ en:
        created_at: Created
      user:
        email: 'E-mail'
+      employee:
+        name: Name
+        email: 'E-mail'
@@ -3,6 +3,7 @@ nl:
    models:
      user: Gebruiker
      supplier: Restaurant
+      new_supplier: Nieuw restaurant
      table: Tafel
      list: Lijst
      product: Product
@@ -14,6 +15,7 @@ nl:
      plural:
        user: Gebruikers
        supplier: Restaurants
+        new_supplier: Nieuwe restaurants
        table: Tafels
        list: Lijsten
        product: Producten
@@ -66,3 +68,6 @@ nl:
        created_at: Aangemaakt
      user:
        email: 'E-mail'
+      employee:
+        name: Naam
+        email: 'E-mail'
@@ -187,6 +187,9 @@ en:
      destroy:
        modal:
          title: 'Delete ${models.employee} %{name}?'
-      edit:
-        modal:
-          body_header: ''
+      modal:
+        new_title: New ${models.employee}
+        new_title: Edit ${models.employee}
+        body_header: ''
+        close_button: Close
+        save_button: Save
@@ -190,3 +190,9 @@ nl:
      destroy:
        modal:
          title: '${models.employee} %{name} verwijderen?'
+      modal:
+        new_title: ${models.employee} aanmaker
+        new_title: Bewerk ${models.employee}
+        body_header: ''
+        close_button: Cancel
+        save_button: Save
@@ -1,7 +1,8 @@
 ALLOWED_LOCALES = /nl|be|de|fr|en/
 Qwaiter::Application.routes.draw do
  devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
-  devise_for :suppliers, controllers: { confirmations: 'confirmations', registrations: 'registrations' }
+  #devise_for :suppliers, controllers: { confirmations: 'confirmations', registrations: 'registrations' }
+  devise_for :employees
  devise_for :administrators
  namespace :admin do
    resources :users do
@@ -9,7 +10,8 @@ Qwaiter::Application.routes.draw do
        get :test_login
      end
    end
-    resources :suppliers do
+    resources :suppliers
+    resources :employees do
      collection do
        get :test_login
      end
@@ -26,6 +28,8 @@ Qwaiter::Application.routes.draw do
    root to: 'users#index'
  end

+  resources :new_suppliers
+
  post '/user_app' => 'dashboard#user_app_log' #TODO: separate high speed app at log.mozo.bar
  post '/user_feedback' => 'user#feedback'

@@ -1,6 +1,6 @@
 step "I am signed in as supplier" do

-  visit test_login_admin_suppliers_path(email: @supplier.email)
+  visit test_login_admin_employees_path(email: @employee.email)
  #step 'visit the supplier sign in path'
  #find('#supplier_email').set @supplier.email
  #find('#supplier_password').set @supplier_password
@@ -1,5 +1,7 @@
 step 'there is a confirmed and open supplier' do
  @supplier_password = 'secret1'
-  @supplier = create :supplier, email: 'supplier@mozo.bar', password: @supplier_password, confirmation_token: 'abc', confirmed_at: Time.now.utc, open: true
+  @employee = create :employee, email: 'supplier@mozo.bar', password: @supplier_password, confirmation_token: 'abc', confirmed_at: Time.now.utc
+  @supplier = build :supplier, open: true
+  @supplier.add_manager @employee
  @section = create :section, title: 'Room', supplier: @supplier, width: 8, height: 8
 end
@@ -0,0 +1,11 @@
+FactoryGirl.define do
+  factory :employee do
+    sequence(:name){|i| "Employee #{i}"}
+    email 'employee@mozo.bar'
+    password 'secret'
+
+    trait :confirmed do
+      confirmed_at { Time.now }
+    end
+  end
+end
@@ -1,12 +1,6 @@
 FactoryGirl.define do
  factory :supplier do
    sequence(:name){|i| "Supplier #{i}"}
-    email 'supplier@mozo.bar'
-    password 'secret'

-    trait :confirmed do
-      confirmed_at { Time.now }
-
-    end
  end
 end
@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe Employee do
+  context 'class methods' do
+    describe '.count_by_email' do
+      it 'is zero without employees' do
+        described_class.count_by_email('admin@example.com').should be_zero
+      end
+
+      it 'is one when an email already exists' do
+        create :employee, email: 'alreadyexisting@example.com'
+        described_class.count_by_email('alreadyexisting@example.com').should be 1
+      end
+    end
+  end
+end
@@ -103,4 +103,30 @@ describe Supplier do
    end
  end

+  describe '#employee_settings' do
+    let(:employee){ create :employee }
+    it 'is initialized by default' do
+      supplier.employee_settings.should be_a SupplierEmployeesSettings
+    end
+
+    it 'returns null object without employee' do
+      supplier.employee_settings.for_employee('asdf').should_not be_present
+    end
+    it 'returns employee_settings on for employee' do
+      supplier.add_employee employee
+      settings = supplier.employee_settings.for_employee(employee.id)
+      settings.should be_present
+      settings.manager?.should be false
+    end
+
+    it 'indicates a manager when specified as such and is persisted' do
+      supplier.add_manager employee
+      settings = supplier.employee_settings.for_employee(employee.id)
+      settings.manager?.should be true
+      reloaded_supplier = Supplier.find(supplier.id)
+      settings = reloaded_supplier.employee_settings.for_employee(employee.id)
+      settings.manager?.should be true
+    end
+
+  end
 end
@@ -0,0 +1,6 @@
+require 'spec_helper'
+
+describe NewSupplier do
+  subject { described_class.new }
+  it { should_not be_persisted }
+end
@@ -1,13 +1,13 @@
 module Features
-  module BasicHelpers 
+  module BasicHelpers
    # Put helper methods you need to be available in all acceptance specs here.

    def create_user(email, password='secret')
      @user = User.find_by_email(email) || FactoryGirl.create(:user, email: email, password: password)
    end
-    def create_supplier(email, password='secret')
-      @supplier = Supplier.find_by_email(email) || FactoryGirl.create(:supplier, email: email, password: password)
-    end
+    #def create_supplier(email, password='secret')
+      #@supplier = Supplier.find_by_email(email) || FactoryGirl.create(:supplier, email: email, password: password)
+    #end

    def create_confirmed_supplier(email, password='secret')
      @supplier = Supplier.find_by_email(email) || FactoryGirl.create(:supplier, :confirmed, email: email, password: password)
@@ -21,10 +21,10 @@ module Features
      submit_form
    end

-    def login_supplier_as(email)
-      visit "/suppliers/sign_in"
-      fill_in "supplier_email", with: email
-      fill_in "supplier_password", with: "secret"
+    def login_employee_as(email)
+      visit "/employees/sign_in"
+      fill_in "employee_email", with: email
+      fill_in "employee_password", with: "secret"
      submit_form
    end