major updates to security and hacking logick
This commit is contained in:
Binary file not shown.
|
After Width: | Height: | Size: 16 KiB |
@@ -56,6 +56,7 @@ function setTranslations(selector){
|
||||
var list = $('#top-navigation-list');
|
||||
list.find('.locale').show();
|
||||
list.find('.locale-'+$locale).hide();
|
||||
debugger;
|
||||
if(selector){
|
||||
$(selector).find('[data-t]').each(function(){$(this).text(t($(this).data('t'), $(this).data('tAttributes')))})
|
||||
}else{
|
||||
|
||||
@@ -208,12 +208,14 @@ class Quser
|
||||
$.getJSON(data_host + '/user/list_history.json?'+@authentication_string+'&page='+page, (res) =>
|
||||
@paginate(res, @load_list_history)
|
||||
container = $('#list-history-container').html('')
|
||||
return unless res.lists
|
||||
for list in res.lists
|
||||
container.append @mustache('#list-history-template', new List(list) )
|
||||
)
|
||||
paginate: (wrapper, callback) ->
|
||||
container = $('nav.pagination')
|
||||
container.html('')
|
||||
return unless wrapper.num_pages
|
||||
list = $('<ul></ul>').appendTo(container)
|
||||
if wrapper.num_pages && wrapper.num_pages > 1
|
||||
for i in [1..wrapper.num_pages]
|
||||
@@ -224,7 +226,7 @@ class Quser
|
||||
li.addClass('active')
|
||||
else
|
||||
callback = ((i)->
|
||||
->
|
||||
->
|
||||
Qstorage.page = i
|
||||
window.Quser.load_list_history()
|
||||
)(i)
|
||||
@@ -240,9 +242,7 @@ class Quser
|
||||
Mustache.to_html($(selector).html(), locs)
|
||||
build_list_table: (body, foot, res) ->
|
||||
body.find('tr').remove()
|
||||
if !res.orders && !res.orders.length
|
||||
Qwaiter.alert('No orders in list')
|
||||
return
|
||||
return unless res.orders
|
||||
m_obj = res
|
||||
body.append @mustache('#active-list-order-template', new Order(order)) for order in m_obj.orders
|
||||
$('.list-total-amount').html(currency(m_obj.total_amount))
|
||||
@@ -265,9 +265,9 @@ class Quser
|
||||
return
|
||||
|
||||
if res['message'] && !res['ok']
|
||||
redirect_to 'user_root', {message: res['message']}
|
||||
else
|
||||
redirect_to res.location || 'list_products' if res['ok']
|
||||
redirect_to res.location || 'user_root', $.extend({message: res['message']}, res.location_params)
|
||||
else if res.ok
|
||||
redirect_to res.location || 'list_products', $.extend({message: res['message']}, res.location_params)
|
||||
build_product_list: ->
|
||||
total = 0.0
|
||||
h = {products: []}
|
||||
|
||||
@@ -9,11 +9,12 @@
|
||||
// =Forms
|
||||
// =Tables
|
||||
// =Pagination
|
||||
// =Accordion
|
||||
// =Misc
|
||||
|
||||
$color: #c6c6c6
|
||||
$bg: #2f2f2f
|
||||
$link: #0088cc
|
||||
$link: #FAA732
|
||||
|
||||
$warning: #faa732
|
||||
$success: #5bb75b
|
||||
@@ -39,6 +40,10 @@ $input-color: white
|
||||
body
|
||||
background: $bg
|
||||
color: $color
|
||||
a
|
||||
color: $link
|
||||
&:hover
|
||||
color: lighten($link, 10%)
|
||||
|
||||
//=Breadcrumbs =======================================
|
||||
.breadcrumb
|
||||
@@ -264,6 +269,11 @@ legend
|
||||
.progress
|
||||
@extend .well
|
||||
|
||||
//=Accordion
|
||||
.accordion-group
|
||||
.accordion-heading
|
||||
background-color: rgba(200, 200, 200, 0.3)
|
||||
|
||||
//=Misc ========================================
|
||||
blockquote
|
||||
border-left-color: #111
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
class UserController < ApplicationController
|
||||
before_filter :allow_mobile
|
||||
before_filter :user_authentication, except: [:obtain_token, :index]
|
||||
before_filter :user_authentication, :unless => ->(c){ %w(obtain_token index).include?(c.action_name) || c.request.format.symbol == :html } # , except: [:obtain_token, :index]
|
||||
layout 'phone'
|
||||
|
||||
def user_authentication
|
||||
@@ -50,34 +50,37 @@ class UserController < ApplicationController
|
||||
# POST /user/create_list {table_id: 1234}
|
||||
#DEPRICATED
|
||||
def create_list
|
||||
render nothing: true and return unless current_user.present?
