raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-24 05:38:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enterprise user can only update order cycle exchanges where it manages the participant enterprise

Browse Source
This commit is contained in:
Rohan Mitchell
2014-05-23 12:05:46 +10:00
parent 9b15c213d1
commit 095b9bf67a
2 changed files with 49 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/open_food_network/order_cycle_form_applicator.rb
View File

@@ -64,9 +64,11 @@ module OpenFoodNetwork
def update_exchange(sender_id, receiver_id, incoming, attrs={})
exchange = @order_cycle.exchanges.where(:sender_id => sender_id, :receiver_id => receiver_id, :incoming => incoming).first
exchange.update_attributes!(attrs)
@touched_exchanges << exchange
if permission_for(exchange)
exchange.update_attributes!(attrs)
@touched_exchanges << exchange
end
end
def destroy_untouched_exchanges
@@ -79,7 +81,11 @@ module OpenFoodNetwork
end
def with_permission(exchanges)
exchanges.select { |ex| @permitted_enterprises.include? ex.participant }
exchanges.select { |ex| permission_for(ex) }
end
def permission_for(exchange)
@permitted_enterprises.include? exchange.participant
end