Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Numerous fixes and mass assignment protection ongoing..

  • Loading branch information...
commit 0c787e64e03e6c6dc8694e733234e7801ac7d849 1 parent bdc6f7f
@glenv glenv authored
View
2  app/controllers/roles_controller.rb
@@ -16,7 +16,7 @@ def index
# GET /roles/1
# GET /roles/1.json
def show
- @title = Model.name
+ #@title = Model.name
@role = Role.find(params[:id])
respond_to do |format|
View
177 app/controllers/service_rates_controller.rb
@@ -1,88 +1,89 @@
-class ServiceRatesController < ApplicationController
- # GET /service_rates
- # GET /service_rates.xml
- def index
- @title = 'Service Rates'
- @service_rates = ServiceRate.all
-
- respond_to do |format|
- format.html # index.html.erb
- format.xml { render :xml => @service_rates }
- end
- end
-
- # GET /service_rates/1
- # GET /service_rates/1.xml
- def show
- @title = 'Service Rate Details'
- @service_rate = ServiceRate.find(params[:id])
-
- respond_to do |format|
- format.html # show.html.erb
- format.xml { render :xml => @service_rate }
- end
- end
-
- # GET /service_rates/new
- # GET /service_rates/new.xml
- def new
- @title = 'Creating New Service Rate'
- @service_rate = ServiceRate.new
-
- respond_to do |format|
- format.html # new.html.erb
- format.xml { render :xml => @service_rate }
- end
- end
-
- # GET /service_rates/1/edit
- def edit
- @title = 'Editing Service Rate'
- @service_rate = ServiceRate.find(params[:id])
- end
-
- # POST /service_rates
- # POST /service_rates.xml
- def create
- @title = 'Adding New Service Rate'
- @service_rate = ServiceRate.new(params[:service_rate])
-
- respond_to do |format|
- if @service_rate.save
- format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully created.') }
- format.xml { render :xml => @service_rate, :status => :created, :location => @service_rate }
- else
- format.html { render :action => "new" }
- format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
- end
- end
- end
-
- # PUT /service_rates/1
- # PUT /service_rates/1.xml
- def update
- @service_rate = ServiceRate.find(params[:id])
-
- respond_to do |format|
- if @service_rate.update_attributes(params[:service_rate])
- format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully updated.') }
- format.xml { head :ok }
- else
- format.html { render :action => "edit" }
- format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
- end
- end
- end
-
- # DELETE /service_rates/1
- # DELETE /service_rates/1.xml
- def destroy
- @service_rate = ServiceRate.find(params[:id])
- @service_rate.destroy
-
- respond_to do |format|
- format.html { redirect_to(service_rates_url) }
- format.xml { head :ok }
- end
- end
-end
+class ServiceRatesController < ApplicationController
+ authorize_resource
+ # GET /service_rates
+ # GET /service_rates.xml
+ def index
+ @title = 'Service Rates'
+ @service_rates = ServiceRate.all
+
+ respond_to do |format|
+ format.html # index.html.erb
+ format.xml { render :xml => @service_rates }
+ end
+ end
+
+ # GET /service_rates/1
+ # GET /service_rates/1.xml
+ def show
+ @title = 'Service Rate Details'
+ @service_rate = ServiceRate.find(params[:id])
+
+ respond_to do |format|
+ format.html # show.html.erb
+ format.xml { render :xml => @service_rate }
+ end
+ end
+
+ # GET /service_rates/new
+ # GET /service_rates/new.xml
+ def new
+ @title = 'Creating New Service Rate'
+ @service_rate = ServiceRate.new
+
+ respond_to do |format|
+ format.html # new.html.erb
+ format.xml { render :xml => @service_rate }
+ end
+ end
+
+ # GET /service_rates/1/edit
+ def edit
+ @title = 'Editing Service Rate'
+ @service_rate = ServiceRate.find(params[:id])
+ end
+
+ # POST /service_rates
+ # POST /service_rates.xml
+ def create
+ @title = 'Adding New Service Rate'
+ @service_rate = ServiceRate.new(params[:service_rate])
+
+ respond_to do |format|
+ if @service_rate.save
+ format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully created.') }
+ format.xml { render :xml => @service_rate, :status => :created, :location => @service_rate }
+ else
+ format.html { render :action => "new" }
+ format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # PUT /service_rates/1
+ # PUT /service_rates/1.xml
+ def update
+ @service_rate = ServiceRate.find(params[:id])
+
+ respond_to do |format|
+ if @service_rate.update_attributes(params[:service_rate])
+ format.html { redirect_to(@service_rate, :notice => 'Service rate was successfully updated.') }
+ format.xml { head :ok }
+ else
+ format.html { render :action => "edit" }
+ format.xml { render :xml => @service_rate.errors, :status => :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE /service_rates/1
+ # DELETE /service_rates/1.xml
+ def destroy
+ @service_rate = ServiceRate.find(params[:id])
+ @service_rate.destroy
+
+ respond_to do |format|
+ format.html { redirect_to(service_rates_url) }
+ format.xml { head :ok }
+ end
+ end
+end
View
2  app/controllers/users_controller.rb
@@ -67,6 +67,8 @@ def edit
def create
@title = t "user.t_new_user"
@user = User.new(params[:user])
+ @user.dynamic_attributes = [:client, :employee, :workorder_assignability, :role_id] if can? :manage, User
+
respond_to do |format|
if @user.save
View
21 app/controllers/work_orders_controller.rb
@@ -74,19 +74,16 @@ def edit
def create
@title = t "workorder.t_workorders"
- @work_order = WorkOrder.new(params[:work_order])
+ @work_order = WorkOrder.new
if can? :create, WorkOrder
- #if current_user.client
- # @work_order.user_id = current_user.id
- # else
- # @work_order.user_id = params[:user_id] if current_user.employee
- #end
+ @work_order.user_id = params[:user_id] if current_user.employee?
