raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-11 23:17:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9071 from Matt-Yorkley/permissions-query-improvements

Browse Source 
Improve permissions query building
This commit is contained in:
Filipe
2022-04-13 19:23:13 +01:00
committed by GitHub
parent 6b1dd00dec eef59bbaae
commit 0cc056ab7f
2 changed files with 46 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/open_food_network/permissions.rb
View File

@@ -60,21 +60,23 @@ module OpenFoodNetwork
end
def editable_products
permitted_enterprise_products_ids = product_ids_supplied_by(
related_enterprises_granting(:manage_products)
)
Spree::Product.where(
id: managed_enterprise_products.select(:id) | permitted_enterprise_products_ids
return Spree::Product.all if admin?
Spree::Product.where(supplier_id: @user.enterprises).or(
Spree::Product.where(supplier_id: related_enterprises_granting(:manage_products))
)
end
def visible_products
permitted_enterprise_products_ids = product_ids_supplied_by(
related_enterprises_granting(:manage_products) |
related_enterprises_granting(:add_to_order_cycle)
)
return Spree::Product.all if admin?
Spree::Product.where(
id: managed_enterprise_products.select(:id) | permitted_enterprise_products_ids
supplier_id: @user.enterprises
).or(
Spree::Product.where(
supplier_id: related_enterprises_granting(:manage_products) |
related_enterprises_granting(:add_to_order_cycle)
)
)
end

39
spec/lib/open_food_network/permissions_spec.rb
View File

@@ -187,7 +187,7 @@ module OpenFoodNetwork
end
end
describe "finding editable products" do
describe "#editable_products" do
let!(:p1) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
let!(:p2) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
@@ -199,15 +199,28 @@ module OpenFoodNetwork
end
it "returns products produced by managed enterprises" do
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where(id: p1) }
allow(user).to receive(:admin?) { false }
allow(user).to receive(:enterprises) { [p1.supplier] }
expect(permissions.editable_products).to eq([p1])
end
it "returns products produced by permitted enterprises" do
allow(user).to receive(:admin?) { false }
allow(user).to receive(:enterprises) { [] }
allow(permissions).to receive(:related_enterprises_granting).
with(:manage_products) { Enterprise.where(id: p2.supplier).select(:id) }
with(:manage_products) { Enterprise.where(id: p2.supplier) }
expect(permissions.editable_products).to eq([p2])
end
context "as superadmin" do
it "returns all products" do
allow(user).to receive(:admin?) { true }
expect(permissions.editable_products).to include p1, p2
end
end
end
describe "finding visible products" do
@@ -226,21 +239,37 @@ module OpenFoodNetwork
end
it "returns products produced by managed enterprises" do
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where(id: p1) }
allow(user).to receive(:admin?) { false }
allow(user).to receive(:enterprises) { Enterprise.where(id: p1.supplier_id) }
expect(permissions.visible_products).to eq([p1])
end
it "returns products produced by enterprises that have granted manage products" do
allow(user).to receive(:admin?) { false }
allow(user).to receive(:enterprises) { [] }
allow(permissions).to receive(:related_enterprises_granting).
with(:manage_products) { Enterprise.where(id: p2.supplier).select(:id) }
with(:manage_products) { Enterprise.where(id: p2.supplier) }
expect(permissions.visible_products).to eq([p2])
end
it "returns products produced by enterprises that have granted P-OC" do
allow(user).to receive(:admin?) { false }
allow(user).to receive(:enterprises) { [] }
allow(permissions).to receive(:related_enterprises_granting).
with(:add_to_order_cycle) { Enterprise.where(id: p3.supplier).select(:id) }
expect(permissions.visible_products).to eq([p3])
end
context "as superadmin" do
it "returns all products" do
allow(user).to receive(:admin?) { true }
expect(permissions.visible_products.to_a).to include p1, p2, p3
end
end
end
describe "finding enterprises that we manage products for" do