Fix order cycle permissions for enterprise user.

2026-01-24 20:36:49 +00:00 · 2013-08-18 19:41:04 +10:00
parent a8d4efd067
commit 38522e2b74
4 changed files with 60 additions and 3 deletions
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -24,7 +24,7 @@ module Admin
    end

    def collection
-      super.order('is_primary_producer DESC, is_distributor ASC, name')
+      super.managed_by(spree_current_user).order('is_primary_producer DESC, is_distributor ASC, name')
    end
  end
 end
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -40,6 +40,15 @@ class AbilityDecorator

      can [:create], OrderCycle

+      can [:index, :read], EnterpriseFee
+      can [:admin, :index, :read, :create, :edit, :update], ExchangeVariant
+      can [:admin, :index, :read, :create, :edit, :update], Exchange
+      can [:admin, :index, :read, :create, :edit, :update], ExchangeFee
+      can [:admin, :index], Enterprise
+      can [:read, :edit, :update], Enterprise do |enterprise|
+        user.enterprises.include? enterprise
+      end
+
    end
  end
 end
--- a/spec/features/admin/enterprises_spec.rb
+++ b/spec/features/admin/enterprises_spec.rb
@@ -6,12 +6,12 @@ feature %q{
 } do
  include AuthenticationWorkflow
  include WebHelper
-  
+
  before :all do
    @default_wait_time = Capybara.default_wait_time
    Capybara.default_wait_time = 5
  end
-  
+
  after :all do
    Capybara.default_wait_time = @default_wait_time
  end
@@ -127,4 +127,31 @@ feature %q{
    Enterprise.is_distributor.map { |d| d.next_collection_at }.should == %w(One Two Three)
  end

+  context 'as an Enterprise user' do
+
+    let(:supplier1) { create(:supplier_enterprise, name: 'First Supplier') }
+    let(:supplier2) { create(:supplier_enterprise, name: 'Another Supplier') }
+    let(:distributor1) { create(:distributor_enterprise, name: 'First Distributor') }
+    let(:distributor2) { create(:distributor_enterprise, name: 'Another Distributor') }
+
+    before(:each) do
+      @new_user = create_enterprise_user
+      @new_user.enterprise_roles.build(enterprise: supplier1).save
+      @new_user.enterprise_roles.build(enterprise: distributor1).save
+
+      login_to_admin_as @new_user
+    end
+
+    scenario "can view enterprises I have permission to" do
+      oc_user_coordinating = create(:simple_order_cycle, { coordinator: supplier1, name: 'Order Cycle 1' } )
+      oc_for_other_user = create(:simple_order_cycle, { coordinator: supplier2, name: 'Order Cycle 2' } )
+
+      click_link "Enterprises"
+
+      page.should have_content supplier1.name
+      page.should have_content distributor1.name
+      page.should_not have_content supplier2.name
+      page.should_not have_content distributor2.name
+    end
+  end
 end
--- a/spec/models/ability_spec.rb
+++ b/spec/models/ability_spec.rb
@@ -137,6 +137,27 @@ module Spree
          should have_ability([:create], for: OrderCycle)
        end
      end
+
+      context 'Enterprise manager' do
+        let (:user) do
+          user = create(:user)
+          user.spree_roles = []
+          s1.enterprise_roles.build(user: user).save
+          user
+        end
+
+        it 'should have the ability to read and edit enterprises that I manage' do
+          should have_ability([:read, :edit, :update], for: s1)
+        end
+
+        it 'should not have the ability to read and edit enterprises that I do not manage' do
+          should_not have_ability([:read, :edit, :update], for: s2)
+        end
+
+        it 'should have the ability administrate enterpises' do
+          should have_ability([:admin, :index], for: Enterprise)
+        end
+      end
    end
  end
 end