|
||||
@table = Table.find(params[:table_id])
|
||||
if @table.occupied?
|
||||
respond_to do |format|
|
||||
format.html { redirect_to root_path, alert: t('table.is_occupied') }
|
||||
format.json { render json: js_alert(t('messages.table_is_occupied'))}
|
||||
format.html { redirect_to user_root_path, alert: t('messages.table_is_occupied') }
|
||||
format.json { render json: json_alert('messages.table_is_occupied')}
|
||||
end
|
||||
else
|
||||
if @list = List.from_table( @table, current_user )
|
||||
end
|
||||
respond_to do |format|
|
||||
format.html { redirect_to user_list_products_path }
|
||||
format.json { render json: js_notice('table_created')}
|
||||
format.json { render json: json_notice('messages.new_list_created')}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# GET /user/table_info.json
|
||||
def table_info
|
||||
@table = Table.find(params[:table_id])
|
||||
res = {}
|
||||
res[:occupied] = @table.occupied?
|
||||
res[:reserved] = @table.reserved?
|
||||
res[:supplier_closed] = @table.supplier.closed?
|
||||
if list.present?
|
||||
res[:other_supplier] = true if list.supplier_id != @table.supplier_id
|
||||
res[:current_table_id] = list.table_id
|
||||
end
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: json_alert('messages.table_not_found') and return unless params[:table_id].present?
|
||||
@table = Table.find(params[:table_id])
|
||||
res = {}
|
||||
res[:occupied] = @table.occupied?
|
||||
res[:reserved] = @table.reserved?
|
||||
res[:supplier_closed] = @table.supplier.closed?
|
||||
if list.present?
|
||||
res[:other_supplier] = true if list.supplier_id != @table.supplier_id
|
||||
res[:current_table_id] = list.table_id
|
||||
end
|
||||
render json: res
|
||||
end
|
||||
end
|
||||
@@ -113,6 +116,7 @@ class UserController < ApplicationController
|
||||
format.html do
|
||||
end
|
||||
format.json do
|
||||
render json: json_alert('messages.table_not_found') and return unless params[:table_id].present?
|
||||
@table = Table.find(params[:table_id])
|
||||
h = ProductCategory.for_user(current_user, table: @table)
|
||||
render json: h
|
||||
@@ -128,6 +132,7 @@ class UserController < ApplicationController
|
||||
|
||||
# POST /user/join_occupied_table
|
||||
def request_to_join_occupied_table
|
||||
render json: json_alert('messages.table_not_found') and return unless params[:table_id].present?
|
||||
@table = Table.find(params[:table_id])
|
||||
if @list = @table.active_list
|
||||
@list.send_table_join_request_for_user! current_user
|
||||
@@ -135,20 +140,24 @@ class UserController < ApplicationController
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
# POST /user/reject_join_request?user_id=1
|
||||
def reject_join_request
|
||||
return unless params[:user_id]
|
||||
render js: '' and return unless params[:user_id].present?
|
||||
list && list.reject_join_request_for_user!(params[:user_id])
|
||||
render js: ''
|
||||
end
|
||||
|
||||
# POST /user/approve_join_request?user_id=1
|
||||
def approve_join_request
|
||||
return unless params[:user_id]
|
||||
render js: '' and return unless params[:user_id].present?
