Merge pull request #59 from ZeusWPI/remove_debt

Remove debt
2015-08-31 16:47:45 +02:00 · 2015-08-31 16:47:45 +02:00 · d4dd494c54
commit d4dd494c54
parent df91936ff8 c668cc1ab9
21 changed files with 97 additions and 111 deletions
--- a/app/assets/javascripts/sessions.js.coffee
+++ b/app/assets/javascripts/sessions.js.coffee
@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
--- a/app/assets/stylesheets/profile.css.scss
+++ b/app/assets/stylesheets/profile.css.scss
@ -37,16 +37,25 @@
  cursor: pointer;
 }

-.debt {
-  padding: 12px 0;
-  text-align: center;
-  font-family: monospace;
-  font-size: 16px;
-  width: 60%;
-  margin: auto;
-  margin-top: 10px;
-  background-color: #FF7F00;
-  color: white;
+.user_info .actions {
+  a, span {
+    display: inline-block;
+    padding: 12px 0;
+    text-align: center;
+    font-family: monospace;
+    font-size: 16px;
+    width: 60%;
+    margin: auto;
+    margin-top: 10px;
+    background-color: #FF7F00;
+    color: white;
+  }
+  a {
+    background: #64a724;
+    background: -moz-linear-gradient(top, #64a724 0%, #579727 50%, #58982a 51%, #498c25 100%);
+    background: -webkit-gradient(linear, left top, left bottom, from(#64a724), to(#498c25), color-stop(0.4, #579727), color-stop(0.5, #58982a), color-stop(.9, #498c25), color-stop(0.9, #498c25));
+    filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#64a724', endColorstr='#498c25', GradientType=0 );
+  }
 }

 .stats{
--- a/app/assets/stylesheets/sessions.css.scss
+++ b/app/assets/stylesheets/sessions.css.scss
@ -0,0 +1,3 @@
+// Place all the styles related to the sessions controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,7 +1,6 @@
 class ApplicationController < ActionController::Base
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
+  check_authorization

  rescue_from CanCan::AccessDenied do |exception|
    redirect_to root_path, flash: { error: exception.message }
--- a/app/controllers/callbacks_controller.rb
+++ b/app/controllers/callbacks_controller.rb
@ -1,4 +1,6 @@
 class CallbacksController < Devise::OmniauthCallbacksController
+  skip_authorization_check
+
  def zeuswpi
    @user = User.from_omniauth(request.env["omniauth.auth"])
    sign_in_and_redirect @user
--- a/app/controllers/orders_controller.rb
+++ b/app/controllers/orders_controller.rb
@ -2,24 +2,17 @@ class OrdersController < ApplicationController
  include ActionView::Helpers::NumberHelper
  include ApplicationHelper

-  load_and_authorize_resource
+  load_resource :user
+  load_and_authorize_resource :order, through: :user, shallow: true

  def new
-    init
-    @order = @user.orders.build
-
    products = (@user.products.for_sale.select("products.*", "sum(order_items.count) as count").group(:product_id).order("count desc") | Product.for_sale)
    @order.g_order_items products
  end

  def create
-    init
-    @order = @user.orders.build order_params
-
    if @order.save
-      message = "#{@order.to_sentence} ordered. Enjoy it!"
-      flash[:success] = message
-      slack_notification(@user, message)
+      flash[:success] = "#{@order.to_sentence} ordered. Enjoy it!"
      redirect_to root_path
    else
      @order.g_order_items Product.for_sale
@ -56,25 +49,6 @@ class OrdersController < ApplicationController

  private

-    def init
-      @user = User.find(params[:user_id])
-
-      if @user.koelkast?
-        flash[:error] = "Koelkast can't order things."
-        redirect_to root_path
-      end
-
-      if @user.private && current_user != @user
-        flash[:error] = "You can't order stuff for this person."
-        redirect_to root_path
-      end
-
-      unless current_user.koelkast? || current_user.admin? || current_user == @user
-        flash[:error] = "Please don't order stuff for other people"
-        redirect_to root_path
-      end
-    end
-
    def order_params
      params.require(:order).permit(order_items_attributes: [:count, :price, product_attributes: [:id]])
    end
--- a/app/controllers/products_controller.rb
+++ b/app/controllers/products_controller.rb
@ -10,6 +10,7 @@ class ProductsController < ApplicationController
  def create
    @product = Product.new(product_params)
    if @product.save
+      flash[:success] = "Product created!"
      redirect_to products_path
    else
      render 'new'
@ -19,9 +20,8 @@ class ProductsController < ApplicationController
  def index
    @products = Product.all
    @categories = Product.categories
-    if current_user.admin?
-      render 'products_list/listview'
-    end
+
+    render 'products_list/listview' if current_user.admin?
  end

  def edit
@ -35,12 +35,6 @@ class ProductsController < ApplicationController
    respond_with @product
  end

