From 2c3eeec2b9e4e2b54788f4f73f236c7053b337bf Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Fri, 1 Feb 2019 21:44:30 +0000
Subject: [PATCH] Update cancan permissions for second iteration of bulk
 invoices

---
 app/controllers/spree/admin/invoices_controller.rb       | 1 +
 app/models/spree/ability_decorator.rb                    | 3 ++-
 spec/controllers/spree/admin/invoices_controller_spec.rb | 5 +++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/controllers/spree/admin/invoices_controller.rb b/app/controllers/spree/admin/invoices_controller.rb
index 230d01322b..710fda1a3a 100644
--- a/app/controllers/spree/admin/invoices_controller.rb
+++ b/app/controllers/spree/admin/invoices_controller.rb
@@ -2,6 +2,7 @@ module Spree
   module Admin
     class InvoicesController < Spree::Admin::BaseController
       respond_to :json
+      authorize_resource class: false
 
       def create
         invoice_service = BulkInvoiceService.new
diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb
index 2c68470840..f6f37560ce 100644
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -210,9 +210,10 @@ class AbilityDecorator
       # during the order creation process from the admin backend
       order.distributor.nil? || user.enterprises.include?(order.distributor) || order.order_cycle.andand.coordinated_by?(user)
     end
-    can [:admin, :bulk_management, :managed, :bulk_invoice], Spree::Order do
+    can [:admin, :bulk_management, :managed], Spree::Order do
       user.admin? || user.enterprises.any?(&:is_distributor)
     end
+    can [:admin, :create, :show, :poll], :invoice
     can [:admin, :visible], Enterprise
     can [:admin, :index, :create, :update, :destroy], :line_item
     can [:admin, :index, :create], Spree::LineItem
diff --git a/spec/controllers/spree/admin/invoices_controller_spec.rb b/spec/controllers/spree/admin/invoices_controller_spec.rb
index 1eff65ba2c..9a7453fb70 100644
--- a/spec/controllers/spree/admin/invoices_controller_spec.rb
+++ b/spec/controllers/spree/admin/invoices_controller_spec.rb
@@ -2,10 +2,11 @@ require 'spec_helper'
 
 describe Spree::Admin::InvoicesController, type: :controller do
   let(:order) { create(:order_with_totals_and_distribution) }
-  let(:user) { create(:admin_user) }
+  let(:enterprise_user) { create(:user) }
+  let!(:enterprise) { create(:enterprise, owner: enterprise_user) }
 
   before do
-    allow(controller).to receive(:spree_current_user) { user }
+    allow(controller).to receive(:spree_current_user) { enterprise_user }
   end
 
   describe "#create" do