mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-02-24 01:13:21 +00:00
Allow only enterprise managers to connect apps
Otherwise it doesn't work because non-managers, like super admins, are not authorised to access enterprise data via the DFC API.
This commit is contained in:
committed by
zanetagebka
parent
36b1c2bd83
commit
4b4ae8c7ba
@@ -14,6 +14,10 @@ module Admin
|
||||
producers.size == 1 ? producers.first.id : nil
|
||||
end
|
||||
|
||||
def can_connect_apps?(enterprise)
|
||||
enterprise.in?(spree_current_user.enterprises)
|
||||
end
|
||||
|
||||
def enterprise_side_menu_items(enterprise)
|
||||
is_shop = enterprise.sells != "none"
|
||||
show_properties = !!enterprise.is_primary_producer
|
||||
|
||||
@@ -6,7 +6,9 @@
|
||||
%p= t ".tagline"
|
||||
%div
|
||||
- if enterprise.connected_apps.empty?
|
||||
= button_to t(".enable"), admin_enterprise_connected_apps_path(enterprise.id), method: :post
|
||||
= button_to t(".enable"), admin_enterprise_connected_apps_path(enterprise.id), method: :post, disabled: !can_connect_apps?(enterprise)
|
||||
-# This is only seen by super-admins:
|
||||
%em= t(".need_to_be_manager") unless can_connect_apps?(enterprise)
|
||||
- elsif enterprise.connected_apps.connecting.present?
|
||||
%button{ disabled: true }
|
||||
%i.spinner.fa.fa-spin.fa-circle-o-notch
|
||||
|
||||
@@ -1353,6 +1353,7 @@ en:
|
||||
enable: "Allow data sharing"
|
||||
disable: "Stop sharing"
|
||||
loading: "Loading"
|
||||
need_to_be_manager: "Only managers can connect apps."
|
||||
note: |
|
||||
Your Open Food Network account is connected to Discover Regenerative.
|
||||
Add or update information on your Discover Regenerative listing here.
|
||||
|
||||
@@ -50,4 +50,14 @@ RSpec.describe "Connected Apps", feature: :connected_apps, vcr: true do
|
||||
expect(page).not_to have_content "account is connected"
|
||||
expect(page).not_to have_link "Manage listing"
|
||||
end
|
||||
|
||||
it "can't be enabled by non-manager" do
|
||||
login_as create(:admin_user)
|
||||
|
||||
visit "#{edit_admin_enterprise_path(enterprise)}#/connected_apps_panel"
|
||||
expect(page).to have_content "Discover Regenerative"
|
||||
|
||||
expect(page).to have_button("Allow data sharing", disabled: true)
|
||||
expect(page).to have_content "Only managers can connect apps."
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user