diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 6d026c5852..4b038504cc 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -161,7 +161,6 @@ Metrics/ModuleLength: - 'app/models/spree/order/checkout.rb' - 'app/models/spree/payment/processing.rb' - 'lib/open_food_network/column_preference_defaults.rb' - - 'spec/services/permissions/order_spec.rb' - 'spec/services/variant_units/option_value_namer_spec.rb' - 'spec/support/request/stripe_stubs.rb' diff --git a/spec/services/permissions/order_spec.rb b/spec/services/permissions/order_spec.rb index 5f7246d75b..27c7f0930f 100644 --- a/spec/services/permissions/order_spec.rb +++ b/spec/services/permissions/order_spec.rb @@ -2,49 +2,97 @@ require 'spec_helper' -module Permissions - RSpec.describe Order do - let(:permissions) { Permissions::Order.new(user) } - let!(:basic_permissions) { OpenFoodNetwork::Permissions.new(user) } - let(:distributor) { create(:distributor_enterprise) } - let(:coordinator) { create(:distributor_enterprise) } - let(:order_cycle) { - create(:simple_order_cycle, coordinator:, distributors: [distributor]) - } - let(:order_completed) { - create(:completed_order_with_totals, order_cycle:, distributor: ) - } - let(:order_cancelled) { - create(:order, order_cycle:, distributor:, state: 'canceled' ) - } - let(:order_cart) { - create(:order, order_cycle:, distributor:, state: 'cart' ) - } - let(:order_from_last_year) { - create(:completed_order_with_totals, order_cycle:, distributor:, - completed_at: 1.year.ago) - } +RSpec.describe Permissions::Order do + let(:permissions) { described_class.new(user) } + let!(:basic_permissions) { OpenFoodNetwork::Permissions.new(user) } + let(:distributor) { create(:distributor_enterprise) } + let(:coordinator) { create(:distributor_enterprise) } + let(:order_cycle) { + create(:simple_order_cycle, coordinator:, distributors: [distributor]) + } + let(:order_completed) { + create(:completed_order_with_totals, order_cycle:, distributor: ) + } + let(:order_cancelled) { + create(:order, order_cycle:, distributor:, state: 'canceled' ) + } + let(:order_cart) { + create(:order, order_cycle:, distributor:, state: 'cart' ) + } + let(:order_from_last_year) { + create(:completed_order_with_totals, order_cycle:, distributor:, + completed_at: 1.year.ago) + } - before { allow(OpenFoodNetwork::Permissions).to receive(:new) { basic_permissions } } + before { allow(OpenFoodNetwork::Permissions).to receive(:new) { basic_permissions } } - context "with user cannot only manage line_items in orders" do - let(:user) { instance_double('Spree::User', can_manage_line_items_in_orders_only?: false) } + context "with user cannot only manage line_items in orders" do + let(:user) { instance_double('Spree::User', can_manage_line_items_in_orders_only?: false) } - describe "finding orders that are visible in reports" do - let(:random_enterprise) { create(:distributor_enterprise) } - let(:order) { create(:order, order_cycle:, distributor: ) } - let!(:line_item) { create(:line_item, order:) } - let!(:producer) { create(:supplier_enterprise) } + describe "finding orders that are visible in reports" do + let(:random_enterprise) { create(:distributor_enterprise) } + let(:order) { create(:order, order_cycle:, distributor: ) } + let!(:line_item) { create(:line_item, order:) } + let!(:producer) { create(:supplier_enterprise) } + before do + allow(basic_permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") } + end + + context "as the hub through which the order was placed" do before do - allow(basic_permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") } + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: distributor) + } end - context "as the hub through which the order was placed" do + it "should let me see the order" do + expect(permissions.visible_orders).to include order + end + end + + context "as the coordinator of the order cycle through which the order was placed" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: coordinator) + } + allow(basic_permissions).to receive(:coordinated_order_cycles) { + OrderCycle.where(id: order_cycle) + } + end + + it "should let me see the order" do + expect(permissions.visible_orders).to include order + end + + context "with search params" do + let(:search_params) { + { completed_at_gt: Time.zone.now.yesterday.strftime('%Y-%m-%d') } + } + let(:permissions) { Permissions::Order.new(user, search_params) } + + it "only returns completed, non-cancelled orders within search filter range" do + expect(permissions.visible_orders).to include order_completed + expect(permissions.visible_orders).not_to include order_cancelled + expect(permissions.visible_orders).not_to include order_cart + expect(permissions.visible_orders).not_to include order_from_last_year + end + end + end + + context "as a producer which has granted P-OC to the distributor of an order" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: producer) + } + create(:enterprise_relationship, parent: producer, child: distributor, + permissions_list: [:add_to_order_cycle]) + end + + context "which contains my products" do before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: distributor) - } + line_item.variant.supplier = producer + line_item.variant.save end it "should let me see the order" do @@ -52,210 +100,160 @@ module Permissions end end - context "as the coordinator of the order