Permalink
Browse files

Numerous fixes and mass assignment protection ongoing..

  • Loading branch information...
glenv committed May 1, 2012
1 parent bdc6f7f commit 0c787e64e03e6c6dc8694e733234e7801ac7d849
@@ -16,7 +16,7 @@ def index
# GET /roles/1
# GET /roles/1.json
def show
- @title = Model.name
+ #@title = Model.name
@role = Role.find(params[:id])
respond_to do |format|
@@ -1,88 +1,89 @@
-class ServiceRatesController < ApplicationController
- # GET /service_rates
- # GET /service_rates.xml
- def index
- @title = 'Service Rates'
- @service_rates = ServiceRate.all
-
- respond_to do |format|
- format.html # index.html.erb
- format.xml { render :xml => @service_rates }
- end
- end
-
- # GET /service_rates/1
- # GET /service_rates/1.xml
- def show
- @title = 'Service Rate Details'
- @service_rate = ServiceRate.find(params[:id])
-
- respond_to do |format|
- format.html # show.html.erb
- format.xml { render :xml => @service_rate }
- end
- end
-
- # GET /service_rates/new
- # GET /service_rates/new.xml
- def new
- @title = 'Creating New Service Rate'
- @service_rate = ServiceRate.new
-
- respond_to do |format|
- format.html # new.html.erb
- format.xml { render :xml => @service_rate }
- end
- end
-
- # GET /service_rates/1/edit
- def edit
- @title = 'Editing Service Rate'
- @service_rate = ServiceRate.find(params[:id])
- end
-
- # POST /service_rates
- # POST /service_rates.xml
- def create
- @title = 'Adding New Service Rate'
- @service_rate = ServiceRate.new(params[:service_rate])
-
- respond_to do |format|
- if @service_rate.save
- format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully created.') }
- format.xml { render :xml => @service_rate, :status => :created, :location => @service_rate }
- else
- format.html { render :action => "new" }
- format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
- end
- end
- end
-
- # PUT /service_rates/1
- # PUT /service_rates/1.xml
- def update
- @service_rate = ServiceRate.find(params[:id])
-
- respond_to do |format|
- if @service_rate.update_attributes(params[:service_rate])
- format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully updated.') }
- format.xml { head :ok }
- else
- format.html { render :action => "edit" }
- format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
- end
- end
- end
-
- # DELETE /service_rates/1
- # DELETE /service_rates/1.xml
- def destroy
- @service_rate = ServiceRate.find(params[:id])
- @service_rate.destroy
-
- respond_to do |format|
- format.html { redirect_to(service_rates_url) }
- format.xml { head :ok }
- end
- end
-end
+class ServiceRatesController < ApplicationController
+ authorize_resource
+ # GET /service_rates
+ # GET /service_rates.xml
+ def index
+ @title = 'Service Rates'
+ @service_rates = ServiceRate.all
+
+ respond_to do |format|
+ format.html # index.html.erb
+ format.xml { render :xml => @service_rates }
+ end
+ end
+
+ # GET /service_rates/1
+ # GET /service_rates/1.xml
+ def show
+ @title = 'Service Rate Details'
+ @service_rate = ServiceRate.find(params[:id])
+
+ respond_to do |format|
+ format.html # show.html.erb
+ format.xml { render :xml => @service_rate }
+ end
+ end
+
+ # GET /service_rates/new
+ # GET /service_rates/new.xml
+ def new
+ @title = 'Creating New Service Rate'
+ @service_rate = ServiceRate.new
+
+ respond_to do |format|
+ format.html # new.html.erb
+ format.xml { render :xml => @service_rate }
+ end
+ end
+
+ # GET /service_rates/1/edit
+ def edit
+ @title = 'Editing Service Rate'
+ @service_rate = ServiceRate.find(params[:id])
+ end
+
+ # POST /service_rates
+ # POST /service_rates.xml
+ def create
+ @title = 'Adding New Service Rate'
+ @service_rate = ServiceRate.new(params[:service_rate])
+
+ respond_to do |format|
+ if @service_rate.save
+ format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully created.') }
+ format.xml { render :xml => @service_rate, :status => :created, :location => @service_rate }
+ else
+ format.html { render :action => "new" }
+ format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # PUT /service_rates/1
+ # PUT /service_rates/1.xml
+ def update
+ @service_rate = ServiceRate.find(params[:id])
+
+ respond_to do |format|
+ if @service_rate.update_attributes(params[:service_rate])
+ format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully updated.') }
+ format.xml { head :ok }
+ else
+ format.html { render :action => "edit" }
+ format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE /service_rates/1
+ # DELETE /service_rates/1.xml
+ def destroy
+ @service_rate = ServiceRate.find(params[:id])
+ @service_rate.destroy
+
+ respond_to do |format|
+ format.html { redirect_to(service_rates_url) }
+ format.xml { head :ok }
+ end
+ end
+end
@@ -67,6 +67,8 @@ def edit
def create
@title = t "user.t_new_user"
@user = User.new(params[:user])
+ @user.dynamic_attributes = [:client, :employee, :workorder_assignability, :role_id] if can? :manage, User
+
respond_to do |format|
if @user.save
@@ -74,19 +74,16 @@ def edit
def create
@title = t "workorder.t_workorders"
- @work_order = WorkOrder.new(params[:work_order])
+ @work_order = WorkOrder.new
if can? :create, WorkOrder
- #if current_user.client
- # @work_order.user_id = current_user.id
- # else
- # @work_order.user_id = params[:user_id] if current_user.employee
- #end
