From e44fed2ff0cb6d7ea6a8a733caf1a672c94ac9c7 Mon Sep 17 00:00:00 2001
From: Rafael Schouten <rafaelschouten@gmail.com>
Date: Sun, 12 Oct 2014 14:00:32 +1100
Subject: [PATCH] add authorization to reports listings on index page

---
 .../spree/admin/reports_controller_decorator.rb           | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/controllers/spree/admin/reports_controller_decorator.rb b/app/controllers/spree/admin/reports_controller_decorator.rb
index 0abfd783b5..c7f5aa363a 100644
--- a/app/controllers/spree/admin/reports_controller_decorator.rb
+++ b/app/controllers/spree/admin/reports_controller_decorator.rb
@@ -608,12 +608,10 @@ Spree::Admin::ReportsController.class_eval do
       :payments => {:name => "Payment Reports", :description => "Reports for Payments"},
       :orders_and_fulfillment => {:name => "Orders & Fulfillment Reports", :description => ''},
       :customers => {:name => "Customers", :description => 'Customer details'},
-      :products_and_inventory => {:name => "Products & Inventory", :description => ''}
+      :products_and_inventory => {:name => "Products & Inventory", :description => ''},
+      :sales_total => { :name => "Sales Total", :description => "Sales Total For All Orders" }
     }
-    if spree_current_user.has_spree_role? 'admin'
-      reports[:sales_total] = { :name => "Sales Total", :description => "Sales Total For All Orders" }
-    end
-    reports
+    reports.select { |action, details| can? action, :report }
   end
 
   def total_units(line_items)