cycle through which the order was placed" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: coordinator) - } - allow(basic_permissions).to receive(:coordinated_order_cycles) { - OrderCycle.where(id: order_cycle) - } - end - - it "should let me see the order" do - expect(permissions.visible_orders).to include order - end - - context "with search params" do - let(:search_params) { - { completed_at_gt: Time.zone.now.yesterday.strftime('%Y-%m-%d') } - } - let(:permissions) { Permissions::Order.new(user, search_params) } - - it "only returns completed, non-cancelled orders within search filter range" do - expect(permissions.visible_orders).to include order_completed - expect(permissions.visible_orders).not_to include order_cancelled - expect(permissions.visible_orders).not_to include order_cart - expect(permissions.visible_orders).not_to include order_from_last_year - end - end - end - - context "as a producer which has granted P-OC to the distributor of an order" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: producer) - } - create(:enterprise_relationship, parent: producer, child: distributor, - permissions_list: [:add_to_order_cycle]) - end - - context "which contains my products" do - before do - line_item.variant.supplier = producer - line_item.variant.save - end - - it "should let me see the order" do - expect(permissions.visible_orders).to include order - end - end - - context "which does not contain my products" do - it "should not let me see the order" do - expect(permissions.visible_orders).not_to include order - end - end - end - - context "as an enterprise that is a distributor in the order cycle, " \ - "but not the distributor of the order" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: random_enterprise) - } - end - + context "which does not contain my products" do it "should not let me see the order" do expect(permissions.visible_orders).not_to include order end end end - describe "finding line items that are visible in reports" do - let(:random_enterprise) { create(:distributor_enterprise) } - let(:order) { create(:order, order_cycle:, distributor: ) } - let!(:line_item1) { create(:line_item, order:) } - let!(:line_item2) { create(:line_item, order:) } - let!(:producer) { create(:supplier_enterprise) } - + context "as an enterprise that is a distributor in the order cycle, " \ + "but not the distributor of the order" do before do - allow(basic_permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") } + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: random_enterprise) + } end - context "as the hub through which the parent order was placed" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: distributor) - } - end - - it "should let me see the line_items" do - expect(permissions.visible_line_items).to include line_item1, line_item2 - end - end - - context "as the coordinator of the order cycle through which the parent order was placed" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: coordinator) - } - allow(basic_permissions).to receive(:coordinated_order_cycles) { - OrderCycle.where(id: order_cycle) - } - end - - it "should let me see the line_items" do - expect(permissions.visible_line_items).to include line_item1, line_item2 - end - end - - context "as the manager producer which has granted P-OC to the distributor " \ - "of the parent order" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: producer) - } - create(:enterprise_relationship, parent: producer, child: distributor, - permissions_list: [:add_to_order_cycle]) - - line_item1.variant.supplier = producer - line_item1.variant.save - end - - it "should let me see the line_items pertaining to variants I produce" do - ps = permissions.visible_line_items - expect(ps).to include line_item1 - expect(ps).not_to include line_item2 - end - end - - context "as an enterprise that is a distributor in the order cycle, " \ - "but not the distributor of the parent order" do - before do - allow(basic_permissions).to receive(:managed_enterprises) { - Enterprise.where(id: random_enterprise) - } - end - - it "should not let me see the line_items" do - expect(permissions.visible_line_items).not_to include line_item1, line_item2 - end - end - - context "with search params" do - let!(:line_item3) { create(:line_item, order: order_completed) } - let!(:line_item4) { create(:line_item, order: order_cancelled) } - let!(:line_item5) { create(:line_item, order: order_cart) } - let!(:line_item6) { create(:line_item, order: order_from_last_year) } - - let(:search_params) { { completed_at_gt: Time.zone.now.yesterday.strftime('%Y-%m-%d') } } - let(:permissions) { Permissions::Order.new(user, search_params) } - - before do - allow(user).to receive(:admin?) { "admin" } - end - - it "only returns line items from completed, " \ - "non-cancelled orders within search filter range" do - expect(permissions.visible_line_items).to include order_completed.line_items.first - expect(permissions.visible_line_items).not_to include order_cancelled.line_items.first - expect(permissions.visible_line_items).not_to include order_cart.line_items.first - expect(permissions.visible_line_items) - .not_to include order_from_last_year.line_items.first - end + it "should not let me see the order" do + expect(permissions.visible_orders).not_to include order end end end - context "with user can only manage line_items in orders" do - let(:producer) { create(:supplier_enterprise) } - let(:user) do - create(:user, enterprises: [producer]) - end - let!