From f325026bfb679f9cb269500af9502aa4bc654f1b Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Tue, 29 Oct 2013 14:23:17 +0100
Subject: [PATCH 1/7] Create register view in dashboard, change API route for
 my profile

---
 config/routes.js                              |  2 +-
 dashboard/app/index.html                      |  1 +
 dashboard/app/scripts/app.js                  | 25 +++++-----
 dashboard/app/scripts/controllers/auth.js     |  3 +-
 dashboard/app/scripts/controllers/register.js | 15 ++++++
 dashboard/app/scripts/services/Auth.js        | 15 ++++++
 dashboard/app/scripts/services/Users.js       |  1 +
 dashboard/app/views/auth.html                 | 17 +++++--
 dashboard/app/views/profile.html              |  8 ---
 dashboard/app/views/register.html             | 49 +++++++++++++++++++
 dashboard/test/spec/controllers/register.js   | 22 +++++++++
 11 files changed, 132 insertions(+), 26 deletions(-)
 create mode 100644 dashboard/app/scripts/controllers/register.js
 create mode 100644 dashboard/app/views/register.html
 create mode 100644 dashboard/test/spec/controllers/register.js

diff --git a/config/routes.js b/config/routes.js
index b58c1dd..a25b656 100644
--- a/config/routes.js
+++ b/config/routes.js
@@ -26,7 +26,7 @@ module.exports = function(app, auth) {
   // users
   var users = require('../routes/users');
   app.get('/users', users.hasAuthorization, users.isAdmin, users.query);
-  app.post('/users', users.hasAuthorization, users.isAdmin, users.create, emails.registerUser);
+  app.post('/users', users.create, emails.registerUser);
   app.get('/users/me', users.hasAuthorization, users.me);
   app.get('/users/:userId', users.hasAuthorization, users.isAdmin, users.get);
   app.put('/users/:userId', users.hasAuthorization, users.isAdmin, users.update);
diff --git a/dashboard/app/index.html b/dashboard/app/index.html
index ef0a7c0..c689c45 100644
--- a/dashboard/app/index.html
+++ b/dashboard/app/index.html
@@ -112,6 +112,7 @@ <h4 ng-hide="user.name">
         <script src="scripts/services/Users.js"></script>
         <script src="scripts/controllers/books/bookId.js"></script>
         <script src="scripts/controllers/rents/rentId.js"></script>
+        <script src="scripts/controllers/register.js"></script>
         <!-- endbuild -->
 </body>
 </html>
diff --git a/dashboard/app/scripts/app.js b/dashboard/app/scripts/app.js
index 3f05431..b14efd7 100644
--- a/dashboard/app/scripts/app.js
+++ b/dashboard/app/scripts/app.js
@@ -13,7 +13,7 @@ angular.module('dashboardApp', ['ngRoute', 'ngResource'])
         resolve: {
           user: function($q, $route, Users, Auth){
             var deferred = $q.defer();
-            Users.get({'userId': Auth.getUser().userId},
+            Users.me({'userId': 'me'},
               function(user){
                 console.log(user);
                 deferred.resolve(user);
@@ -131,6 +131,10 @@ angular.module('dashboardApp', ['ngRoute', 'ngResource'])
           }
         }
       })
+      .when('/register', {
+        templateUrl: 'views/register.html',
+        controller: 'RegisterCtrl'
+      })
       .otherwise({
         redirectTo: '/'
       });
@@ -153,15 +157,14 @@ angular.module('dashboardApp', ['ngRoute', 'ngResource'])
     $rootScope.$on('$routeChangeStart', function(event, next, current) {
       console.log(next.templateUrl);
       console.log(Auth.isLoggedIn());
-      // if ( !Auth.isLoggedIn() ) {
-      //   if ( next.templateUrl !== 'views/auth.html' ) {
-      //     $location.path( '/auth' );
-      //   }
-      // }
-      // else {
-      //   if ( next.templateUrl === 'views/auth.html' ) {
-      //     $location.path( '/' );
-      //   }
-      // }
+      if ( Auth.isLoggedIn() ) {
+        if ( next.templateUrl === 'views/auth.html' ) {
+          $location.path( '/' );
+        }
+
+        if ( next.templateUrl === 'views/register.html' ) {
+          $location.path( '/' );
+        }
+      }
     });
   });
diff --git a/dashboard/app/scripts/controllers/auth.js b/dashboard/app/scripts/controllers/auth.js
index 830b296..a715677 100644
--- a/dashboard/app/scripts/controllers/auth.js
+++ b/dashboard/app/scripts/controllers/auth.js
@@ -2,13 +2,14 @@
 
 angular.module('dashboardApp')
 .controller('AuthCtrl', function ($scope, Auth, $location) {
+
   $scope.auth = function(user) {
     Auth.login(user).then(function(user){
       console.log(user);
       $location.path('/');
     },
     function(){
-      $scope.error = true;
+      $scope.error = 'Nepodarilo sa prihlásiť';
     });
   };
 });
diff --git a/dashboard/app/scripts/controllers/register.js b/dashboard/app/scripts/controllers/register.js
new file mode 100644
index 0000000..d44c944
--- /dev/null
+++ b/dashboard/app/scripts/controllers/register.js
@@ -0,0 +1,15 @@
+'use strict';
+
+angular.module('dashboardApp')
+.controller('RegisterCtrl', function ($scope, Auth, $location) {
+
+  $scope.auth = function(user) {
+    Auth.register(user).then(function(user){
+      console.log(user);
+      $location.path('/');
+    },
+    function(){
+      $scope.error = 'Nepodarilo sa zaregistrovať';
+    });
+  };
+});
diff --git a/dashboard/app/scripts/services/Auth.js b/dashboard/app/scripts/services/Auth.js
index ac1b7cf..1f335f8 100644
--- a/dashboard/app/scripts/services/Auth.js
+++ b/dashboard/app/scripts/services/Auth.js
@@ -21,6 +21,21 @@ angular.module('dashboardApp')
 