-  def destroy
-    Product.find(params[:id]).destroy
-    flash[:success] = "Succesfully removed product"
-    redirect_to products_path
-  end
-
  def stock
    @products = Product.all
  end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -0,0 +1,3 @@
+class SessionsController < Devise::SessionsController
+  skip_authorization_check
+end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -4,19 +4,16 @@ class UsersController < ApplicationController
  def show
    @user = User.find_by_id(params[:id]) || current_user
    @orders = @user.orders
-      .active
      .order(:created_at)
      .reverse_order
      .paginate(page: params[:page])
    @products = @user.products
      .select("products.*", "sum(order_items.count) as count")
-      .where("orders.cancelled = ?", false)
      .group(:product_id)
      .order("count")
      .reverse_order
    @categories = @user.products
      .select("products.category", "sum(order_items.count) as count")
-      .where("orders.cancelled = ?", false)
      .group(:category)
  end

@ -39,14 +36,15 @@ class UsersController < ApplicationController
  end

  def destroy
-    @user = User.find(params[:id])
-    @user.destroy
+    user = User.find(params[:id])
+    user.destroy
    flash[:success] = "Succesfully removed user"
    redirect_to users_path
  end

  def edit_dagschotel
    @user = User.find(params[:user_id])
+    authorize! :update_dagschotel, @user
    @dagschotel = @user.dagschotel

    @products = Product.for_sale
@ -54,31 +52,19 @@ class UsersController < ApplicationController
  end

  def update_dagschotel
-    @user = User.find(params[:user_id])
-    @user.dagschotel = Product.find(params[:product_id])
+    user = User.find(params[:user_id])
+    authorize! :update_dagschotel, user

-    @products = Product.for_sale
-    @categories = Product.categories
-
-    if @user.save
-      flash[:success] = "Succesfully updated dagschotel"
-      redirect_to @user
-    else
-      flash[:error] = "Error updating dagschotel"
-      @dagschotel = @user.reload.dagschotel
-      render 'edit_dagschotel'
-    end
+    user.dagschotel = Product.find(params[:product_id])
+    user.save

+    flash[:success] = "Succesfully updated dagschotel"
+    redirect_to user
  end

  private

-    def init
-      @user = User.find(params[:user_id])
-      redirect_to root_path, error: "You are not authorized to access this page." unless @user == current_user || current_user.admin?
-    end
-
    def user_params
-      params.fetch(:user, {}).permit(:avatar, :private)
+      params.require(:user).permit(:avatar, :private)
    end
 end
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@ -1,4 +1,6 @@
 class WelcomeController < ApplicationController
+  skip_authorization_check
+
  def index
  end
 end
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@ -0,0 +1,2 @@
+module SessionsHelper
+end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -3,17 +3,17 @@ class Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
+
    if user.admin?
      can :manage, :all
-      can :schulden, :admins
    elsif user.koelkast?
      can :manage, Order
    elsif user[:id]
      can :read, :all
-      can :update, User
-      can :edit_dagschotel, User
-      can :update_dagschotel, User
-      can :create, Order
+      can :manage, User, id: user.id
+      can :manage, Order do |order|
+        order.try(:user) == user
+      end
    end
  end
 end
--- a/app/models/order.rb
+++ b/app/models/order.rb
@ -13,13 +13,11 @@
 class Order < ActiveRecord::Base
  include ActionView::Helpers::TextHelper

-  after_create { self.user.increment!(:debt_cents, price_cents) }
-
  belongs_to :user, counter_cache: true
  has_many :order_items, dependent: :destroy
  has_many :products, through: :order_items

-  scope :active, -> { where(cancelled: false) }
+  default_scope -> { where(cancelled: false) }

  validates :user, presence: true
  validates :order_items, presence: true, in_stock: true
@ -40,7 +38,6 @@ class Order < ActiveRecord::Base

  def cancel
    return if self.cancelled
-    user.decrement!(:debt_cents, price_cents)
    User.decrement_counter(:orders_count, user.id)
    update_attribute(:cancelled, true)
    self.order_items.each(&:cancel)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -31,7 +31,6 @@ class User < ActiveRecord::Base

  has_paper_trail
  has_attached_file :avatar, styles: { large: "150x150>", medium: "100x100>", small: "40x40>" }, default_style: :medium
-
  has_many :orders, -> { includes :products }
  has_many :products, through: :orders
  belongs_to :dagschotel, class_name: 'Product'
@ -56,12 +55,7 @@ class User < ActiveRecord::Base
  end

  def debt
-    self.debt_cents / 100.0
-  end
-
-  def debt=(value)
-    if value.is_a? String then value.sub!(',', '.') end
-    self.debt_cents = (value.to_f * 100).to_int
+    42.15
  end

