From d3e9a53120ec00e1ed975325838f9a7279bd5fd1 Mon Sep 17 00:00:00 2001 From: Kristina Lim Date: Wed, 7 Nov 2018 02:27:54 +0800 Subject: [PATCH] Filter enterprise fee summary for user permissions --- ...nterprise_fee_summary_report_controller.rb | 4 +- .../enterprise_fee_summary/report_service.rb | 11 +++- ...rise_fee_summary_report_controller_spec.rb | 18 ++++++ .../renderers/csv_renderer_spec.rb | 6 +- .../renderers/html_renderer_spec.rb | 6 +- .../report_service_spec.rb | 58 ++++++++++++++++++- 6 files changed, 93 insertions(+), 10 deletions(-) diff --git a/app/controllers/spree/admin/reports/enterprise_fee_summary_report_controller.rb b/app/controllers/spree/admin/reports/enterprise_fee_summary_report_controller.rb index 948c7ce3f5..b6dac3bbef 100644 --- a/app/controllers/spree/admin/reports/enterprise_fee_summary_report_controller.rb +++ b/app/controllers/spree/admin/reports/enterprise_fee_summary_report_controller.rb @@ -19,8 +19,8 @@ module Spree return respond_to_invalid_parameters unless @report_parameters.valid? @authorizer.authorize! - @report = report_klass::ReportService.new(@report_parameters, report_renderer_klass) - + @report = report_klass::ReportService.new(@permissions, @report_parameters, + report_renderer_klass) render_report rescue OpenFoodNetwork::Reports::Authorizer::ParameterNotAllowedError => e flash[:error] = e.message diff --git a/lib/order_management/reports/enterprise_fee_summary/report_service.rb b/lib/order_management/reports/enterprise_fee_summary/report_service.rb index 3b57be7b6c..d2b86d97e9 100644 --- a/lib/order_management/reports/enterprise_fee_summary/report_service.rb +++ b/lib/order_management/reports/enterprise_fee_summary/report_service.rb @@ -9,15 +9,16 @@ module OrderManagement class ReportService delegate :render, :filename, to: :renderer - attr_accessor :parameters, :renderer_klass + attr_accessor :permissions, :parameters, :renderer_klass - def initialize(parameters, renderer_klass) + def initialize(permissions, parameters, renderer_klass) + @permissions = permissions @parameters = parameters @renderer_klass = renderer_klass end def enterprise_fees_by_customer - Scope.new.apply_filters(parameters).result + Scope.new.apply_filters(permission_filters).apply_filters(parameters).result end def enterprise_fee_type_totals @@ -30,6 +31,10 @@ module OrderManagement private + def permission_filters + Parameters.new(order_cycle_ids: permissions.allowed_order_cycles.map(&:id)) + end + def enterprise_fee_type_total_list enterprise_fees_by_customer.map do |total_data| summarizer = EnterpriseFeeTypeTotalSummarizer.new(total_data) diff --git a/spec/controllers/spree/admin/reports/enterprise_fee_summary_report_controller_spec.rb b/spec/controllers/spree/admin/reports/enterprise_fee_summary_report_controller_spec.rb index 7905a5354e..6d01d3eb32 100644 --- a/spec/controllers/spree/admin/reports/enterprise_fee_summary_report_controller_spec.rb +++ b/spec/controllers/spree/admin/reports/enterprise_fee_summary_report_controller_spec.rb @@ -1,6 +1,8 @@ require "spec_helper" describe Spree::Admin::Reports::EnterpriseFeeSummaryReportController, type: :controller do + let(:report_klass) { OrderManagement::Reports::EnterpriseFeeSummary } + let!(:admin) { create(:admin_user) } let(:current_user) { admin } @@ -52,6 +54,22 @@ describe Spree::Admin::Reports::EnterpriseFeeSummaryReportController, type: :con .to render_template("spree/admin/reports/enterprise_fee_summary_report/index") end end + + describe "filtering results based on permissions" do + let!(:distributor) { create(:distributor_enterprise) } + let!(:other_distributor) { create(:distributor_enterprise) } + + let!(:order_cycle) { create(:simple_order_cycle, coordinator: distributor) } + let!(:other_order_cycle) { create(:simple_order_cycle, coordinator: other_distributor) } + + let(:current_user) { distributor.owner } + + it "applies permissions to report" do + get :index, report: {}, report_format: "csv" + + expect(assigns(:permissions).allowed_order_cycles.to_a).to eq([order_cycle]) + end + end end def i18n_scope diff --git a/spec/lib/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb b/spec/lib/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb index 21854e29ce..192e165bd9 100644 --- a/spec/lib/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb +++ b/spec/lib/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb @@ -1,14 +1,16 @@ require "spec_helper" require "order_management/reports/enterprise_fee_summary/parameters" +require "order_management/reports/enterprise_fee_summary/permissions" require "order_management/reports/enterprise_fee_summary/report_service" require "order_management/reports/enterprise_fee_summary/renderers/csv_renderer" describe OrderManagement::Reports::EnterpriseFeeSummary::Renderers::CsvRenderer do let(:report_klass) { OrderManagement::Reports::EnterpriseFeeSummary } + let!(:permissions) { report_klass::Permissions.new(current_user) } let!(:parameters) { report_klass::Parameters.new } - let!(:service) { report_klass::ReportService.new(parameters, described_class) } + let!(:service) { report_klass::ReportService.new(permissions, parameters, described_class) } let!