Add show action to Admin::CustomersController

2026-03-18 04:39:14 +00:00 · 2018-05-04 12:06:03 +10:00
parent 45895e9924
commit cf8ca1f8c1
4 changed files with 39 additions and 2 deletions
--- a/app/controllers/admin/customers_controller.rb
+++ b/app/controllers/admin/customers_controller.rb
@@ -23,6 +23,10 @@ module Admin
      end
    end

+    def show
+      render_as_json @customer
+    end
+
    def create
      @customer = Customer.new(params[:customer])
      if user_can_create_customer?
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -257,7 +257,7 @@ class AbilityDecorator
    can [:admin, :index, :customers, :group_buys, :bulk_coop, :sales_tax, :payments, :orders_and_distributors, :orders_and_fulfillment, :products_and_inventory, :order_cycle_management, :xero_invoices], :report

    can [:create], Customer
-    can [:admin, :index, :update, :destroy, :addresses, :cards], Customer, enterprise_id: Enterprise.managed_by(user).pluck(:id)
+    can [:admin, :index, :update, :destroy, :addresses, :cards, :show], Customer, enterprise_id: Enterprise.managed_by(user).pluck(:id)
    can [:admin, :new, :index], Subscription
    can [:create, :edit, :update, :cancel, :pause, :unpause], Subscription do |subscription|
      user.enterprises.include?(subscription.shop)
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -147,7 +147,7 @@ Openfoodnetwork::Application.routes.draw do

    resources :inventory_items, only: [:create, :update]

-    resources :customers, only: [:index, :create, :update, :destroy] do
+    resources :customers, only: [:index, :create, :update, :destroy, :show] do
      get :addresses, on: :member
      get :cards, on: :member
    end
--- a/spec/controllers/admin/customers_controller_spec.rb
+++ b/spec/controllers/admin/customers_controller_spec.rb
@@ -235,4 +235,37 @@ describe Admin::CustomersController, type: :controller do
      end
    end
  end
+
+  describe "show" do
+    let(:enterprise) { create(:distributor_enterprise) }
+    let(:another_enterprise) { create(:distributor_enterprise) }
+
+    context "json" do
+      let!(:customer) { create(:customer, enterprise: enterprise) }
+
+      context "where I manage the customer's enterprise" do
+        render_views
+
+        before do
+          controller.stub spree_current_user: enterprise.owner
+        end
+
+        it "renders the customer as json" do
+          spree_get :show, format: :json, id: customer.id
+          expect(JSON.parse(response.body)["id"]).to eq customer.id
+        end
+      end
+
+      context "where I don't manage the customer's enterprise" do
+        before do
+          controller.stub spree_current_user: another_enterprise.owner
+        end
+
+        it "prevents me from updating the customer" do
+          spree_get :show, format: :json, id: customer.id
+          expect(response).to redirect_to spree.unauthorized_path
+        end
+      end
+    end
+  end
 end