From 891e596fdae9fedd17ac0b97c5ae3a1f01b29e1b Mon Sep 17 00:00:00 2001
From: benji <benj_cous@hotmail.com>
Date: Sat, 12 Sep 2015 11:47:00 +0200
Subject: [PATCH] replace tab api key to secrets

---
 app/models/order.rb               | 33 ++++++++++++++++++-------------
 app/views/users/_sidebar.html.erb |  2 +-
 config/secrets.yml                |  2 ++
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/app/models/order.rb b/app/models/order.rb
index 7e359a7..29a5568 100644
--- a/app/models/order.rb
+++ b/app/models/order.rb
@@ -39,20 +39,6 @@ class Order < ActiveRecord::Base
     write_attribute(:price_cents, price_cents)
   end
 
-  def tab_api_created
-    body = { transaction: { debtor: user.uid, cents: price_cents, message: to_sentence } }
-    headers = { "Authorization" => "Token token=LNJxGqkM39O21gcJJq6BLQ==" }
-    HTTParty.post("https://zeus.ugent.be/tab/transactions", body: body, headers: headers )
-  end
-  handle_asynchronously :tab_api_created
-
-  def tab_api_cancelled
-    body = { transaction: { creditor: user.uid, cents: price_cents, message: "Order cancelled" } }
-    headers = { "Authorization" => "Token token=LNJxGqkM39O21gcJJq6BLQ==" }
-    HTTParty.post("https://zeus.ugent.be/tab/transactions", body: body, headers: headers )
-  end
-  handle_asynchronously :tab_api_cancelled
-
   def cancel
     return false if cancelled || created_at < 5.minutes.ago
 
@@ -78,4 +64,23 @@ class Order < ActiveRecord::Base
       end
     end
   end
+
+  private
+
+  def tab_api_created
+    body = { transaction: { debtor: user.uid, cents: price_cents, message: to_sentence } }
+    tab_api body
+  end
+  handle_asynchronously :tab_api_created
+
+  def tab_api_cancelled
+    body = { transaction: { creditor: user.uid, cents: price_cents, message: "Order cancelled" } }
+    tab_api body
+  end
+  handle_asynchronously :tab_api_cancelled
+
+  def tab_api body
+    headers = { "Authorization" => "Token token=#{Rails.application.secrets.tab_api_key}" }
+    HTTParty.post("https://zeus.ugent.be/tab/transactions", body: body, headers: headers )
+  end
 end
diff --git a/app/views/users/_sidebar.html.erb b/app/views/users/_sidebar.html.erb
index 4d87671..5df79ea 100644
--- a/app/views/users/_sidebar.html.erb
+++ b/app/views/users/_sidebar.html.erb
@@ -22,7 +22,7 @@
         <% if @user.dagschotel %>
           Huidige dagschotel
           <%= image_tag @user.dagschotel.avatar %>
-          <%= link_to "Change dagschotel", dit_dagschotel_user_path(@user), class: "btn btn-default btn-block" %>
+          <%= link_to "Change dagschotel", edit_dagschotel_user_path(@user), class: "btn btn-default btn-block" %>
         <% else %>
           <%= link_to "Set dagschotel", edit_dagschotel_user_path(@user), class: "btn btn-default btn-block" %>
         <% end %>
diff --git a/config/secrets.yml b/config/secrets.yml
index 96b973a..690131c 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -15,6 +15,7 @@ development:
   omniauth_client_id: tomtest
   omniauth_client_secret: blargh
   access_token: "token"
+  tab_api_key: ""
 
 test:
   secret_key_base: 961437e28e7d6055ffaad9cf1f8d614354f57f10cb2d7601c9d6ede72a03b9c9535ad9e63507e3eb31252c4895970a63117493408f2e9a46c7a0c4a5a7836b81
@@ -27,3 +28,4 @@ production:
   omniauth_client_id: ""
   omniauth_client_secret: ""
   access_token: ""
+  tab_api_key: ""