       return deferred.promise;
     },
+    register: function (user) {
+      var deferred = $q.defer();
+
+      $http.post((window.host || '') + '/users', user)
+        .success(function(res){
+          $rootScope.user = res;
+          localStorage.setItem(STORAGE_ID, JSON.stringify(res));
+          deferred.resolve(res);
+        })
+        .error(function(){
+          deferred.reject();
+        });
+
+      return deferred.promise;
+    },
     getCradentials: function() {
       return {
         'userId': $rootScope.user.userId,
diff --git a/dashboard/app/scripts/services/Users.js b/dashboard/app/scripts/services/Users.js
index 7028d47..b94641f 100644
--- a/dashboard/app/scripts/services/Users.js
+++ b/dashboard/app/scripts/services/Users.js
@@ -4,6 +4,7 @@ angular.module('dashboardApp')
 .factory('Users', function ($resource, Auth) {
   return $resource((window.host || '') + '/users/:userId', { userId: '@userId' }, {
     'get' : { method: 'GET', params: { }, headers: Auth.getCradentials() },
+    'me' : { method: 'GET', params: { }, headers: Auth.getCradentials() },
     'create' : { method: 'POST', params: { }, headers: Auth.getCradentials() },
     'update'  : { method: 'PUT', params: { }, headers: Auth.getCradentials() },
     'setPassword'  : { method: 'PUT', params: { }, headers: Auth.getCradentials() },
diff --git a/dashboard/app/views/auth.html b/dashboard/app/views/auth.html
index b19d89b..3494584 100644
--- a/dashboard/app/views/auth.html
+++ b/dashboard/app/views/auth.html
@@ -1,27 +1,34 @@
 <div>
-  <form class="form-horizontal" ng-submit="auth(user)" name="authForm" style="max-width: 500px; margin: 50px auto;">
+  <form class="form-horizontal" ng-submit="auth(login)" name="authForm" style="max-width: 500px; margin: 50px auto;">
     <h3 class="text-center">Prihlásenie</h3>
 
-    <p ng-show="error" class="alert alert-error">Nepodarilo sa prihlásiť</p>
+    <p ng-show="error" class="alert alert-error">{{error}}</p>
 
     <div class="control-group">
     <label class="control-label" for="inputEmail">Email</label>
     <div class="controls">
-    <input type="email" ng-model="user.email" id="inputEmail" class="input-field" required placeholder="admin@spolocenstvounited.sk">
+    <input type="email" ng-model="login.email" id="inputEmail" class="input-field" required placeholder="admin@spolocenstvounited.sk">
     </div>
     </div>
 
     <div class="control-group">
     <label class="control-label" for="inputPassword">Heslo</label>
     <div class="controls">
-    <input type="password" ng-model="user.password" id="inputPassword" class="input-field" required placeholder="******">
+    <input type="password" ng-model="login.password" id="inputPassword" class="input-field" required placeholder="******">
     </div>
     </div>
 
     <div class="control-group">
     <div class="controls">
-    <button type="submit" class="btn btn-success"><i class="icon-sign-in"></i> Prihlásiť sa</button>
+    <button type="submit" class="btn btn-success"><i class="icon-signin"></i> Prihlásiť sa</button>
     </div>
     </div>
+
+    <div class="control-group">
+    <div class="controls">
+    <p><a href="#/register">Zaregistrovať sa</a></p>
+    </div>
+    </div>
+
   </form>
 </div>
diff --git a/dashboard/app/views/profile.html b/dashboard/app/views/profile.html
index d52a836..09856c9 100644
--- a/dashboard/app/views/profile.html
+++ b/dashboard/app/views/profile.html
@@ -40,14 +40,6 @@ <h5 class="text-center" style="margin-top: 40px;">Zmena údajov:</h5>
     </div>
     </div>
 
-    <div class="control-group">
-    <div class="controls">
-    <label class="checkbox">
-      <input type="checkbox" ng-model="user.admin"> Admin
-    </label>
-    </div>
-    </div>
-
     <div class="control-group">
     <div class="controls">
     <button type="submit" class="btn btn-success"><i class="icon-upload"></i> Aktualizovať</button>
diff --git a/dashboard/app/views/register.html b/dashboard/app/views/register.html
new file mode 100644
index 0000000..df45428
--- /dev/null
+++ b/dashboard/app/views/register.html
@@ -0,0 +1,49 @@
+<div>
+  <form class="form-horizontal" ng-submit="auth(register)" name="authForm" style="max-width: 500px; margin: 50px auto;">
+    <h3 class="text-center">Registrácia</h3>
+
+    <p ng-show="error" class="alert alert-error">{{error}}</p>
+
+    <div class="control-group">
+    <label class="control-label" for="inputEmail">Email</label>
+    <div class="controls">
+    <input type="email" ng-model="register.email" id="inputEmail" class="input-field" required placeholder="admin@spolocenstvounited.sk">
+    </div>
+    </div>
+
+    <div class="control-group">
+    <label class="control-label" for="inputName">Meno</label>
+    <div class="controls">
+    <input type="text" ng-model="register.name" id="inputName" class="input-field" required placeholder="Spolocenstvo united">
+    </div>
+    </div>
+
+    <div class="control-group">
+    <label class="control-label" for="inputPhone">Tel. Číslo</label>
+    <div class="controls">
+    <input type="tel" ng-model="register.phone" id="inputPhone" class="input-field" required placeholder="+421 900 123 456">
+    </div>
+    </div>
+
+    <div class="control-group">
+    <label class="control-label" for="inputPassword">Heslo</label>
+    <div class="controls">
+    <input type="password" ng-model="register.password" id="inputPassword" class="input-field" required placeholder="******">
+    </div>
+    </div>
+
+    <div class="control-group">
+    <div class="controls">
+    <button type="submit" class="btn btn-success"><i class="icon-signin"></i> Zaregistrovať sa</button>
+    </div>
+    </div>
+
+    <div class="control-group">
+    <div class="controls">
+    <p><a href="#/auth">Prihlásiť sa</a></p>
+    </div>
+    </div>
+
+
+  </form>
+</div>
diff --git a/dashboard/test/spec/controllers/register.js b/dashboard/test/spec/controllers/register.js
new file mode 100644
index 0000000..7ab2391
--- /dev/null
+++ b/dashboard/test/spec/controllers/register.js
@@ -0,0 +1,22 @@
+'use strict';
+
+describe('Controller: RegisterCtrl', function () {
+
+  // load the controller's module
+  beforeEach(module('dashboardApp'));
+
+  var RegisterCtrl,
+    scope;
+
+  // Initialize the controller and a mock scope
+  beforeEach(inject(function ($controller, $rootScope) {
+    scope = $rootScope.$new();
+    RegisterCtrl = $controller('RegisterCtrl', {
+      $scope: scope
+    });
+  }));
+
+  it('should attach a list of awesomeThings to the scope', function () {
+    expect(scope.awesomeThings.length).toBe(3);
+  });
+});

