From 6a5d819fa68e3d2dccfe5080faecd1ebc9feb16d Mon Sep 17 00:00:00 2001 From: Rohan Mitchell Date: Tue, 27 Aug 2013 09:32:41 +1000 Subject: [PATCH] Enterprise manager can create an order --- app/models/spree/ability_decorator.rb | 23 ++++++++----- spec/features/admin/orders_spec.rb | 49 +++++++++++++++++++++++++++ spec/models/ability_spec.rb | 27 ++++++++++++--- 3 files changed, 86 insertions(+), 13 deletions(-) diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb index 9b2647f45e..bef96e961f 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree/ability_decorator.rb @@ -4,33 +4,40 @@ class AbilityDecorator def initialize(user) if user.enterprises.count > 0 - #Enterprise User can only access products that they are a supplier for + # Spree performs authorize! on (:create, nil) when creating a new order from admin, and also (:search, nil) + # when searching for variants to add to the order + can [:create, :search], nil + + # Enterprise User can only access products that they are a supplier for can [:create], Spree::Product can [:admin, :read, :update, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product| user.enterprises.include? product.supplier end - can [:admin, :index, :read, :create, :edit], Spree::Variant + can [:admin, :index, :read, :create, :edit, :search], Spree::Variant can [:admin, :index, :read, :create, :edit], Spree::ProductProperty can [:admin, :index, :read, :create, :edit], Spree::Image can [:admin, :index, :read, :search], Spree::Taxon can [:admin, :index, :read, :create, :edit], Spree::Classification - #Enterprise User can only access orders that they are a distributor for + # Enterprise User can only access orders that they are a distributor for can [:index, :create], Spree::Order - can [:admin, :read, :update, :fire, :resend ], Spree::Order do |order| - user.enterprises.include? order.distributor + can [:admin, :index, :read, :create, :update, :fire, :resend], Spree::Order do |order| + # We allow editing orders with a nil distributor as this state occurs + # during the order creation process from the admin backend + order.distributor.nil? || user.enterprises.include?(order.distributor) end + can [:admin, :create], Spree::LineItem can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::Payment can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::Shipment can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::Adjustment can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::ReturnAuthorization - #Enterprise User can only access payment methods for their distributors + # Enterprise User can only access payment methods for their distributors can [:index, :create], Spree::PaymentMethod - can [:admin, :read, :update, :fire, :resend, :destroy ], Spree::PaymentMethod do |payment_method| + can [:admin, :read, :update, :fire, :resend, :destroy], Spree::PaymentMethod do |payment_method| user.enterprises.include? payment_method.distributor end @@ -53,7 +60,7 @@ class AbilityDecorator user.enterprises.include? enterprise end - #Enterprise User can access reports page + # Enterprise User can access reports page can [:admin, :index, :orders_and_distributors, :group_buys, :bulk_coop, :payments, :order_cycles], :report end end diff --git a/spec/features/admin/orders_spec.rb b/spec/features/admin/orders_spec.rb index 72ea151d41..659a970df0 100644 --- a/spec/features/admin/orders_spec.rb +++ b/spec/features/admin/orders_spec.rb @@ -75,4 +75,53 @@ feature %q{ # we should still be on the same page current_path.should == spree.admin_orders_path end + + context "as an enterprise manager" do + let(:coordinator1) { create(:distributor_enterprise) } + let(:coordinator2) { create(:distributor_enterprise) } + let!(:order_cycle1) { create(:order_cycle, coordinator: coordinator1) } + let!(:order_cycle2) { create(:simple_order_cycle, coordinator: coordinator2) } + let(:supplier1) { order_cycle1.suppliers.first } + let(:supplier2) { order_cycle1.suppliers.last } + let(:distributor1) { order_cycle1.distributors.first } + let(:distributor2) { order_cycle1.distributors.last } + let(:product) { order_cycle1.products.first } + + before(:each) do + @enterprise_user = create_enterprise_user + @enterprise_user.enterprise_roles.build(enterprise: supplier1).save + @enterprise_user.enterprise_roles.build(enterprise: supplier1).save + @enterprise_user.enterprise_roles.build(enterprise: coordinator1).save + @enterprise_user.enterprise_roles.build(enterprise: distributor1).save + + login_to_admin_as @enterprise_user + end + + scenario "creating an order with distributor and order cycle", js: true do + click_link 'Orders' + click_link 'New Order' + + page.should have_content 'ADD PRODUCT' + targetted_select2_search product.name, from: '#add_variant_id', dropdown_css: '.select2-drop' + click_link 'Add' + page.has_selector? "table.index tbody[data-hook='admin_order_form_line_items'] tr" # Wait for JS + page.should have_selector 'td', text: product.name + + page.should have_select 'order_distributor_id', with_options: [distributor1.name] + page.should have_no_select 'order_distributor_id', with_options: [distributor2.name] + + page.should have_select 'order_order_cycle_id', with_options: [order_cycle1.name] + page.should have_no_select 'order_order_cycle_id', with_options: [order_cycle2.name] + + select distributor1.name, from: 'order_distributor_id' + select order_cycle1.name, from: 'order_order_cycle_id' + click_button 'Update' + + page.should have_selector 'h1', text: 'Customer Details' + o = Spree::Order.last + o.distributor.should == distributor1 + o.order_cycle.should == order_cycle1 + end + + end end diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index b8140d29d7..3cca953e94 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -18,18 +18,18 @@ module Spree let(:p2) { create(:product, supplier: s2, distributors:[d1, d2]) } subject { user } - let(:user){ nil } + let(:user) { nil } context "when is a supplier enterprise user" do # create supplier_enterprise1 user without full admin access - let (:user) do + let(:user) do user = create(:user) user.spree_roles = [] s1.enterprise_roles.build(user: user).save user end - let (:order) {create(:order, )} + let(:order) {create(:order)} it "should be able to read/write their enterprises' products" do should have_ability([:admin, :read, :update, :bulk_edit, :bulk_update, :clone, :destroy], for: p1) @@ -44,7 +44,7 @@ module Spree end it "should be able to read/write their enterprises' product variants" do - should have_ability([:admin, :index, :read, :create, :edit], for: Spree::Variant) + should have_ability([:admin, :index, :read, :create, :edit, :search], for: Spree::Variant) end it "should be able to read/write their enterprises' product properties" do @@ -84,6 +84,11 @@ module Spree create(:line_item, order: o, product: p1) o end + let(:o3) do + o = create(:order, distributor: nil, bill_address: create(:address)) + create(:line_item, order: o, product: p1) + o + end it "should be able to read/write their enterprises' orders" do should have_ability([:admin, :index, :read, :edit], for: o1) @@ -93,8 +98,20 @@ module Spree should_not have_ability([:admin, :index, :read, :edit], for: o2) end + it "should be able to read/write orders that are in the process of being created" do + should have_ability([:admin, :index, :read, :edit], for: o3) + end + + it "should be able to create and search on nil (required for creating an order)" do + should have_ability([:create, :search], for: nil) + end + it "should be able to create a new order" do - should have_ability(:create, for: Spree::Order) + should have_ability([:admin, :index, :read, :create, :update], for: Spree::Order) + end + + it "should be able to create a new line item" do + should have_ability([:admin, :create], for: Spree::LineItem) end it "should be able to read/write Payments on a product" do