Reworking the way the Reports works so we have more granular control over what shows

app/controllers/spree/admin/reports_controller_decorator.rb

@@ -19,12 +19,11 @@ Spree::Admin::ReportsController.class_eval do
       render_to_string(partial: 'products_and_inventory_description', layout: false, locals: {report_types: REPORT_TYPES[:products_and_inventory]}).html_safe
   } } }
 
-  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:orders_and_distributors => {:name => "Orders And Distributors", :description => "Orders with distributor details"}})
-  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:bulk_coop => {:name => "Bulk Co-Op", :description => "Reports for Bulk Co-Op orders"}})
-  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:payments => {:name => "Payment Reports", :description => "Reports for Payments"}})
-  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:orders_and_fulfillment => {:name => "Orders & Fulfillment Reports", :description => ''}})
-  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:products_and_inventory => {:name => "Products & Inventory", :description => ''}})
-
+  # OVERRIDING THIS so we use a method not a constant for available reports
+  def index
+    @reports = available_reports
+    respond_with(@reports)
+  end
 
   REPORT_TYPES = {
     orders_and_fulfillment: [
@@ -569,4 +568,18 @@ Spree::Admin::ReportsController.class_eval do
     @suppliers = my_suppliers | suppliers_of_products_I_distribute 
     @order_cycles = OrderCycle.active_or_complete.accessible_by(spree_current_user).order('orders_close_at DESC')
   end
+
+  def available_reports
+    reports = {
+      :orders_and_distributors => {:name => "Orders And Distributors", :description => "Orders with distributor details"},
+      :bulk_coop => {:name => "Bulk Co-Op", :description => "Reports for Bulk Co-Op orders"},
+      :payments => {:name => "Payment Reports", :description => "Reports for Payments"},
+      :orders_and_fulfillment => {:name => "Orders & Fulfillment Reports", :description => ''},
+      :products_and_inventory => {:name => "Products & Inventory", :description => ''}
+    }
+    if spree_current_user.has_spree_role? 'admin'
+      reports[:sales_total] = { :name => "Sales Total", :description => "Sales Total For All Orders" }
+    end
+    reports
+  end
 end

spec/features/admin/reports_spec.rb

@@ -7,6 +7,27 @@ feature %q{
   include AuthenticationWorkflow
   include WebHelper
 
+  context "Permissions for different reports" do
+    context "As an enterprise user" do
+      let(:user) do
+        create_enterprise_user([
+          create(:distributor_enterprise) 
+        ])
+      end
+      it "should not show the Sales Total report" do
+        login_to_admin_as user
+        click_link "Reports"
+        page.should_not have_content "Sales Total"
+      end
+    end
+    context "As an admin user" do
+      it "shows the Sales Total report" do
+        login_to_admin_section
+        click_link "Reports"
+        page.should have_content "Sales Total"
+      end
+    end
+  end
 
   scenario "orders and distributors report" do
     login_to_admin_section

spec/support/request/authentication_workflow.rb

@@ -14,9 +14,12 @@ module AuthenticationWorkflow
     login_to_admin_as admin_user
   end
 
-  def create_enterprise_user
+  def create_enterprise_user(enterprises = [])
     new_user = create(:user, email: 'enterprise@hub.com', password: 'blahblah', :password_confirmation => 'blahblah', )
     new_user.spree_roles = [] # for some reason unbeknown to me, this new user gets admin permissions by default.
+    for enterprise in enterprises do
+      new_user.enterprise_roles.build(enterprise: enterprise).save
+    end
     new_user.save
     new_user
   end