Show product groups to platform user

I removed the caching of `managed_enterprises` in Permissions because
it's just a scope and calling it again is very cheap. And that makes the
method a lot easier to read now that we have a conditional here.

Accessing the managed enterprises via the user instead of a separate
scope on the Enterprise model also reduce the SQL queries. We may want
to use this method in more places. I prefer to keep the
admin-conditional in a permissions class instead of in the model.

engines/dfc_provider/app/services/api_user.rb

@@ -18,6 +18,10 @@ class ApiUser
     @id = id
   end
 
+  def admin?
+    false
+  end
+
   def customers
     Customer.none
   end

engines/dfc_provider/spec/requests/product_groups_spec.rb

@@ -13,6 +13,7 @@ RSpec.describe "ProductGroups", swagger_doc: "dfc.yaml" do
       variants: [variant]
     )
   }
+  let(:Authorization) { nil }
   let(:variant) {
     build(:base_variant, id: 10_001, unit_value: 1, primary_taxon: taxon, supplier: enterprise)
   }
@@ -34,10 +35,28 @@ RSpec.describe "ProductGroups", swagger_doc: "dfc.yaml" do
 
     get "Show ProductGroup" do
       produces "application/json"
+      security [oidc_token: []]
 
       response "200", "success" do
         let(:id) { product.id }
 
+        context "as platform user" do
+          include_context "authenticated as platform"
+
+          before {
+            DfcPermission.create!(
+              user:, enterprise_id:,
+              scope: "ReadEnterprise", grantee: "cqcm-dev",
+            )
+            DfcPermission.create!(
+              user:, enterprise_id:,
+              scope: "ReadProducts", grantee: "cqcm-dev",
+            )
+          }
+
+          run_test!
+        end
+
         run_test! do
           expect(json_response["@id"]).to eq "http://test.host/api/dfc/product_groups/90000"
 

lib/open_food_network/permissions.rb

@@ -113,7 +113,9 @@ module OpenFoodNetwork
     end
 
     def managed_enterprises
-      @managed_enterprises ||= Enterprise.managed_by(@user)
+      return Enterprise.all if admin?
+
+      @user.enterprises
     end
 
     def coordinated_order_cycles

spec/controllers/admin/order_cycles_controller_spec.rb

@@ -142,7 +142,7 @@ RSpec.describe Admin::OrderCyclesController do
               select: {
                 enterprise_fees: 3,
                 enterprise_groups: 1,
-                enterprises: 22,
+                enterprises: 19,
                 exchanges: 7,
                 order_cycles: 6,
                 proxy_orders: 1,

swagger/dfc.yaml

@@ -678,6 +678,8 @@ paths:
         type: string
     get:
       summary: Show ProductGroup
+      security:
+      - oidc_token: []
       tags:
       - ProductGroups
       responses: