raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-06 22:36:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Splitting out order cycle abilities from general order management abilities

Browse Source
This commit is contained in:
Rob Harrington
2015-03-13 15:30:24 +11:00
parent 85e4b3970c
commit 2310a6a7db
2 changed files with 78 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/models/spree/ability_decorator.rb
View File

@@ -8,6 +8,7 @@ class AbilityDecorator
add_enterprise_management_abilities user if can_manage_enterprises? user
add_group_management_abilities user if can_manage_groups? user
add_product_management_abilities user if can_manage_products? user
add_order_cycle_management_abilities user if can_manage_order_cycles? user
add_order_management_abilities user if can_manage_orders? user
add_relationship_management_abilities user if can_manage_relationships? user
end
@@ -33,6 +34,13 @@ class AbilityDecorator
user.enterprises.any? { |e| e.category != :hub_profile && e.producer_profile_only != true }
end
# Users can manage order cycles if they manage a sells own/any enterprise
# OR if they manage a producer which is included in any order cycles
def can_manage_order_cycles?(user)
can_manage_orders?(user) ||
OrderCycle.accessible_by(user).any?
end
# Users can manage orders if they have a sells own/any enterprise.
def can_manage_orders?(user)
( user.enterprises.map(&:sells) & %w(own any) ).any?
@@ -115,6 +123,16 @@ class AbilityDecorator
can [:admin, :index, :customers, :orders_and_distributors, :group_buys, :bulk_coop, :payments, :orders_and_fulfillment, :products_and_inventory], :report
end
def add_order_cycle_management_abilities(user)
can [:admin, :index, :read, :edit, :update], OrderCycle do |order_cycle|
OrderCycle.accessible_by(user).include? order_cycle
end
can [:bulk_update, :clone, :destroy], OrderCycle do |order_cycle|
user.enterprises.include? order_cycle.coordinator
end
can [:for_order_cycle], Enterprise
end
def add_order_management_abilities(user)
# Enterprise User can only access orders that they are a distributor for
can [:index, :create], Spree::Order
@@ -132,10 +150,6 @@ class AbilityDecorator
can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::ReturnAuthorization
can [:create], OrderCycle
can [:admin, :index, :read, :edit, :update, :bulk_update, :clone, :destroy], OrderCycle do |order_cycle|
user.enterprises.include? order_cycle.coordinator
end
can [:for_order_cycle], Enterprise
can [:admin, :index, :read, :create, :edit, :update], ExchangeVariant
can [:admin, :index, :read, :create, :edit, :update], Exchange

62
spec/models/spree/ability_spec.rb
View File

@@ -24,6 +24,7 @@ module Spree
it { subject.can_manage_products?(user).should be_true }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_true }
it { subject.can_manage_order_cycles?(user).should be_true }
end
context "as manager of an enterprise who sell 'own'" do
@@ -34,6 +35,7 @@ module Spree
it { subject.can_manage_products?(user).should be_true }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_true }
it { subject.can_manage_order_cycles?(user).should be_true }
end
context "as manager of an enterprise who sells 'none'" do
@@ -44,6 +46,7 @@ module Spree
it { subject.can_manage_products?(user).should be_false }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_false }
it { subject.can_manage_order_cycles?(user).should be_false }
end
context "as manager of a producer enterprise who sells 'any'" do
@@ -54,6 +57,7 @@ module Spree
it { subject.can_manage_products?(user).should be_true }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_true }
it { subject.can_manage_order_cycles?(user).should be_true }
end
context "as manager of a producer enterprise who sell 'own'" do
@@ -64,6 +68,7 @@ module Spree
it { subject.can_manage_products?(user).should be_true }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_true }
it { subject.can_manage_order_cycles?(user).should be_true }
end
context "as manager of a producer enterprise who sells 'none'" do
@@ -81,6 +86,7 @@ module Spree
it { subject.can_manage_products?(user).should be_true }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_false }
it { subject.can_manage_order_cycles?(user).should be_false }
end
context "as a profile" do
@@ -93,6 +99,7 @@ module Spree
it { subject.can_manage_products?(user).should be_false }
it { subject.can_manage_enterprises?(user).should be_true }
it { subject.can_manage_orders?(user).should be_false }
it { subject.can_manage_order_cycles?(user).should be_false }
end
end
@@ -100,6 +107,7 @@ module Spree
it { subject.can_manage_products?(user).should be_false }
it { subject.can_manage_enterprises?(user).should be_false }
it { subject.can_manage_orders?(user).should be_false }
it { subject.can_manage_order_cycles?(user).should be_false }
it "can create enterprises straight off the bat" do
subject.is_new_user?(user).should be_true
@@ -212,6 +220,40 @@ module Spree
should_not have_ability([:sales_total, :group_buys, :payments, :orders_and_distributors, :users_and_enterprises], for: :report)
end
describe "order_cycles abilities" do
context "where the enterprise is not in an order_cycle" do
let!(:order_cycle) { create(:simple_order_cycle) }
it "should not be able to access read/update order_cycle actions" do
should_not have_ability([:admin, :index, :read, :edit, :update], for: order_cycle)
end
it "should not be able to access bulk_update, clone order cycle actions" do
should_not have_ability([:bulk_update, :clone], for: order_cycle)
end
it "cannot request permitted enterprises for an order cycle" do
should_not have_ability([:for_order_cycle], for: Enterprise)
end
end
context "where the enterprise is in an order_cycle" do
let!(:order_cycle) { create(:simple_order_cycle) }
let!(:exchange){ create(:exchange, incoming: true, order_cycle: order_cycle, receiver: order_cycle.coordinator, sender: s1) }
it "should be able to access read/update order cycle actions" do
should have_ability([:admin, :index, :read, :edit, :update], for: order_cycle)
end
it "should not be able to access bulk/update, clone order cycle actions" do
should_not have_ability([:bulk_update, :clone], for: order_cycle)
end
it "can request permitted enterprises for an order cycle" do
should have_ability([:for_order_cycle], for: Enterprise)
end
end
end
end
context "when is a distributor enterprise user" do
@@ -357,6 +399,22 @@ module Spree
should_not have_ability([:sales_total, :users_and_enterprises], for: :report)
end
context "for a given order_cycle" do
let!(:order_cycle) { create(:simple_order_cycle) }
let!(:exchange){ create(:exchange, incoming: false, order_cycle: order_cycle, receiver: d1, sender: order_cycle.coordinator) }
it "should be able to access read and update order cycle actions" do
should have_ability([:admin, :index, :read, :edit, :update], for: order_cycle)
end
it "should not be able to access bulk_update, clone order cycle actions" do
should_not have_ability([:bulk_update, :clone], for: order_cycle)
end
end
it "can request permitted enterprises for an order cycle" do
should have_ability([:for_order_cycle], for: Enterprise)
end
end
context 'Order Cycle co-ordinator, distributor enterprise manager' do
@@ -371,11 +429,11 @@ module Spree
let(:oc2) { create(:simple_order_cycle) }
it "should be able to read/write OrderCycles they are the co-ordinator of" do
should have_ability([:admin, :index, :read, :edit, :update, :clone, :destroy], for: oc1)
should have_ability([:admin, :index, :read, :edit, :update, :bulk_update, :clone, :destroy], for: oc1)
end
it "should not be able to read/write OrderCycles they are not the co-ordinator of" do
should_not have_ability([:admin, :index, :read, :create, :edit, :update, :clone, :destroy], for: oc2)
should_not have_ability([:admin, :index, :read, :create, :edit, :update, :bulk_update, :clone, :destroy], for: oc2)
end
it "should be able to create OrderCycles" do