raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-24 20:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding permissions methods for visible and editable orders and line_items

Browse Source
This commit is contained in:
Rob Harrington
2015-05-01 12:46:20 +10:00
parent 28bf7037db
commit 0a03483e36
2 changed files with 181 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
lib/open_food_network/permissions.rb
View File

@@ -56,6 +56,51 @@ module OpenFoodNetwork
permissions
end
# Find enterprises that an admin is allowed to add to an order cycle
def visible_orders
# Any orders that I can edit
editable = editable_orders.pluck(:id)
# Any orders placed through hubs that my producers have granted P-OC, and which contain my their products
# This is pretty complicated but it's looking for order where at least one of my producers has granted
# P-OC to the distributor AND the order contains products of at least one of THE SAME producers
granted_distributors = granted(:add_to_order_cycle, by: managed_enterprises.is_primary_producer)
produced = Spree::Order.with_line_items_variants_and_products_outer.
where(
"spree_orders.distributor_id IN (?) AND spree_products.supplier_id IN (?)",
granted_distributors,
granting(:add_to_order_cycle, to: granted_distributors).merge(managed_enterprises.is_primary_producer)
).pluck(:id)
Spree::Order.where(id: editable | produced)
end
# Find enterprises that an admin is allowed to add to an order cycle
def editable_orders
# Any orders placed through any hub that I manage
managed = Spree::Order.where(distributor_id: managed_enterprises.pluck(:id)).pluck(:id)
# Any order that is placed through an order cycle one of my managed enterprises coordinates
coordinated = Spree::Order.where(order_cycle_id: coordinated_order_cycles.pluck(:id)).pluck(:id)
Spree::Order.where(id: managed | coordinated )
end
def visible_line_items
# Any line items that I can edit
editable = editable_line_items.pluck(:id)
# Any from visible orders, where the product is produced by one of my managed producers
produced = Spree::LineItem.where(order_id: visible_orders.pluck(:id)).joins(:product).
where('spree_products.supplier_id IN (?)', managed_enterprises.is_primary_producer.pluck(:id))
Spree::LineItem.where(id: editable | produced)
end
def editable_line_items
Spree::LineItem.where(order_id: editable_orders)
end
def managed_products
managed_enterprise_products_ids = managed_enterprise_products.pluck :id
permitted_enterprise_products_ids = related_enterprise_products.pluck :id
@@ -85,6 +130,11 @@ module OpenFoodNetwork
@managed_enterprises = Enterprise.managed_by(@user)
end
def coordinated_order_cycles
return @coordinated_order_cycles unless @coordinated_order_cycles.nil?
@coordinated_order_cycles = OrderCycle.managed_by(@user)
end
def related_enterprises_with(permission)
parent_ids = EnterpriseRelationship.
permitting(managed_enterprises).

131
spec/lib/open_food_network/permissions_spec.rb
View File

@@ -185,5 +185,136 @@ module OpenFoodNetwork
permissions.send(:related_enterprise_products).should == [p]
end
end
describe "finding orders that are visible in reports" do
let(:distributor) { create(:distributor_enterprise) }
let(:coordinator) { create(:distributor_enterprise) }
let(:random_enterprise) { create(:distributor_enterprise) }
let(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor]) }
let(:order) { create(:order, order_cycle: order_cycle, distributor: distributor ) }
let!(:line_item) { create(:line_item, order: order) }
let!(:producer) { create(:supplier_enterprise) }
before do
permissions.stub(:coordinated_order_cycles) { Enterprise.where("1=0") }
end
context "as the hub through which the order was placed" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: distributor) }
end
it "should let me see the order" do
expect(permissions.visible_orders).to include order
end
end
context "as the coordinator of the order cycle through which the order was placed" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: coordinator) }
permissions.stub(:coordinated_order_cycles) { OrderCycle.where(id: order_cycle) }
end
it "should let me see the order" do
expect(permissions.visible_orders).to include order
end
end
context "as a producer which has granted P-OC to the distributor of an order" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: producer) }
create(:enterprise_relationship, parent: producer, child: distributor, permissions_list: [:add_to_order_cycle])
end
context "which contains my products" do
before do
line_item.product.supplier = producer
line_item.product.save
end
it "should let me see the order" do
expect(permissions.visible_orders).to include order
end
end
context "which does not contain my products" do
it "should not let me see the order" do
expect(permissions.visible_orders).to_not include order
end
end
end
context "as an enterprise that is a distributor in the order cycle, but not the distributor of the order" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: random_enterprise) }
end
it "should not let me see the order" do
expect(permissions.visible_orders).to_not include order
end
end
end
describe "finding line items that are visible in reports" do
let(:distributor) { create(:distributor_enterprise) }
let(:coordinator) { create(:distributor_enterprise) }
let(:random_enterprise) { create(:distributor_enterprise) }
let(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor]) }
let(:order) { create(:order, order_cycle: order_cycle, distributor: distributor ) }
let!(:line_item1) { create(:line_item, order: order) }
let!(:line_item2) { create(:line_item, order: order) }
let!(:producer) { create(:supplier_enterprise) }
before do
permissions.stub(:coordinated_order_cycles) { Enterprise.where("1=0") }
end
context "as the hub through which the parent order was placed" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: distributor) }
end
it "should let me see the line_items" do
expect(permissions.visible_line_items).to include line_item1, line_item2
end
end
context "as the coordinator of the order cycle through which the parent order was placed" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: coordinator) }
permissions.stub(:coordinated_order_cycles) { OrderCycle.where(id: order_cycle) }
end
it "should let me see the line_items" do
expect(permissions.visible_line_items).to include line_item1, line_item2
end
end
context "as the manager producer which has granted P-OC to the distributor of the parent order" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: producer) }
create(:enterprise_relationship, parent: producer, child: distributor, permissions_list: [:add_to_order_cycle])
line_item1.product.supplier = producer
line_item1.product.save
end
it "should let me see the line_items pertaining to variants I produce" do
ps = permissions.visible_line_items
expect(ps).to include line_item1
expect(ps).to_not include line_item2
end
end
context "as an enterprise that is a distributor in the order cycle, but not the distributor of the parent order" do
before do
permissions.stub(:managed_enterprises) { Enterprise.where(id: random_enterprise) }
end
it "should not let me see the line_items" do
expect(permissions.visible_line_items).to_not include line_item1, line_item2
end
end
end
end
end