14 changed files with 168 additions and 162 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,37 +1,40 @@
-.bundle
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
-.rake_tasks*
+#
-db/*.sqlite3
+# If you find yourself ignoring temporary files generated by your text editor
-log
+# or operating system, you probably want to add a global ignore instead:
-node_modules
+#   git config --global core.excludesfile '~/.gitignore_global'
 tmp/*
 !tmp/.keep
 public/assets
 public/packs
 public/system
 public/uploads
 supplier_assets/**
 vendor/bundle
-# ignore database configuration, but SHARE OTHER CONFIG FILES
+# Ignore bundler config.
-config/database.yml
+/.bundle
-# IDEs, Developer tools
+# Ignore the default SQLite database.
-.idea
+/db/*.sqlite3
-.loadpath
+/db/*.sqlite3-*
 .project
 .sass-cache
 .rbenv-version
 .get-dump.yml
 .bash_history
 nbproject/
 .*.sw?
 *~
-coverage
+# Ignore all logfiles and tempfiles.
-tags
+/log/*
 /tmp/*
 !/log/.keep
 !/tmp/.keep
-# Capistrano etc.
+# Ignore pidfiles, but keep the directory.
-Capfile
+/tmp/pids/*
-config/deploy
+!/tmp/pids/
-config/deploy.rb
+!/tmp/pids/.keep
-Gemfile.capistrano*
+
 # Ignore uploaded files in development.
 /storage/*
 !/storage/.keep
 /public/assets
 .byebug_history
 # Ignore master key for decrypting credentials and more.
 /config/master.key
 /public/packs
 /public/packs-test
 /node_modules
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
--- a/Dockerfile.development
+++ b/Dockerfile.development
@ -12,8 +12,8 @@ USER app
 ENV BUNDLE_JOBS=4 \
  BUNDLE_PATH=/srv/app/vendor/bundle \
-  GEM_PATH=/srv/app/vendor/bundle/ruby/2.7.0:$GEM_PATH \
+  GEM_PATH=/srv/app/vendor/bundle:$GEM_PATH \
-  PATH=/srv/app/vendor/bundle/ruby/2.7.0/bin:$PATH
+  PATH=/srv/app/vendor/bundle/bin:$PATH
 EXPOSE 3000
--- a/2
+++ b/2
@ -42,5 +42,3 @@ gem 'will_paginate', '~> 3.0'
 gem 'whenever', '~> 0.9', require: false
 gem 'mysql2', '>=0.5'
 gem 'base32'
 gem "webrick", "~> 1.7" # fallback for removed puma; not included in alpine
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -230,7 +230,6 @@ GEM
      rack-proxy (>= 0.6.1)
      railties (>= 5.2)
      semantic_range (>= 2.3.0)
    webrick (1.7.0)
    websocket-driver (0.7.5)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
@ -269,7 +268,6 @@ DEPENDENCIES
  web-console (>= 4.1.0)
  webdrivers
  webpacker (~> 5.0)
  webrick (~> 1.7)
  whenever (~> 0.9)
  will_paginate (~> 3.0)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -22,14 +22,6 @@ class ApplicationController < ActionController::Base
    end
  end
  def admin_required!
    user = current_user
    if user.nil? || !user.admin?
      flash[:error] = "Not authorized!"
      redirect_to root_url
    end
  end
  def authenticate_supplier_admin!
    @supplier = Supplier.find((params[:supplier_id] || params[:id]))
    unless current_user.has_access_to?(@supplier)
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -6,14 +6,14 @@ class SessionsController < ApplicationController
  end
  def create
-    user = User.find_by(email: params[:email])
+    user = User.authenticate(params[:email], params[:password])
-    if user && user.authenticate(params[:password])
+    if user
      session[:user_id] = user.id
      flash[:notice] = "Logged in!"
      redirect_to root_url
    else
      flash.now[:error] = "Invalid email or password"
-      render :new
+      render "new"
    end
  end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,18 +1,14 @@
 class UsersController < ApplicationController
  before_action :admin_required!
  def new
    @user=User.new
  end
  def create
-    @user = User.new(user_params)
+    @user=User.new(user_params)
    if @user.save
-      flash[:notice] = "Konto wurde erfolgreich erstellt."
+      render 'show'
      redirect_to @user
    else
-      render :new
+      redirect_to new_user_path
    end
  end
@ -22,11 +18,16 @@ class UsersController < ApplicationController
  def update
    @user = User.find(params[:id])
-    if @user.update(user_params)
+    attrs = user_params
-      flash[:notice] = 'Konto wurde erfolgreich aktualisiert.'
+    respond_to do |format|
-      redirect_to @user
+      if @user.update(attrs)
-    else
+        flash[:notice] = 'Konto wurde erfolgreich aktualisiert.'