+ @work_order.user_id = current_user.id if current_user.client?
@work_order.created_at = Time.now
@work_order.status_id = 1 # Applies a status of "NEW" by default
- @work_order.closed = 1 # Work Order is not "closed" by default
+ @work_order.closed = 0 # Work Order is not "closed" by default
@work_order.created_by = current_user.username
end
-
+ @work_order.attributes = params[:work_order]
respond_to do |format|
if @work_order.save
format.html { redirect_to @work_order, notice: 'Work Order was successfully created.' }
@@ -132,10 +129,10 @@ def update
def close
@title = t "workorder.t_workorders"
@work_order = WorkOrder.find(params[:id])
- @work_order.edited_by = current_user.username
- @work_order.closed_by = current_user.username
- @work_order.dynamic_attributes = [:status_id, :resolution, :assigned_to_username, :closed] if can? :manage, WorkOrder
- invoicing_enabled = true
+ #@work_order.edited_by = current_user.username
+ #@work_order.closed_by = current_user.username
+ #@work_order.dynamic_attributes = [:status_id, :resolution, :assigned_to_username, :closed] if can? :manage, WorkOrder
+ #invoicing_enabled = true
if @work_order.assigned_to_id.blank?
redirect_to(:back)
flash[:alert] = "Work Order needs to be assigned to an Employee first before closing."
View
120 app/models/invoice.rb
@@ -1,60 +1,60 @@
-class Invoice < ActiveRecord::Base
- has_many :service_invoice_lines, :dependent => :destroy
- has_many :product_invoice_lines, :dependent => :destroy
- belongs_to :user
- belongs_to :work_order
-
- attr_accessible :service_id, :product_id, :invoice_note, :user_id, :work_order_id,
- :paid, :service_invoice_lines_attributes, :product_invoice_lines_attributes,
- :created_by, :updated_by, :due_date
-
- validates_uniqueness_of :work_order_id, :allow_blank => true
-
- accepts_nested_attributes_for :service_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:service_id].blank? }, :allow_destroy => true
- accepts_nested_attributes_for :product_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:product_id].blank? }, :allow_destroy => true
- # Update Invoice Values
- before_save :update_invoice_values
- after_save :update_invoice_values
- after_initialize :update_invoice_values
-
- # Service lines SUMs
- def srv_price_totals
- service_invoice_lines.to_a.sum(&:total_price)
- end
- def srv_tax_totals
- service_invoice_lines.to_a.sum(&:tax)
- end
-def srv_sub_totals
- service_invoice_lines.to_a.sum(&:sub_total)
-end
-
-# Product lines SUMs
-def prod_price_totals
- product_invoice_lines.to_a.sum(&:total_price)
- end
- def prod_tax_totals
- product_invoice_lines.to_a.sum(&:tax)
- end
- def prod_sub_totals
- product_invoice_lines.to_a.sum(&:sub_total)
- end
-
- def inv_price_totals
- service_invoice_lines.to_a.sum(&:total_price) + product_invoice_lines.to_a.sum(&:total_price)
- end
- def inv_tax_totals
- service_invoice_lines.to_a.sum(&:tax) + product_invoice_lines.to_a.sum(&:tax)
- end
- def inv_sub_totals
- service_invoice_lines.to_a.sum(&:sub_total) + product_invoice_lines.to_a.sum(&:sub_total)
- end
-
- # Used to update Invoice Totals on Save/Update
- def update_invoice_values
- self.sub_total = inv_sub_totals
- self.tax_total = inv_tax_totals
- self.total = inv_price_totals
- end
-
-
-end
+class Invoice < ActiveRecord::Base
+ has_many :service_invoice_lines, :dependent => :destroy
+ has_many :product_invoice_lines, :dependent => :destroy
+ belongs_to :user
+ belongs_to :work_order
+
+ attr_accessible :service_id, :product_id, :invoice_note, :user_id, :work_order_id,
+ :paid, :service_invoice_lines_attributes, :product_invoice_lines_attributes,
