raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-13 23:37:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

P-OC permissions don't apply when determining which enterprises are loaded for order cycle interface

Browse Source
This commit is contained in:
Rob Harrington
2015-03-20 17:09:26 +11:00
parent 45f6042d3d
commit b747f61eb1
2 changed files with 65 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
lib/open_food_network/permissions.rb
View File

@@ -30,35 +30,49 @@ module OpenFoodNetwork
coordinator = order_cycle.coordinator
end
# If I manage the coordinator (or possibly in the future, if coordinator has made order cycle a friends of friend OC)
# Any hubs that have granted the coordinator P-OC (or any enterprises that have granted mine P-OC if we do friends of friends)
coordinator_permitted = []
if managed_enterprises.include? coordinator
coordinator_permitted = granting(:add_to_order_cycle, to: [coordinator]).pluck(:id)
coordinator_permitted << coordinator
if coordinator.sells == "own"
# Coordinators that sell own can only see themselves in the OC interface
coordinator_permitted = []
if managed_enterprises.include? coordinator
coordinator_permitted << coordinator
end
Enterprise.where(id: coordinator_permitted)
else
# If the coordinator sells any, relationships come into play
# If I manage the coordinator (or possibly in the future, if coordinator has made order cycle a friends of friend OC)
# Any hubs that have granted the coordinator P-OC (or any enterprises that have granted mine P-OC if we do friends of friends)
coordinator_permitted = []
if managed_enterprises.include? coordinator
coordinator_permitted = granting(:add_to_order_cycle, to: [coordinator]).pluck(:id)
coordinator_permitted << coordinator
end
# Any enterprises that I manage directly, which have granted P-OC to the coordinator
managed_permitted = granting(:add_to_order_cycle, to: [coordinator], scope: managed_enterprises).pluck(:id)
# Any hubs that have been granted P-OC by producers I manage
hubs_permitted = granted(:add_to_order_cycle, by: managed_enterprises.is_primary_producer, scope: Enterprise.is_hub).pluck(:id)
managed_active = []
hubs_active = []
if order_cycle
# TODO: remove this when permissions are all sorted out
# Any enterprises that I manage that are already in the order_cycle
managed_active = managed_enterprises.where(id: order_cycle.suppliers | order_cycle.distributors).pluck(:id)
# TODO: Remove this when all P-OC are sorted out
# Any hubs that currently have outgoing exchanges distributing variants of producers I manage
variants = Spree::Variant.joins(:product).where('spree_products.supplier_id IN (?)', managed_enterprises.is_primary_producer)
active_exchanges = order_cycle.exchanges.outgoing.with_any_variant(variants)
hubs_active = active_exchanges.map(&:receiver_id)
end
Enterprise.where(id: coordinator_permitted | managed_permitted | managed_active | hubs_permitted | hubs_active)
end
# Any enterprises that I manage directly, which have granted P-OC to the coordinator
managed_permitted = granting(:add_to_order_cycle, to: [coordinator], scope: managed_enterprises).pluck(:id)
# Any hubs that have been granted P-OC by producers I manage
hubs_permitted = granted(:add_to_order_cycle, by: managed_enterprises.is_primary_producer, scope: Enterprise.is_hub).pluck(:id)
managed_active = []
hubs_active = []
if order_cycle
# TODO: remove this when permissions are all sorted out
# Any enterprises that I manage that are already in the order_cycle
managed_active = managed_enterprises.where(id: order_cycle.suppliers | order_cycle.distributors).pluck(:id)
# TODO: Remove this when all P-OC are sorted out
# Any hubs that currently have outgoing exchanges distributing variants of producers I manage
variants = Spree::Variant.joins(:product).where('spree_products.supplier_id IN (?)', managed_enterprises.is_primary_producer)
active_exchanges = order_cycle.exchanges.outgoing.with_any_variant(variants)
hubs_active = active_exchanges.map(&:receiver_id)
end
Enterprise.where(id: coordinator_permitted | managed_permitted | managed_active | hubs_permitted | hubs_active)
end
# Find enterprises for which an admin is allowed to edit their profile

31
spec/lib/open_food_network/permissions_spec.rb
View File

@@ -28,18 +28,33 @@ module OpenFoodNetwork
let(:oc) { create(:simple_order_cycle, coordinator: coordinator) }
context "as a manager of the coordinator" do
it "returns enterprises which have granted P-OC to the coordinator" do
create(:enterprise_relationship, parent: hub, child: coordinator, permissions_list: [:add_to_order_cycle])
permissions.stub(:managed_enterprises) { Enterprise.where(id: [coordinator]) }
enterprises = permissions.order_cycle_enterprises_for(order_cycle: oc)
expect(enterprises).to include hub
expect(enterprises).to_not include producer
end
it "returns the coordinator itself" do
permissions.stub(:managed_enterprises) { Enterprise.where(id: [coordinator]) }
expect(permissions.order_cycle_enterprises_for(order_cycle: oc)).to include coordinator
end
context "where P-OC has been granted to the coordinator by other enterprises" do
before do
create(:enterprise_relationship, parent: hub, child: coordinator, permissions_list: [:add_to_order_cycle])
permissions.stub(:managed_enterprises) { Enterprise.where(id: [coordinator]) }
end
context "where the coordinator sells own" do
it "returns enterprises which have granted P-OC to the coordinator" do
enterprises = permissions.order_cycle_enterprises_for(order_cycle: oc)
expect(enterprises).to include hub
expect(enterprises).to_not include producer
end
end
context "where the coordinator sells 'own'" do
before { coordinator.stub(:sells) { 'own' } }
it "returns just the coordinator" do
enterprises = permissions.order_cycle_enterprises_for(order_cycle: oc)
expect(enterprises).to_not include hub, producer
end
end
end
end
context "as a manager of a hub that has granted P-OC to the coordinator" do