Update cancan permissions for second iteration of bulk invoices

app/controllers/spree/admin/invoices_controller.rb

@@ -2,6 +2,7 @@ module Spree
   module Admin
     class InvoicesController < Spree::Admin::BaseController
       respond_to :json
+      authorize_resource class: false
 
       def create
         invoice_service = BulkInvoiceService.new

app/models/spree/ability_decorator.rb

@@ -210,9 +210,10 @@ class AbilityDecorator
       # during the order creation process from the admin backend
       order.distributor.nil? || user.enterprises.include?(order.distributor) || order.order_cycle.andand.coordinated_by?(user)
     end
-    can [:admin, :bulk_management, :managed, :bulk_invoice], Spree::Order do
+    can [:admin, :bulk_management, :managed], Spree::Order do
       user.admin? || user.enterprises.any?(&:is_distributor)
     end
+    can [:admin, :create, :show, :poll], :invoice
     can [:admin, :visible], Enterprise
     can [:admin, :index, :create, :update, :destroy], :line_item
     can [:admin, :index, :create], Spree::LineItem

spec/controllers/spree/admin/invoices_controller_spec.rb

@@ -2,10 +2,11 @@ require 'spec_helper'
 
 describe Spree::Admin::InvoicesController, type: :controller do
   let(:order) { create(:order_with_totals_and_distribution) }
-  let(:user) { create(:admin_user) }
+  let(:enterprise_user) { create(:user) }
+  let!(:enterprise) { create(:enterprise, owner: enterprise_user) }
 
   before do
-    allow(controller).to receive(:spree_current_user) { user }
+    allow(controller).to receive(:spree_current_user) { enterprise_user }
   end
 
   describe "#create" do