Fix pull request

Gemfile

@@ -59,6 +59,8 @@ gem 'momentjs-rails', '>= 2.8.1'
 gem 'bootstrap3-datetimepicker-rails', '~> 4.7.14'
 gem 'bootstrap3-datetimepicker-rails', '~> 4.7.14'
 gem 'draper', '~> 1.3'
 gem 'draper', '~> 1.3'
 gem 'rsolr'
 gem 'rsolr'
+gem 'validates_timeliness', '~> 3.0'
+gem "pundit" # verify role
 
 
 
 
 gem 'capistrano', '~> 3.1.0'
 gem 'capistrano', '~> 3.1.0'

Gemfile.lock

@@ -168,6 +168,8 @@ GEM
       coderay (~> 1.1.0)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       method_source (~> 0.8.1)
       slop (~> 3.4)
       slop (~> 3.4)
+    pundit (1.0.1)
+      activesupport (>= 3.0.0)
     quiet_assets (1.1.0)
     quiet_assets (1.1.0)
       railties (>= 3.1, < 5.0)
       railties (>= 3.1, < 5.0)
     rack (1.6.4)
     rack (1.6.4)
@@ -265,6 +267,7 @@ GEM
     thor (0.19.1)
     thor (0.19.1)
     thread_safe (0.3.5)
     thread_safe (0.3.5)
     tilt (1.4.1)
     tilt (1.4.1)
+    timeliness (0.3.7)
     turbolinks (2.5.3)
     turbolinks (2.5.3)
       coffee-rails
       coffee-rails
     turnip (1.3.1)
     turnip (1.3.1)
@@ -278,6 +281,8 @@ GEM
     vacuum (1.3.0)
     vacuum (1.3.0)
       jeff (~> 1.0)
       jeff (~> 1.0)
       multi_xml (~> 0.5.0)
       multi_xml (~> 0.5.0)
+    validates_timeliness (3.0.14)
+      timeliness (~> 0.3.6)
     warden (1.2.3)
     warden (1.2.3)
       rack (>= 1.0)
       rack (>= 1.0)
     web-console (2.2.1)
     web-console (2.2.1)
@@ -318,6 +323,7 @@ DEPENDENCIES
   momentjs-rails (>= 2.8.1)
   momentjs-rails (>= 2.8.1)
   mysql2
   mysql2
   pry
   pry
+  pundit
   quiet_assets
   quiet_assets
   rails (= 4.2.1)
   rails (= 4.2.1)
   rsolr
   rsolr
@@ -338,5 +344,6 @@ DEPENDENCIES
   turnip
   turnip
   uglifier (>= 1.3.0)
   uglifier (>= 1.3.0)
   vacuum
   vacuum
+  validates_timeliness (~> 3.0)
   web-console (~> 2.0)
   web-console (~> 2.0)
   will_paginate (~> 3.0.6)
   will_paginate (~> 3.0.6)

app/controllers/application_controller.rb

 class ApplicationController < ActionController::Base
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   # For APIs, you may want to use :null_session instead.
+  include Pundit
+  include OrderHelper
+
   protect_from_forgery with: :exception
   protect_from_forgery with: :exception
   layout :detect_layout
   layout :detect_layout
 
 
   before_action :configure_permitted_parameters, if: :devise_controller?
   before_action :configure_permitted_parameters, if: :devise_controller?
 
 
-  include OrderHelper
+  # rescue for gem pundit
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
 
   def get_categories
   def get_categories
     @categories = Category.all
     @categories = Category.all
@@ -26,4 +30,8 @@ class ApplicationController < ActionController::Base
     devise_parameter_sanitizer.for(:account_update).push(:name)
     devise_parameter_sanitizer.for(:account_update).push(:name)
   end
   end
 
 
+  def user_not_authorized
+    flash[:notice] = "You are not authorized to perform this action."
+    redirect_to(request.referrer || root_path)
+  end
 end
 end

app/controllers/categories_controller.rb

@@ -5,7 +5,7 @@ class CategoriesController < ApplicationController
 
 
   def show
   def show
     @category = Category.find(params[:id])
     @category = Category.find(params[:id])
-    @products = @category.products.paginate(:page => params[:page])
+    @products = @category.products.paginate(page: params[:page])
 
 
     add_breadcrumb @category.name
     add_breadcrumb @category.name
   end
   end

app/controllers/home_controller.rb

@@ -6,13 +6,13 @@ class HomeController < ApplicationController
   before_action :get_recommend
   before_action :get_recommend
 
 
   def index
   def index
-    @products = Product.order(release_date: :desc).paginate(:page => params[:page])
+    @products = Product.order(release_date: :desc).paginate(page: params[:page])
   end
   end
 
 
   def search
   def search
     add_breadcrumb "Search"
     add_breadcrumb "Search"
-    @solr_products = Product.search_keyword(params)
-    @products = Product.where("id IN (?)", @solr_products.map{|h| h["id"]})
+    @solr_products = Product.search_by_keyword(params)
+    @products = Product.where(id: @solr_products.map{ |h| h["id"] })
   end
   end
 
