diff --git a/app/controllers/admin/enterprises_controller.rb b/app/controllers/admin/enterprises_controller.rb index a297eadc9c..981299a8ea 100644 --- a/app/controllers/admin/enterprises_controller.rb +++ b/app/controllers/admin/enterprises_controller.rb @@ -24,7 +24,7 @@ module Admin end def collection - super.order('is_primary_producer DESC, is_distributor ASC, name') + super.managed_by(spree_current_user).order('is_primary_producer DESC, is_distributor ASC, name') end end end diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb index f29b8046c7..34bd9679a4 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree/ability_decorator.rb @@ -40,6 +40,15 @@ class AbilityDecorator can [:create], OrderCycle + can [:index, :read], EnterpriseFee + can [:admin, :index, :read, :create, :edit, :update], ExchangeVariant + can [:admin, :index, :read, :create, :edit, :update], Exchange + can [:admin, :index, :read, :create, :edit, :update], ExchangeFee + can [:admin, :index], Enterprise + can [:read, :edit, :update], Enterprise do |enterprise| + user.enterprises.include? enterprise + end + end end end diff --git a/spec/features/admin/enterprises_spec.rb b/spec/features/admin/enterprises_spec.rb index 3f7e72ba88..db97f28b9f 100644 --- a/spec/features/admin/enterprises_spec.rb +++ b/spec/features/admin/enterprises_spec.rb @@ -6,12 +6,12 @@ feature %q{ } do include AuthenticationWorkflow include WebHelper - + before :all do @default_wait_time = Capybara.default_wait_time Capybara.default_wait_time = 5 end - + after :all do Capybara.default_wait_time = @default_wait_time end @@ -127,4 +127,31 @@ feature %q{ Enterprise.is_distributor.map { |d| d.next_collection_at }.should == %w(One Two Three) end + context 'as an Enterprise user' do + + let(:supplier1) { create(:supplier_enterprise, name: 'First Supplier') } + let(:supplier2) { create(:supplier_enterprise, name: 'Another Supplier') } + let(:distributor1) { create(:distributor_enterprise, name: 'First Distributor') } + let(:distributor2) { create(:distributor_enterprise, name: 'Another Distributor') } + + before(:each) do + @new_user = create_enterprise_user + @new_user.enterprise_roles.build(enterprise: supplier1).save + @new_user.enterprise_roles.build(enterprise: distributor1).save + + login_to_admin_as @new_user + end + + scenario "can view enterprises I have permission to" do + oc_user_coordinating = create(:simple_order_cycle, { coordinator: supplier1, name: 'Order Cycle 1' } ) + oc_for_other_user = create(:simple_order_cycle, { coordinator: supplier2, name: 'Order Cycle 2' } ) + + click_link "Enterprises" + + page.should have_content supplier1.name + page.should have_content distributor1.name + page.should_not have_content supplier2.name + page.should_not have_content distributor2.name + end + end end diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 9007ff8a2a..0d9bb31cc3 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -137,6 +137,27 @@ module Spree should have_ability([:create], for: OrderCycle) end end + + context 'Enterprise manager' do + let (:user) do + user = create(:user) + user.spree_roles = [] + s1.enterprise_roles.build(user: user).save + user + end + + it 'should have the ability to read and edit enterprises that I manage' do + should have_ability([:read, :edit, :update], for: s1) + end + + it 'should not have the ability to read and edit enterprises that I do not manage' do + should_not have_ability([:read, :edit, :update], for: s2) + end + + it 'should have the ability administrate enterpises' do + should have_ability([:admin, :index], for: Enterprise) + end + end end end end \ No newline at end of file