  # Change URL params for User
--- a/app/views/users/show.html.erb
+++ b/app/views/users/show.html.erb
@ -1,27 +1,36 @@
 <%= render partial: 'flash' %>
 <div class="row">
  <div class="user_info">
-    <% if current_user == @user %>
+    <% if can? :edit, @user %>
      <h5>
        <%= link_to "[Edit dagschotel]" , user_edit_dagschotel_path(@user) %>
        <%= link_to "[Edit profile]" , edit_user_path(@user) %>
      </h5>
    <% end %>
    <h2><%= @user.nickname %></h2>
-    <%= button_to "PLACE ORDER!", new_user_order_path(@user), method: :get if current_user == @user %>
-    <div class="debt">DEBT: <%= euro(@user.debt) %></div>
+    <div class="actions">
+      <%= link_to "PLACE ORDER!", new_user_order_path(@user) if current_user == @user %>
+      <span>DEBT: <%= euro(@user.debt) %></span>
+    </div>
  </div>

  <% if @orders.any? %>
    <div class="stats">
      <h4>Total products</h4>
-      Total: <br/><ul><li><%= @categories.map{|c| pluralize(c.count, c.category)}.join(", ")%></li></ul>
-      <br/>
-      Specifics:<br/>
+      Total:
      <ul>
-        <%= @products.map{ |p| content_tag(:li, pluralize(p.count, p.name)) }.join("\n").html_safe %>
+        <li>
+          <%= @categories.map{|c| pluralize(c.count, c.category)}.to_sentence %>
+        </li>
      </ul>

+      Specifics:
+      <%= content_tag :ul do %>
+        <% @products.each do |p| %>
+          <%= content_tag :li, pluralize(p.count, p.name) %>
+        <% end %>
+      <% end %>
+
      <h4>All orders (<%= @user.orders_count %>)</h4>
      <table class="orders"><%= render @orders %></table>
      <%= will_paginate @orders %>
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,6 +1,7 @@
 Rails.application.routes.draw do
  devise_for :users, controllers: {
-    omniauth_callbacks: "callbacks"
+    omniauth_callbacks: "callbacks",
+    sessions: "sessions"
  }

  devise_scope :user do
@ -24,8 +25,6 @@ Rails.application.routes.draw do
    get 'dagschotel/:product_id' => 'users#update_dagschotel', as: 'dagschotel'
  end

-  resources :user_avatar
-
  resources :products do
    collection do
      get  'stock' => 'products#stock', as: 'stock'
--- a/db/migrate/20150827152754_remove_debt_from_users.rb
+++ b/db/migrate/20150827152754_remove_debt_from_users.rb
@ -0,0 +1,5 @@
+class RemoveDebtFromUsers < ActiveRecord::Migration
+  def change
+    remove_column :users, :debt, :int
+  end
+end
--- a/db/migrate/20150827155036_add_some_indexes_to_tables.rb
+++ b/db/migrate/20150827155036_add_some_indexes_to_tables.rb
@ -0,0 +1,6 @@
+class AddSomeIndexesToTables < ActiveRecord::Migration
+  def change
+    add_index :orders, :created_at
+    add_index :orders, :cancelled
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150824142843) do
+ActiveRecord::Schema.define(version: 20150827155036) do

  create_table "order_items", force: :cascade do |t|
    t.integer "order_id"
@ -27,6 +27,8 @@ ActiveRecord::Schema.define(version: 20150824142843) do
    t.boolean  "cancelled",   default: false
  end

+  add_index "orders", ["cancelled"], name: "index_orders_on_cancelled"
+  add_index "orders", ["created_at"], name: "index_orders_on_created_at"
  add_index "orders", ["user_id", "created_at"], name: "index_orders_on_user_id_and_created_at"
  add_index "orders", ["user_id"], name: "index_orders_on_user_id"

--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionsControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@ -32,16 +32,6 @@ class UserTest < ActiveSupport::TestCase
    @user = users(:benji)
  end

-  test "debt behaves correctly" do
-    assert_equal @user.debt_cents, 0
-    assert_equal @user.debt, 0
-
-    @user.debt = 1.3
-
-    assert_equal @user.debt, 1.3
-    assert_equal @user.debt_cents, 130
-  end
-
  test "to_param" do
    assert_equal @user.to_param, "#{@user.id}-benji"
  end