raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-24 20:36:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enterprise managers can access override variants

Browse Source
This commit is contained in:
Rohan Mitchell
2014-11-26 11:45:50 +11:00
parent b1ba519a73
commit 500b5ce347
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/models/spree/ability_decorator.rb
View File

@@ -65,9 +65,10 @@ class AbilityDecorator
def add_product_management_abilities(user)
# Enterprise User can only access products that they are a supplier for
can [:create], Spree::Product
can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product|
can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :override_variants, :clone, :destroy], Spree::Product do |product|
OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier
end
can :override_variants, nil
can [:create], Spree::Variant
can [:admin, :index, :read, :edit, :update, :search, :destroy], Spree::Variant do |variant|

10
spec/models/spree/ability_spec.rb
View File

@@ -140,21 +140,25 @@ module Spree
let(:order) {create(:order)}
it "should be able to read/write their enterprises' products and variants" do
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p1)
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :override_variants, :clone, :destroy], for: p1)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p1.master)
end
it "should be able to read/write related enterprises' products and variants with manage_products permission" do
er_p
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p_related)
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :override_variants, :clone, :destroy], for: p_related)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p_related.master)
end
it "should not be able to read/write other enterprises' products and variants" do
should_not have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p2)
should_not have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :override_variants, :clone, :destroy], for: p2)
should_not have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p2.master)
end
it "should be able to override_variants on nil (required for override_variants)" do
should have_ability :override_variants, for: nil
end
it "should not be able to access admin actions on orders" do
should_not have_ability([:admin], for: Spree::Order)
end