+ :created_by, :updated_by, :due_date, :qty, :service_id, :line_comment
+
+ validates_uniqueness_of :work_order_id, :allow_blank => true
+
+ accepts_nested_attributes_for :service_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:service_id].blank? }, :allow_destroy => true
+ accepts_nested_attributes_for :product_invoice_lines, :reject_if => lambda { |a| a[:qty].blank? || a[:product_id].blank? }, :allow_destroy => true
+ # Update Invoice Values
+ before_save :update_invoice_values
+ after_save :update_invoice_values
+ after_initialize :update_invoice_values
+
+ # Service lines SUMs
+ def srv_price_totals
+ service_invoice_lines.to_a.sum(&:total_price)
+ end
+ def srv_tax_totals
+ service_invoice_lines.to_a.sum(&:tax)
+ end
+def srv_sub_totals
+ service_invoice_lines.to_a.sum(&:sub_total)
+end
+
+# Product lines SUMs
+def prod_price_totals
+ product_invoice_lines.to_a.sum(&:total_price)
+ end
+ def prod_tax_totals
+ product_invoice_lines.to_a.sum(&:tax)
+ end
+ def prod_sub_totals
+ product_invoice_lines.to_a.sum(&:sub_total)
+ end
+
+ def inv_price_totals
+ service_invoice_lines.to_a.sum(&:total_price) + product_invoice_lines.to_a.sum(&:total_price)
+ end
+ def inv_tax_totals
+ service_invoice_lines.to_a.sum(&:tax) + product_invoice_lines.to_a.sum(&:tax)
+ end
+ def inv_sub_totals
+ service_invoice_lines.to_a.sum(&:sub_total) + product_invoice_lines.to_a.sum(&:sub_total)
+ end
+
+ # Used to update Invoice Totals on Save/Update
+ def update_invoice_values
+ self.sub_total = inv_sub_totals
+ self.tax_total = inv_tax_totals
+ self.total = inv_price_totals
+ end
+
+
+end
View
57 app/models/service_invoice_line.rb
@@ -1,29 +1,28 @@
-class ServiceInvoiceLine < ActiveRecord::Base
- belongs_to :invoice
- belongs_to :service_rate
-
- accepts_nested_attributes_for :service_rate
- validates_presence_of :service_id
- #validates_format_of :qty
-
- before_create :calculate
- before_update :calculate
-
-
-
- def calculate
- srv = ServiceRate.find(service_id)
- if srv.taxable?
- self.tax_rate = 1 / srv.tax_rate # Tax Rate as a decimal = 1 / 10 = 0.1
- self.sku = srv.sku # Now the Item(s)) Price from the Rate column
- self.description = srv.description # Now the Item(s)) Price from the Rate column
- self.price = srv.rate # Now the Item(s)) Price from the Rate column
- self.sub_total = srv.rate * self.qty #Now calculate the Rate * Line Qty
- self.tax = self.sub_total * self.tax_rate # Now Calculate the Tax Rate
- self.total_price = self.sub_total + self.tax # Now Calculate the Subtotal + Tax Rate
- end
- end
-
-
-
-end
+class ServiceInvoiceLine < ActiveRecord::Base
+ belongs_to :invoice
+ belongs_to :service_rate
+
+ attr_accessible :qty, :service_id, :line_comment
+ validates_presence_of :service_id
+
+ accepts_nested_attributes_for :service_rate
+
+ before_create :calculate
+ before_update :calculate
+
+ def calculate
+ srv = ServiceRate.find(service_id)
+ if srv.taxable?
+ self.tax_rate = 1 / srv.tax_rate # Tax Rate as a decimal = 1 / 10 = 0.1
+ self.sku = srv.sku # Now the Item(s)) Price from the Rate column
+ self.description = srv.description # Now the Item(s)) Price from the Rate column
+ self.price = srv.rate # Now the Item(s)) Price from the Rate column
+ self.sub_total = srv.rate * self.qty #Now calculate the Rate * Line Qty
+ self.tax = self.sub_total * self.tax_rate # Now Calculate the Tax Rate
+ self.total_price = self.sub_total + self.tax # Now Calculate the Subtotal + Tax Rate
+ end
+ end
+
+
+
+end
View
19 app/models/service_rate.rb
@@ -1,9 +1,10 @@
-class ServiceRate < ActiveRecord::Base
- has_many :service_invoice_lines
-
- def rate_lookup
- # mytodo - Add currency symbol if possible.....
