diff --git a/app/controllers/api/enterprises_controller.rb b/app/controllers/api/enterprises_controller.rb index 092edd08b7..82ae80d31e 100644 --- a/app/controllers/api/enterprises_controller.rb +++ b/app/controllers/api/enterprises_controller.rb @@ -5,12 +5,7 @@ module Api before_filter :override_sells, only: [:create, :update] before_filter :override_visible, only: [:create, :update] respond_to :json - skip_authorization_check only: [:shopfront, :managed] - - def managed - @enterprises = Enterprise.ransack(params[:q]).result.managed_by(current_api_user) - render params[:template] || :bulk_index - end + skip_authorization_check only: [:shopfront] def create authorize! :create, Enterprise diff --git a/app/controllers/api/order_cycles_controller.rb b/app/controllers/api/order_cycles_controller.rb deleted file mode 100644 index 3522c690f2..0000000000 --- a/app/controllers/api/order_cycles_controller.rb +++ /dev/null @@ -1,25 +0,0 @@ -module Api - class OrderCyclesController < Spree::Api::BaseController - respond_to :json - def managed - authorize! :admin, OrderCycle - authorize! :read, OrderCycle - @order_cycles = OrderCycle.ransack(params[:q]).result.managed_by(current_api_user) - render params[:template] || :bulk_index - end - - def accessible - @order_cycles = if params[:as] == "distributor" - OrderCycle.ransack(params[:q]).result. - involving_managed_distributors_of(current_api_user).order('updated_at DESC') - elsif params[:as] == "producer" - OrderCycle.ransack(params[:q]).result. - involving_managed_producers_of(current_api_user).order('updated_at DESC') - else - OrderCycle.ransack(params[:q]).result.accessible_by(current_api_user) - end - - render params[:template] || :bulk_index - end - end -end diff --git a/app/views/api/enterprises/bulk_index.v1.rabl b/app/views/api/enterprises/bulk_index.v1.rabl deleted file mode 100644 index 66286c5fed..0000000000 --- a/app/views/api/enterprises/bulk_index.v1.rabl +++ /dev/null @@ -1,2 +0,0 @@ -collection @enterprises -extends "api/enterprises/bulk_show" diff --git a/app/views/api/order_cycles/bulk_index.v1.rabl b/app/views/api/order_cycles/bulk_index.v1.rabl deleted file mode 100644 index 22923d69c0..0000000000 --- a/app/views/api/order_cycles/bulk_index.v1.rabl +++ /dev/null @@ -1,2 +0,0 @@ -collection @order_cycles -extends "api/order_cycles/bulk_show" diff --git a/app/views/api/order_cycles/bulk_show.v1.rabl b/app/views/api/order_cycles/bulk_show.v1.rabl deleted file mode 100644 index e9bf675e6d..0000000000 --- a/app/views/api/order_cycles/bulk_show.v1.rabl +++ /dev/null @@ -1,11 +0,0 @@ -object @order_cycle - -attributes :id, :name -node( :first_order ) { |order| order.orders_open_at.strftime("%F") } -node( :last_order ) { |order| (order.orders_close_at + 1.day).strftime("%F") } -node( :suppliers ) do |oc| - partial 'api/enterprises/bulk_index', object: oc.suppliers -end -node( :distributors ) do |oc| - partial 'api/enterprises/bulk_index', object: oc.distributors -end diff --git a/spec/controllers/api/order_cycles_controller_spec.rb b/spec/controllers/api/order_cycles_controller_spec.rb deleted file mode 100644 index 64f813f5a4..0000000000 --- a/spec/controllers/api/order_cycles_controller_spec.rb +++ /dev/null @@ -1,199 +0,0 @@ -require 'spec_helper' -require 'spree/api/testing_support/helpers' - -module Api - describe OrderCyclesController, type: :controller do - include Spree::Api::TestingSupport::Helpers - include AuthenticationWorkflow - render_views - - describe "managed" do - let!(:oc1) { FactoryBot.create(:simple_order_cycle) } - let!(:oc2) { FactoryBot.create(:simple_order_cycle) } - let(:coordinator) { oc1.coordinator } - let(:attributes) { [:id, :name, :suppliers, :distributors] } - - before do - allow(controller).to receive(:spree_current_user) { current_api_user } - end - - context "as a normal user" do - sign_in_as_user! - - it "should deny me access to managed order cycles" do - spree_get :managed, format: :json - assert_unauthorized! - end - end - - context "as an enterprise user" do - sign_in_as_enterprise_user! [:coordinator] - - it "retrieves a list of variants with appropriate attributes" do - get :managed, format: :json - keys = json_response.first.keys.map(&:to_sym) - expect(attributes.all?