From cccb20776f1306904f3474cc8c0a6c1344e32ac7 Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Fri, 1 Nov 2013 19:59:04 +0100
Subject: [PATCH 2/7] Reserve book

---
 config/routes.js                              |  4 +++-
 .../app/scripts/controllers/books/bookId.js   | 14 +++++++++++++-
 dashboard/app/scripts/services/Books.js       |  2 +-
 dashboard/app/scripts/services/Rents.js       |  1 +
 dashboard/app/views/books/bookId.html         |  3 ++-
 lib/email.js                                  | 19 +++++++++++++++++++
 models/Rent.js                                |  7 ++++---
 routes/emails.js                              |  9 +++++++++
 routes/rents.js                               | 12 ++++++++++--
 9 files changed, 62 insertions(+), 9 deletions(-)

diff --git a/config/routes.js b/config/routes.js
index a25b656..d68b0fc 100644
--- a/config/routes.js
+++ b/config/routes.js
@@ -53,7 +53,9 @@ module.exports = function(app, auth) {
   app.get('/rents', users.hasAuthorization, users.isAdmin, rents.query);
   app.get('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.get);
   app.post('/rents', users.hasAuthorization, users.isAdmin, rents.create, emails.rentBook);
-  app.put('/rents/:rentId/', users.hasAuthorization, users.isAdmin, rents.update);
+  app.post('/rents/reserveBook', users.hasAuthorization,rents.reserveBook, emails.reserveBook);
+  app.post('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.create, emails.rentBook);
+  app.put('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.update);
   app.del('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.remove);
   app.post('/rents/:rentId/returnBook', users.hasAuthorization, users.isAdmin, rents.returnBook, emails.returnBook);
   
diff --git a/dashboard/app/scripts/controllers/books/bookId.js b/dashboard/app/scripts/controllers/books/bookId.js
index 17a54ba..7c59809 100644
--- a/dashboard/app/scripts/controllers/books/bookId.js
+++ b/dashboard/app/scripts/controllers/books/bookId.js
@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('dashboardApp')
-.controller('BooksBookidCtrl', function ($scope, Rents, $routeParams, $location, book) {
+.controller('BooksBookidCtrl', function ($scope, Rents, $routeParams, $location, book, Auth) {
   $scope.book = book;
 
   $scope.returnBook = function(bookCopy) {
@@ -11,4 +11,16 @@ angular.module('dashboardApp')
     });
   };
 
+  $scope.reserveBook = function() {
+    console.log($routeParams);
+    console.log(Auth.getUser());
+    var payload = {
+      'bookId': $routeParams.bookId,
+      'userId': Auth.getUser().userId
+    };
+    Rents.reserveBook(payload, function(){
+      $location.path('/rents');
+    });
+  };
+
 });
diff --git a/dashboard/app/scripts/services/Books.js b/dashboard/app/scripts/services/Books.js
index 030b0d3..9a5f7b6 100644
--- a/dashboard/app/scripts/services/Books.js
+++ b/dashboard/app/scripts/services/Books.js
@@ -6,6 +6,6 @@ angular.module('dashboardApp')
     'query'   : { method: 'GET', params: { }, headers: Auth.getCradentials(), isArray: true },
     'topRented': { method: 'GET', params: { 'action': 'topRented' }, headers: Auth.getCradentials(), isArray: true },
     'get'   : { method: 'GET', params: { bookId: '@bookId' }, headers: Auth.getCradentials() },
-    'rent'    : { method: 'POST', params: { bookId: '@bookId', 'action': 'rent'}, headers: Auth.getCradentials() },
+    'rent': { method: 'POST', params: { bookId: '@bookId', 'action': 'rent'}, headers: Auth.getCradentials() },
   });
 });
diff --git a/dashboard/app/scripts/services/Rents.js b/dashboard/app/scripts/services/Rents.js
index 1cad7e6..53209a4 100644
--- a/dashboard/app/scripts/services/Rents.js
+++ b/dashboard/app/scripts/services/Rents.js
@@ -5,6 +5,7 @@ angular.module('dashboardApp')
   return $resource((window.host || '') + '/rents/:rentId/:action', { rentId: '@rentId' }, {
     'get' : { method: 'GET', params: { }, headers: Auth.getCradentials() },
     'create' : { method: 'POST', params: { }, headers: Auth.getCradentials() },
+    'reserveBook' : { method: 'POST', params: { action: 'reserveBook' }, headers: Auth.getCradentials() },
     'returnBook' : { method: 'POST', params: { action: 'returnBook' }, headers: Auth.getCradentials() },
     'query'   : { method: 'GET', params: { }, headers: Auth.getCradentials(), isArray: true },
   });
diff --git a/dashboard/app/views/books/bookId.html b/dashboard/app/views/books/bookId.html
index c962fd7..c94f88a 100644
--- a/dashboard/app/views/books/bookId.html
+++ b/dashboard/app/views/books/bookId.html
@@ -12,6 +12,8 @@ <h3>{{book.title}}</h3>
 <p ng-show="book.year"><span class="book-detail-title">Rok vydania:</span> <a ng-href="#/books?year={{book.year}}">{{book.year}}</a></p>
 <p ng-show="book.isbn.isbn13"><span class="book-detail-title">ISBN-13:</span> {{book.isbn.isbn13}}</p>
 <p ng-show="book.isbn.isbn10"><span class="book-detail-title">ISBN-10:</span> {{book.isbn.isbn10}}</p>
+<a class="btn btn-primary" ng-click="reserveBook()"><i class="icon-share"></i> Rezervuj</a>
+
 
