raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-25 20:46:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Altering permissions for exchanges, so the exchange is visible to managers of at least one of the enterprises invloved

Browse Source
This commit is contained in:
Rob Harrington
2015-03-18 16:29:22 +11:00
parent 2310a6a7db
commit df4437ecfe
2 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/open_food_network/permissions.rb
View File

@@ -55,8 +55,9 @@ module OpenFoodNetwork
# Find the exchanges of an order cycle that an admin can manage
def order_cycle_exchanges(order_cycle)
enterprises = managed_and_related_enterprises_with :add_to_order_cycle
order_cycle.exchanges.to_enterprises(enterprises).from_enterprises(enterprises)
ids = order_cycle_exchange_ids_involving_my_enterprises(order_cycle)
Exchange.where(id: ids, order_cycle_id: order_cycle)
end
def managed_products
@@ -103,5 +104,10 @@ module OpenFoodNetwork
def related_enterprise_products
Spree::Product.where('supplier_id IN (?)', related_enterprises_with(:manage_products))
end
def order_cycle_exchange_ids_involving_my_enterprises(order_cycle)
# Any exchanges that my managed enterprises are involved in directly
order_cycle.exchanges.involving(managed_enterprises).pluck :id
end
end
end

16
spec/lib/open_food_network/permissions_spec.rb
View File

@@ -122,19 +122,19 @@ module OpenFoodNetwork
permissions.order_cycle_exchanges(oc).should == [ex]
end
it "returns exchanges involving enterprises with E2E permission" do
it "does not return exchanges involving enterprises with E2E permission" do
permissions.stub(:related_enterprises_with) { Enterprise.where(id: [e1, e2]) }
permissions.order_cycle_exchanges(oc).should == []
end
it "returns exchanges involving only the sender" do
permissions.stub(:managed_enterprises) { Enterprise.where(id: [e1]) }
permissions.order_cycle_exchanges(oc).should == [ex]
end
it "does not return exchanges involving only the sender" do
permissions.stub(:managed_enterprises) { Enterprise.where(id: [e1]) }
permissions.order_cycle_exchanges(oc).should == []
end
it "does not return exchanges involving only the receiver" do
it "returns exchanges involving only the receiver" do
permissions.stub(:managed_enterprises) { Enterprise.where(id: [e2]) }
permissions.order_cycle_exchanges(oc).should == []
permissions.order_cycle_exchanges(oc).should == [ex]
end
end