From 21ed37189a51d174cbb222ff0f25bb9328afe231 Mon Sep 17 00:00:00 2001 From: Bing Xie Date: Fri, 16 Sep 2016 12:11:59 +1000 Subject: [PATCH] Only search customers in user managed enterprises --- .../admin/search_controller_decorator.rb | 6 ++- .../api/admin/customer_serializer.rb | 2 +- .../spree/admin/search_controller_spec.rb | 41 +++++++++++++------ 3 files changed, 34 insertions(+), 15 deletions(-) diff --git a/app/controllers/spree/admin/search_controller_decorator.rb b/app/controllers/spree/admin/search_controller_decorator.rb index 1f4fad29e4..746a05c195 100644 --- a/app/controllers/spree/admin/search_controller_decorator.rb +++ b/app/controllers/spree/admin/search_controller_decorator.rb @@ -17,8 +17,12 @@ Spree::Admin::SearchController.class_eval do end def customers - @customers = Customer.ransack({m: 'or', email_start: params[:q], name_start: params[:q]}) + if spree_current_user.enterprises.pluck(:id).include? params[:distributor_id].to_i + @customers = Customer.ransack({m: 'or', email_start: params[:q], name_start: params[:q]}) .result.where(enterprise_id: params[:distributor_id]) + else + @customers = [] + end render json: @customers, each_serializer: Api::Admin::CustomerSerializer end diff --git a/app/serializers/api/admin/customer_serializer.rb b/app/serializers/api/admin/customer_serializer.rb index 327ac97189..ff5e9fe861 100644 --- a/app/serializers/api/admin/customer_serializer.rb +++ b/app/serializers/api/admin/customer_serializer.rb @@ -9,7 +9,7 @@ class Api::Admin::CustomerSerializer < ActiveModel::Serializer end def name - object.name.blank? ? object.bill_address.andand.full_name : object.name + object.name || object.bill_address.andand.full_name end def tags diff --git a/spec/controllers/spree/admin/search_controller_spec.rb b/spec/controllers/spree/admin/search_controller_spec.rb index 23de78a975..46a5284705 100644 --- a/spec/controllers/spree/admin/search_controller_spec.rb +++ b/spec/controllers/spree/admin/search_controller_spec.rb @@ -37,21 +37,36 @@ describe Spree::Admin::SearchController do let!(:customer_2) { create(:customer, enterprise: enterprise, name: 'test2') } let!(:customer_3) { create(:customer, email: 'test3@email.com') } - before do - spree_get :customers, q: "test", distributor_id: enterprise.id - @results = JSON.parse(response.body) - end - - describe 'when search query matches the email or name' do - it 'returns a list of customers of the enterprise' do - expect(@results.size).to eq 2 - - expect(@results.find { |c| c['id'] == customer_1.id}).to be_true - expect(@results.find { |c| c['id'] == customer_2.id}).to be_true + describe 'when search owned enterprises' do + before do + spree_get :customers, q: "test", distributor_id: enterprise.id + @results = JSON.parse(response.body) end - it 'does not return the customer of other enterprises' do - expect(@results.find { |c| c['id'] == customer_3.id}).to be_false + describe 'when search query matches the email or name' do + it 'returns a list of customers of the enterprise' do + expect(@results.size).to eq 2 + + expect(@results.find { |c| c['id'] == customer_1.id}).to be_true + expect(@results.find { |c| c['id'] == customer_2.id}).to be_true + end + + it 'does not return the customer of other enterprises' do + expect(@results.find { |c| c['id'] == customer_3.id}).to be_false + p customer_3 + p enterprise + end + end + end + + describe 'when search in unmanaged enterprise' do + before do + spree_get :customers, q: "test", distributor_id: customer_3.enterprise_id + @results = JSON.parse(response.body) + end + + it 'returns empty array' do + expect(@results).to eq [] end end end