 </div>
 
@@ -28,7 +30,6 @@ <h4>Výtlačky:</h4>
     <p ng-show="copy.status == 'available' || copy.status == 'returned'">Dostupná</p>
     <p ng-show="copy.status == 'reserved'">Rezervovaná</p>
     <p>{{copy.info}}</p>
-    <a class="btn btn-primary" ng-show="copy.status == 'available' || copy.status == 'returned'" ng-click="openRent(copy)"><i class="icon-share"></i> Rezervuj</a>
     <a class="btn btn-info" ng-show="copy.status == 'rented'" ng-href="#/rents/{{copy.rents[copy.rents.length - 1]}}"><i class="icon-search"></i> Požičaná</a>
     <p></p>
   </li>
diff --git a/lib/email.js b/lib/email.js
index 4022d7a..9d02512 100644
--- a/lib/email.js
+++ b/lib/email.js
@@ -20,6 +20,16 @@ var renderRent = function(rent){
   return text;
 };
 
+var renderReservation = function(rent){
+  var text = '';
+  text += 'Rezervovanie knihy ' + renderBookSubject(rent) + '.';
+  text += '\n';
+  text += '\n';
+  text += 'Používateľ: ' + rent.user.name;
+
+  return text;
+};
+
 var renderReturn = function(rent){
   var text = '';
   text += 'Vrátenie knihy ' + renderBookSubject(rent) + '.';
@@ -102,6 +112,11 @@ var send = function(obj, type, r){
     to = (obj.user.name || '') + ' <' + obj.user.email + '>';
     subject = renderBookSubject(obj);
   }
+  else if (type === 'reservation') {
+    text = renderReservation(obj);
+    to = (obj.user.name || '') + ' <' + obj.user.email + '>';
+    subject = renderBookSubject(obj);
+  }
   else if (type === 'return') {
     text = renderReturn(obj);
     to = (obj.user.name || '') + ' <' + obj.user.email + '>';
@@ -153,6 +168,10 @@ module.exports.rentBook = function(rent){
   send(rent, 'rent', 0);
 };
 
+module.exports.reserveBook = function(rent){
+  send(rent, 'reservation', 0);
+};
+
 module.exports.returnBook = function(rent){
   send(rent, 'return', 0);
 };
diff --git a/models/Rent.js b/models/Rent.js
index 9581d1d..680aa0e 100644
--- a/models/Rent.js
+++ b/models/Rent.js
@@ -26,11 +26,12 @@ RentModelSchema.virtual('rentId').get(function(){
   return this.id;
 });
 
-RentModelSchema.methods.reserveBook = function(bookId, userId, cb){
+RentModelSchema.methods.reserveBook = function(payload, cb){
   this.status = 'reserved';
-  this.book = bookId;
-  this.user = userId;
+  this.book = payload.bookId;
+  this.user = payload.userId;
 
+  console.log(this);
   return this.save(cb);
 };
 
diff --git a/routes/emails.js b/routes/emails.js
index 4ea40db..1c1c852 100644
--- a/routes/emails.js
+++ b/routes/emails.js
@@ -9,6 +9,15 @@ exports.rentBook = function(req, res, next){
   });
 };
 
+exports.reserveBook = function(req, res, next){
+  var rent = req.rent;
+
+  rent.populate('user').populate('book', function(err, rent){
+    if (err) return;
+    Email.reserveBook(rent);
+  });
+};
+
 exports.returnBook = function(req, res, next){
   var rent = req.rent;
 
diff --git a/routes/rents.js b/routes/rents.js
index fa01032..83eb201 100644
--- a/routes/rents.js
+++ b/routes/rents.js
@@ -43,7 +43,7 @@ exports.get = function(req, res, next){
 };
 
 exports.create = function(req, res, next){
-  var rent = new RentModel({});
+  var rent = req.rent || new RentModel({});
   
   rent.rentBook(req.body, function(err, rent){
     if (err) { return next(err); }
@@ -69,7 +69,15 @@ exports.update = function(req, res, next){
 };
 
 exports.reserveBook = function(req, res, next){
-  res.send(200);
+  var rent = new RentModel({});
+  
+  rent.reserveBook(req.body, function(err, rent){
+    if (err) { return next(err); }
+    console.log(rent);
+    res.json(rent);
+    req.rent = rent;
+    return next();
+  });
 };
 
 exports.returnBook = function(req, res, next){

From 4fe09d9f4929f20c52113abf70cbef9e47c90a63 Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Fri, 1 Nov 2013 20:08:16 +0100
Subject: [PATCH 3/7] Add isMe authorisation middleware

---
 config/routes.js |  4 ++--
 routes/users.js  | 16 ++++++++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/config/routes.js b/config/routes.js
index d68b0fc..0cc82d1 100644
--- a/config/routes.js
+++ b/config/routes.js
@@ -50,8 +50,8 @@ module.exports = function(app, auth) {
 
   // rents
   var rents = require('../routes/rents');
-  app.get('/rents', users.hasAuthorization, users.isAdmin, rents.query);
-  app.get('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.get);
+  app.get('/rents', users.hasAuthorization, users.isMe, rents.query);
+  app.get('/rents/:rentId', users.hasAuthorization, users.isMe, rents.get);
   app.post('/rents', users.hasAuthorization, users.isAdmin, rents.create, emails.rentBook);
   app.post('/rents/reserveBook', users.hasAuthorization,rents.reserveBook, emails.reserveBook);
   app.post('/rents/:rentId', users.hasAuthorization, users.isAdmin, rents.create, emails.rentBook);
diff --git a/routes/users.js b/routes/users.js
index 56b47d8..67eaa15 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -17,6 +17,12 @@ exports.user = function(req, res, next){
   });
 };
 
