diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 50278d71..6a5070f6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,16 +3,17 @@ class ApplicationController < ActionController::Base #before_action :check_installation protect_from_forgery with: :exception - helper_method :current_company,:current_login_employee - + helper_method :current_company,:current_login_employee,:current_user + # alias_method :current_user, :current_login_employee,:current_user #this is base api base controller to need to inherit. #all token authentication must be done here #response format must be set to JSON - # rescue_from CanCan::AccessDenied do |exception| - # flash[:warning] = exception.message - # redirect_to root_path - # end + + rescue_from CanCan::AccessDenied do |exception| + flash[:warning] = exception.message + redirect_to root_path + end def current_user @current_user ||= Employee.find_by_token_session(session[:session_token]) if session[:session_token] diff --git a/app/controllers/base_origami_controller.rb b/app/controllers/base_origami_controller.rb index b250303d..2af895da 100644 --- a/app/controllers/base_origami_controller.rb +++ b/app/controllers/base_origami_controller.rb @@ -5,5 +5,14 @@ class BaseOrigamiController < ActionController::Base #before_action :check_installation protect_from_forgery with: :exception + rescue_from CanCan::AccessDenied do |exception| + flash[:warning] = exception.message + redirect_to root_path + end + + def current_user + @current_user ||= Employee.find_by_token_session(session[:session_token]) if session[:session_token] + end + end diff --git a/app/controllers/origami/customers_controller.rb b/app/controllers/origami/customers_controller.rb index 373dc2f5..ef813e26 100644 --- a/app/controllers/origami/customers_controller.rb +++ b/app/controllers/origami/customers_controller.rb @@ -1,8 +1,6 @@ class Origami::CustomersController < BaseOrigamiController - #Form to add customer - + load_and_authorize_resource def index - - end # GET /crm/customers/1 diff --git a/app/controllers/origami/request_bills_controller.rb b/app/controllers/origami/request_bills_controller.rb index 37eef687..1bce60e6 100644 --- a/app/controllers/origami/request_bills_controller.rb +++ b/app/controllers/origami/request_bills_controller.rb @@ -1,4 +1,5 @@ class Origami::RequestBillsController < BaseOrigamiController + load_and_authorize_resource # Print Request Bill and add to sale tables def print @sale = Sale.new diff --git a/app/controllers/settings/employees_controller.rb b/app/controllers/settings/employees_controller.rb index dc7093f3..07656470 100644 --- a/app/controllers/settings/employees_controller.rb +++ b/app/controllers/settings/employees_controller.rb @@ -1,5 +1,5 @@ class Settings::EmployeesController < ApplicationController - # load_and_authorize_resource + load_and_authorize_resource before_action :set_employee, only: [:show, :edit, :update, :destroy] diff --git a/app/models/ability.rb b/app/models/ability.rb index 2b28ab61..f48220a8 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -4,20 +4,22 @@ class Ability def initialize(user) user ||= Employee.new - if user.role? :administrator + if user.role == "administrator" can :manage, :all - elsif user.role? :cashier + elsif user.role == "cashier" + can :read, Order can :update, Order - can :completed_order_item, Order can :read, Sale can :update, Sale + can :add_customer, Customer + can :update_sale_by_customer, Customer - elsif user.role? :accountant + elsif user.role == "accountant" can :read, Order can :update, Order @@ -28,6 +30,5 @@ class Ability can :manual_complete_sale, Sale end - end -end \ No newline at end of file +end