diff --git a/app/controllers/spree/admin/products_controller_decorator.rb b/app/controllers/spree/admin/products_controller_decorator.rb index bbbf8a3a5b..71ec1462ea 100644 --- a/app/controllers/spree/admin/products_controller_decorator.rb +++ b/app/controllers/spree/admin/products_controller_decorator.rb @@ -5,8 +5,10 @@ Spree::Admin::ProductsController.class_eval do respond_to :json, :only => :clone + before_filter :filter_out_products_for_enterprise_users, :only => :index + #respond_override :clone => { :json => {:success => lambda { redirect_to bulk_index_admin_products_url+"?q[id_eq]=#{@new.id}" } } } - + def bulk_update collection_hash = Hash[params[:_json].each_with_index.map { |p,i| [i,p] }] product_set = Spree::ProductSet.new({:collection_attributes => collection_hash}) @@ -17,16 +19,24 @@ Spree::Admin::ProductsController.class_eval do render :nothing => true end end - + protected def location_after_save - if URI(request.referer).path == '/admin/products/bulk_edit' + if URI(request.referer).path == '/admin/products/bulk_edit' bulk_edit_admin_products_url - else + else location_after_save_original end end - + + def filter_out_products_for_enterprise_users + unless spree_current_user.has_spree_role?('admin') + @collection.select! do |product| + product.supplier.users.include? spree_current_user + end + end + end + private def load_spree_api_key diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb new file mode 100644 index 0000000000..3d10e81923 --- /dev/null +++ b/app/models/spree/ability_decorator.rb @@ -0,0 +1,23 @@ + +class AbilityDecorator + include CanCan::Ability + def initialize(user) + if user.enterprises.count > 0 + can [:admin, :read, :update, :bulk_edit], Spree::Product do |product| + user.enterprises.include? product.supplier + end + + can [:create], Spree::Product + can [:admin, :index, :read, :create, :edit], Spree::Variant + can [:admin, :index, :read, :create, :edit], Spree::ProductProperty + can [:admin, :index, :read, :create, :edit], Spree::Image + + can [:admin, :index, :read, :search], Spree::Taxon + can [:admin, :index, :read, :create, :edit], Spree::Classification + + can [:admin, :index, :read], Spree::Order + end + end +end + +Spree::Ability.register_ability(AbilityDecorator) diff --git a/app/views/spree/admin/products/_supplier_form.html.haml b/app/views/spree/admin/products/_supplier_form.html.haml index 0de2720a65..0cecc1a57b 100644 --- a/app/views/spree/admin/products/_supplier_form.html.haml +++ b/app/views/spree/admin/products/_supplier_form.html.haml @@ -1,5 +1,6 @@ -= f.field_container :supplier do - = f.label :supplier - %br - = f.collection_select(:supplier_id, Enterprise.is_primary_producer, :id, :name, {:include_blank => true}, {:class => "select2"}) - = f.error_message_on :supplier +- if spree_current_user.has_spree_role?('admin') + = f.field_container :supplier do + = f.label :supplier + %br + = f.collection_select(:supplier_id, Enterprise.is_primary_producer, :id, :name, {:include_blank => true}, {:class => "select2"}) + = f.error_message_on :supplier diff --git a/app/views/spree/admin/users/_enterprises_form.html.haml b/app/views/spree/admin/users/_enterprises_form.html.haml index 411f7657d0..03cecd41d5 100644 --- a/app/views/spree/admin/users/_enterprises_form.html.haml +++ b/app/views/spree/admin/users/_enterprises_form.html.haml @@ -11,4 +11,3 @@ %td = label_tag "#{enterprise_form.object_name}[_destroy]", enterprise_form.object.enterprise.name = enterprise_form.hidden_field :enterprise_id - diff --git a/db/schema.rb b/db/schema.rb index eb4022ce3f..cbcb36496e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -130,6 +130,11 @@ ActiveRecord::Schema.define(:version => 20130729030515) do add_index "cms_snippets", ["site_id", "identifier"], :name => "index_cms_snippets_on_site_id_and_identifier", :unique => true add_index "cms_snippets", ["site_id", "position"], :name => "index_cms_snippets_on_site_id_and_position" + create_table "coordinator_fees", :id => false, :force => true do |t| + t.integer "order_cycle_id" + t.integer "enterprise_fee_id" + end + create_table "enterprise_fees", :force => true do |t| t.integer "enterprise_id" t.string "fee_type" @@ -194,10 +199,8 @@ ActiveRecord::Schema.define(:version => 20130729030515) do t.datetime "orders_open_at" t.datetime "orders_close_at" t.integer "coordinator_id" - t.integer "coordinator_admin_fee_id" - t.integer "coordinator_sales_fee_id" - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false + t.datetime "created_at", :null => false + t.datetime "updated_at", :null => false end create_table "product_distributions", :force => true do |t| @@ -428,9 +431,9 @@ ActiveRecord::Schema.define(:version => 20130729030515) do t.string "email" t.text "special_instructions" t.integer "distributor_id" + t.integer "order_cycle_id" t.string "currency" t.string "last_ip_address" - t.integer "order_cycle_id" end add_index "spree_orders", ["number"], :name => "index_orders_on_number" diff --git a/db/seeds.rb b/db/seeds.rb index ea43787661..82f95651bd 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -26,9 +26,3 @@ unless Spree::State.find_by_name 'Victoria' Spree::State.create!