- "[#{sku}]-#{description} - #{I18n.t 'number.currency.format.unit'}#{rate}"
- end
-
-end
+class ServiceRate < ActiveRecord::Base
+ has_many :service_invoice_lines
+
+ attr_accessible :sku, :description, :rate, :taxable, :tax_rate, :active
+
+ def rate_lookup
+ "[#{sku}]-#{description} - #{I18n.t 'number.currency.format.unit'}#{rate}"
+ end
+
+end
View
3  app/models/user.rb
@@ -24,7 +24,8 @@ class User < ActiveRecord::Base
# Mass Assignment Protection
attr_accessible :name, :address, :city, :username, :email, :phone, :state, :zip, :updated_by,
- :created_by, :password_confirmation, :mobile, :fax, :password, :edited_by, :edited_at
+ :created_by, :password_confirmation, :mobile, :fax, :password, :edited_by, :edited_at,
+ :client, :employee, :workorder_assignability, :role_id
# Validations for Users
validates_presence_of :name, :username, :email, :phone
View
26 app/views/invoices/_service_invoice_line.erb
@@ -1,13 +1,13 @@
-<div class="fields">
- <p>
- <div class="inline w70 centered_text"><%= f.number_field :qty, :size => 2 %></div>
- <div class="inline w390"><%= f.collection_select :service_id, ServiceRate.where("active = ?", true).order('description'), :id, :rate_lookup, :include_blank => true %></div>
- <div class="inline w390"><%= f.text_field :line_comment, :size => 50 %></div>
- <div class="inline w30 centered_text"><%= link_to_remove_fields f %></div>
-
- </p>
- </div>
-
-
-
-
+<div class="fields">
+ <p>
+ <div class="inline centered_text"><%= f.number_field :qty, :style => "width:50px" %></div>
+ <div class="inline w390"><%= f.collection_select :service_id, ServiceRate.where("active = ?", true).order('description'), :id, :rate_lookup, :include_blank => true %></div>
+ <div class="inline w390"><%= f.text_field :line_comment, :size => 50 %></div>
+ <div class="inline w30 centered_text"><%= link_to_remove_fields f %></div>
+
+ </p>
+ </div>
+
+
+
+
View
2  app/views/service_rates/show.html.erb
@@ -20,8 +20,6 @@
<div class="tabcontainer">
<div id="tab1" class="tabcontent">
- <p id="notice"><%= notice %></p>
-
<p>
<b>Sku:</b>
<%= @service_rate.sku %>
View
9 app/views/work_orders/close.html.erb
@@ -8,18 +8,17 @@
<%= render 'layouts/left_sidebar_modules' %>
</div>
-<div id=center_col>
+<div id="center_col">
<div id="ddtabs1" class="basictab">
<ul>
-<li><a href="#<%= t "workorder.tab_menu_resolution" %>" rel="sc2"><%= (t "workorder.tab_menu_resolution") %></a></li>
+<li><a href="#<%= t "workorder.tab_menu_resolution" %>" rel="sc1"><%= (t "workorder.tab_menu_resolution") %></a></li>
</ul>
</div>
<div class="tabcontainer">
-<div id="sc2" class="tabcontent">
-
-<% simple_form_for(@work_order) do |f| %>
+<div id="sc1" class="tabcontent">
+<%= simple_form_for @work_order do |f| %>
<%= f.input :resolution %>
<%= f.input :closed, :input_html => {:checked => true} %>
<div class="center"><%= f.button :submit, 'Close' %></div>
View
4 app/views/work_orders/show.html.erb
@@ -31,8 +31,8 @@
<label class="simple_form select required"><%= t "workorder.assigned_to" %>:</label><div class="field"><%= @work_order.assigned_to_username %> </div>
<% else %>
- <% if current_user.workorder_assignability == true %>
- <label class="simple_form select required"><%= t "workorder.assigned_to" %>:</label><%= render(:partial => "work_orders/assign") %>
+ <% if current_user.workorder_assignability %>
+ <label class="simple_form select required"><%= t "workorder.assigned_to" %>:</label><%= render :partial => "assign" %>
<% else %>
<% if @work_order.assigned_to_username.blank? %>
<label class="simple_form select required"><%= t "workorder.assigned_to" %>:</label><div class="field"><%= t("workorder.not_assigned_message") %></div>
Please sign in to comment.
Something went wrong with that request. Please try again.