diff --git a/app/assets/javascripts/sessions.js.coffee b/app/assets/javascripts/sessions.js.coffee new file mode 100644 index 0000000..24f83d1 --- /dev/null +++ b/app/assets/javascripts/sessions.js.coffee @@ -0,0 +1,3 @@ +# Place all the behaviors and hooks related to the matching controller here. +# All this logic will automatically be available in application.js. +# You can use CoffeeScript in this file: http://coffeescript.org/ diff --git a/app/assets/stylesheets/profile.css.scss b/app/assets/stylesheets/profile.css.scss index 6eab87e..35f034c 100644 --- a/app/assets/stylesheets/profile.css.scss +++ b/app/assets/stylesheets/profile.css.scss @@ -37,16 +37,25 @@ cursor: pointer; } -.debt { - padding: 12px 0; - text-align: center; - font-family: monospace; - font-size: 16px; - width: 60%; - margin: auto; - margin-top: 10px; - background-color: #FF7F00; - color: white; +.user_info .actions { + a, span { + display: inline-block; + padding: 12px 0; + text-align: center; + font-family: monospace; + font-size: 16px; + width: 60%; + margin: auto; + margin-top: 10px; + background-color: #FF7F00; + color: white; + } + a { + background: #64a724; + background: -moz-linear-gradient(top, #64a724 0%, #579727 50%, #58982a 51%, #498c25 100%); + background: -webkit-gradient(linear, left top, left bottom, from(#64a724), to(#498c25), color-stop(0.4, #579727), color-stop(0.5, #58982a), color-stop(.9, #498c25), color-stop(0.9, #498c25)); + filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#64a724', endColorstr='#498c25', GradientType=0 ); + } } .stats{ diff --git a/app/assets/stylesheets/sessions.css.scss b/app/assets/stylesheets/sessions.css.scss new file mode 100644 index 0000000..7bef9cf --- /dev/null +++ b/app/assets/stylesheets/sessions.css.scss @@ -0,0 +1,3 @@ +// Place all the styles related to the sessions controller here. +// They will automatically be included in application.css. +// You can use Sass (SCSS) here: http://sass-lang.com/ diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 492f9c1..726cf50 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,6 @@ class ApplicationController < ActionController::Base - # Prevent CSRF attacks by raising an exception. - # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + check_authorization rescue_from CanCan::AccessDenied do |exception| redirect_to root_path, flash: { error: exception.message } diff --git a/app/controllers/callbacks_controller.rb b/app/controllers/callbacks_controller.rb index dcd8663..9f8b2cc 100644 --- a/app/controllers/callbacks_controller.rb +++ b/app/controllers/callbacks_controller.rb @@ -1,4 +1,6 @@ class CallbacksController < Devise::OmniauthCallbacksController + skip_authorization_check + def zeuswpi @user = User.from_omniauth(request.env["omniauth.auth"]) sign_in_and_redirect @user diff --git a/app/controllers/orders_controller.rb b/app/controllers/orders_controller.rb index 3752379..e312597 100644 --- a/app/controllers/orders_controller.rb +++ b/app/controllers/orders_controller.rb @@ -2,10 +2,11 @@ class OrdersController < ApplicationController include ActionView::Helpers::NumberHelper include ApplicationHelper - load_and_authorize_resource + load_and_authorize_resource :user + load_and_authorize_resource :order, through: :user def new - init + @user = User.find(params[:user_id]) @order = @user.orders.build products = (@user.products.for_sale.select("products.*", "sum(order_items.count) as count").group(:product_id).order("count desc") | Product.for_sale) @@ -13,13 +14,11 @@ class OrdersController < ApplicationController end def create - init + @user = User.find(params[:user_id]) @order = @user.orders.build order_params if @order.save - message = "#{@order.to_sentence} ordered. Enjoy it!" - flash[:success] = message - slack_notification(@user, message) + flash[:success] = "#{@order.to_sentence} ordered. Enjoy it!" redirect_to root_path else @order.g_order_items Product.for_sale @@ -56,25 +55,6 @@ class OrdersController < ApplicationController private - def init - @user = User.find(params[:user_id]) - - if @user.koelkast? - flash[:error] = "Koelkast can't order things." - redirect_to root_path - end - - if @user.private && current_user != @user - flash[:error] = "You can't order stuff for this person." - redirect_to root_path - end - - unless current_user.koelkast? || current_user.admin? || current_user == @user - flash[:error] = "Please don't order stuff for other people" - redirect_to root_path - end - end - def order_params params.require(:order).permit(order_items_attributes: [:count, :price, product_attributes: [:id]]) end diff --git a/app/controllers/products_controller.rb b/app/controllers/products_controller.rb index 747d3f1..4117eb2 100644 --- a/app/controllers/products_controller.rb +++ b/app/controllers/products_controller.rb @@ -10,6 +10,7 @@ class ProductsController < ApplicationController def create @product = Product.new(product_params) if @product.save + flash[:success] = "Product created!" redirect_to products_path else render 'new' @@ -19,9 +20,8 @@ class ProductsController < ApplicationController def index @products = Product.all @categories = Product.categories - if current_user.admin? - render 'products_list/listview' - end + + render 'products_list/listview' if current_user.admin? end def edit @@ -35,12 +35,6 @@ class ProductsController < ApplicationController respond_with @product end - def destroy - Product.find(params[:id]).destroy - flash[:success] = "Succesfully removed product" - redirect_to products_path - end - def stock @products = Product.all end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb new file mode 100644 index 0000000..a50a3b3 --- /dev/null +++ b/app/controllers/sessions_controller.rb @@ -0,0 +1,3 @@ +class SessionsController < Devise::SessionsController + skip_authorization_check +end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c2e9f79..31dfde0 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -4,19 +4,16 @@ class UsersController < ApplicationController def show @user = User.find_by_id(params[:id]) || current_user @orders = @user.orders - .active .order(:created_at) .reverse_order .paginate(page: params[:page]) @products = @user.products .select("products.