Add permissions to enterprise users so they can manage their own products.

app/controllers/spree/admin/products_controller_decorator.rb

@@ -5,8 +5,10 @@ Spree::Admin::ProductsController.class_eval do
 
   respond_to :json, :only => :clone
 
+  before_filter :filter_out_products_for_enterprise_users, :only => :index
+
   #respond_override :clone => { :json => {:success => lambda { redirect_to bulk_index_admin_products_url+"?q[id_eq]=#{@new.id}" } } }
-  
+
   def bulk_update
     collection_hash = Hash[params[:_json].each_with_index.map { |p,i| [i,p] }]
     product_set = Spree::ProductSet.new({:collection_attributes => collection_hash})
@@ -17,16 +19,24 @@ Spree::Admin::ProductsController.class_eval do
       render :nothing => true
     end
   end
-  
+
   protected
   def location_after_save
-    if URI(request.referer).path == '/admin/products/bulk_edit' 
+    if URI(request.referer).path == '/admin/products/bulk_edit'
       bulk_edit_admin_products_url
-    else 
+    else
       location_after_save_original
     end
   end
-  
+
+  def filter_out_products_for_enterprise_users
+    unless spree_current_user.has_spree_role?('admin')
+      @collection.select! do |product|
+        product.supplier.users.include? spree_current_user
+      end
+    end
+  end
+
   private
 
   def load_spree_api_key

app/models/spree/ability_decorator.rb

@@ -0,0 +1,23 @@
+
+class AbilityDecorator
+  include CanCan::Ability
+  def initialize(user)
+    if user.enterprises.count > 0
+      can [:admin, :read, :update, :bulk_edit], Spree::Product  do |product|
+        user.enterprises.include? product.supplier
+      end
+
+      can [:create], Spree::Product
+      can [:admin, :index, :read, :create, :edit], Spree::Variant
+      can [:admin, :index, :read, :create, :edit], Spree::ProductProperty
+      can [:admin, :index, :read, :create, :edit], Spree::Image
+
+      can [:admin, :index, :read, :search], Spree::Taxon
+      can [:admin, :index, :read, :create, :edit], Spree::Classification
+
+      can [:admin, :index, :read], Spree::Order
+    end
+  end
+end
+
+Spree::Ability.register_ability(AbilityDecorator)

app/views/spree/admin/products/_supplier_form.html.haml

@@ -1,5 +1,6 @@
-= f.field_container :supplier do
-  = f.label :supplier
-  %br
-  = f.collection_select(:supplier_id, Enterprise.is_primary_producer, :id, :name, {:include_blank => true}, {:class => "select2"})
-  = f.error_message_on :supplier
+- if spree_current_user.has_spree_role?('admin')
+  = f.field_container :supplier do
+    = f.label :supplier
+    %br
+    = f.collection_select(:supplier_id, Enterprise.is_primary_producer, :id, :name, {:include_blank => true}, {:class => "select2"})
+    = f.error_message_on :supplier

app/views/spree/admin/users/_enterprises_form.html.haml

@@ -11,4 +11,3 @@
           %td
             = label_tag "#{enterprise_form.object_name}[_destroy]", enterprise_form.object.enterprise.name
             = enterprise_form.hidden_field :enterprise_id
-

db/schema.rb

@@ -130,6 +130,11 @@ ActiveRecord::Schema.define(:version => 20130729030515) do
   add_index "cms_snippets", ["site_id", "identifier"], :name => "index_cms_snippets_on_site_id_and_identifier", :unique => true
   add_index "cms_snippets", ["site_id", "position"], :name => "index_cms_snippets_on_site_id_and_position"
 
+  create_table "coordinator_fees", :id => false, :force => true do |t|
+    t.integer "order_cycle_id"
+    t.integer "enterprise_fee_id"
+  end
+
   create_table "enterprise_fees", :force => true do |t|
     t.integer  "enterprise_id"
     t.string   "fee_type"
@@ -194,10 +199,8 @@ ActiveRecord::Schema.define(:version => 20130729030515) do
     t.datetime "orders_open_at"
     t.datetime "orders_close_at"
     t.integer  "coordinator_id"
-    t.integer  "coordinator_admin_fee_id"
-    t.integer  "coordinator_sales_fee_id"
-    t.datetime "created_at",               :null => false
-    t.datetime "updated_at",               :null => false
+    t.datetime "created_at",      :null => false
+    t.datetime "updated_at",      :null => false
   end
 
   create_table "product_distributions", :force => true do |t|
@@ -428,9 +431,9 @@ ActiveRecord::Schema.define(:version => 20130729030515) do
     t.string   "email"
     t.text     "special_instructions"
     t.integer  "distributor_id"
+    t.integer  "order_cycle_id"
     t.string   "currency"
     t.string   "last_ip_address"
-    t.integer  "order_cycle_id"
   end
 
   add_index "spree_orders", ["number"], :name => "index_orders_on_number"

db/seeds.rb

@@ -26,9 +26,3 @@ unless Spree::State.find_by_name 'Victoria'
     Spree::State.create!({"name"=>state[0], "abbr"=>state[1], :country=>country}, :without_protection => true)
   end
 end
-
-# -- Roles
-unless Spree::Role.find_by_name 'enterprise'
-  puts "seeding roles"
-  Spree::Role.create!(:name => "enterprise")
-end

spec/features/admin/enterprise_user_spec.rb

@@ -7,29 +7,27 @@ feature %q{
   include AuthenticationWorkflow
   include WebHelper
 
