Adding controller actions and routes for pausing and unpausing a standing order

app/controllers/admin/standing_orders_controller.rb

@@ -50,6 +50,16 @@ module Admin
       end
     end
 
+    def pause
+      @standing_order.update_attributes(paused_at: Time.zone.now)
+      render_as_json @standing_order, fee_calculator: fee_calculator
+    end
+
+    def unpause
+      @standing_order.update_attributes(paused_at: nil)
+      render_as_json @standing_order, fee_calculator: fee_calculator
+    end
+
     private
 
     def permissions

app/models/spree/ability_decorator.rb

@@ -253,7 +253,7 @@ class AbilityDecorator
     can [:create], Customer
     can [:admin, :index, :update, :destroy], Customer, enterprise_id: Enterprise.managed_by(user).pluck(:id)
     can [:admin, :new, :index], StandingOrder
-    can [:create, :edit, :update, :cancel], StandingOrder do |standing_order|
+    can [:create, :edit, :update, :cancel, :pause, :unpause], StandingOrder do |standing_order|
       user.enterprises.include?(standing_order.shop)
     end
     can [:admin, :build], StandingLineItem

app/serializers/api/admin/standing_order_serializer.rb

@@ -1,6 +1,6 @@
 class Api::Admin::StandingOrderSerializer < ActiveModel::Serializer
   attributes :id, :shop_id, :customer_id, :schedule_id, :payment_method_id, :shipping_method_id, :begins_at, :ends_at
-  attributes :customer_email, :schedule_name, :edit_path, :canceled_at
+  attributes :customer_email, :schedule_name, :edit_path, :canceled_at, :paused_at
 
   has_many :standing_line_items, serializer: Api::Admin::StandingLineItemSerializer
   has_many :closed_standing_order_orders, serializer: Api::Admin::StandingOrderOrderSerializer
@@ -16,6 +16,10 @@ class Api::Admin::StandingOrderSerializer < ActiveModel::Serializer
     object.ends_at.andand.strftime('%F')
   end
 
+  def paused_at
+    object.paused_at.andand.strftime('%F')
+  end
+
   def canceled_at
     object.canceled_at.andand.strftime('%F')
   end

config/routes.rb

@@ -179,6 +179,8 @@ Openfoodnetwork::Application.routes.draw do
 
     resources :standing_orders, only: [:index, :new, :create, :edit, :update] do
       put :cancel, on: :member
+      put :pause, on: :member
+      put :unpause, on: :member
     end
 
     resources :standing_line_items, only: [], format: :json do

spec/controllers/admin/standing_orders_controller_spec.rb

@@ -410,7 +410,7 @@ describe Admin::StandingOrdersController, type: :controller do
           before { shop.update_attributes(owner: user) }
 
           it 'renders the cancelled standing_order as json' do
-            spree_get :cancel, params
+            spree_put :cancel, params
             json_response = JSON.parse(response.body)
             expect(json_response['canceled_at']).to_not be nil
             expect(json_response['id']).to eq standing_order.id
@@ -420,4 +420,94 @@ describe Admin::StandingOrdersController, type: :controller do
       end
     end
   end
+
+  describe 'pause' do
+    let!(:user) { create(:user, enterprise_limit: 10) }
+    let!(:shop) { create(:distributor_enterprise) }
+    let!(:standing_order) { create(:standing_order_with_items, shop: shop) }
+
+    before do
+      allow(controller).to receive(:spree_current_user) { user }
+    end
+
+    context 'json' do
+      let(:params) { { format: :json, id: standing_order.id } }
+
+      context 'as a regular user' do
+        it 'redirects to unauthorized' do
+          spree_put :pause, params
+          expect(response).to redirect_to spree.unauthorized_path
+        end
+      end
+
+      context 'as an enterprise user' do
+        context "without authorisation" do
+          let!(:shop2) { create(:distributor_enterprise) }
+          before { shop2.update_attributes(owner: user) }
+
+          it 'redirects to unauthorized' do
+            spree_put :pause, params
+            expect(response).to redirect_to spree.unauthorized_path
+          end
+        end
+
+        context "with authorisation" do
+          before { shop.update_attributes(owner: user) }
+
+          it 'renders the paused standing_order as json' do
+            spree_put :pause, params
+            json_response = JSON.parse(response.body)
+            expect(json_response['paused_at']).to_not be nil
+            expect(json_response['id']).to eq standing_order.id
+            expect(standing_order.reload.paused_at).to be_within(5.seconds).of Time.now
+          end
+        end
+      end
+    end
+  end
+
+  describe 'unpause' do
+    let!(:user) { create(:user, enterprise_limit: 10) }
+    let!(:shop) { create(:distributor_enterprise) }
+    let!(:standing_order) { create(:standing_order_with_items, shop: shop, paused_at: Time.zone.now) }
+
+    before do
+      allow(controller).to receive(:spree_current_user) { user }
+    end
+
+    context 'json' do
+      let(:params) { { format: :json, id: standing_order.id } }
+
+      context 'as a regular user' do
+        it 'redirects to unauthorized' do
+          spree_put :unpause, params
+          expect(response).to redirect_to spree.unauthorized_path
+        end
+      end
+
+      context 'as an enterprise user' do
+        context "without authorisation" do
+          let!(:shop2) { create(:distributor_enterprise) }
+          before { shop2.update_attributes(owner: user) }
+
+          it 'redirects to unauthorized' do
+            spree_put :unpause, params
+            expect(response).to redirect_to spree.unauthorized_path
+          end
+        end
+
+        context "with authorisation" do
+          before { shop.update_attributes(owner: user) }
+
+          it 'renders the paused standing_order as json' do
+            spree_put :unpause, params
+            json_response = JSON.parse(response.body)
+            expect(json_response['paused_at']).to be nil
+            expect(json_response['id']).to eq standing_order.id
+            expect(standing_order.reload.paused_at).to be nil
+          end
+        end
+      end
+    end
+  end
 end