class OrdersController < ApplicationController include ActionView::Helpers::NumberHelper load_and_authorize_resource def new init @order = @user.orders.build # products = @user.products.select("products.*", "sum(order_items.count) as count").group(:product_id).order("count desc") # @order.g_order_items(products) @order.g_order_items Product.all end def create init @order = @user.orders.build order_params if @order.save flash[:success] = "#{@order.to_sentence} ordered. Enjoy it!" redirect_to root_path else @order.g_order_items Product.all render 'new' end end def destroy order = Order.find(params[:id]) if order.created_at > 5.minutes.ago order.cancel flash[:success] = "Order has been removed." else flash[:error] = "This order has been placed too long ago, it can't be removed. Please contact a sysadmin." end redirect_to root_path end def overview @users = User.members.order(:nickname) end def quickpay user = User.find(params[:user_id]) order = user.orders.build order.order_items << OrderItem.new(count: 1, product: user.dagschotel, order: order) if order.save flash[:success] = "Quick pay succeeded. #{view_context.link_to("Undo", [user, order], method: :delete)}." else flash[:error] = order.errors.full_messages.first end redirect_to root_path end private def init @user = User.find(params[:user_id]) if @user.koelkast? flash[:error] = "Koelkast can't order things." redirect_to root_path end unless current_user.koelkast? || current_user.admin? || current_user == @user flash[:error] = "Please don't order stuff for other people" redirect_to root_path end end def order_params params.require(:order).permit(order_items_attributes: [:count, :price, product_attributes: [:id]]) end end