 
   def cart
   def cart

app/controllers/products_controller.rb

 class ProductsController < ApplicationController
 class ProductsController < ApplicationController
   before_action :get_categories
   before_action :get_categories
-  before_action :authenticate_user!, only: [:new, :create]
+  before_action :authenticate_user!, :only => [:new, :create]
+  after_action :verify_authorized, :only => [:new, :create]
 
 
   add_breadcrumb "Home", :root_path
   add_breadcrumb "Home", :root_path
 
 
@@ -11,13 +12,16 @@ class ProductsController < ApplicationController
   end
   end
 
 
   def new
   def new
+    authorize :product
     @product = Product.new
     @product = Product.new
   end
   end
 
 
   def create
   def create
+    authorize :product
     @product = Product.new(new_product_params)
     @product = Product.new(new_product_params)
+
     if @product.save
     if @product.save
-      redirect_to category_path(@product.category)
+      redirect_to category_path(@product.category), notice: "Product create successfully"
     else
     else
       render 'new'
       render 'new'
     end
     end

app/models/product.rb

@@ -8,30 +8,17 @@ class Product < ActiveRecord::Base
 
 
   self.per_page = ENV["default_perpage"]
   self.per_page = ENV["default_perpage"]
 
 
-  validates :pid, :title, :price, :category_id, :stock, :release_date, :public_date, presence: true
+  validates :pid, :title, :price, :image, :category_id, :stock, :release_date, :public_date, presence: true
   validates :pid, uniqueness: true
   validates :pid, uniqueness: true
+  validates :price, numericality: true
+  validates_datetime :public_date, :on_or_after => :release_date
 
 
   scope :recommend, -> { where(recommend: true) }
   scope :recommend, -> { where(recommend: true) }
 
 
   after_save :update_solr
   after_save :update_solr
   before_destroy :remove_solr
   before_destroy :remove_solr
 
 
-  # searchable do
-  #   text :pid, :title, :author, :publisher, :studio
-  #   time :release_date
-  # end
-
-  def self.search_keyword(params)
-    # where("title LIKE ?", "%#{params[:keyword]}%").order(release_date: :desc).paginate(:page => params[:page])
-
-    # params[:page] ||= 1
-    # p = Product.search do
-    #   fulltext params[:keyword]
-    #   paginate :page => params[:page], :per_page => ENV["default_perpage"]
-    #   order_by(:release_date, :desc)
-    # end
-    # p.results
-
+  def self.search_by_keyword(params)
     SolrService.search(params)
     SolrService.search(params)
   end
   end
 
 

app/policies/application_policy.rb

+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    scope.where(:id => record.id).exists?
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope
+    end
+  end
+end

app/policies/product_policy.rb

+class ProductPolicy < ApplicationPolicy
+  def new?
+    user.present?
+  end
+
+  def create?
+    user.present?
+  end
+end
\ No newline at end of file

config/initializers/validates_timeliness.rb

+ValidatesTimeliness.setup do |config|
+  # Extend ORM/ODMs for full support (:active_record, :mongoid).
+  # config.extend_orms = [ :active_record ]
+  #
+  # Default timezone
+  # config.default_timezone = :utc
+  #
+  # Set the dummy date part for a time type values.
+  # config.dummy_date_for_time_type = [ 2000, 1, 1 ]
+  #
+  # Ignore errors when restriction options are evaluated
+  # config.ignore_restriction_errors = false
+  #
+  # Re-display invalid values in date/time selects
+  # config.enable_date_time_select_extension!
+  #
+  # Handle multiparameter date/time values strictly
+  # config.enable_multiparameter_extension!
+  #
+  # Shorthand date and time symbols for restrictions
+  # config.restriction_shorthand_symbols.update(
+  #   :now   => lambda { Time.current },
+  #   :today => lambda { Date.current }
+  # )
+  #
+  # Use the plugin date/time parser which is stricter and extendable
+  # config.use_plugin_parser = false
+  #
+  # Add one or more formats making them valid. e.g. add_formats(:date, 'd(st|rd|th) of mmm, yyyy')
+  # config.parser.add_formats()
+  #
+  # Remove one or more formats making them invalid. e.g. remove_formats(:date, 'dd/mm/yyy')
+  # config.parser.remove_formats()
+  #
+  # Change the amiguous year threshold when parsing a 2 digit year
+  # config.parser.ambiguous_year_threshold =  30
+  #
+  # Treat ambiguous dates, such as 01/02/1950, as a Non-US date.
+  # config.parser.remove_us_formats
+end

config/locales/validates_timeliness.en.yml

+en:
+  errors:
+    messages:
+      invalid_date: "is not a valid date"
+      invalid_time: "is not a valid time"
+      invalid_datetime: "is not a valid datetime"
+      is_at: "must be at %{restriction}"
+      before: "must be before %{restriction}"
+      on_or_before: "must be on or before %{restriction}"
+      after: "must be after %{restriction}"
+      on_or_after: "must be on or after %{restriction}"
+  validates_timeliness:
+    error_value_formats:
+      date: '%Y-%m-%d'
+      time: '%H:%M:%S'
+      datetime: '%Y-%m-%d %H:%M:%S'