Jjh session

app/assets/javascripts/associated_users.js.coffee

@@ -18,19 +18,25 @@
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
 # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 $(document).ready ->
+  getSRId = () ->
+    $('input[name="service_request_id"]').val()
+
   $(document).on 'click', '#new-associated-user-button', ->
     $.ajax
       type: 'get'
       url: '/associated_users/new.js'
       data:
         protocol_id: $(this).data('protocol-id')
+        service_request_id: getSRId()
     return false
 
   $(document).on 'click', '.edit-associated-user-button', (event) ->
     project_role_id = $(this).data('project-role-id')
     $.ajax
       type: 'get'
       url: "/associated_users/#{project_role_id}/edit.js"
+      data:
+        service_request_id: getSRId()
       success: ->
         if $('#project_role_role').val() == 'other'
           $('.role_dependent.other').show()
@@ -57,5 +63,5 @@ $(document).ready ->
       if confirm(confirm_message)
         $.ajax
           type: 'delete'
-          url: "/associated_users/#{project_role_id}"
+          url: "/associated_users/#{project_role_id}?service_request_id=#{getSRId()}"
     return false

app/assets/javascripts/catalog.js.coffee

@@ -21,6 +21,9 @@
 #= require cart
 
 $(document).ready ->
+  getSRId = () ->
+    $('input[name="service_request_id"]').val()
+
   ### ACCORDION LOGIC ###
   $(document).on 'click', '.institution-header, .provider-header, .program-link:not(.locked-program)', ->
     if $(this).hasClass('institution-header')
@@ -34,7 +37,9 @@ $(document).ready ->
       $('.program-link').removeClass('clicked')
     $(this).addClass('clicked')
     id    = $(this).data('id')
-    data  = process_ssr_found : $(this).data('process-ssr-found') 
+    data =
+      process_ssr_found: $(this).data('process-ssr-found')
+      service_request_id: getSRId()
     $.ajax
       type: 'POST'
       data: data
@@ -64,7 +69,7 @@ $(document).ready ->
     datumTokenizer: Bloodhound.tokenizers.obj.whitespace('value'),
     queryTokenizer: Bloodhound.tokenizers.whitespace,
     remote:
-      url: '/search/services?term=%QUERY',
+      url: "/search/services?term=%QUERY&service_request_id=#{getSRId()}",
       wildcard: '%QUERY'
   )
   services_bloodhound.initialize() # Initialize the Bloodhound suggestion engine
@@ -95,13 +100,15 @@ $(document).ready ->
     $.ajax
       type: 'POST'
       url: "/service_requests/#{srid}/add_service/#{id}"
+      data:
+        service_request_id: getSRId()
   )
 
   ### CONTINUE BUTTON ###
   $(document).on 'click', '.submit-request-button', ->
     signed_in = parseInt($('#signed_in').val())
     if signed_in == 0
-      window.location.replace('/identities/sign_in')
+      window.location.href = $('#login-link').attr('href')
       return false
     else if $('#line_item_count').val() <= 0
       $('#modal_place').html($('#submit-error-modal').html())

app/assets/javascripts/dashboard/documents.js.coffee

@@ -19,12 +19,17 @@
 # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 $ ->
+  getSRId = ->
+    $("input[name='service_request_id']").val()
 
   # DOCUMENTS LISTENERS BEGIN
 
   $(document).on 'click', '#document-new', ->
     if $(this).data('permission')
-      data = 'protocol_id': $(this).data('protocol-id')
+      data =
+        protocol_id: $(this).data('protocol-id')
+        service_request_id: getSRId()
+
       $.ajax
         type: 'GET'
         url: '/dashboard/documents/new'
@@ -37,6 +42,8 @@ $ ->
       $.ajax
         type: 'GET'
         url: "/dashboard/documents/#{document_id}/edit"
+        data:
+          service_request_id: getSRId()
 
   $(document).on 'click', '.document-delete', ->
     if $(this).data('permission')
@@ -45,7 +52,7 @@ $ ->
       if confirm "Are you sure you want to delete the selected Document from this Protocol?"
         $.ajax
           type: 'DELETE'
-          url: "/dashboard/documents/#{document_id}"
+          url: "/dashboard/documents/#{document_id}?service_request_id=#{getSRId()}"
 
   $(document).on 'change', '#document_doc_type', ->
     if $(this).val() == 'other'

app/assets/javascripts/dashboard/protocols.js.coffee

@@ -24,6 +24,9 @@
 $(document).ready ->
   Sparc.protocol =
     ready: ->
+      getSRId = () ->
+        $('input[name="service_request_id"]').val()
+
       $('.service-requests-table').on 'all.bs.table', ->
         $(this).find('.selectpicker').selectpicker() #Find descendant selectpickers
 