-  background do
-    @new_user = create(:user, :email => 'enterprise@hub.com')
-    @enterprise1 = create(:enterprise, name: 'Enterprise 1')
-    @enterprise2 = create(:enterprise, name: 'Enterprise 2')
-    @enterprise3 = create(:enterprise, name: 'Enterprise 3')
-    @enterprise4 = create(:enterprise, name: 'Enterprise 4')
+  before(:each) do
+    @new_user = create_enterprise_user
+    @supplier1 = create(:supplier_enterprise, name: 'Supplier 1')
+    @supplier2 = create(:supplier_enterprise, name: 'Supplier 2')
+    @distributor1 = create(:distributor_enterprise, name: 'Distributor 3')
+    @distributor2 = create(:distributor_enterprise, name: 'Distributor 4')
   end
 
   context "creating an Enterprise User" do
     context 'with no enterprises' do
       scenario "assigning a user to an Enterprise" do
         login_to_admin_section
-
         click_link 'Users'
         click_link @new_user.email
         click_link 'Edit'
 
-        check @enterprise2.name
+        check @supplier2.name
 
         click_button 'Update'
-
         @new_user.enterprises.count.should == 1
-        @new_user.enterprises.first.name.should == @enterprise2.name
+        @new_user.enterprises.first.name.should == @supplier2.name
       end
 
     end
@@ -37,8 +35,8 @@ feature %q{
     context 'with existing enterprises' do
 
       before(:each) do
-        @new_user.enterprise_roles.build(enterprise: @enterprise1).save
-        @new_user.enterprise_roles.build(enterprise: @enterprise3).save
+        @new_user.enterprise_roles.build(enterprise: @supplier1).save
+        @new_user.enterprise_roles.build(enterprise: @distributor1).save
       end
 
       scenario "removing and add enterprises for a user" do
@@ -48,18 +46,57 @@ feature %q{
         click_link @new_user.email
         click_link 'Edit'
 
-        uncheck @enterprise3.name # remove
-        check @enterprise4.name # add
+        uncheck @distributor1.name # remove
+        check @distributor2.name # add
 
         click_button 'Update'
 
         @new_user.enterprises.count.should == 2
-        @new_user.enterprises.should include(@enterprise1)
-        @new_user.enterprises.should include(@enterprise4)
+        @new_user.enterprises.should include(@supplier1)
+        @new_user.enterprises.should include(@distributor2)
       end
 
     end
 
+  end
+
+  context "Product management" do
+
+    context 'products I supply' do
+      before(:each) do
+        @new_user.enterprise_roles.build(enterprise: @supplier1).save
+        product1 = create(:product, name: 'Green eggs', supplier: @supplier1)
+        product2 = create(:product, name: 'Ham', supplier: @supplier2)
+        login_to_admin_as @new_user
+      end
+
+      scenario "manage products that I supply" do
+        visit 'admin/products'
+
+        within '#listing_products' do
+          page.should have_content 'Green eggs'
+          page.should_not have_content 'Ham'
+        end
+      end
+    end
 
   end
+
+  context "System management lockdown" do
+
+    before(:each) do
+      @new_user.enterprise_roles.build(enterprise: @supplier1).save
+      login_to_admin_as @new_user
+    end
+
+    scenario "should not be able to see system configuration" do
+      visit 'admin/general_settings/edit'
+      page.should have_content 'Authorization Failure'
+    end
+
+    scenario "should not be able to see user management" do
+      visit 'admin/users'
+      page.should have_content 'Authorization Failure'
+    end
+  end
 end

spec/support/request/authentication_workflow.rb

@@ -11,9 +11,20 @@ module AuthenticationWorkflow
 
     admin_user.spree_roles << admin_role
 
+    login_to_admin_as admin_user
+  end
+
+  def create_enterprise_user
+    new_user = create(:user, email: 'enterprise@hub.com', password: 'blahblah', :password_confirmation => 'blahblah', )
+    new_user.spree_roles = [] # for some reason unbeknown to me, this new user gets admin permissions by default.
+    new_user.save
+    new_user
+  end
+
+  def login_to_admin_as user
     visit spree.admin_path
-    fill_in 'spree_user_email', :with => 'admin@ofw.org'
-    fill_in 'spree_user_password', :with => 'passw0rd'
+    fill_in 'spree_user_email', :with => user.email
+    fill_in 'spree_user_password', :with => user.password
     click_button 'Login'
   end