+ @work_order.user_id = params[:user_id] if current_user.employee?
+ @work_order.user_id = current_user.id if current_user.client?
@work_order.created_at = Time.now
@work_order.status_id = 1 # Applies a status of "NEW" by default
- @work_order.closed = 1 # Work Order is not "closed" by default
+ @work_order.closed = 0 # Work Order is not "closed" by default
@work_order.created_by = current_user.username
end
-
+ @work_order.attributes = params[:work_order]
respond_to do |format|
if @work_order.save
format.html { redirect_to @work_order, notice: 'Work Order was successfully created.' }
@@ -132,10 +129,10 @@ def update
def close
@title = t "workorder.t_workorders"
@work_order = WorkOrder.find(params[:id])
- @work_order.edited_by = current_user.username
- @work_order.closed_by = current_user.username
- @work_order.dynamic_attributes = [:status_id, :resolution, :assigned_to_username, :closed] if can? :manage, WorkOrder
- invoicing_enabled = true
+ #@work_order.edited_by = current_user.username
+ #@work_order.closed_by = current_user.username
+ #@work_order.dynamic_attributes = [:status_id, :resolution, :assigned_to_username, :closed] if can? :manage, WorkOrder
+ #invoicing_enabled = true
if @work_order.assigned_to_id.blank?
redirect_to(:back)
flash[:alert] = "Work Order needs to be assigned to an Employee first before closing."
View
@@ -1,60 +1,60 @@
-class Invoice < ActiveRecord::Base
- has_many :service_invoice_lines, :dependent => :destroy
- has_many :product_invoice_lines, :dependent => :destroy
- belongs_to :user
- belongs_to :work_order
-
- attr_accessible :service_id, :product_id, :invoice_note, :user_id, :work_order_id,
- :paid, :service_invoice_lines_attributes, :product_invoice_lines_attributes,
- :created_by, :updated_by, :due_date
-
- validates_uniqueness_of :work_order_id, :allow_blank => true
-
- accepts_nested_attributes_for :service_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:service_id].blank? }, :allow_destroy => true
- accepts_nested_attributes_for :product_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:product_id].blank? }, :allow_destroy => true
- # Update Invoice Values
- before_save :update_invoice_values
- after_save :update_invoice_values
- after_initialize :update_invoice_values
-
- # Service lines SUMs
- def srv_price_totals
- service_invoice_lines.to_a.sum(&:total_price)
- end
- def srv_tax_totals
- service_invoice_lines.to_a.sum(&:tax)
- end
-def srv_sub_totals
- service_invoice_lines.to_a.sum(&:sub_total)
-end
-
-# Product lines SUMs
-def prod_price_totals
- product_invoice_lines.to_a.sum(&:total_price)
- end
- def prod_tax_totals
- product_invoice_lines.to_a.sum(&:tax)
- end
- def prod_sub_totals
- product_invoice_lines.to_a.sum(&:sub_total)
- end
-
- def inv_price_totals
- service_invoice_lines.to_a.sum(&:total_price) + product_invoice_lines.to_a.sum(&:total_price)
- end
- def inv_tax_totals
- service_invoice_lines.to_a.sum(&:tax) + product_invoice_lines.to_a.sum(&:tax)
- end
- def inv_sub_totals
- service_invoice_lines.to_a.sum(&:sub_total) + product_invoice_lines.to_a.sum(&:sub_total)
- end
-
- # Used to update Invoice Totals on Save/Update
- def update_invoice_values
- self.sub_total = inv_sub_totals
- self.tax_total = inv_tax_totals
- self.total = inv_price_totals
- end
-
-
-end
+class Invoice < ActiveRecord::Base
+ has_many :service_invoice_lines, :dependent => :destroy
+ has_many :product_invoice_lines, :dependent => :destroy
+ belongs_to :user
+ belongs_to :work_order
+
+ attr_accessible :service_id, :product_id, :invoice_note, :user_id, :work_order_id,
+ :paid, :service_invoice_lines_attributes, :product_invoice_lines_attributes,
+ :created_by, :updated_by, :due_date, :qty, :service_id, :line_comment
+
+ validates_uniqueness_of :work_order_id, :allow_blank => true
+
+ accepts_nested_attributes_for :service_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:service_id].blank? }, :allow_destroy => true
+ accepts_nested_attributes_for :product_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:product_id].blank? }, :allow_destroy => true
+ # Update Invoice Values
+ before_save :update_invoice_values
+ after_save :update_invoice_values
+ after_initialize :update_invoice_values
+
+ # Service lines SUMs
+ def srv_price_totals
+ service_invoice_lines.to_a.sum(&:total_price)
+ end
+ def srv_tax_totals
+ service_invoice_lines.to_a.sum(&:tax)
+ end
+def srv_sub_totals
+ service_invoice_lines.to_a.sum(&:sub_total)
+end
+
+# Product lines SUMs
+def prod_price_totals
+ product_invoice_lines.to_a.sum(&:total_price)
+ end
+ def prod_tax_totals
+ product_invoice_lines.to_a.sum(&:tax)
+ end
+ def prod_sub_totals
+ product_invoice_lines.to_a.sum(&:sub_total)
+ end
+
+ def inv_price_totals
+ service_invoice_lines.to_a.sum(&:total_price) + product_invoice_lines.to_a.sum(&:total_price)
+ end
+ def inv_tax_totals
+ service_invoice_lines.to_a.sum(&:tax) + product_invoice_lines.to_a.sum(&:tax)
+ end
+ def inv_sub_totals
+ service_invoice_lines.to_a.sum(&:sub_total) + product_invoice_lines.to_a.sum(&:sub_total)
+ end
+
+ # Used to update Invoice Totals on Save/Update
+ def update_invoice_values
+ self.sub_total = inv_sub_totals
+ self.tax_total = inv_tax_totals
+ self.total = inv_price_totals
+ end
+
+
+end
Oops, something went wrong.

0 comments on commit 0c787e6

Please sign in to comment.