@@ -116,6 +119,8 @@ $(document).ready ->
         $.ajax
           method: 'get'
           url: "/dashboard/protocols/#{protocol_id}/view_details"
+          data:
+            service_request_id: $("input[name='service_request_id']").val()
 
       $(document).on 'click', '.edit-protocol-information-button', ->
         if $(this).data('permission')

app/assets/javascripts/document_management.js.coffee

@@ -22,8 +22,13 @@
 #= require cart
 
 $(document).ready ->
+  getSRId = ->
+    $("input[name='service_request_id']").val()
+
   $(document).on 'click', '#document-new', ->
-    data = 'protocol_id': $(this).data('protocol-id')
+    data =
+      protocol_id: $(this).data('protocol-id')
+      service_request_id: getSRId()
     $.ajax
       type: 'GET'
       url: '/documents/new'
@@ -36,14 +41,16 @@ $(document).ready ->
     $.ajax
       type: 'GET'
       url: "/documents/#{document_id}/edit"
+      data:
+          service_request_id: getSRId()
 
   $(document).on 'click', '.document-delete', ->
     row_index   = $(this).parents('tr').data('index')
     document_id = $(this).parents('table#documents-table').bootstrapTable('getData')[row_index].id
     if confirm I18n['documents']['delete_confirm']
       $.ajax
         type: 'DELETE'
-        url: "/documents/#{document_id}"
+        url: "/documents/#{document_id}?service_request_id=#{getSRId()}"
 
   $(document).on 'change', '#document_doc_type', ->
     if $(this).val() == 'other'
@@ -62,4 +69,5 @@ $(document).ready ->
           notable_type: notable_type
           notable_id: notable_id
         in_dashboard: false
+        service_request_id: getSRId()
     return false

app/assets/javascripts/protocol.js.coffee

@@ -38,4 +38,6 @@ $(document).ready ->
     $.ajax
       type: 'get'
       url: "/protocols/#{protocol_id}/view_details"
+      data:
+        service_request_id: $("input[name='service_request_id']").val()
     return false

app/assets/javascripts/service_details.js.coffee

@@ -22,19 +22,25 @@
 #= require cart
 
 $(document).ready ->
+  getSRId = ->
+    $("input[name='service_request_id']").val()
+
   $(document).on 'click', '#new-arm-button', ->
     $.ajax
       type: 'get'
       url: '/arms/new'
       data:
         protocol_id: $(this).data('protocol-id')
+        service_request_id: getSRId()
     return false
 
   $(document).on 'click', '.edit-arm-button', ->
     arm_id = $(this).data('arm-id')
     $.ajax
       type: 'get'
       url: "/arms/#{arm_id}/edit"
+      data:
+        service_request_id: getSRId()
 
   $(document).on 'click', '#edit-arm-form-button', ->
     $(this).attr('disabled','disabled')
@@ -45,7 +51,7 @@ $(document).ready ->
       arm_id = $(this).data('arm-id')
       $.ajax
         type: 'delete'
-        url: "/arms/#{arm_id}"
+        url: "/arms/#{arm_id}?service_request_id=#{getSRId()}"
 
   $('#arms-table').on 'all.bs.table', ->
     $('.screening-info').tooltip()

app/controllers/application_controller.rb

@@ -29,7 +29,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def after_sign_in_path_for(resource)
-    stored_location_for(resource) || "/service_requests/#{session[:service_request_id]}/catalog" || root_path
+    stored_location_for(resource) || root_path
   end
 
   def set_highlighted_link  # default value, override inside controllers
@@ -88,56 +88,31 @@ def initialize_service_request
     @line_items_count = nil
     @sub_service_requests = {}
 