+exports.me = function(req, res, next){
+
+  res.json(req.authorization);
+};
+
+
 exports.query = function(req, res, next){
   console.log(req.query);
   var page = req.query.page || 1;
@@ -131,7 +137,13 @@ exports.isAdmin = function(req, res, next){
   return next();
 };
 
-exports.me = function(req, res, next){
+exports.isMe = function(req, res, next){
 
-    res.json(req.authorization);
+  if (! req.authorization.admin) {
+    var userId = req.query.user || req.query.userId;
+    if (userId !== req.authorization.userId) {
+      return next(new error.Forbidden());
+    }
+  }
+  return next();
 };
\ No newline at end of file

From a172cf30a68e807dd0170f639ecf97dedb7cd319 Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Fri, 1 Nov 2013 20:12:36 +0100
Subject: [PATCH 4/7] Update rent getStyle if reservation is created

---
 admin/app/scripts/controllers/rents.js     | 2 +-
 dashboard/app/scripts/controllers/rents.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin/app/scripts/controllers/rents.js b/admin/app/scripts/controllers/rents.js
index 9f451b7..7eb5b3a 100644
--- a/admin/app/scripts/controllers/rents.js
+++ b/admin/app/scripts/controllers/rents.js
@@ -13,7 +13,7 @@ angular.module('adminApp')
   };
 
   $scope.getStyle = function(rent){
-    if (new Date(rent.rent.endDate) < new Date() && !rent.rent.returnDate) {
+    if (rent.rent && (new Date(rent.rent.endDate) < new Date() && !rent.rent.returnDate)) {
       return 'warning';
     }
   };
diff --git a/dashboard/app/scripts/controllers/rents.js b/dashboard/app/scripts/controllers/rents.js
index e142aed..f48bf3b 100644
--- a/dashboard/app/scripts/controllers/rents.js
+++ b/dashboard/app/scripts/controllers/rents.js
@@ -13,7 +13,7 @@ angular.module('dashboardApp')
   };
 
   $scope.getStyle = function(rent){
-    if (new Date(rent.rent.endDate) < new Date() && !rent.rent.returnDate) {
+    if (rent.rent && (new Date(rent.rent.endDate) < new Date() && !rent.rent.returnDate)) {
       return 'warning';
     }
   };

From 24b06761c98747a98047106b28c063424a5b30ad Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Sun, 3 Nov 2013 00:27:24 +0100
Subject: [PATCH 5/7] Add reservations route, remove reservations from rents

---
 admin/app/index.html                          |  2 ++
 admin/app/scripts/app.js                      | 22 +++++++++++++
 admin/app/scripts/controllers/reservations.js | 31 +++++++++++++++++++
 admin/app/views/reservations.html             | 29 +++++++++++++++++
 admin/test/spec/controllers/reservations.js   | 22 +++++++++++++
 dashboard/app/index.html                      |  2 ++
 dashboard/app/scripts/app.js                  | 26 +++++++++++++++-
 dashboard/app/scripts/controllers/rents.js    |  4 +--
 .../app/scripts/controllers/reservations.js   | 31 +++++++++++++++++++
 dashboard/app/views/reservations.html         | 29 +++++++++++++++++
 .../test/spec/controllers/reservations.js     | 22 +++++++++++++
 routes/rents.js                               |  7 +++--
 routes/users.js                               |  1 -
 13 files changed, 222 insertions(+), 6 deletions(-)
 create mode 100644 admin/app/scripts/controllers/reservations.js
 create mode 100644 admin/app/views/reservations.html
 create mode 100644 admin/test/spec/controllers/reservations.js
 create mode 100644 dashboard/app/scripts/controllers/reservations.js
 create mode 100644 dashboard/app/views/reservations.html
 create mode 100644 dashboard/test/spec/controllers/reservations.js

diff --git a/admin/app/index.html b/admin/app/index.html
index d200eba..0fd2829 100644
--- a/admin/app/index.html
+++ b/admin/app/index.html
@@ -36,6 +36,7 @@
       <a href="#/books/" class="nav-link"><i class="icon-book"></i> Knihy</a>
       <a href="#/users/" class="nav-link"><i class="icon-user"></i> Používatelia</a>
       <a href="#/rents/" class="nav-link"><i class="icon-time"></i> Požičania</a>
+      <a href="#/reservations/" class="nav-link"><i class="icon-time"></i> Rezervácie</a>
 
       <form name="searchBook" ng-submit="search(query)" class="nav-search">
         <div class="input-append">
@@ -119,6 +120,7 @@ <h4 ng-hide="user.name">
         <script src="scripts/directives/draganddrop.js"></script>
         <script src="scripts/directives/infiniteScroll.js"></script>
 