|
||||
@user = User.find(params[:user_id])
|
||||
list && list.approve_join_request_for_user!(@user)
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
# POST /user/check_table_join_status table_id:12345
|
||||
# POST /user/check_table_join_status.json table_id:12345
|
||||
def check_table_join_status
|
||||
render json: json_alert('messages.table_not_found') and return unless params[:table_id].present?
|
||||
@table = Table.find(params[:table_id])
|
||||
if @list = @table.active_list
|
||||
if @list.user_ids.include?(current_user.id)
|
||||
@@ -169,7 +178,7 @@ class UserController < ApplicationController
|
||||
def active_list
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
redirect_to(root_path, alert: t('messages.there_is_no_list_active')) and return unless list.present?
|
||||
redirect_to(user_root_path, alert: t('messages.there_is_no_list_active')) and return unless list.present?
|
||||
end
|
||||
format.json do
|
||||
render json: js_alert(t('messages.the_list_has_been_closed')) and return unless list.present?
|
||||
@@ -205,7 +214,7 @@ class UserController < ApplicationController
|
||||
def needs_help
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: {list_active: false} and return unless list.present?
|
||||
render json: json_alert('messages.no_active_list', list_active: false) and return unless list.present?
|
||||
list.needs_help!
|
||||
render json: list.as_json.merge(list_active: list.active?)
|
||||
end
|
||||
@@ -216,7 +225,7 @@ class UserController < ApplicationController
|
||||
def list_needs_payment
|
||||
respond_to do |format|
|
||||
format.json do
|
||||
render json: {list_active: false} and return unless list.present?
|
||||
render json: json_alert('messages.no_active_list', list_active: false) and return unless list.present?
|
||||
list.needs_payment!
|
||||
render json: list.as_json.merge(list_active: list.active?)
|
||||
end
|
||||
@@ -246,11 +255,11 @@ class UserController < ApplicationController
|
||||
end
|
||||
format.json do
|
||||
@list = List.find(params[:list_id])
|
||||
render json: json_alert('messages.illegal_history_list_attempt') and return unless @list.user_ids.include?(current_user.id)
|
||||
if params[:list_closed].present? && current_user.active_list_id == @list.id
|
||||
current_user.list_is_closed!
|
||||
flash.now[:notice] = t('messages.the_list_has_been_closed', list: List.model_name.human)
|
||||
end
|
||||
redirect_to user_root_path, alert: t('messages.illegal_history_list_attempt') and return unless @list.user_ids.include?(current_user.id)
|
||||
render json: @list.with_orders_as_json.merge(supplier_name: @list.supplier.name)
|
||||
end
|
||||
end
|
||||
@@ -262,10 +271,10 @@ class UserController < ApplicationController
|
||||
if list.present?
|
||||
@list = list
|
||||
else
|
||||
render json: js_alert('table_not_found') and return unless params[:table_id].present?
|
||||
render json: json_alert('messages.table_not_found') and return unless params[:table_id].present?
|
||||
@table = Table.find(params[:table_id])
|
||||
if @table.occupied?
|
||||
render json: js_alert('table_is_occupied')
|
||||
render json: json_alert('messages.table_is_occupied', location: :join_occupied_table, location_params: {table_id: @table.id})
|
||||
else
|
||||
if @list = List.from_table( @table, current_user )
|
||||
else
|
||||
@@ -275,19 +284,20 @@ class UserController < ApplicationController
|
||||
end
|
||||
respond_to do |format|
|
||||
format.html do
|
||||
redirect_to(root_path, alert: t('messages.cannot_order_on_non_active_list')) and return unless @list.active?
|
||||
redirect_to(user_root_path, alert: t('messages.cannot_order_on_non_active_list')) and return unless @list.active?
|
||||
@list.place_order current_user, params[:products]
|
||||
redirect_to root_path, notice: t('messages.order_is_placed')
|
||||
redirect_to user_root_path, notice: t('messages.order_is_placed')
|
||||
end
|
||||
format.js do
|
||||
render js: js_alert(t('messages.cannot_order_on_non_active_list')) and return unless @list.active?