-      render :edit
+        format.html { redirect_to user_url(@user) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors.to_xml }
      end
    end
  end
@ -49,6 +50,6 @@ class UsersController < ApplicationController
  private
  def user_params
-    params.require(:user).permit(:email, :password, :password_confirmation, :admin)
+    params.require(:user).permit(:email, :password)
  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -2,43 +2,38 @@ class User < ApplicationRecord
  has_many :user_accesses, :dependent => :destroy
  has_many :suppliers, :through => :user_accesses
-  attr_reader :password
+  attr_accessor :password
  before_save :encrypt_password
-  validates :email, presence: true, uniqueness: true
+  validates_confirmation_of :password
-  validates :password, confirmation: true
+  validates_presence_of :password, :on => :create
-  validate do |user|
+  validates_presence_of :email
-    unless user.password_hash.present? && user.password_salt.present?
+  validates_uniqueness_of :email
-      user.errors.add :password, :blank
+
  def self.authenticate(email, password)
    user = find_by_email(email)
    if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
      user
    else
      nil
    end
  end
-  def self.attributes_protected_by_default
+  def encrypt_password
-    super + %w(password_hash password_salt)
+    if password.present?
      self.password_salt = BCrypt::Engine.generate_salt
      self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
    end
  end
  def has_access_to?(supplier)
-    admin? or !UserAccess.where(supplier_id: supplier.id, user_id: id).first.nil?
+    admin? or !UserAccess.first(:conditions => {:supplier_id => supplier.id, :user_id => id}).nil?
  end
  def authenticate(password_plain)
    if self.password_hash == BCrypt::Engine.hash_secret(password_plain, self.password_salt)
      self
    else
      false
    end
  end
  def password=(password_plain)
    @password = password_plain
    unless password_plain.blank?
      new_salt = BCrypt::Engine.generate_salt
      self.password_hash = BCrypt::Engine.hash_secret(password_plain, new_salt)
      self.password_salt = new_salt
    end
  end
  def admin?
    !!admin
  end
 end
--- a/app/views/users/_form.haml
+++ b/app/views/users/_form.haml
@ -2,7 +2,6 @@
  = f.input :email, required: true
  = f.input :password, required: true
  = f.input :password_confirmation, required: true
  = f.input :admin, required: true
  .form-actions
    = f.submit class: 'btn'
--- a/config/database.yml
+++ b/config/database.yml
@ -0,0 +1,25 @@
 # SQLite. Versions 3.8.0 and up are supported.
 #   gem install sqlite3
 #
 #   Ensure the SQLite 3 gem is defined in your Gemfile
 #   gem 'sqlite3'
 #
 default: &default
  adapter: sqlite3
  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
  timeout: 5000
 development:
  <<: *default
  database: db/development.sqlite3
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".
 # Do not set this db to the same as development or production.
 test:
  <<: *default
  database: db/test.sqlite3
 production:
  <<: *default
  database: db/production.sqlite3
--- a/config/database.yml.SAMPLE
+++ b/config/database.yml.SAMPLE
@ -1,9 +0,0 @@
 development:
  adapter: mysql2
  encoding: utf8
  reconnect: false
  database: development
  pool: 5
  username: root
  password: secret
  host: mysql
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1,4 +1,6 @@
 Rails.application.routes.draw do
  get 'users/new'
  get 'users/show'
  get 'log_in' => 'sessions#new', :as => :log_in
  match 'log_out' => 'sessions#destroy', :as => :log_out, :via => [:get, :post]
  resources :sessions, :only => [:new, :create, :destroy]
@ -16,4 +18,8 @@ Rails.application.routes.draw do
  end
  resources :users
  match '/:controller(/:action(/:id))', :via => [:get, :post]
  match '/users', to: 'users#index', via: 'get'
  match '/users/:id', to: 'users#show', via: 'get'
 end
--- a/db/migrate/20211219074758_index_users_by_unique_email.rb
+++ b/db/migrate/20211219074758_index_users_by_unique_email.rb
@ -1,5 +0,0 @@
 class IndexUsersByUniqueEmail < ActiveRecord::Migration[6.1]
  def change
    add_index :users, :email, unique: true
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -1,82 +1,85 @@
 # encoding: UTF-8
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# This file is the source Rails uses to define your schema when running `bin/rails
+# Note that this schema.rb definition is the authoritative source for your
-# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# database schema. If you need to create the application database on another
-# be faster and is potentially less error prone than running all of your
+# system, you should be using db:schema:load, not running all the migrations
-# migrations from scratch. Old migrations may fail to apply correctly if those
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# migrations use external dependencies or application code.
+# you'll amass, the slower it'll run and the greater likelihood for issues).
 #
-# It's strongly recommended that you check this file into your version control system.
+# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(version: 2021_12_19_074758) do
+ActiveRecord::Schema.define(:version => 20190811115732) do
-  create_table "articles", charset: "utf8", force: :cascade do |t|
+  create_table "articles", :force => true do |t|
-    t.string "name", null: false
+    t.string   "name",                                                          :null => false
-    t.integer "supplier_id", null: false
+    t.integer  "supplier_id",                                                   :null => false
-    t.string "number"
+    t.string   "number"
-    t.string "note"
+    t.string   "note"
-    t.string "manufacturer"
+    t.string   "manufacturer"
-    t.string "origin"
+    t.string   "origin"
-    t.string "unit"
+    t.string   "unit"
-    t.decimal "price", precision: 8, scale: 2, default: "0.0", null: false
+    t.decimal  "price",          :precision => 8, :scale => 2, :default => 0.0, :null => false
-    t.decimal "tax", precision: 3, scale: 1, default: "7.0", null: false
+    t.decimal  "tax",            :precision => 3, :scale => 1, :default => 7.0, :null => false
-    t.decimal "deposit", precision: 8, scale: 2, default: "0.0", null: false
+    t.decimal  "deposit",        :precision => 8, :scale => 2, :default => 0.0, :null => false
-    t.decimal "unit_quantity", precision: 4, scale: 1, default: "1.0", null: false
+    t.decimal  "unit_quantity",  :precision => 4, :scale => 1, :default => 1.0, :null => false
-    t.decimal "scale_quantity", precision: 4, scale: 2
+    t.decimal  "scale_quantity", :precision => 4, :scale => 2
-    t.decimal "scale_price", precision: 8, scale: 2
+    t.decimal  "scale_price",    :precision => 8, :scale => 2
    t.datetime "created_on"
    t.datetime "updated_on"
-    t.string "category"
+    t.string   "category"
    t.index ["name"], name: "index_articles_on_name"
    t.index ["number", "supplier_id"], name: "index_articles_on_number_and_supplier_id", unique: true
  end
-  create_table "suppliers", charset: "utf8", force: :cascade do |t|
+  add_index "articles", ["name"], :name => "index_articles_on_name"
-    t.string "name", null: false
+  add_index "articles", ["number", "supplier_id"], :name => "index_articles_on_number_and_supplier_id", :unique => true
-    t.string "address", null: false
+
-    t.string "phone", null: false
+  create_table "suppliers", :force => true do |t|
-    t.string "phone2"
+    t.string   "name",                                    :null => false
-    t.string "fax"
+    t.string   "address",                                 :null => false
-    t.string "email"
+    t.string   "phone",                                   :null => false
-    t.string "url"
+    t.string   "phone2"
-    t.string "delivery_days"
+    t.string   "fax"
-    t.string "note"
+    t.string   "email"
    t.string   "url"
    t.string   "delivery_days"
    t.string   "note"
    t.datetime "created_on"
    t.datetime "updated_on"
-    t.boolean "ftp_sync", default: false
+    t.boolean  "ftp_sync",      :default => false
-    t.string "ftp_host"
+    t.string   "ftp_host"
-    t.string "ftp_user"
+    t.string   "ftp_user"
-    t.string "ftp_password"
+    t.string   "ftp_password"
-    t.string "ftp_type", default: "bnn", null: false
+    t.string   "ftp_type",      :default => "bnn",        :null => false
-    t.string "ftp_regexp", default: "^([.]/)?PL"
+    t.string   "ftp_regexp",    :default => "^([.]/)?PL"
-    t.boolean "mail_sync"
+    t.boolean  "mail_sync"
-    t.string "mail_from"
+    t.string   "mail_from"
-    t.string "mail_subject"
+    t.string   "mail_subject"
-    t.string "mail_type"
+    t.string   "mail_type"
-    t.string "salt", null: false
+    t.string   "salt",                                    :null => false
    t.index ["name"], name: "index_suppliers_on_name", unique: true
  end
-  create_table "user_accesses", charset: "utf8", force: :cascade do |t|
+  add_index "suppliers", ["name"], :name => "index_suppliers_on_name", :unique => true
-    t.integer "user_id"
+
-    t.integer "supplier_id"
+  create_table "user_accesses", :force => true do |t|
    t.integer  "user_id"
    t.integer  "supplier_id"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.index ["supplier_id"], name: "index_user_accesses_on_supplier_id"
    t.index ["user_id", "supplier_id"], name: "index_user_accesses_on_user_id_and_supplier_id"
    t.index ["user_id"], name: "index_user_accesses_on_user_id"
  end
-  create_table "users", charset: "utf8", force: :cascade do |t|
+  add_index "user_accesses", ["supplier_id"], :name => "index_user_accesses_on_supplier_id"
-    t.string "email"
+  add_index "user_accesses", ["user_id", "supplier_id"], :name => "index_user_accesses_on_user_id_and_supplier_id"
-    t.string "password_hash"
+  add_index "user_accesses", ["user_id"], :name => "index_user_accesses_on_user_id"
-    t.string "password_salt"
+
  create_table "users", :force => true do |t|
    t.string   "email"
    t.string   "password_hash"
    t.string   "password_salt"
    t.datetime "created_at"
    t.datetime "updated_at"
-    t.boolean "admin", default: false
+    t.boolean  "admin",         :default => false
    t.index ["email"], name: "index_users_on_email", unique: true
  end
 end