({"name"=>state[0], "abbr"=>state[1], :country=>country}, :without_protection => true) end end - -# -- Roles -unless Spree::Role.find_by_name 'enterprise' - puts "seeding roles" - Spree::Role.create!(:name => "enterprise") -end \ No newline at end of file diff --git a/spec/features/admin/enterprise_user_spec.rb b/spec/features/admin/enterprise_user_spec.rb index 281e32e47c..e26be25c1e 100644 --- a/spec/features/admin/enterprise_user_spec.rb +++ b/spec/features/admin/enterprise_user_spec.rb @@ -7,29 +7,27 @@ feature %q{ include AuthenticationWorkflow include WebHelper - background do - @new_user = create(:user, :email => 'enterprise@hub.com') - @enterprise1 = create(:enterprise, name: 'Enterprise 1') - @enterprise2 = create(:enterprise, name: 'Enterprise 2') - @enterprise3 = create(:enterprise, name: 'Enterprise 3') - @enterprise4 = create(:enterprise, name: 'Enterprise 4') + before(:each) do + @new_user = create_enterprise_user + @supplier1 = create(:supplier_enterprise, name: 'Supplier 1') + @supplier2 = create(:supplier_enterprise, name: 'Supplier 2') + @distributor1 = create(:distributor_enterprise, name: 'Distributor 3') + @distributor2 = create(:distributor_enterprise, name: 'Distributor 4') end context "creating an Enterprise User" do context 'with no enterprises' do scenario "assigning a user to an Enterprise" do login_to_admin_section - click_link 'Users' click_link @new_user.email click_link 'Edit' - check @enterprise2.name + check @supplier2.name click_button 'Update' - @new_user.enterprises.count.should == 1 - @new_user.enterprises.first.name.should == @enterprise2.name + @new_user.enterprises.first.name.should == @supplier2.name end end @@ -37,8 +35,8 @@ feature %q{ context 'with existing enterprises' do before(:each) do - @new_user.enterprise_roles.build(enterprise: @enterprise1).save - @new_user.enterprise_roles.build(enterprise: @enterprise3).save + @new_user.enterprise_roles.build(enterprise: @supplier1).save + @new_user.enterprise_roles.build(enterprise: @distributor1).save end scenario "removing and add enterprises for a user" do @@ -48,18 +46,57 @@ feature %q{ click_link @new_user.email click_link 'Edit' - uncheck @enterprise3.name # remove - check @enterprise4.name # add + uncheck @distributor1.name # remove + check @distributor2.name # add click_button 'Update' @new_user.enterprises.count.should == 2 - @new_user.enterprises.should include(@enterprise1) - @new_user.enterprises.should include(@enterprise4) + @new_user.enterprises.should include(@supplier1) + @new_user.enterprises.should include(@distributor2) end end + end + + context "Product management" do + + context 'products I supply' do + before(:each) do + @new_user.enterprise_roles.build(enterprise: @supplier1).save + product1 = create(:product, name: 'Green eggs', supplier: @supplier1) + product2 = create(:product, name: 'Ham', supplier: @supplier2) + login_to_admin_as @new_user + end + + scenario "manage products that I supply" do + visit 'admin/products' + + within '#listing_products' do + page.should have_content 'Green eggs' + page.should_not have_content 'Ham' + end + end + end end + + context "System management lockdown" do + + before(:each) do + @new_user.enterprise_roles.build(enterprise: @supplier1).save + login_to_admin_as @new_user + end + + scenario "should not be able to see system configuration" do + visit 'admin/general_settings/edit' + page.should have_content 'Authorization Failure' + end + + scenario "should not be able to see user management" do + visit 'admin/users' + page.should have_content 'Authorization Failure' + end + end end diff --git a/spec/support/request/authentication_workflow.rb b/spec/support/request/authentication_workflow.rb index 63781e8b50..319890134c 100644 --- a/spec/support/request/authentication_workflow.rb +++ b/spec/support/request/authentication_workflow.rb @@ -11,9 +11,20 @@ module AuthenticationWorkflow admin_user.spree_roles << admin_role + login_to_admin_as admin_user + end + + def create_enterprise_user + new_user = create(:user, email: 'enterprise@hub.com', password: 'blahblah', :password_confirmation => 'blahblah', ) + new_user.spree_roles = [] # for some reason unbeknown to me, this new user gets admin permissions by default. + new_user.save + new_user + end + + def login_to_admin_as user visit spree.admin_path - fill_in 'spree_user_email', :with => 'admin@ofw.org' - fill_in 'spree_user_password', :with => 'passw0rd' + fill_in 'spree_user_email', :with => user.email + fill_in 'spree_user_password', :with => user.password click_button 'Login' end