|
||||
format.json do
|
||||
render json: json_alert('messages.cannot_order_on_non_active_list') and return unless @list.active?
|
||||
@list.place_order current_user, params[:products]
|
||||
render js: js_notice( t('messages.order_is_placed'), location: :active_list)
|
||||
render json: json_notice('messages.order_is_placed', location: :active_list)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def move_table
|
||||
return unless list.present?
|
||||
render json: json_alert('messages.no_active_list', list_active: false) and return unless list.present?
|
||||
@table = Table.find(params[:table_id])
|
||||
if @table.occupied?
|
||||
render json: {occupied: true}
|
||||
@@ -298,11 +308,14 @@ class UserController < ApplicationController
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def handle_message_params
|
||||
flash.now[:notice] = t('messages.the_list_has_been_closed', list: List.model_name.human) if params[:list_closed].present?
|
||||
flash.now[:notice] = t("messages.#{params[:message]}", list: List.model_name.human, supplier: Supplier.model_name.human) if params[:message].present? && params[:message] =~ /^\w+$/
|
||||
end
|
||||
|
||||
# General handler of json responses. Will be able to set some additional communication data.
|
||||
# By default a response is ok.
|
||||
def json_response(obj = {})
|
||||
obj[:ok] = true unless obj.has_key?(:ok)
|
||||
obj
|
||||
|
||||
@@ -6,6 +6,8 @@ class Supplier
|
||||
property :name
|
||||
property :open, type: :boolean, default: false
|
||||
property :night_offset, type: Float
|
||||
|
||||
#LOCATION
|
||||
property :lat, type: Float, default: 52.08062426379751
|
||||
property :lng, type: Float, default: 4.312562942504883
|
||||
|
||||
@@ -15,6 +17,9 @@ class Supplier
|
||||
property :wifi_type
|
||||
property :wifi_password
|
||||
|
||||
#REVIEWS
|
||||
property :iens_profile
|
||||
|
||||
#has_many :orders, through: :lists
|
||||
has_many :products, dependent: :destroy
|
||||
has_many :product_categories, dependent: :destroy
|
||||
@@ -29,6 +34,7 @@ class Supplier
|
||||
view :by_email, key: :email
|
||||
|
||||
validates :name, presence: true
|
||||
validates :iens_profile, numericality: true
|
||||
|
||||
def location=(val)
|
||||
lat, lng = val.strip.split(/[ ,]+/).map(&:to_f)
|
||||
|
||||
+1
-1
@@ -3,7 +3,7 @@ class User
|
||||
include Devise::Orm::SimplyStored
|
||||
property :active_list_id
|
||||
|
||||
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :registerable, :token_authenticatable
|
||||
devise :database_authenticatable, :recoverable, :rememberable, :trackable, :token_authenticatable # , :registerable
|
||||
|
||||
has_and_belongs_to_many :lists, storing_keys: false
|
||||
has_many :orders
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
= javascript_include_tag 'https://maps.googleapis.com/maps/api/js?v=3.exp&sensor=false'
|
||||
|
||||
= form_for @supplier, url: supplier_update_settings_path, html: {class: 'form-horizontal'} do |f|
|
||||
= render 'error_messages', target: current_supplier
|
||||
= render 'suppliers/application/error_messages', target: current_supplier
|
||||
.control-group class=(@supplier.errors[:name].any? ? 'error' : nil)
|
||||
= f.label :name, class: 'control-label'
|
||||
.controls
|
||||
@@ -11,27 +11,47 @@
|
||||
= f.label :email, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :email, class: 'text_field'
|
||||
.control-group class=(@supplier.errors[:location].any? ? 'error' : nil)
|
||||
= f.label :location, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :location, class: 'location_picker'
|
||||
.control-group class=(@supplier.errors[:offer_wifi].any? ? 'error' : nil)