{ |attr| keys.include? attr }).to eq(true) - end - end - - context "as an administrator" do - sign_in_as_admin! - - it "retrieves a list of variants with appropriate attributes" do - get :managed, format: :json - keys = json_response.first.keys.map(&:to_sym) - expect(attributes.all?{ |attr| keys.include? attr }).to eq(true) - end - end - end - - describe "accessible" do - context "without :as parameter" do - let(:oc_supplier) { create(:supplier_enterprise) } - let(:oc_distributor) { create(:distributor_enterprise) } - let(:other_supplier) { create(:supplier_enterprise) } - let(:oc_supplier_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: oc_supplier) - user.save! - user - end - let(:oc_distributor_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: oc_distributor) - user.save! - user - end - let(:other_supplier_user) do - user = create(:user) - user.spree_roles = [] - user.enterprise_roles.create(enterprise: other_supplier) - user.save! - user - end - let!(:order_cycle) { create(:simple_order_cycle, suppliers: [oc_supplier], distributors: [oc_distributor]) } - - context "as the user of a supplier to an order cycle" do - before do - allow(controller).to receive(:spree_current_user) { oc_supplier_user } - end - - it "gives me access" do - spree_get :accessible, template: 'bulk_index', format: :json - - expect(json_response.length).to eq(1) - expect(json_response[0]['id']).to eq(order_cycle.id) - end - end - - context "as the user of some other supplier" do - before do - allow(controller).to receive(:spree_current_user) { other_supplier_user } - end - - it "does not give me access" do - spree_get :accessible, template: 'bulk_index', format: :json - expect(json_response.length).to eq(0) - end - end - - context "as the user of a hub for the order cycle" do - before do - allow(controller).to receive(:spree_current_user) { oc_distributor_user } - end - - it "gives me access" do - spree_get :accessible, template: 'bulk_index', format: :json - - expect(json_response.length).to eq(1) - expect(json_response[0]['id']).to eq(order_cycle.id) - end - end - end - - context "when the :as parameter is set to 'distributor'" do - let(:user) { create_enterprise_user } - let(:distributor) { create(:distributor_enterprise) } - let(:producer) { create(:supplier_enterprise) } - let(:coordinator) { create(:distributor_enterprise) } - let!(:oc) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor], suppliers: [producer]) } - - let(:params) { { format: :json, as: 'distributor' } } - - before do - allow(controller).to receive(:spree_current_user) { user } - end - - context "as the manager of a supplier in an order cycle" do - before { user.enterprise_roles.create(enterprise: producer) } - - it "does not return the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to_not include oc - end - end - - context "as the manager of a distributor in an order cycle" do - before { user.enterprise_roles.create(enterprise: distributor) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - - context "as the manager of the coordinator of an order cycle" do - before { user.enterprise_roles.create(enterprise: coordinator) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - end - - context "when the :as parameter is set to 'producer'" do - let(:user) { create_enterprise_user } - let(:distributor) { create(:distributor_enterprise) } - let(:producer) { create(:supplier_enterprise) } - let(:coordinator) { create(:distributor_enterprise) } - let!(:oc) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor], suppliers: [producer]) } - - let(:params) { { format: :json, as: 'producer' } } - - before do - allow(controller).to receive(:spree_current_user) { user } - end - - context "as the manager of a producer in an order cycle" do - before { user.enterprise_roles.create(enterprise: producer) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - - context "as the manager of a distributor in an order cycle" do - before { user.enterprise_roles.create(enterprise: distributor) } - - it "does not return the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to_not include oc - end - end - - context "as the manager of the coordinator of an order cycle" do - before { user.enterprise_roles.create(enterprise: coordinator) } - - it "returns the order cycle" do - spree_get :accessible, params - expect(assigns(:order_cycles)).to include oc - end - end - end - end - end -end