Move authorization to the ::Parameters class

2026-02-27 01:43:22 +00:00 · 2018-12-14 09:38:51 +08:00
parent c61a83faca
commit 95e3a2f45d
3 changed files with 32 additions and 2 deletions
--- a/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb
+++ b/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb
@@ -18,8 +18,8 @@ module Spree
        def create
          return respond_to_invalid_parameters unless @report_parameters.valid?

-          @authorizer = report_klass::Authorizer.new(@report_parameters, @permissions)
-          @authorizer.authorize!
+          @report_parameters.authorize!(@permissions)
+
          @report = report_klass::ReportService.new(@permissions, @report_parameters)
          renderer.render(self)
        rescue OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError => e
--- a/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb
+++ b/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb
@@ -36,6 +36,11 @@ module OrderManagement
          super(attributes)
        end

+        def authorize!(permissions)
+          authorizer = Authorizer.new(self, permissions)
+          authorizer.authorize!
+        end
+
        protected

        def require_valid_datetime_range
--- a/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb
+++ b/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb
@@ -59,4 +59,29 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::Parameters do
      end
    end
  end
+
+  describe "smoke authorization" do
+    let!(:order_cycle) { create(:order_cycle) }
+    let!(:user) { create(:user) }
+
+    let(:permissions) do
+      report_klass::Permissions.new(nil).tap do |instance|
+        instance.stub(allowed_order_cycles: [order_cycle])
+      end
+    end
+
+    it "does not raise error when the parameters are allowed" do
+      parameters = described_class.new(order_cycle_ids: [order_cycle.id.to_s])
+      expect { parameters.authorize!(permissions) }.not_to raise_error
+    end
+
+    it "raises error when the parameters are not allowed" do
+      parameters = described_class.new(order_cycle_ids: [(order_cycle.id + 1).to_s])
+      expect { parameters.authorize!(permissions) }.to raise_error(OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError)
+    end
+  end
+
+  def report_klass
+    OrderManagement::Reports::EnterpriseFeeSummary
+  end
 end