From aab7176f2cc2fd1daaa7f8240334f43dfcf8dd3f Mon Sep 17 00:00:00 2001 From: Rohan Mitchell Date: Thu, 22 Aug 2013 11:21:49 +1000 Subject: [PATCH] Enterprise manager can bulk edit products --- .../javascripts/admin/bulk_product_update.js | 4 +- .../admin/products_controller_decorator.rb | 11 +++- .../spree/api/enterprises_controller.rb | 11 +--- .../api/products_controller_decorator.rb | 7 ++ app/models/spree/ability_decorator.rb | 2 +- config/routes.rb | 19 ++++-- .../admin/bulk_product_update_spec.rb | 66 ++++++++++++++++++- .../unit/bulk_product_update_spec.js | 4 +- spec/models/ability_spec.rb | 4 +- 9 files changed, 104 insertions(+), 24 deletions(-) create mode 100644 app/controllers/spree/api/products_controller_decorator.rb diff --git a/app/assets/javascripts/admin/bulk_product_update.js b/app/assets/javascripts/admin/bulk_product_update.js index b5e157d838..495db1db47 100644 --- a/app/assets/javascripts/admin/bulk_product_update.js +++ b/app/assets/javascripts/admin/bulk_product_update.js @@ -154,10 +154,10 @@ productsApp.controller('AdminBulkProductsCtrl', ["$scope", "$timeout", "$http", $scope.spree_api_key_ok = data.hasOwnProperty("success") && data["success"] == "Use of API Authorised"; if ($scope.spree_api_key_ok){ $http.defaults.headers.common['X-Spree-Token'] = spree_api_key; - dataFetcher('/api/enterprises?template=bulk_index;q[is_primary_producer_eq]=true').then(function(data){ + dataFetcher('/api/enterprises/managed?template=bulk_index&q[is_primary_producer_eq]=true').then(function(data){ $scope.suppliers = data; // Need to have suppliers before we get products so we can match suppliers to product.supplier - dataFetcher('/api/products?template=bulk_index').then(function(data){ + dataFetcher('/api/products/managed?template=bulk_index').then(function(data){ $scope.resetProducts(data); }); }); diff --git a/app/controllers/spree/admin/products_controller_decorator.rb b/app/controllers/spree/admin/products_controller_decorator.rb index 9af68d05fa..5c02970ed5 100644 --- a/app/controllers/spree/admin/products_controller_decorator.rb +++ b/app/controllers/spree/admin/products_controller_decorator.rb @@ -12,7 +12,7 @@ Spree::Admin::ProductsController.class_eval do product_set = Spree::ProductSet.new({:collection_attributes => collection_hash}) if product_set.save - redirect_to "/api/products?template=bulk_index" + redirect_to "/api/products/managed?template=bulk_index" else render :nothing => true end @@ -37,7 +37,7 @@ Spree::Admin::ProductsController.class_eval do params[:q][:s] ||= "name asc" - @search = super.ransack(params[:q]) + @search = Spree::Product.ransack(params[:q]) # this line is modified - hit Spree::Product instead of super, avoiding cancan error for fetching records with block permissions via accessible_by @collection = @search.result. managed_by(spree_current_user). # this line is added to the original spree code!!!!! group_by_products_id. @@ -52,10 +52,15 @@ Spree::Admin::ProductsController.class_eval do @collection end + def collection_actions + [:index, :bulk_edit, :bulk_update] + end + + private def load_spree_api_key current_user.generate_spree_api_key! unless spree_current_user.spree_api_key @spree_api_key = spree_current_user.spree_api_key end -end \ No newline at end of file +end diff --git a/app/controllers/spree/api/enterprises_controller.rb b/app/controllers/spree/api/enterprises_controller.rb index 545372a285..4057def67a 100644 --- a/app/controllers/spree/api/enterprises_controller.rb +++ b/app/controllers/spree/api/enterprises_controller.rb @@ -3,15 +3,10 @@ module Spree class EnterprisesController < Spree::Api::BaseController respond_to :json - def bulk_show - @enterprise = Enterprise.find(params[:id]) - respond_with(@enterprise) - end - - def