|
||||
= f.label :offer_wifi, class: 'control-label'
|
||||
.controls
|
||||
= f.check_box :offer_wifi, class: 'checkbox'
|
||||
.control-group class=(@supplier.errors[:wifi_ssid].any? ? 'error' : nil)
|
||||
= f.label :wifi_ssid, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :wifi_ssid, class: 'text_field'
|
||||
.control-group class=(@supplier.errors[:wifi_type].any? ? 'error' : nil)
|
||||
= f.label :wifi_type, class: 'control-label'
|
||||
.controls
|
||||
= f.select :wifi_type, options_for_select([['web', 'web40'], ['WPA2 Personal', 'wpa2personal']], @supplier.wifi_type)
|
||||
.control-group class=(@supplier.errors[:wifi_password].any? ? 'error' : nil)
|
||||
= f.label :wifi_password, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :wifi_password, class: 'text_field'
|
||||
|
||||
#settings-sections.accordion
|
||||
.accordion-group
|
||||
.accordion-heading
|
||||
a.accordion-toggle data-toggle="collapse" data-parent="#settings-sections" href="#settings-location" data-t="attributes.supplier.location"
|
||||
#settings-location.accordion-body.collapse.in
|
||||
.accordion-inner
|
||||
.control-group class=(@supplier.errors[:location].any? ? 'error' : nil)
|
||||
= f.label :location, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :location, class: 'location_picker'
|
||||
.accordion-group
|
||||
.accordion-heading
|
||||
a.accordion-toggle data-toggle="collapse" data-parent="#settings-sections" href="#settings-wifi" data-t="attributes.supplier.offer_wifi"
|
||||
#settings-wifi.accordion-body.collapse
|
||||
.control-group class=(@supplier.errors[:offer_wifi].any? ? 'error' : nil)
|
||||
= f.label :offer_wifi, class: 'control-label'
|
||||
.controls
|
||||
= f.check_box :offer_wifi, class: 'checkbox'
|
||||
.control-group class=(@supplier.errors[:wifi_ssid].any? ? 'error' : nil)
|
||||
= f.label :wifi_ssid, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :wifi_ssid, class: 'text_field'
|
||||
.control-group class=(@supplier.errors[:wifi_type].any? ? 'error' : nil)
|
||||
= f.label :wifi_type, class: 'control-label'
|
||||
.controls
|
||||
= f.select :wifi_type, options_for_select([['web', 'web40'], ['WPA2 Personal', 'wpa2personal']], @supplier.wifi_type)
|
||||
.control-group class=(@supplier.errors[:wifi_password].any? ? 'error' : nil)
|
||||
= f.label :wifi_password, class: 'control-label'
|
||||
.controls
|
||||
= f.text_field :wifi_password, class: 'text_field'
|
||||
.accordion-group
|
||||
.accordion-heading
|
||||
a.accordion-toggle data-toggle="collapse" data-parent="#settings-sections" href="#settings-reviews" data-t="settings.reviews.title"
|
||||
#settings-reviews.accordion-body.collapse class=(@supplier.errors[:iens_profile].any? ? 'in' : nil)
|
||||
.control-group class=(@supplier.errors[:iens_profile].any? ? 'error' : nil)
|
||||
= f.label :iens_profile, class: 'control-label', data: {t: 'attributes.supplier.iens_profile'}
|
||||
.controls
|
||||
= f.text_field :iens_profile, class: 'text_field'
|
||||
'
|
||||
= image_tag 'supplier/settings/iens-example.png', title: 'supplier.settings.reviews.explanation'
|
||||
|
||||
.form-actions
|
||||
= f.submit nil, class: 'btn btn-primary'
|
||||
'
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
-if target.errors.any?
|
||||
.alert.alert-error
|
||||
button type="button" class="close" data-dismiss="alert" ×
|
||||
h4 data-t="helpers.forms.errors.title" data-t-attributes=%[{"count":#{target.errors.count}}] = t('helpers.forms.errors.title', :count => target.errors.count)
|
||||
ul
|
||||
- for message in target.errors.full_messages
|
||||
li= message
|
||||
Reference in New Issue
Block a user