-    if params[:edit_original]
-      # If editing the original service request, we delete the sub
-      # service request id (remember, a sub service request is a service
-      # request that has been split out).
-      session.delete(:sub_service_request_id)
-    end
-
     if params[:controller] == 'service_requests'
-      if params[:action] == 'catalog' and params[:id].nil?
-        # Catalog is the main service requests page; this is where the
-        # service request is first created.  We will create the service
-        # request in a moment.
-        #
-        # If the "go back" button is used, then params[:id] will be
-        # non-nil, and we will not create a new service request.
-        session.delete(:service_request_id)
-        session.delete(:sub_service_request_id)
-      else
-        # For all other service request controller actions, we go ahead
-        # and set the cookie.
-        session[:service_request_id] = params[:id] if params[:id]
-        session[:sub_service_request_id] = params[:sub_service_request_id] if params[:sub_service_request_id]
-      end
-
-      if session[:service_request_id]
+      if ServiceRequest.exists?(id: params[:id])
         # If the cookie is non-nil, then lookup the service request.  If
         # the service request is not found, display an error.
-        use_existing_service_request
+        use_existing_service_request(params[:id])
         validate_existing_service_request
       elsif params[:from_portal]
         create_or_use_request_from_portal(params)
       else
         # If the cookie is nil (as with visiting the main catalog for
         # the first time), then create a new service request.
         create_new_service_request
-        session.delete(:from_portal)
       end
-    elsif params[:controller] == 'devise/sessions'
-      if session[:service_request_id]
-        use_existing_service_request
+    elsif params[:controller] == 'devise/sessions' || params[:controller] == 'identities/sessions'
+      if params[:id]
+        use_existing_service_request(params[:id])
       else
         @service_request = ServiceRequest.new(status: 'first_draft')
         @service_request.save(validate: false)
         @line_items_count = []
-        session[:service_request_id] = @service_request.id
       end
     else
       # For controllers other than the service requests controller, we
       # look up the service request, but do not display any errors.
-      use_existing_service_request
+      use_existing_service_request(params[:service_request_id] || params[:srid])
     end
   end
 
@@ -151,21 +126,17 @@ def create_or_use_request_from_portal(params)
       @line_items_count = @service_request.try(:line_items).try(:count)
       @sub_service_requests = @service_request.cart_sub_service_requests
       @sub_service_request = @service_request.sub_service_requests.last
-      session[:service_request_id] = @service_request.id
-      if @sub_service_request
-        session[:sub_service_request_id] = @sub_service_request.id
-      end
     else
       create_new_service_request(true)
     end
   end
 
   # Set @service_request, @sub_service_request, and @line_items_count from the
   # ids stored in the session.
-  def use_existing_service_request
-    @service_request = ServiceRequest.find session[:service_request_id]
-    if session[:sub_service_request_id]
-      @sub_service_request = @service_request.sub_service_requests.find session[:sub_service_request_id]
+  def use_existing_service_request(id)
+    @service_request = ServiceRequest.find(id)
+    if params[:sub_service_request_id]
+      @sub_service_request = @service_request.sub_service_requests.find params[:sub_service_request_id]
       @line_items_count = @sub_service_request.try(:line_items).try(:count)
     else
       @line_items_count = @service_request.try(:line_items).try(:count)
@@ -184,7 +155,7 @@ def validate_existing_service_request
     if @service_request.nil?
       authorization_error "The service request you are trying to access can not be found.",
                           "SR#{params[:id]}"
-    elsif session[:sub_service_request_id] and @sub_service_request.nil?
+    elsif params[:sub_service_request_id] and @sub_service_request.nil?
       authorization_error "The service request you are trying to access can not be found.",
                           "SSR#{params[:sub_service_request_id]}"
     end
@@ -206,7 +177,6 @@ def create_new_service_request(from_portal=false)
     end
 
     @service_request.save(validate: false)
-    session[:service_request_id] = @service_request.id
     redirect_to catalog_service_request_path(@service_request)
   end
 
@@ -231,10 +201,10 @@ def authorize_identity
 
     if @sub_service_request.nil?
       authorization_error "The service request you are trying to access is not editable.",
-                          "SR#{session[:service_request_id]}"
+                          "SR#{params[:id]}"
     else
       authorization_error "The service request you are trying to access is not editable.",
-                          "SSR#{session[:sub_service_request_id]}"
+                          "SSR#{params[:sub_service_request_id]}"
     end
   end
 

app/controllers/dashboard/epic_queues_controller.rb

@@ -19,7 +19,7 @@
 # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 class Dashboard::EpicQueuesController < Dashboard::BaseController
-  
+
   before_filter :get_epic_queue, only: [:destroy]
   before_filter :authorize_overlord
 

app/controllers/documents_controller.rb

@@ -67,7 +67,7 @@ def update
 
   def destroy
     DocumentRemover.new(params[:id])
-    
+
     flash.now[:success] = t(:documents)[:destroyed]
   end
 

app/controllers/identities/sessions_controller.rb

@@ -0,0 +1,35 @@
+# Copyright © 2011-2016 MUSC Foundation for Research Development
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+# 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided with the distribution.
+
+# 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products
+# derived from this software without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+# BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+class Identities::SessionsController < Devise::SessionsController
+  def new
+    # Redirect url after login.
+    @redirect_to = params[:redirect_to]
+    super
+  end
+
+  def create
+    self.resource = resource_class.new(sign_in_params)
+
+    # Pass redirect url to ApplicationController for redirect.
+    store_location_for(resource, params[:redirect_to])
+    super
+  end
+end