+        <script src="scripts/controllers/reservations.js"></script>
         <!-- endbuild -->
 </body>
 </html>
diff --git a/admin/app/scripts/app.js b/admin/app/scripts/app.js
index 76e727e..e32a22b 100644
--- a/admin/app/scripts/app.js
+++ b/admin/app/scripts/app.js
@@ -159,6 +159,28 @@ angular.module('adminApp', ['ngRoute', 'ngResource', 'ja.isbn', 'ui.bootstrap'])
         templateUrl: 'views/auth.html',
         controller: 'AuthCtrl'
       })
+      .when('/reservations', {
+        templateUrl: 'views/reservations.html',
+        controller: 'ReservationsCtrl',
+        resolve: {
+          reservations: function($q, $route, Rents, Auth){
+            var deferred = $q.defer();
+            var query = {};
+            angular.extend(query, $route.current.params, {status: 'reserved'});
+            Rents.query(query,
+              function(reservations){
+                console.log(reservations);
+                deferred.resolve(reservations);
+              },
+              function(){
+                deferred.reject();
+              }
+            );
+
+            return deferred.promise;
+          }
+        }
+      })
       .otherwise({
         redirectTo: '/'
       });
diff --git a/admin/app/scripts/controllers/reservations.js b/admin/app/scripts/controllers/reservations.js
new file mode 100644
index 0000000..791e43b
--- /dev/null
+++ b/admin/app/scripts/controllers/reservations.js
@@ -0,0 +1,31 @@
+'use strict';
+
+angular.module('adminApp')
+.controller('ReservationsCtrl', function ($scope, Rents, $location, $routeParams, Auth, reservations) {
+
+  $scope.reservations = reservations;
+
+  $scope.query = function(){
+    if (!$scope.mayQuery) {
+      return false;
+    }
+
+    var query = {page: $scope.page + 1};
+    query = angular.extend(query, $routeParams, {status: 'reserved'});
+    console.log(query);
+    Rents.query(query,
+      function(reservations){
+        if (!reservations.length) {
+          $scope.mayQuery = false;
+        }
+        $scope.reservations = $scope.reservations.concat(reservations);
+        $scope.page += 1;
+      },
+      function(error){
+
+    });
+  };
+
+  $scope.page = 1;
+  $scope.mayQuery = true;
+});
diff --git a/admin/app/views/reservations.html b/admin/app/views/reservations.html
new file mode 100644
index 0000000..b781ec5
--- /dev/null
+++ b/admin/app/views/reservations.html
@@ -0,0 +1,29 @@
+<section>
+  <h4 class="content-header">Zoznam rezervácií</h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>Obal</th>
+        <th>Názov</th>
+        <th>Autor</th>
+        <th>Používateľ</th>
+        <th>Od</th>
+      </tr>
+    </thead>
+    <tbody>
+
+      <tr ng-repeat="rent in reservations" ng-class="getStyle(rent)">
+        <td>
+          <a ng-href="#/books/{{rent.book.bookId}}" class="btn btn-link">
+            <img ng-src="{{rent.book.cover}}" alt="" style="height: 50px; width: auto; line-height: 50px;"></td>
+          </a>
+        <td style="line-height: 50px;"><a ng-href="#/books/{{rent.book.bookId}}">{{rent.book.title}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/books?author={{rent.book.author}}">{{rent.book.author}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/users/{{rent.user.userId}}">{{rent.user.name}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/rents/{{rent.rentId}}">{{rent.reservation.reservationDate | date}}</a></td>
+      </tr>
+    </tbody>
+  </table>
+
+  <button class="btn btn-block" ng-click="query()" ng-show="mayQuery"><i class="icon-repeat"></i> Ďalšie</button>
+</section>
diff --git a/admin/test/spec/controllers/reservations.js b/admin/test/spec/controllers/reservations.js
new file mode 100644
index 0000000..1d62f95
--- /dev/null
+++ b/admin/test/spec/controllers/reservations.js
@@ -0,0 +1,22 @@
+'use strict';
+
+describe('Controller: ReservationsCtrl', function () {
+
+  // load the controller's module
+  beforeEach(module('adminApp'));
+
+  var ReservationsCtrl,
+    scope;
+
+  // Initialize the controller and a mock scope
+  beforeEach(inject(function ($controller, $rootScope) {
+    scope = $rootScope.$new();
+    ReservationsCtrl = $controller('ReservationsCtrl', {
+      $scope: scope
+    });
+  }));
+
+  it('should attach a list of awesomeThings to the scope', function () {
+    expect(scope.awesomeThings.length).toBe(3);
+  });
+});
diff --git a/dashboard/app/index.html b/dashboard/app/index.html
index c689c45..b70d1a9 100644
--- a/dashboard/app/index.html
+++ b/dashboard/app/index.html
@@ -34,6 +34,7 @@
       <a href="#/books/" class="nav-link"><i class="icon-book"></i> Knihy</a>
       <a href="#/profile/" class="nav-link" ng-show="user.name"><i class="icon-user"></i> Môj účet</a>
       <a href="#/rents/" class="nav-link" ng-show="user.name"><i class="icon-time"></i> Požičania</a>
+      <a href="#/reservations/" class="nav-link" ng-show="user.name"><i class="icon-time"></i> Rezervácie</a>
 
       <form name="searchBook" ng-submit="search(query)" class="nav-search">
         <div class="input-append">
@@ -113,6 +114,7 @@ <h4 ng-hide="user.name">
         <script src="scripts/controllers/books/bookId.js"></script>
         <script src="scripts/controllers/rents/rentId.js"></script>
         <script src="scripts/controllers/register.js"></script>
+        <script src="scripts/controllers/reservations.js"></script>
         <!-- endbuild -->
 </body>
 </html>
diff --git a/dashboard/app/scripts/app.js b/dashboard/app/scripts/app.js
index b14efd7..2938f9b 100644
--- a/dashboard/app/scripts/app.js
+++ b/dashboard/app/scripts/app.js
@@ -33,7 +33,9 @@ angular.module('dashboardApp', ['ngRoute', 'ngResource'])
         resolve: {
           rents: function($q, $route, Rents, Auth){
             var deferred = $q.defer();
-            Rents.query({user: Auth.getUser().userId},
+            var query = {};
+            angular.extend(query, $route.current.params, {user: Auth.getUser().userId});
+            Rents.query(query,
               function(rents){
                 console.log(rents);
                 deferred.resolve(rents);
@@ -135,6 +137,28 @@ angular.module('dashboardApp', ['ngRoute', 'ngResource'])
         templateUrl: 'views/register.html',
         controller: 'RegisterCtrl'
       })
+      .when('/reservations', {
+        templateUrl: 'views/reservations.html',
+        controller: 'ReservationsCtrl',
+        resolve: {
+          reservations: function($q, $route, Rents, Auth){
+            var deferred = $q.defer();
+            var query = {};
+            angular.extend(query, $route.current.params, {user: Auth.getUser().userId, status: 'reserved'});
+            Rents.query(query,
+              function(reservations){
+                console.log(reservations);
+                deferred.resolve(reservations);
+              },
+              function(){
+                deferred.reject();
+              }
+            );
+
+            return deferred.promise;
+          }
+        }
+      })
       .otherwise({
         redirectTo: '/'
       });
diff --git a/dashboard/app/scripts/controllers/rents.js b/dashboard/app/scripts/controllers/rents.js
index f48bf3b..b91f27e 100644
--- a/dashboard/app/scripts/controllers/rents.js
+++ b/dashboard/app/scripts/controllers/rents.js
@@ -1,7 +1,7 @@
 'use strict';
 