(:enterprise_fee_type_totals) do instance = report_klass::ReportData::EnterpriseFeeTypeTotals.new @@ -37,6 +39,8 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::Renderers::CsvRenderer end end + let(:current_user) { nil } + before do allow(service).to receive(:enterprise_fee_type_totals) { enterprise_fee_type_totals } end diff --git a/spec/lib/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb b/spec/lib/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb index 8afc535c1d..39158b35cd 100644 --- a/spec/lib/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb +++ b/spec/lib/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb @@ -1,14 +1,16 @@ require "spec_helper" require "order_management/reports/enterprise_fee_summary/parameters" +require "order_management/reports/enterprise_fee_summary/permissions" require "order_management/reports/enterprise_fee_summary/report_service" require "order_management/reports/enterprise_fee_summary/renderers/html_renderer" describe OrderManagement::Reports::EnterpriseFeeSummary::Renderers::HtmlRenderer do let(:report_klass) { OrderManagement::Reports::EnterpriseFeeSummary } + let!(:permissions) { report_klass::Permissions.new(current_user) } let!(:parameters) { report_klass::Parameters.new } - let!(:service) { report_klass::ReportService.new(parameters, described_class) } + let!(:service) { report_klass::ReportService.new(permissions, parameters, described_class) } let!(:enterprise_fee_type_totals) do instance = report_klass::ReportData::EnterpriseFeeTypeTotals.new @@ -37,6 +39,8 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::Renderers::HtmlRenderer end end + let(:current_user) { nil } + before do allow(service).to receive(:enterprise_fee_type_totals) { enterprise_fee_type_totals } end diff --git a/spec/lib/order_management/reports/enterprise_fee_summary/report_service_spec.rb b/spec/lib/order_management/reports/enterprise_fee_summary/report_service_spec.rb index 94effc1f11..a9c7988592 100644 --- a/spec/lib/order_management/reports/enterprise_fee_summary/report_service_spec.rb +++ b/spec/lib/order_management/reports/enterprise_fee_summary/report_service_spec.rb @@ -1,6 +1,7 @@ require "spec_helper" require "order_management/reports/enterprise_fee_summary/report_service" +require "order_management/reports/enterprise_fee_summary/permissions" require "order_management/reports/enterprise_fee_summary/parameters" describe OrderManagement::Reports::EnterpriseFeeSummary::ReportService do @@ -76,13 +77,16 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::ReportService do let!(:customer) { create(:customer, name: "Sample Customer") } let!(:another_customer) { create(:customer, name: "Another Customer") } + let!(:current_user) { create(:admin_user) } + describe "grouping and sorting of entries" do let!(:customer_order) { prepare_order(customer: customer) } let!(:second_customer_order) { prepare_order(customer: customer) } let!(:other_customer_order) { prepare_order(customer: another_customer) } - let(:parameters) { OrderManagement::Reports::EnterpriseFeeSummary::Parameters.new } - let(:service) { described_class.new(parameters, nil) } + let(:permissions) { report_klass::Permissions.new(current_user) } + let(:parameters) { report_klass::Parameters.new } + let(:service) { described_class.new(permissions, parameters, nil) } it "groups and sorts entries correctly" do totals = service.enterprise_fee_type_totals @@ -140,9 +144,57 @@ describe OrderManagement::Reports::EnterpriseFeeSummary::ReportService do end end + describe "filtering results based on permissions" do + let!(:distributor_a) do + create(:distributor_enterprise, name: "Distributor A", payment_methods: [payment_method], + shipping_methods: [shipping_method]) + end + let!(:distributor_b) do + create(:distributor_enterprise, name: "Distributor B", payment_methods: [payment_method], + shipping_methods: [shipping_method]) + end + + let!(:order_cycle_a) { create(:simple_order_cycle, coordinator: coordinator) } + let!(:order_cycle_b) { create(:simple_order_cycle, coordinator: coordinator) } + + let!(:variant_a) { prepare_variant(distributor: distributor_a, order_cycle: order_cycle_a) } + let!(:variant_b) { prepare_variant(distributor: distributor_b, order_cycle: order_cycle_b) } + + let!(:order_a) { prepare_order(order_cycle: order_cycle_a, distributor: distributor_a) } + let!(:order_b) { prepare_order(order_cycle: order_cycle_b, distributor: distributor_b) } + + let(:permissions) { report_klass::Permissions.new(current_user) } + let(:parameters) { report_klass::Parameters.new({}) } + let(:service) { described_class.new(permissions, parameters, nil) } + + context "when admin" do + let!(:current_user) { create(:admin_user) } + + it "includes all order cycles" do + totals = service.enterprise_fee_type_totals.list + + expect_total_matches(totals, 2, fee_type: "Shipment") + expect_total_matches(totals, 1, fee_type: "Shipment", enterprise_name: "Distributor A") + expect_total_matches(totals, 1, fee_type: "Shipment", enterprise_name: "Distributor B") + end + end + + context "when enterprise owner for distributor" do + let!(:current_user) { distributor_a.owner } + + it "does not include unrelated order cycles" do + totals = service.enterprise_fee_type_totals.list + + expect_total_matches(totals, 1, fee_type: "Shipment") + expect_total_matches(totals, 1, fee_type: "Shipment", enterprise_name: "Distributor A") + end + end + end + describe "filters entries correctly" do + let(:permissions) { report_klass::Permissions.new(current_user) } let(:parameters) { report_klass::Parameters.new(parameters_attributes) } - let(:service) { described_class.new(parameters, nil) } + let(:service) { described_class.new(permissions, parameters, nil) } context "filtering by completion date" do let(:timestamp) { Time.zone.local(2018, 1, 5, 14, 30, 5) }