Fix product related permissions

2026-01-24 20:36:49 +00:00 · 2024-03-13 16:08:57 +11:00
parent 71b6938961
commit e48cdeba20
2 changed files with 24 additions and 22 deletions
--- a/lib/open_food_network/permissions.rb
+++ b/lib/open_food_network/permissions.rb
@@ -62,28 +62,26 @@ module OpenFoodNetwork
    def editable_products
      return Spree::Product.all if admin?

-      Spree::Product.where(supplier_id: @user.enterprises).or(
-        Spree::Product.where(supplier_id: related_enterprises_granting(:manage_products))
+      product_with_variants.where(spree_variants: { supplier_id: @user.enterprises }).or(
+        product_with_variants.where(
+          spree_variants: { supplier_id: related_enterprises_granting(:manage_products) }
+        )
      )
    end

    def visible_products
      return Spree::Product.all if admin?

-      Spree::Product.where(
-        supplier_id: @user.enterprises
-      ).or(
-        Spree::Product.where(
-          supplier_id: related_enterprises_granting(:manage_products) |
-            related_enterprises_granting(:add_to_order_cycle)
+      product_with_variants.where(spree_variants: { supplier_id: @user.enterprises }).or(
+        product_with_variants.where(
+          spree_variants: {
+            supplier_id: related_enterprises_granting(:manage_products) |
+              related_enterprises_granting(:add_to_order_cycle)
+          }
        )
      )
    end

-    def product_ids_supplied_by(supplier_ids)
-      Spree::Product.where(supplier_id: supplier_ids).select(:id)
-    end
-
    def managed_product_enterprises
      managed_and_related_enterprises_granting :manage_products
    end
@@ -176,5 +174,9 @@ module OpenFoodNetwork
    def managed_enterprise_products
      Spree::Product.managed_by(@user)
    end
+
+    def product_with_variants
+      Spree::Product.joins(:variants)
+    end
  end
 end
--- a/spec/lib/open_food_network/permissions_spec.rb
+++ b/spec/lib/open_food_network/permissions_spec.rb
@@ -190,8 +190,8 @@ module OpenFoodNetwork
    end

    describe "#editable_products" do
-      let!(:p1) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
-      let!(:p2) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
+      let!(:p1) { create(:simple_product, supplier_id: create(:supplier_enterprise).id ) }
+      let!(:p2) { create(:simple_product, supplier_id: create(:supplier_enterprise).id ) }

      before do
        allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where('1=0') }
@@ -202,7 +202,7 @@ module OpenFoodNetwork

      it "returns products produced by managed enterprises" do
        allow(user).to receive(:admin?) { false }
-        allow(user).to receive(:enterprises) { [p1.supplier] }
+        allow(user).to receive(:enterprises) { [p1.variants.first.supplier] }

        expect(permissions.editable_products).to eq([p1])
      end
@@ -211,7 +211,7 @@ module OpenFoodNetwork
        allow(user).to receive(:admin?) { false }
        allow(user).to receive(:enterprises) { [] }
        allow(permissions).to receive(:related_enterprises_granting).
-          with(:manage_products) { Enterprise.where(id: p2.supplier) }
+          with(:manage_products) { Enterprise.where(id: p2.variants.first.supplier) }

        expect(permissions.editable_products).to eq([p2])
      end
@@ -226,9 +226,9 @@ module OpenFoodNetwork
    end

    describe "finding visible products" do
-      let!(:p1) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
-      let!(:p2) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
-      let!(:p3) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
+      let!(:p1) { create(:simple_product, supplier_id: create(:supplier_enterprise).id ) }
+      let!(:p2) { create(:simple_product, supplier_id: create(:supplier_enterprise).id ) }
+      let!(:p3) { create(:simple_product, supplier_id: create(:supplier_enterprise).id ) }

      before do
        allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where("1=0") }
@@ -242,7 +242,7 @@ module OpenFoodNetwork

      it "returns products produced by managed enterprises" do
        allow(user).to receive(:admin?) { false }
-        allow(user).to receive(:enterprises) { Enterprise.where(id: p1.supplier_id) }
+        allow(user).to receive(:enterprises) { Enterprise.where(id: p1.variants.first.supplier_id) }

        expect(permissions.visible_products).to eq([p1])
      end
@@ -251,7 +251,7 @@ module OpenFoodNetwork
        allow(user).to receive(:admin?) { false }
        allow(user).to receive(:enterprises) { [] }
        allow(permissions).to receive(:related_enterprises_granting).
-          with(:manage_products) { Enterprise.where(id: p2.supplier) }
+          with(:manage_products) { Enterprise.where(id: p2.variants.first.supplier) }

        expect(permissions.visible_products).to eq([p2])
      end
@@ -260,7 +260,7 @@ module OpenFoodNetwork
        allow(user).to receive(:admin?) { false }
        allow(user).to receive(:enterprises) { [] }
        allow(permissions).to receive(:related_enterprises_granting).
-          with(:add_to_order_cycle) { Enterprise.where(id: p3.supplier).select(:id) }
+          with(:add_to_order_cycle) { Enterprise.where(id: p3.variants.first.supplier).select(:id) }

        expect(permissions.visible_products).to eq([p3])
      end