 angular.module('dashboardApp')
-.controller('RentsCtrl', function ($scope, Rents, $location, $routeParams, rents) {
+.controller('RentsCtrl', function ($scope, Rents, $location, $routeParams, Auth, rents) {
   $scope.rents = rents;
 
   $scope.returnBook = function(rent){
@@ -24,7 +24,7 @@ angular.module('dashboardApp')
     }
 
     var query = {page: $scope.page + 1};
-    query = angular.extend(query, $routeParams);
+    query = angular.extend(query, $routeParams, {user: Auth.getUser().userId});
     console.log(query);
     Rents.query(query,
       function(rents){
diff --git a/dashboard/app/scripts/controllers/reservations.js b/dashboard/app/scripts/controllers/reservations.js
new file mode 100644
index 0000000..84bb70f
--- /dev/null
+++ b/dashboard/app/scripts/controllers/reservations.js
@@ -0,0 +1,31 @@
+'use strict';
+
+angular.module('dashboardApp')
+.controller('ReservationsCtrl', function ($scope, Rents, $location, $routeParams, Auth, reservations) {
+
+  $scope.reservations = reservations;
+
+  $scope.query = function(){
+    if (!$scope.mayQuery) {
+      return false;
+    }
+
+    var query = {page: $scope.page + 1};
+    query = angular.extend(query, $routeParams, {user: Auth.getUser().userId, status: 'reserved'});
+    console.log(query);
+    Rents.query(query,
+      function(reservations){
+        if (!reservations.length) {
+          $scope.mayQuery = false;
+        }
+        $scope.reservations = $scope.reservations.concat(reservations);
+        $scope.page += 1;
+      },
+      function(error){
+
+    });
+  };
+
+  $scope.page = 1;
+  $scope.mayQuery = true;
+});
diff --git a/dashboard/app/views/reservations.html b/dashboard/app/views/reservations.html
new file mode 100644
index 0000000..e6b64b1
--- /dev/null
+++ b/dashboard/app/views/reservations.html
@@ -0,0 +1,29 @@
+<section>
+  <h4 class="content-header">Zoznam rezervácií</h4>
+  <table class="table">
+    <thead>
+      <tr>
+        <th>Obal</th>
+        <th>Názov</th>
+        <th>Autor</th>
+        <th>Používateľ</th>
+        <th>Od</th>
+      </tr>
+    </thead>
+    <tbody>
+
+      <tr ng-repeat="rent in reservations">
+        <td>
+          <a ng-href="#/books/{{rent.book.bookId}}" class="btn btn-link">
+            <img ng-src="{{rent.book.cover}}" alt="" style="height: 50px; width: auto; line-height: 50px;"></td>
+          </a>
+        <td style="line-height: 50px;"><a ng-href="#/books/{{rent.book.bookId}}">{{rent.book.title}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/books?author={{rent.book.author}}">{{rent.book.author}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/users/{{rent.user.userId}}">{{rent.user.name}}</a></td>
+        <td style="line-height: 50px;"><a ng-href="#/rents/{{rent.rentId}}">{{rent.reservation.reservationDate | date}}</a></td>
+      </tr>
+    </tbody>
+  </table>
+
+  <button class="btn btn-block" ng-click="query()" ng-show="mayQuery"><i class="icon-repeat"></i> Ďalšie</button>
+</section>
diff --git a/dashboard/test/spec/controllers/reservations.js b/dashboard/test/spec/controllers/reservations.js
new file mode 100644
index 0000000..f556a0a
--- /dev/null
+++ b/dashboard/test/spec/controllers/reservations.js
@@ -0,0 +1,22 @@
+'use strict';
+
+describe('Controller: ReservationsCtrl', function () {
+
+  // load the controller's module
+  beforeEach(module('dashboardApp'));
+
+  var ReservationsCtrl,
+    scope;
+
+  // Initialize the controller and a mock scope
+  beforeEach(inject(function ($controller, $rootScope) {
+    scope = $rootScope.$new();
+    ReservationsCtrl = $controller('ReservationsCtrl', {
+      $scope: scope
+    });
+  }));
+
+  it('should attach a list of awesomeThings to the scope', function () {
+    expect(scope.awesomeThings.length).toBe(3);
+  });
+});
diff --git a/routes/rents.js b/routes/rents.js
index 83eb201..0bf4ed0 100644
--- a/routes/rents.js
+++ b/routes/rents.js
@@ -22,12 +22,15 @@ exports.query = function(req, res, next){
   var page = req.query.page || 1;
   var limit = req.query.limit || 100;
 
+  var query = _.omit(req.query, 'page', 'limit', 'status');
+  query.status = req.query.status || { $not: /reserved/ };
+
   RentModel
-    .find(_.omit(req.query, 'page', 'limit'))
+    .find(query)
     .populate('user book', 'bookId author title cover userId name email gravatar')
     .skip((page - 1) * limit)
     .limit(limit)
-    .sort('-rent.startDate')
+    .sort('-reservation.reservationDate -rent.startDate')
     .exec(function(err, rents){
       if (err) { return next(err); }
       res.json(rents);
diff --git a/routes/users.js b/routes/users.js
index 67eaa15..f466621 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -114,7 +114,6 @@ exports.auth = function(req, res, next){
     if (err) { return next(err); }
     if (! user) { return next(new error.Unauthorized('User does not exist.')); }
     if (! user.authenticate(req.body.password)) { return next(new error.Forbidden()); }
-    if (! user.admin) { return next(new error.Forbidden()); }
 
     res.json(_.pick(user, 'userId','email', 'name', 'admin', 'hash', 'gravatar'));
   });

