From 85002d3804dada54074b08ac78d6614db73cf3e8 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Thu, 29 Jun 2023 16:02:33 +1000
Subject: [PATCH] Spec bug allowing any enterprise to view invoices

---
 spec/controllers/spree/admin/orders/invoices_spec.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/spec/controllers/spree/admin/orders/invoices_spec.rb b/spec/controllers/spree/admin/orders/invoices_spec.rb
index 432975103b..c9ec8b7c78 100644
--- a/spec/controllers/spree/admin/orders/invoices_spec.rb
+++ b/spec/controllers/spree/admin/orders/invoices_spec.rb
@@ -107,7 +107,7 @@ describe Spree::Admin::OrdersController, type: :controller do
 
   describe "#index" do
     let(:user) { create(:user) }
-    let(:enterprise_user) { create(:user) }
+    let(:enterprise_user) { create(:user, enterprises: [create(:enterprise)]) }
     let(:order) {
       create(:order_with_distributor, bill_address: create(:address),
                                       ship_address: create(:address))
@@ -128,8 +128,9 @@ describe Spree::Admin::OrdersController, type: :controller do
       context "which is not a manager of the distributor for an order" do
         before { allow(controller).to receive(:spree_current_user) { enterprise_user } }
 
-        it "should prevent me from listing invoices for the order" do
+        it "shows only invoices of manged enterprises" do
           spree_get :index, params
+          pending "reporting success"
           expect(response).to redirect_to unauthorized_path
         end
       end