raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-25 05:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10817 from Matt-Yorkley/permissions-scoping

Browse Source 
Scope orders before bulk actions
This commit is contained in:
Konrad
2023-05-17 12:44:07 +02:00
committed by GitHub
parent 4a66b62fa7 e1b0a03819
commit 02873d7596
3 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/reflexes/bulk_actions_in_orders_list_reflex.rb
View File

@@ -2,7 +2,7 @@
class BulkActionsInOrdersListReflex < ApplicationReflex
def resend_confirmation_email(order_ids)
orders(order_ids).find_each do |o|
editable_orders.where(id: order_ids).find_each do |o|
Spree::OrderMailer.confirm_email_for_customer(o.id, true).deliver_later if can? :resend, o
end
@@ -11,7 +11,7 @@ class BulkActionsInOrdersListReflex < ApplicationReflex
def send_invoice(order_ids)
count = 0
orders(order_ids).find_each do |o|
editable_orders.where(id: order_ids).find_each do |o|
next unless o.distributor.can_invoice? && (o.resumed? || o.complete?)
Spree::OrderMailer.invoice_email(o.id).deliver_later
@@ -29,7 +29,7 @@ class BulkActionsInOrdersListReflex < ApplicationReflex
morph "#flashes", render(partial: "shared/flashes", locals: { flashes: flash })
end
def orders(order_ids)
Spree::Order.where(id: order_ids)
def editable_orders
Permissions::Order.new(current_user).editable_orders
end
end

2
app/reflexes/cancel_orders_reflex.rb
View File

@@ -2,7 +2,7 @@
class CancelOrdersReflex < ApplicationReflex
def confirm(params)
OrdersBulkCancelService.new(params).call
OrdersBulkCancelService.new(params, current_user).call
cable_ready.dispatch_event(name: "modal:close")
# flash[:success] = Spree.t(:order_updated)
end

11
app/services/orders_bulk_cancel_service.rb
View File

@@ -1,17 +1,24 @@
# frozen_string_literal: true
class OrdersBulkCancelService
def initialize(params)
def initialize(params, current_user)
@order_ids = params[:order_ids]
@current_user = current_user
@send_cancellation_email = params[:send_cancellation_email]
@restock_items = params[:restock_items]
end
def call
Spree::Order.where(id: @order_ids).find_each do |order|
editable_orders.where(id: @order_ids).find_each do |order|
order.send_cancellation_email = @send_cancellation_email
order.restock_items = @restock_items
order.cancel
end
end
private
def editable_orders
Permissions::Order.new(@current_user).editable_orders
end
end