From 95e3a2f45d7d292829450a9fb8f2de6199571678 Mon Sep 17 00:00:00 2001
From: Kristina Lim <kristinalim.ph@gmail.com>
Date: Fri, 14 Dec 2018 09:38:51 +0800
Subject: [PATCH] Move authorization to the ::Parameters class

---
 .../enterprise_fee_summaries_controller.rb    |  4 +--
 .../enterprise_fee_summary/parameters.rb      |  5 ++++
 .../enterprise_fee_summary/parameters_spec.rb | 25 +++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb b/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb
index 04346efa7a..d0d0cd89b6 100644
--- a/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb
+++ b/app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb
@@ -18,8 +18,8 @@ module Spree
         def create
           return respond_to_invalid_parameters unless @report_parameters.valid?
 
-          @authorizer = report_klass::Authorizer.new(@report_parameters, @permissions)
-          @authorizer.authorize!
+          @report_parameters.authorize!(@permissions)
+
           @report = report_klass::ReportService.new(@permissions, @report_parameters)
           renderer.render(self)
         rescue OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError => e
diff --git a/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb b/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb
index 0404326826..7545f636e9 100644
--- a/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb
+++ b/engines/order_management/lib/order_management/reports/enterprise_fee_summary/parameters.rb
@@ -36,6 +36,11 @@ module OrderManagement
           super(attributes)
         end
 
+        def authorize!(permissions)
+          authorizer = Authorizer.new(self, permissions)
+          authorizer.authorize!
+        end
+
         protected
 
         def require_valid_datetime_range
diff --git a/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb b/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb
index af8483422c..e27508159d 100644
--- a/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb
+++ b/engines/order_management/spec/lib/order_management/reports/enterprise_fee_summary/parameters_spec.rb
@@ -59,4 +59,29 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::Parameters do
       end
     end
   end
+
+  describe "smoke authorization" do
+    let!(:order_cycle) { create(:order_cycle) }
+    let!(:user) { create(:user) }
+
+    let(:permissions) do
+      report_klass::Permissions.new(nil).tap do |instance|
+        instance.stub(allowed_order_cycles: [order_cycle])
+      end
+    end
+
+    it "does not raise error when the parameters are allowed" do
+      parameters = described_class.new(order_cycle_ids: [order_cycle.id.to_s])
+      expect { parameters.authorize!(permissions) }.not_to raise_error
+    end
+
+    it "raises error when the parameters are not allowed" do
+      parameters = described_class.new(order_cycle_ids: [(order_cycle.id + 1).to_s])
+      expect { parameters.authorize!(permissions) }.to raise_error(OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError)
+    end
+  end
+
+  def report_klass
+    OrderManagement::Reports::EnterpriseFeeSummary
+  end
 end