*", "sum(order_items.count) as count") - .where("orders.cancelled = ?", false) .group(:product_id) .order("count") .reverse_order @categories = @user.products .select("products.category", "sum(order_items.count) as count") - .where("orders.cancelled = ?", false) .group(:category) end @@ -39,14 +36,15 @@ class UsersController < ApplicationController end def destroy - @user = User.find(params[:id]) - @user.destroy + user = User.find(params[:id]) + user.destroy flash[:success] = "Succesfully removed user" redirect_to users_path end def edit_dagschotel @user = User.find(params[:user_id]) + authorize! :update_dagschotel, @user @dagschotel = @user.dagschotel @products = Product.for_sale @@ -54,31 +52,19 @@ class UsersController < ApplicationController end def update_dagschotel - @user = User.find(params[:user_id]) - @user.dagschotel = Product.find(params[:product_id]) + user = User.find(params[:user_id]) + authorize! :update_dagschotel, user - @products = Product.for_sale - @categories = Product.categories - - if @user.save - flash[:success] = "Succesfully updated dagschotel" - redirect_to @user - else - flash[:error] = "Error updating dagschotel" - @dagschotel = @user.reload.dagschotel - render 'edit_dagschotel' - end + user.dagschotel = Product.find(params[:product_id]) + user.save + flash[:success] = "Succesfully updated dagschotel" + redirect_to user end private - def init - @user = User.find(params[:user_id]) - redirect_to root_path, error: "You are not authorized to access this page." unless @user == current_user || current_user.admin? - end - def user_params - params.fetch(:user, {}).permit(:avatar, :private) + params.require(:user).permit(:avatar, :private) end end diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb index f9b859b..381b748 100644 --- a/app/controllers/welcome_controller.rb +++ b/app/controllers/welcome_controller.rb @@ -1,4 +1,6 @@ class WelcomeController < ApplicationController + skip_authorization_check + def index end end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb new file mode 100644 index 0000000..309f8b2 --- /dev/null +++ b/app/helpers/sessions_helper.rb @@ -0,0 +1,2 @@ +module SessionsHelper +end diff --git a/app/models/ability.rb b/app/models/ability.rb index f0670d9..9b9e1d5 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -3,17 +3,15 @@ class Ability def initialize(user) user ||= User.new # guest user (not logged in) + if user.admin? can :manage, :all - can :schulden, :admins elsif user.koelkast? can :manage, Order elsif user[:id] can :read, :all - can :update, User - can :edit_dagschotel, User - can :update_dagschotel, User - can :create, Order + can :manage, User, id: user.id + can :manage, Order, user: user end end end diff --git a/app/models/order.rb b/app/models/order.rb index c42cc81..1baf0fd 100644 --- a/app/models/order.rb +++ b/app/models/order.rb @@ -13,13 +13,11 @@ class Order < ActiveRecord::Base include ActionView::Helpers::TextHelper - after_create { self.user.increment!(:debt_cents, price_cents) } - belongs_to :user, counter_cache: true has_many :order_items, dependent: :destroy has_many :products, through: :order_items - scope :active, -> { where(cancelled: false) } + default_scope -> { where(cancelled: false) } validates :user, presence: true validates :order_items, presence: true, in_stock: true @@ -40,7 +38,6 @@ class Order < ActiveRecord::Base def cancel return if self.cancelled - user.decrement!(:debt_cents, price_cents) User.decrement_counter(:orders_count, user.id) update_attribute(:cancelled, true) self.order_items.each(&:cancel) diff --git a/app/models/user.rb b/app/models/user.rb index 936a7d1..8160ac8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,7 +31,6 @@ class User < ActiveRecord::Base has_paper_trail has_attached_file :avatar, styles: { large: "150x150>", medium: "100x100>", small: "40x40>" }, default_style: :medium - has_many :orders, -> { includes :products } has_many :products, through: :orders belongs_to :dagschotel, class_name: 'Product' @@ -56,12 +55,7 @@ class User < ActiveRecord::Base end def debt - self.debt_cents / 100.0 - end - - def debt=(value) - if value.is_a? String then value.sub!(',', '.') end - self.debt_cents = (value.to_f * 100).to_int + 42.15 end # Change URL params for User diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index b869e1f..215d424 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -1,27 +1,36 @@ <%= render partial: 'flash' %>
- <% if current_user == @user %> + <% if can? :edit, @user %>
<%= link_to "[Edit dagschotel]" , user_edit_dagschotel_path(@user) %> <%= link_to "[Edit profile]" , edit_user_path(@user) %>
<% end %>

