Allow logged in users to access DFC API

It makes testing in development so much easier.

engines/dfc_provider/app/controllers/dfc_provider/base_controller.rb

@@ -39,12 +39,8 @@ module DfcProvider
       @current_user ||= authorization_control.process
     end
 
-    def access_token
-      request.headers['Authorization'].to_s.split(' ').last
-    end
-
     def authorization_control
-      DfcProvider::AuthorizationControl.new(access_token)
+      DfcProvider::AuthorizationControl.new(request)
     end
 
     def not_found

engines/dfc_provider/app/services/dfc_provider/authorization_control.rb

@@ -4,20 +4,30 @@
 # It controls an OICD Access token and an enterprise.
 module DfcProvider
   class AuthorizationControl
-    def initialize(access_token)
-      @access_token = access_token
+    def initialize(request)
+      @request = request
     end
 
     def process
-      return unless @access_token
+      oidc_user || ofn_user
+    end
+
+    private
+
+    def oidc_user
+      return unless access_token
 
       decode_token
       find_ofn_user
     end
 
+    def ofn_user
+      @request.env['warden'].user
+    end
+
     def decode_token
       data = JWT.decode(
-        @access_token,
+        access_token,
         nil,
         false
       )
@@ -26,6 +36,10 @@ module DfcProvider
       @payload = data.first
     end
 
+    def access_token
+      @request.headers['Authorization'].to_s.split(' ').last
+    end
+
     def find_ofn_user
       Spree::User.where(email: @payload['email']).first
     end

engines/dfc_provider/spec/controllers/dfc_provider/catalog_items_controller_spec.rb

@@ -98,6 +98,14 @@ describe DfcProvider::CatalogItemsController, type: :controller do
         expect(response).to be_unauthorized
       end
     end
+
+    context "when logged in as app user" do
+      it "is successful" do
+        sign_in user
+        api_get :index, enterprise_id: enterprise.id
+        expect(response).to be_successful
+      end
+    end
   end
 
   describe '.show' do