From a7c2a73fa802245eea7f31013a9adfad78765611 Mon Sep 17 00:00:00 2001
From: Maikel Linke <mkllnk@web.de>
Date: Thu, 5 Feb 2015 12:05:39 +1100
Subject: [PATCH] make groups editable by group owners

---
 .../admin/enterprise_groups_controller.rb          |  1 +
 app/models/enterprise_group.rb                     |  7 +++++++
 app/models/spree/ability_decorator.rb              | 14 ++++++++++++++
 .../admin/add_groups_admin_tab.html.haml.deface    |  2 +-
 app/views/admin/enterprise_groups/index.html.haml  | 12 +++++++-----
 spec/models/enterprise_group_spec.rb               |  9 +++++++++
 6 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/app/controllers/admin/enterprise_groups_controller.rb b/app/controllers/admin/enterprise_groups_controller.rb
index 89d72262d5..3968cc5289 100644
--- a/app/controllers/admin/enterprise_groups_controller.rb
+++ b/app/controllers/admin/enterprise_groups_controller.rb
@@ -3,6 +3,7 @@ module Admin
     before_filter :load_countries, :except => :index
 
     def index
+      @enterprise_groups = @enterprise_groups.managed_by(spree_current_user)
     end
 
     def move_up
diff --git a/app/models/enterprise_group.rb b/app/models/enterprise_group.rb
index 4c9e97adb9..28a92b81f5 100644
--- a/app/models/enterprise_group.rb
+++ b/app/models/enterprise_group.rb
@@ -38,6 +38,13 @@ class EnterpriseGroup < ActiveRecord::Base
 
   scope :by_position, order('position ASC')
   scope :on_front_page, where(on_front_page: true)
+  scope :managed_by, lambda { |user|
+    if user.has_spree_role?('admin')
+      scoped
+    else
+      where('owner_id = ?', user.id);
+    end
+  }
 
   def set_unused_address_fields
     address.firstname = address.lastname = 'unused' if address.present?
diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb
index 23138fcea9..336a46b9b5 100644
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -6,6 +6,7 @@ class AbilityDecorator
   def initialize(user)
     add_base_abilities user if is_new_user? user
     add_enterprise_management_abilities user if can_manage_enterprises? user
+    add_group_management_abilities user if can_manage_groups? user
     add_product_management_abilities user if can_manage_products? user
     add_order_management_abilities user if can_manage_orders? user
     add_relationship_management_abilities user if can_manage_relationships? user
@@ -21,6 +22,11 @@ class AbilityDecorator
     user.enterprises.present?
   end
 
+  # Users can manage a group if they have one.
+  def can_manage_groups?(user)
+    user.owned_groups.present?
+  end
+
   # Users can manage products if they have an enterprise that is not a profile.
   def can_manage_products?(user)
     can_manage_enterprises?(user) &&
@@ -41,6 +47,14 @@ class AbilityDecorator
     can [:create], Enterprise
   end
 
+  def add_group_management_abilities(user)
+    can [:admin, :index], :overview
+    can [:admin, :index], EnterpriseGroup
+    can [:read, :edit, :update], EnterpriseGroup do |group|
+      user.owned_groups.include? group
+    end
+  end
+
   def add_enterprise_management_abilities(user)
     # Spree performs authorize! on (:create, nil) when creating a new order from admin, and also (:search, nil)
     # when searching for variants to add to the order
diff --git a/app/overrides/spree/layouts/admin/add_groups_admin_tab.html.haml.deface b/app/overrides/spree/layouts/admin/add_groups_admin_tab.html.haml.deface
index 8ed9cf55fd..fe303a453c 100644
--- a/app/overrides/spree/layouts/admin/add_groups_admin_tab.html.haml.deface
+++ b/app/overrides/spree/layouts/admin/add_groups_admin_tab.html.haml.deface
@@ -1,2 +1,2 @@
 / insert_bottom "[data-hook='admin_tabs'], #admin_tabs[data-hook]"
-= tab :groups, :url => main_app.admin_enterprise_groups_path
+= tab :enterprise_groups, :url => main_app.admin_enterprise_groups_path, label: 'groups'
diff --git a/app/views/admin/enterprise_groups/index.html.haml b/app/views/admin/enterprise_groups/index.html.haml
index 3bbf21db6e..3ccf82c10c 100644
--- a/app/views/admin/enterprise_groups/index.html.haml
+++ b/app/views/admin/enterprise_groups/index.html.haml
@@ -27,8 +27,10 @@
           = link_to '', main_app.edit_admin_enterprise_group_path(enterprise_group), class: 'edit-enterprise-group icon-edit no-text'
           = link_to_delete enterprise_group, no_text: true
 
-          - if enterprise_group.last?
-            .blank-action
-          - else
-            = link_to_with_icon 'icon-arrow-down', '', main_app.admin_enterprise_group_move_down_path(enterprise_group), class: 'move-down no-text'
-          = link_to_with_icon 'icon-arrow-up', '', main_app.admin_enterprise_group_move_up_path(enterprise_group), class: 'move-up no-text' unless enterprise_group.first?
+          - if spree_current_user.admin?
+            - if enterprise_group.last?
+              .blank-action
+            - else
+              = link_to_with_icon 'icon-arrow-down', '', main_app.admin_enterprise_group_move_down_path(enterprise_group), class: 'move-down no-text'
+            - if enterprise_group.first?
+              = link_to_with_icon 'icon-arrow-up', '', main_app.admin_enterprise_group_move_up_path(enterprise_group), class: 'move-up no-text'
diff --git a/spec/models/enterprise_group_spec.rb b/spec/models/enterprise_group_spec.rb
index 4259c6009e..9642b146c7 100644
--- a/spec/models/enterprise_group_spec.rb
+++ b/spec/models/enterprise_group_spec.rb
@@ -51,6 +51,15 @@ describe EnterpriseGroup do
 
       EnterpriseGroup.on_front_page.should == [eg1]
     end
+
+    it "finds a user's enterprise groups" do
+      user = create(:user)
+      user.spree_roles = []
+      eg1 = create(:enterprise_group, owner: user)
+      eg2 = create(:enterprise_group)
+
+      EnterpriseGroup.managed_by(user).should == [eg1]
+    end
   end
 
   describe "urls" do