lptaylor · abenetka · Jan 2, 2019 · Jan 2, 2019 · Jan 2, 2019 · Jan 2, 2019
diff --git a/app/controllers/admin/merchants_controller.rb b/app/controllers/admin/merchants_controller.rb
@@ -1,4 +1,6 @@
 class Admin::MerchantsController < ApplicationController
+  before_action :require_admin
+
   def show
     @merchant = User.merchant.find(params[:id])
   end

diff --git a/app/controllers/admin/orders_controller.rb b/app/controllers/admin/orders_controller.rb
@@ -1,4 +1,6 @@
 class Admin::OrdersController < ApplicationController
+  before_action :require_admin
+
   def index
     @orders = Order.all
   end

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
@@ -1,4 +1,5 @@
 class Admin::UsersController < ApplicationController
+  before_action :require_admin
 
   def index
     @users = User.registered_users

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
 
-  helper_method :current_user, :current_merchant, :current_admin
+  helper_method :current_user, :current_merchant, :current_admin, :guest
 
   before_action :build_cart
 
@@ -21,6 +21,42 @@ def current_admin
     end
   end
 
+  def current_registered_user?
+    current_user && current_user.registered_user?
+  end
+
+  def current_merchant?
+    current_user && current_user.merchant?
+  end
+
+  def current_admin?
+    current_user && current_user.admin?
+  end
+
+  def guest
+    current_user.nil?
+  end
+
+  def cart_access
+    current_registered_user? || guest
+  end
+
+  def require_admin
+    render file: "/public/404" unless current_admin?
+  end
+
+  def require_merchant
+    render file: "/public/404" unless current_merchant?
+  end
+
+  def require_registered_user
+    render file: "/public/404" unless current_registered_user?
+  end
+
+  def authorization
+    render './public/404.html'
+  end
+
   def build_cart
     @cart ||= Cart.new(session[:cart])
   end

diff --git a/app/controllers/carts_controller.rb b/app/controllers/carts_controller.rb
@@ -1,6 +1,7 @@
 class CartsController < ApplicationController
   include ActionView::Helpers::TextHelper
   protect_from_forgery prepend: true
+  before_action :cart_access
 
   def index
     @items = Item.where(id: @cart.contents.keys)

diff --git a/app/controllers/dashboard/items_controller.rb b/app/controllers/dashboard/items_controller.rb
@@ -1,4 +1,5 @@
 class Dashboard::ItemsController < ApplicationController
+  before_action :require_merchant
 
   def index
     current_merchant

diff --git a/app/controllers/dashboard/orders_controller.rb b/app/controllers/dashboard/orders_controller.rb
@@ -1,4 +1,6 @@
 class Dashboard::OrdersController < ApplicationController
+  before_action :require_merchant
+
   def show
     @order = Order.find(params[:id])
     @merchant = current_merchant

diff --git a/app/controllers/dashboard/users_controller.rb b/app/controllers/dashboard/users_controller.rb
@@ -1,4 +1,6 @@
 class Dashboard::UsersController < ApplicationController
+  before_action :require_merchant
+
   def show
     @pending_orders = Order.pending_orders(current_user.id)
   end

diff --git a/app/controllers/profile/orders_controller.rb b/app/controllers/profile/orders_controller.rb
@@ -1,4 +1,5 @@
 class Profile::OrdersController < ApplicationController
+  before_action :require_registered_user
 
   def index
     @orders = Order.all

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,4 +1,5 @@
 class UsersController < ApplicationController
+  before_action :require_registered_user || :require_merchant || :require_admin, only: [:show]
 
   def show
     @user = current_user