class CardsController < ApplicationController load_and_authorize_resource except: :authorize before_filter :authenticate_user!, except: :authorize # GET /cards # GET /cards.json def index #@cards = Card.all #authorize! :read, @cards @cards = @cards.sort_by{|e| e[:id]} if can? :read, DoorLog then most_active_count = 0 runner_up_count = 0 @most_active_card = nil @runner_up_card = nil @cards.each do |card| card_num_R = card.card_number.to_i(16)%32767 card[:accesses_this_week] = DoorLog.where("key = ? AND data = ? AND created_at > ?", 'G', card_num_R, DateTime.now - 1.month).order("created_at DESC").group_by { |d| d.created_at.beginning_of_day }.count end @most_active_cards = @cards.sort{|a,b| b[:accesses_this_week] <=> a[:accesses_this_week]} @most_active_card = @most_active_cards[0] @runner_up_card = @most_active_cards[1] end respond_to do |format| format.html # index.html.erb format.json { render :json => @cards } end end # GET /cards/1 # GET /cards/1.json def show if can? :read, DoorLog then card_num_R = @card.card_number.to_i(16)%32767 @door_logs = DoorLog.where('key = ? AND data = ?', "G", card_num_R).order("created_at DESC") end respond_to do |format| format.html # show.html.erb format.json { render :json => @card } end end # PUT /cards/1/upload def upload #@card = Card.find(params[:id]) @upload_result = @card.upload_to_door respond_to do |format| format.html # show.html.erb format.json { render :json => @upload_result } end end # PUT /cards/upload_all def upload_all @upload_result = Card.upload_all_to_door respond_to do |format| format.html # show.html.erb format.json { render :json => @upload_result } end end # GET /cards/new # GET /cards/new.json def new #@card = Card.new respond_to do |format| format.html # new.html.erb format.json { render :json => @card } end end # GET /cards/1/edit def edit #@card = Card.find(params[:id]) end # POST /cards # POST /cards.json def create #@card = Card.new(params[:card]) respond_to do |format| if @card.save format.html { redirect_to cards_url, :notice => 'Card was successfully created.' } format.json { render :json => @card, :status => :created, :location => @card } else format.html { render :action => "new" } format.json { render :json => @card.errors, :status => :unprocessable_entity } end end end # PUT /cards/1 # PUT /cards/1.json def update #@card = Card.find(params[:id]) respond_to do |format| if @card.update_attributes(params[:card]) format.html { redirect_to cards_url, :notice => 'Card was successfully updated.' } format.json { head :no_content } else format.html { render :action => "edit" } format.json { render :json => @card.errors, :status => :unprocessable_entity } end end end def authorize # Stop unless signed in already, OR if the supplied user/pass params are good. unless current_user || check_auth(params['user'],params['pass']) @auth = "bad_user_or_pass" else # Stop unless the user can access the door system unless can? :authorize, Card @auth = "bad_user_permissions" Rails.logger.warn "----------\r\nWARNING: CARD AUTH ATTEMPT DENIED. USER #{current_user.inspect}\r\n----------" else begin @card = Card.find(:first, :conditions => ["lower(card_number) = ?", params[:id].downcase]) @auth = @card.inspect if @card && @card.user @auth = @card.user.has_certification?(params[:device]) else @auth = false end rescue @auth = false end end end if @card && @card.user username = @card.user.name else username = nil end render json: [@auth, username] end # DELETE /cards/1 # DELETE /cards/1.json def destroy #@card = Card.find(params[:id]) @card.destroy respond_to do |format| format.html { redirect_to cards_url, :notice => 'Card successfully deleted.' } format.json { head :no_content } end end end