From 1782a8c7002cbeedaed7b951234e2a826c70ce2e Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <visible_souls@hotmail.com>
Date: Thu, 19 Apr 2018 17:16:37 +0100
Subject: [PATCH] manager invite permissions spec

---
 .../manager_invitations_controller_spec.rb    | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/spec/controllers/admin/manager_invitations_controller_spec.rb b/spec/controllers/admin/manager_invitations_controller_spec.rb
index 01b7c984d1..c5e6bf35f8 100644
--- a/spec/controllers/admin/manager_invitations_controller_spec.rb
+++ b/spec/controllers/admin/manager_invitations_controller_spec.rb
@@ -2,8 +2,11 @@ require 'spec_helper'
 
 module Admin
   describe ManagerInvitationsController, type: :controller do
+    let!(:enterprise_owner) { create(:user) }
+    let!(:other_enterprise_user) { create(:user) }
     let!(:existing_user) { create(:user) }
-    let!(:enterprise) { create(:enterprise) }
+    let!(:enterprise) { create(:enterprise, owner: enterprise_owner ) }
+    let!(:enterprise2) { create(:enterprise, owner: other_enterprise_user ) }
     let(:admin) { create(:admin_user) }
 
     describe "#create" do
@@ -38,5 +41,38 @@ module Admin
         end
       end
     end
+
+    describe "with enterprise permissions" do
+      context "as user with proper enterprise permissions" do
+        before do
+          controller.stub spree_current_user: enterprise_owner
+        end
+
+        it "returns success code" do
+          spree_post :create, {email: 'an@email.com', enterprise_id: enterprise.id}
+
+          new_user = Spree::User.find_by_email('an@email.com')
+
+          expect(new_user.reset_password_token).to_not be_nil
+          expect(json_response['user']).to eq new_user.id
+          expect(response.status).to eq 200
+        end
+      end
+
+      context "as another enterprise user without permissions for this enterprise" do
+        before do
+          controller.stub spree_current_user: other_enterprise_user
+        end
+
+        it "returns unauthorized response" do
+          spree_post :create, {email: 'another@email.com', enterprise_id: enterprise.id}
+
+          new_user = Spree::User.find_by_email('another@email.com')
+
+          expect(new_user).to be_nil
+          expect(response.status).to eq 302
+        end
+      end
+    end
   end
 end