Adding permissions method for order report enterprises

2026-01-31 21:37:16 +00:00 · 2015-05-06 13:00:36 +10:00
parent bd66091d75
commit a7019e7e78
4 changed files with 53 additions and 7 deletions
--- a/app/controllers/api/enterprises_controller.rb
+++ b/app/controllers/api/enterprises_controller.rb
@@ -13,7 +13,7 @@ module Api
    end

    def accessible
-      permitted = Permissions.new(current_api_user).enterprises_managed_or_granting_add_to_order_cycle
+      permitted = Permissions.new(current_api_user).order_cycle_enterprises
      @enterprises = permitted.ransack(params[:q]).result
      render params[:template] || :bulk_index
    end
--- a/app/controllers/spree/admin/reports_controller_decorator.rb
+++ b/app/controllers/spree/admin/reports_controller_decorator.rb
@@ -426,10 +426,10 @@ Spree::Admin::ReportsController.class_eval do
    end

    # My distributors and any distributors distributing products I supply
-    @distributors = permissions.order_report_enterprises(:add_to_order_cycle).is_distributor
+    @distributors = permissions.visible_enterprises_for_order_reports.is_distributor

    # My suppliers and any suppliers supplying products I distribute
-    @suppliers = permissions.order_report_enterprises(:add_to_order_cycle).is_primary_producer
+    @suppliers = permissions.visible_enterprises_for_order_reports.is_primary_producer

    @order_cycles = OrderCycle.active_or_complete.
    involving_managed_distributors_of(spree_current_user).order('orders_close_at DESC')
--- a/lib/open_food_network/permissions.rb
+++ b/lib/open_food_network/permissions.rb
@@ -11,11 +11,11 @@ module OpenFoodNetwork
    end

    # Find enterprises that an admin is allowed to add to an order cycle
-    def order_cycle_enterprises
-      managed_and_related_enterprises_granting :add_to_order_cycle
+    def visible_enterprises_for_order_reports
+      managed_and_related_enterprises_with :add_to_order_cycle
    end

-    def enterprises_managed_or_granting_add_to_order_cycle
+    def order_cycle_enterprises
      # Return enterprises that the user manages and those that have granted P-OC to managed enterprises
      managed_and_related_enterprises_granting :add_to_order_cycle
    end
@@ -138,6 +138,17 @@ module OpenFoodNetwork
      end
    end

+    def managed_and_related_enterprises_with(permission)
+      if admin?
+        Enterprise.scoped
+      else
+        managed = managed_enterprises.pluck(:id)
+        granting = related_enterprises_granting(permission).pluck(:id)
+        granted = related_enterprises_granted(permission).pluck(:id)
+        Enterprise.where(id: managed | granting | granted)
+      end
+    end
+
    def managed_enterprises
      return @managed_enterprises unless @managed_enterprises.nil?
      @managed_enterprises = Enterprise.managed_by(@user)
--- a/spec/lib/open_food_network/permissions_spec.rb
+++ b/spec/lib/open_food_network/permissions_spec.rb
@@ -29,6 +29,41 @@ module OpenFoodNetwork
      end
    end

+    describe "finding managed and related enterprises granting or granted a particular permission" do
+      describe "as super admin" do
+        before { allow(user).to receive(:admin?) { true } }
+
+        it "returns all enterprises" do
+          expect(permissions.send(:managed_and_related_enterprises_granting, :some_permission)).to eq [e1, e2]
+        end
+      end
+
+      describe "as an enterprise user" do
+        let(:e3) { create(:enterprise) }
+        let(:e4) { create(:enterprise) }
+        before { allow(user).to receive(:admin?) { false } }
+
+        it "returns only my managed enterprises any that have granting them P-OC" do
+          expect(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e1) }
+          expect(permissions).to receive(:related_enterprises_granting).with(:some_permission) { Enterprise.where(id: e3) }
+          expect(permissions).to receive(:related_enterprises_granted).with(:some_permission) { Enterprise.where(id: e4) }
+          expect(permissions.send(:managed_and_related_enterprises_with, :some_permission)).to eq [e1, e3, e4]
+        end
+      end
+    end
+
+    describe "finding enterprises that can be selected in order report filters" do
+      let(:e) { double(:enterprise) }
+
+      it "returns managed and related enterprises with add_to_order_cycle permission" do
+        expect(permissions).to receive(:managed_and_related_enterprises_with).
+          with(:add_to_order_cycle).
+          and_return([e])
+
+        expect(permissions.visible_enterprises_for_order_reports).to eq [e]
+      end
+    end
+
    describe "finding enterprises that can be added to an order cycle" do
      let(:e) { double(:enterprise) }

@@ -37,7 +72,7 @@ module OpenFoodNetwork
          with(:add_to_order_cycle).
          and_return([e])

-        expect(permissions.enterprises_managed_or_granting_add_to_order_cycle).to eq [e]
+        expect(permissions.order_cycle_enterprises).to eq [e]
      end
    end