From 14e593fcd9453a48e32bf5484b0ce814038cff0f Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Sun, 3 Nov 2013 00:41:49 +0100
Subject: [PATCH 6/7] Add reservation list in book rent

---
 admin/app/scripts/controllers/books/bookId.js |  2 ++
 admin/app/views/books/bookId.html             | 11 +++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/admin/app/scripts/controllers/books/bookId.js b/admin/app/scripts/controllers/books/bookId.js
index c9f278f..66bc3b2 100644
--- a/admin/app/scripts/controllers/books/bookId.js
+++ b/admin/app/scripts/controllers/books/bookId.js
@@ -11,6 +11,8 @@ angular.module('adminApp')
       'bookId': $scope.book.bookId,
       'bookCopyId': bookCopy.bookCopyId
     };
+
+    $scope.reservations = Rents.query({status: 'reserved', book: $scope.book.bookId});
   };
 
   $scope.closeRent = function () {
diff --git a/admin/app/views/books/bookId.html b/admin/app/views/books/bookId.html
index 8c6d471..fa70aa3 100644
--- a/admin/app/views/books/bookId.html
+++ b/admin/app/views/books/bookId.html
@@ -48,15 +48,22 @@ <h3>Požičať knihu</h3>
       <form class="form-horizontal" ng-submit="save()" name="addBookForm">
 
         <div class="control-group">
-        <label class="control-label" for="inputUserId">UserId</label>
+        <label class="control-label" for="inputUserId">UserId:</label>
         <div class="controls">
           <input type="text" ng-model="rentCopy.userId" id="inputUserId" class="input-field" required placeholder="UserId" typeahead="rentUser.userId as rentUser.name for rentUser in rentUsers | filter:$viewValue | limitTo:8">
           <!-- <input type="text" ng-model="rentCopy.userId" id="inputUserId" class="input-field" required placeholder="UserId" typeahead="rentUser.userId as rentUser.name for rentUser in rentUsers | filter:$viewValue | limitTo:8"> -->
         </div>
         </div>
 
+        <div class="control-group" ng-show="reservations.length">
+        <label class="control-label">Rezervácie:</label>
+        <div class="controls">
+          <p ng-repeat="reservation in reservations" ng-click="rentCopy.userId = reservation.user.userId">{{reservation.user.name}}</p>
+        </div>
+        </div>
+
         <div class="control-group">
-        <label class="control-label" for="inputEndDate">Do kedy</label>
+        <label class="control-label" for="inputEndDate">Do kedy:</label>
         <div class="controls">
           <div ng-model="rentCopy.endDate" >
             <datepicker min="minDate" show-weeks="false" starting-day="1" id="inputEndDate" ng-required="true"></datepicker>

From ba641e0dbc6ccd2c9d7ce1555cfb4ae0fd484db0 Mon Sep 17 00:00:00 2001
From: Jan Antala <jan@antala.sk>
Date: Sun, 3 Nov 2013 00:59:34 +0100
Subject: [PATCH 7/7] Connect reservation with a new book rent

---
 admin/app/scripts/controllers/books/bookId.js |  4 ++++
 admin/app/views/books/bookId.html             | 12 ++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/admin/app/scripts/controllers/books/bookId.js b/admin/app/scripts/controllers/books/bookId.js
index 66bc3b2..51c7180 100644
--- a/admin/app/scripts/controllers/books/bookId.js
+++ b/admin/app/scripts/controllers/books/bookId.js
@@ -15,6 +15,10 @@ angular.module('adminApp')
     $scope.reservations = Rents.query({status: 'reserved', book: $scope.book.bookId});
   };
 
+  $scope.clearRent = function(rent) {
+    rent.rentId = undefined;
+  };
+
   $scope.closeRent = function () {
     $scope.rentBook = false;
   };
diff --git a/admin/app/views/books/bookId.html b/admin/app/views/books/bookId.html
index fa70aa3..bda68da 100644
--- a/admin/app/views/books/bookId.html
+++ b/admin/app/views/books/bookId.html
@@ -50,7 +50,12 @@ <h3>Požičať knihu</h3>
         <div class="control-group">
         <label class="control-label" for="inputUserId">UserId:</label>
         <div class="controls">
-          <input type="text" ng-model="rentCopy.userId" id="inputUserId" class="input-field" required placeholder="UserId" typeahead="rentUser.userId as rentUser.name for rentUser in rentUsers | filter:$viewValue | limitTo:8">
+          <input type="text"
+            ng-model="rentCopy.userId" id="inputUserId" class="input-field" required placeholder="UserId"
+            ng-change="clearRent(rentCopy)"
+            typeahead="rentUser.userId as rentUser.name for rentUser in rentUsers | filter:$viewValue | limitTo:8"
+
+          >
           <!-- <input type="text" ng-model="rentCopy.userId" id="inputUserId" class="input-field" required placeholder="UserId" typeahead="rentUser.userId as rentUser.name for rentUser in rentUsers | filter:$viewValue | limitTo:8"> -->
         </div>
         </div>
@@ -58,7 +63,10 @@ <h3>Požičať knihu</h3>
         <div class="control-group" ng-show="reservations.length">
         <label class="control-label">Rezervácie:</label>
         <div class="controls">
-          <p ng-repeat="reservation in reservations" ng-click="rentCopy.userId = reservation.user.userId">{{reservation.user.name}}</p>
+          <p ng-repeat="reservation in reservations"
+            ng-click="rentCopy.userId = reservation.user.userId; rentCopy.rentId = reservation.rentId;"
+          >
+            {{reservation.user.name}}</p>
         </div>
         </div>