(:order_by_distributor_allow_edits) do - order = create( - :order_with_line_items, - distributor: create( - :distributor_enterprise, - enable_producers_to_edit_orders: true - ), - line_items_count: 1 - ) - order.line_items.first.variant.update_attribute(:supplier_id, producer.id) + describe "finding line items that are visible in reports" do + let(:random_enterprise) { create(:distributor_enterprise) } + let(:order) { create(:order, order_cycle:, distributor: ) } + let!(:line_item1) { create(:line_item, order:) } + let!(:line_item2) { create(:line_item, order:) } + let!(:producer) { create(:supplier_enterprise) } - order + before do + allow(basic_permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") } end - let!(:order_by_distributor_disallow_edits) do - create( - :order_with_line_items, - distributor: create(:distributor_enterprise), - line_items_count: 1 - ) - end - describe "#editable_orders" do - it "returns orders where the distributor allows producers to edit" do - expect(permissions.editable_orders.count).to eq 1 - expect(permissions.editable_orders).to include order_by_distributor_allow_edits + + context "as the hub through which the parent order was placed" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: distributor) + } + end + + it "should let me see the line_items" do + expect(permissions.visible_line_items).to include line_item1, line_item2 end end - describe "#editable_line_items" do - it "returns line items from orders where the distributor allows producers to edit" do - expect(permissions.editable_line_items.count).to eq 1 - expect(permissions.editable_line_items.first.order).to eq order_by_distributor_allow_edits + context "as the coordinator of the order cycle through which the parent order was placed" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: coordinator) + } + allow(basic_permissions).to receive(:coordinated_order_cycles) { + OrderCycle.where(id: order_cycle) + } + end + + it "should let me see the line_items" do + expect(permissions.visible_line_items).to include line_item1, line_item2 + end + end + + context "as the manager producer which has granted P-OC to the distributor " \ + "of the parent order" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: producer) + } + create(:enterprise_relationship, parent: producer, child: distributor, + permissions_list: [:add_to_order_cycle]) + + line_item1.variant.supplier = producer + line_item1.variant.save + end + + it "should let me see the line_items pertaining to variants I produce" do + ps = permissions.visible_line_items + expect(ps).to include line_item1 + expect(ps).not_to include line_item2 + end + end + + context "as an enterprise that is a distributor in the order cycle, " \ + "but not the distributor of the parent order" do + before do + allow(basic_permissions).to receive(:managed_enterprises) { + Enterprise.where(id: random_enterprise) + } + end + + it "should not let me see the line_items" do + expect(permissions.visible_line_items).not_to include line_item1, line_item2 + end + end + + context "with search params" do + let!(:line_item3) { create(:line_item, order: order_completed) } + let!(:line_item4) { create(:line_item, order: order_cancelled) } + let!(:line_item5) { create(:line_item, order: order_cart) } + let!(:line_item6) { create(:line_item, order: order_from_last_year) } + + let(:search_params) { { completed_at_gt: Time.zone.now.yesterday.strftime('%Y-%m-%d') } } + let(:permissions) { Permissions::Order.new(user, search_params) } + + before do + allow(user).to receive(:admin?) { "admin" } + end + + it "only returns line items from completed, " \ + "non-cancelled orders within search filter range" do + expect(permissions.visible_line_items).to include order_completed.line_items.first + expect(permissions.visible_line_items).not_to include order_cancelled.line_items.first + expect(permissions.visible_line_items).not_to include order_cart.line_items.first + expect(permissions.visible_line_items) + .not_to include order_from_last_year.line_items.first end end end end + + context "with user can only manage line_items in orders" do + let(:producer) { create(:supplier_enterprise) } + let(:user) do + create(:user, enterprises: [producer]) + end + let!(:order_by_distributor_allow_edits) do + order = create( + :order_with_line_items, + distributor: create( + :distributor_enterprise, + enable_producers_to_edit_orders: true + ), + line_items_count: 1 + ) + order.line_items.first.variant.update_attribute(:supplier_id, producer.id) + + order + end + let!(:order_by_distributor_disallow_edits) do + create( + :order_with_line_items, + distributor: create(:distributor_enterprise), + line_items_count: 1 + ) + end + describe "#editable_orders" do + it "returns orders where the distributor allows producers to edit" do + expect(permissions.editable_orders.count).to eq 1 + expect(permissions.editable_orders).to include order_by_distributor_allow_edits + end + end + + describe "#editable_line_items" do + it "returns line items from orders where the distributor allows producers to edit" do + expect(permissions.editable_line_items.count).to eq 1 + expect(permissions.editable_line_items.first.order).to eq order_by_distributor_allow_edits + end + end + end end