<%= @user.nickname %>

- <%= button_to "PLACE ORDER!", new_user_order_path(@user), method: :get if current_user == @user %> -
DEBT: <%= euro(@user.debt) %>
+
+ <%= link_to "PLACE ORDER!", new_user_order_path(@user) if current_user == @user %> + DEBT: <%= euro(@user.debt) %> +
<% if @orders.any? %>

Total products

- Total:
-
- Specifics:
+ Total: + Specifics: + <%= content_tag :ul do %> + <% @products.each do |p| %> + <%= content_tag :li, pluralize(p.count, p.name) %> + <% end %> + <% end %> +

All orders (<%= @user.orders_count %>)

<%= render @orders %>
<%= will_paginate @orders %> diff --git a/config/routes.rb b/config/routes.rb index 9fb2ba4..f6b371d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,6 +1,7 @@ Rails.application.routes.draw do devise_for :users, controllers: { - omniauth_callbacks: "callbacks" + omniauth_callbacks: "callbacks", + sessions: "sessions" } devise_scope :user do @@ -24,8 +25,6 @@ Rails.application.routes.draw do get 'dagschotel/:product_id' => 'users#update_dagschotel', as: 'dagschotel' end - resources :user_avatar - resources :products do collection do get 'stock' => 'products#stock', as: 'stock' diff --git a/db/migrate/20150827152754_remove_debt_from_users.rb b/db/migrate/20150827152754_remove_debt_from_users.rb new file mode 100644 index 0000000..51ea8b3 --- /dev/null +++ b/db/migrate/20150827152754_remove_debt_from_users.rb @@ -0,0 +1,5 @@ +class RemoveDebtFromUsers < ActiveRecord::Migration + def change + remove_column :users, :debt, :int + end +end diff --git a/db/migrate/20150827155036_add_some_indexes_to_tables.rb b/db/migrate/20150827155036_add_some_indexes_to_tables.rb new file mode 100644 index 0000000..2413a32 --- /dev/null +++ b/db/migrate/20150827155036_add_some_indexes_to_tables.rb @@ -0,0 +1,6 @@ +class AddSomeIndexesToTables < ActiveRecord::Migration + def change + add_index :orders, :created_at + add_index :orders, :cancelled + end +end diff --git a/db/schema.rb b/db/schema.rb index 2d92fa7..51da827 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150824142843) do +ActiveRecord::Schema.define(version: 20150827155036) do create_table "order_items", force: :cascade do |t| t.integer "order_id" @@ -27,6 +27,8 @@ ActiveRecord::Schema.define(version: 20150824142843) do t.boolean "cancelled", default: false end + add_index "orders", ["cancelled"], name: "index_orders_on_cancelled" + add_index "orders", ["created_at"], name: "index_orders_on_created_at" add_index "orders", ["user_id", "created_at"], name: "index_orders_on_user_id_and_created_at" add_index "orders", ["user_id"], name: "index_orders_on_user_id" diff --git a/test/controllers/sessions_controller_test.rb b/test/controllers/sessions_controller_test.rb new file mode 100644 index 0000000..d30ebc3 --- /dev/null +++ b/test/controllers/sessions_controller_test.rb @@ -0,0 +1,7 @@ +require 'test_helper' + +class SessionsControllerTest < ActionController::TestCase + # test "the truth" do + # assert true + # end +end