Use safe dynamic finders of simply stored for suppliers sections
This commit is contained in:
@@ -18,7 +18,7 @@ module Suppliers
|
||||
# GET /sections/1
|
||||
# GET /sections/1.json
|
||||
def show
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
format.html # show.html.erb
|
||||
@@ -40,7 +40,7 @@ module Suppliers
|
||||
|
||||
# GET /sections/1/edit
|
||||
def edit
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
end
|
||||
|
||||
# POST /sections
|
||||
@@ -63,7 +63,7 @@ module Suppliers
|
||||
# PUT /sections/1
|
||||
# PUT /sections/1.json
|
||||
def update
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
if @section.update_attributes(params[:section])
|
||||
@@ -79,7 +79,7 @@ module Suppliers
|
||||
# DELETE /sections/1
|
||||
# DELETE /sections/1.json
|
||||
def destroy
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
@section.destroy
|
||||
|
||||
respond_to do |format|
|
||||
@@ -91,7 +91,7 @@ module Suppliers
|
||||
# GET /sections/1/manage_tables
|
||||
# GET /sections/1/manage_tables.json
|
||||
def manage_tables
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
format.html # show.html.erb
|
||||
@@ -102,7 +102,7 @@ module Suppliers
|
||||
# GET /sections/1/tables_view
|
||||
# GET /sections/1/tables_view.json
|
||||
def tables_view
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
|
||||
respond_to do |format|
|
||||
format.html # show.html.erb
|
||||
@@ -114,7 +114,7 @@ module Suppliers
|
||||
|
||||
# POST /sections/1/add_tables {number_start: 1423, number_end: 234234}
|
||||
def add_tables
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
number_start = params[:number_start].to_i
|
||||
number_end = params[:number_end].to_i
|
||||
for table_number in number_start..number_end
|
||||
@@ -130,7 +130,7 @@ module Suppliers
|
||||
|
||||
# POST /sections/1/arrange_tables {number_start: 1423, number_end: 234234}
|
||||
def arrange_tables
|
||||
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
|
||||
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
|
||||
case params[:option]
|
||||
when 'distributed' then @section.arrange_tables_in_grid
|
||||
when 'by_row' then @section.arrange_tables_in_rows_of(params[:row_count].to_i)
|
||||
|
||||
@@ -14,13 +14,7 @@ class Section
|
||||
validates :title, presence: true
|
||||
validates :supplier_id, presence: true
|
||||
|
||||
# Probably faster to directly retreive the document and return nil
|
||||
# if the supplier does not match
|
||||
def self.find_by_supplier_and_id(supplier, id)
|
||||
section = find(id)
|
||||
return nil unless section.supplier_id == supplier.id
|
||||
section
|
||||
end
|
||||
view :by_supplier_id_and_id, key: [:supplier_id, :_id]
|
||||
|
||||
def occupied_tables
|
||||
return @occupied_tables if @occupied_tables.present?
|
||||
|
||||
Reference in New Issue
Block a user