bulk_index - @enterprises = Enterprise.ransack(params[:q]).result + def managed + @enterprises = Enterprise.ransack(params[:q]).result.managed_by(current_api_user) respond_with(@enterprises) end end end -end \ No newline at end of file +end diff --git a/app/controllers/spree/api/products_controller_decorator.rb b/app/controllers/spree/api/products_controller_decorator.rb new file mode 100644 index 0000000000..3fc46108ab --- /dev/null +++ b/app/controllers/spree/api/products_controller_decorator.rb @@ -0,0 +1,7 @@ +Spree::Api::ProductsController.class_eval do + def managed + @products = product_scope.ransack(params[:q]).result.managed_by(current_api_user).page(params[:page]).per(params[:per_page]) + respond_with(@products, default_template: :index) + end + +end diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb index 7d20e417e8..ccd4252897 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree/ability_decorator.rb @@ -6,7 +6,7 @@ class AbilityDecorator #Enterprise User can only access products that they are a supplier for can [:create], Spree::Product - can [:admin, :read, :update, :bulk_edit, :clone, :destroy], Spree::Product do |product| + can [:admin, :read, :update, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product| user.enterprises.include? product.supplier end diff --git a/config/routes.rb b/config/routes.rb index de946a2627..da48f1b6e1 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -9,7 +9,7 @@ Openfoodweb::Application.routes.draw do end member do - get :shop_front #new world + get :shop_front # new world get :shop # old world end end @@ -52,9 +52,20 @@ Spree::Core::Engine.routes.prepend do match '/admin/reports/order_cycles' => 'admin/reports#order_cycles', :as => "order_cycles_admin_reports", :via => [:get, :post] match '/admin/products/bulk_edit' => 'admin/products#bulk_edit', :as => "bulk_edit_admin_products" - match '/api/users/authorise_api' => 'api/users#authorise_api', :via => :get, :defaults => { :format => 'json' } - match '/api/enterprises' => 'api/enterprises#bulk_index', :via => :get, :defaults => { :format => 'json' } - match '/api/enterprises/:id' => 'api/enterprises#bulk_show', :via => :get, :defaults => { :format => 'json' } + + namespace :api, :defaults => { :format => 'json' } do + resources :users do + get :authorise_api, on: :collection + end + + resources :products do + get :managed, on: :collection + end + + resources :enterprises do + get :managed, on: :collection + end + end namespace :admin do resources :products do diff --git a/spec/features/admin/bulk_product_update_spec.rb b/spec/features/admin/bulk_product_update_spec.rb index a6f84180f9..f1bc9f8721 100644 --- a/spec/features/admin/bulk_product_update_spec.rb +++ b/spec/features/admin/bulk_product_update_spec.rb @@ -31,7 +31,7 @@ feature %q{ page.should have_field "product_name", with: p2.name end - it "displays a select box for suppliers, with the appropriate supplier selected" do + it "displays a select box for suppliers, with the appropriate supplier selected" do s1 = FactoryGirl.create(:supplier_enterprise) s2 = FactoryGirl.create(:supplier_enterprise) s3 = FactoryGirl.create(:supplier_enterprise) @@ -421,4 +421,66 @@ feature %q{ end end end -end \ No newline at end of file + + context "as an enterprise manager" do + let(:s1) { create(:supplier_enterprise, name: 'First Supplier') } + let(:s2) { create(:supplier_enterprise, name: 'Another Supplier') } + let(:s3) { create(:supplier_enterprise, name: 'Yet Another Supplier') } + let(:d1) { create(:distributor_enterprise, name: 'First Distributor') } + let(:d2) { create(:distributor_enterprise, name: 'Another Distributor') } + let!(:product_supplied) { create(:product, supplier: s1, price: 10.0, on_hand: 6) } + let!