diff --git a/app/models/enterprise.rb b/app/models/enterprise.rb index a1c5061a9a..aefc96f9c5 100644 --- a/app/models/enterprise.rb +++ b/app/models/enterprise.rb @@ -75,6 +75,7 @@ class Enterprise < ApplicationRecord has_one :stripe_account, dependent: :destroy has_many :vouchers, dependent: :restrict_with_exception has_many :connected_apps, dependent: :destroy + has_many :dfc_permissions, dependent: :destroy has_one :custom_tab, dependent: :destroy delegate :latitude, :longitude, :city, :state_name, to: :address diff --git a/engines/dfc_provider/app/services/api_user.rb b/engines/dfc_provider/app/services/api_user.rb index 4902c05ccc..50afc792bd 100644 --- a/engines/dfc_provider/app/services/api_user.rb +++ b/engines/dfc_provider/app/services/api_user.rb @@ -19,6 +19,7 @@ class ApiUser end def enterprises - Enterprise.none + permissions = DfcPermission.where(grantee: id, scope: "ReadProducts") + Enterprise.where(dfc_permissions: permissions) end end diff --git a/engines/dfc_provider/spec/requests/catalog_items_spec.rb b/engines/dfc_provider/spec/requests/catalog_items_spec.rb index ac387c7214..c3f4c889cf 100644 --- a/engines/dfc_provider/spec/requests/catalog_items_spec.rb +++ b/engines/dfc_provider/spec/requests/catalog_items_spec.rb @@ -69,6 +69,26 @@ RSpec.describe "CatalogItems", swagger_doc: "dfc.yaml" do response "200", "success" do before { product } + context "as platform user" do + let(:enterprise_id) { 10_000 } + let(:sib_token) { file_fixture("startinblox_access_token.jwt").read } + let(:Authorization) { "Bearer #{sib_token}" } + + before { + login_as nil + DfcPermission.create!( + user:, enterprise_id:, + scope: "ReadProducts", grantee: "cqcm-dev", + ) + } + + around do |example| + Timecop.travel(Date.parse("2025-06-13")) { example.run } + end + + run_test! + end + context "with default enterprise id" do let(:enterprise_id) { "default" }