mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-02-27 01:43:22 +00:00
Move authorization to the ::Parameters class
This commit is contained in:
@@ -18,8 +18,8 @@ module Spree
|
||||
def create
|
||||
return respond_to_invalid_parameters unless @report_parameters.valid?
|
||||
|
||||
@authorizer = report_klass::Authorizer.new(@report_parameters, @permissions)
|
||||
@authorizer.authorize!
|
||||
@report_parameters.authorize!(@permissions)
|
||||
|
||||
@report = report_klass::ReportService.new(@permissions, @report_parameters)
|
||||
renderer.render(self)
|
||||
rescue OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError => e
|
||||
|
||||
@@ -36,6 +36,11 @@ module OrderManagement
|
||||
super(attributes)
|
||||
end
|
||||
|
||||
def authorize!(permissions)
|
||||
authorizer = Authorizer.new(self, permissions)
|
||||
authorizer.authorize!
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def require_valid_datetime_range
|
||||
|
||||
@@ -59,4 +59,29 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::Parameters do
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "smoke authorization" do
|
||||
let!(:order_cycle) { create(:order_cycle) }
|
||||
let!(:user) { create(:user) }
|
||||
|
||||
let(:permissions) do
|
||||
report_klass::Permissions.new(nil).tap do |instance|
|
||||
instance.stub(allowed_order_cycles: [order_cycle])
|
||||
end
|
||||
end
|
||||
|
||||
it "does not raise error when the parameters are allowed" do
|
||||
parameters = described_class.new(order_cycle_ids: [order_cycle.id.to_s])
|
||||
expect { parameters.authorize!(permissions) }.not_to raise_error
|
||||
end
|
||||
|
||||
it "raises error when the parameters are not allowed" do
|
||||
parameters = described_class.new(order_cycle_ids: [(order_cycle.id + 1).to_s])
|
||||
expect { parameters.authorize!(permissions) }.to raise_error(OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError)
|
||||
end
|
||||
end
|
||||
|
||||
def report_klass
|
||||
OrderManagement::Reports::EnterpriseFeeSummary
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user