(:product_not_supplied) { create(:product, supplier: s3) } + + before(:each) do + @enterprise_user = create_enterprise_user + @enterprise_user.enterprise_roles.build(enterprise: s1).save + @enterprise_user.enterprise_roles.build(enterprise: s2).save + @enterprise_user.enterprise_roles.build(enterprise: d1).save + + login_to_admin_as @enterprise_user + end + + it "shows only products that I supply" do + visit '/admin/products/bulk_edit' + + page.should have_field 'product_name', with: product_supplied.name + page.should_not have_field 'product_name', with: product_not_supplied.name + end + + it "shows only suppliers that I manage" do + visit '/admin/products/bulk_edit' + + page.should have_select 'supplier', with_options: [s1.name, s2.name], selected: s1.name + page.should_not have_select 'supplier', with_options: [s3.name] + end + + it "allows me to update a product" do + p = product_supplied + + visit '/admin/products/bulk_edit' + + page.should have_field "product_name", with: p.name + page.should have_select "supplier", selected: s1.name + page.should have_field "available_on", with: p.available_on.strftime("%F %T") + page.should have_field "price", with: "10.0" + page.should have_field "on_hand", with: "6" + + fill_in "product_name", with: "Big Bag Of Potatoes" + select s2.name, from: 'supplier' + fill_in "available_on", with: (Date.today-3).strftime("%F %T") + fill_in "price", with: "20" + fill_in "on_hand", with: "18" + + click_button 'Update' + page.find("span#update-status-message").should have_content "Update complete" + + visit '/admin/products/bulk_edit' + + page.should have_field "product_name", with: "Big Bag Of Potatoes" + page.should have_select "supplier", selected: s2.name + page.should have_field "available_on", with: (Date.today-3).strftime("%F %T") + page.should have_field "price", with: "20.0" + page.should have_field "on_hand", with: "18" + end + end +end diff --git a/spec/javascripts/unit/bulk_product_update_spec.js b/spec/javascripts/unit/bulk_product_update_spec.js index bc39fd22fe..549d602541 100644 --- a/spec/javascripts/unit/bulk_product_update_spec.js +++ b/spec/javascripts/unit/bulk_product_update_spec.js @@ -202,8 +202,8 @@ describe("AdminBulkProductsCtrl", function(){ it("gets a list of suppliers and then resets products with a list of data", function(){ httpBackend.expectGET('/api/users/authorise_api?token=api_key').respond( { "success": "Use of API Authorised" } ); - httpBackend.expectGET('/api/enterprises?template=bulk_index;q[is_primary_producer_eq]=true').respond("list of suppliers"); - httpBackend.expectGET('/api/products?template=bulk_index').respond("list of products"); + httpBackend.expectGET('/api/enterprises/managed?template=bulk_index&q[is_primary_producer_eq]=true').respond("list of suppliers"); + httpBackend.expectGET('/api/products/managed?template=bulk_index').respond("list of products"); spyOn(scope, "resetProducts"); scope.initialise('api_key'); httpBackend.flush(); diff --git a/spec/models/ability_spec.rb b/spec/models/ability_spec.rb index 05bb1d39ad..e4d04a69ab 100644 --- a/spec/models/ability_spec.rb +++ b/spec/models/ability_spec.rb @@ -32,11 +32,11 @@ module Spree let (:order) {create(:order, )} it "should be able to read/write their enterprises' products" do - should have_ability([:admin, :read, :update, :bulk_edit, :clone, :destroy], for: p1) + should have_ability([:admin, :read, :update, :bulk_edit, :bulk_update, :clone, :destroy], for: p1) end it "should not be able to read/write other enterprises' products" do - should_not have_ability([:admin, :read, :update, :bulk_edit, :clone, :destroy], for: p2) + should_not have_ability([:admin, :read, :update, :bulk_edit, :bulk_update, :clone, :destroy], for: p2) end it "should be able to create a new product" do