diff --git a/engines/dfc_provider/app/controllers/dfc_provider/supplied_products_controller.rb b/engines/dfc_provider/app/controllers/dfc_provider/supplied_products_controller.rb index d4142f25d6..6d3dce2e58 100644 --- a/engines/dfc_provider/app/controllers/dfc_provider/supplied_products_controller.rb +++ b/engines/dfc_provider/app/controllers/dfc_provider/supplied_products_controller.rb @@ -14,7 +14,10 @@ module DfcProvider return head :bad_request unless supplied_product - variant = SuppliedProductBuilder.import_variant(supplied_product) + variant = SuppliedProductBuilder.import_variant( + supplied_product, + current_enterprise, + ) product = variant.product if product.new_record? diff --git a/engines/dfc_provider/app/services/supplied_product_builder.rb b/engines/dfc_provider/app/services/supplied_product_builder.rb index 84b14f53af..835d08261d 100644 --- a/engines/dfc_provider/app/services/supplied_product_builder.rb +++ b/engines/dfc_provider/app/services/supplied_product_builder.rb @@ -23,8 +23,8 @@ class SuppliedProductBuilder < DfcBuilder ) end - def self.import_variant(supplied_product) - product = referenced_spree_product(supplied_product) + def self.import_variant(supplied_product, supplier) + product = referenced_spree_product(supplied_product, supplier) if product Spree::Variant.new( @@ -40,7 +40,7 @@ class SuppliedProductBuilder < DfcBuilder end end - def self.referenced_spree_product(supplied_product) + def self.referenced_spree_product(supplied_product, supplier) uri = supplied_product.spree_product_uri id = supplied_product.spree_product_id @@ -51,9 +51,9 @@ class SuppliedProductBuilder < DfcBuilder # Check that the given URI points to us: return unless uri == urls.enterprise_url(route.merge(params)) - Spree::Product.find(params["spree_product_id"]) + supplier.supplied_products.find_by(id: params["spree_product_id"]) elsif id.present? - Spree::Product.find(id) + supplier.supplied_products.find_by(id:) end end diff --git a/engines/dfc_provider/spec/services/supplied_product_builder_spec.rb b/engines/dfc_provider/spec/services/supplied_product_builder_spec.rb index f4e1518735..49e33e6885 100644 --- a/engines/dfc_provider/spec/services/supplied_product_builder_spec.rb +++ b/engines/dfc_provider/spec/services/supplied_product_builder_spec.rb @@ -145,7 +145,7 @@ describe SuppliedProductBuilder do end describe ".import_variant" do - let(:imported_variant) { builder.import_variant(supplied_product) } + let(:imported_variant) { builder.import_variant(supplied_product, supplier) } let(:supplied_product) do DfcProvider::SuppliedProduct.new( "https://example.net/tomato", @@ -173,7 +173,7 @@ describe SuppliedProductBuilder do end context "with spree_product_id supplied" do - let(:imported_variant) { builder.import_variant(supplied_product) } + let(:imported_variant) { builder.import_variant(supplied_product, supplier) } let(:supplied_product) do DfcProvider::SuppliedProduct.new( @@ -213,7 +213,7 @@ describe SuppliedProductBuilder do end context "with spree_product_uri supplied" do - let(:imported_variant) { builder.import_variant(supplied_product) } + let(:imported_variant) { builder.import_variant(supplied_product, supplier) } let(:product_type) { DfcLoader.connector.PRODUCT_TYPES.DRINK.SOFT_DRINK } let!(:new_taxon) { create( @@ -286,7 +286,7 @@ describe SuppliedProductBuilder do end describe ".referenced_spree_product" do - let(:result) { builder.referenced_spree_product(supplied_product) } + let(:result) { builder.referenced_spree_product(supplied_product, supplier) } let(:supplied_product) do DfcProvider::SuppliedProduct.new( "https://example.net/tomato", @@ -305,6 +305,15 @@ describe SuppliedProductBuilder do expect(result).to eq spree_product end + it "doesn't return a product of another enterprise" do + variant.save! + create(:product, id: 8, supplier: create(:enterprise)) + + supplied_product.spree_product_uri = + "http://test.host/api/dfc/enterprises/7?spree_product_id=8" + expect(result).to eq nil + end + it "doesn't return a foreign product referenced by URI" do variant.save! supplied_product.spree_product_uri =