Fix loading of products for an enterprise in the admin section. NOTE: this is a major hack - had to copy the current fetch data from the spree product_controller and modify it to get the roles to take affect. There must be a better way.

app/controllers/spree/admin/products_controller_decorator.rb

@@ -5,8 +5,6 @@ Spree::Admin::ProductsController.class_eval do
 
   respond_to :json, :only => :clone
 
-  before_filter :filter_out_products_for_enterprise_users, :only => :index
-
   #respond_override :clone => { :json => {:success => lambda { redirect_to bulk_index_admin_products_url+"?q[id_eq]=#{@new.id}" } } }
 
   def bulk_update
@@ -29,12 +27,29 @@ Spree::Admin::ProductsController.class_eval do
     end
   end
 
-  def filter_out_products_for_enterprise_users
-    unless spree_current_user.has_spree_role?('admin')
-      @collection.select! do |product|
-        !product.supplier.nil? and product.supplier.users.include? spree_current_user
-      end
+  def collection
+    # This method is copied directly from the spree product controller, except where we narrow the search below with the managed_by search to support
+    # enterprise users.
+    # TODO: There has to be a better way!!!
+    return @collection if @collection.present?
+    params[:q] ||= {}
+    params[:q][:deleted_at_null] ||= "1"
+
+    params[:q][:s] ||= "name asc"
+
+    @search = super.ransack(params[:q])
+    @collection = @search.result.
+      managed_by(spree_current_user). # this line is added to the original spree code!!!!!
+      group_by_products_id.
+      includes(product_includes).
+      page(params[:page]).
+      per(Spree::Config[:admin_products_per_page])
+
+    if params[:q][:s].include?("master_default_price_amount")
+      # PostgreSQL compatibility
+      @collection = @collection.group("spree_prices.amount")
     end
+    @collection
   end
 
   private

app/models/enterprise.rb

@@ -53,7 +53,7 @@ class Enterprise < ActiveRecord::Base
  }
   scope :managed_by, lambda { |user|
     if user.has_spree_role?('admin')
-      all
+      scoped
     else
       joins(:enterprise_roles).where('enterprise_roles.user_id = ?', user.id)
     end

app/models/spree/product_decorator.rb

@@ -57,6 +57,13 @@ Spree::Product.class_eval do
   scope :in_order_cycle, lambda { |order_cycle| with_order_cycles_inner.
                                                 where('exchanges.sender_id = order_cycles.coordinator_id').
                                                 where('order_cycles.id = ?', order_cycle) }
+  scope :managed_by, lambda { |user|
+    if user.has_spree_role?('admin')
+      scoped
+    else
+      where('supplier_id IN (?)', user.enterprises.map {|enterprise| enterprise.id })
+    end
+  }
 
 
   # -- Methods

spec/models/enterprises_spec.rb

@@ -75,7 +75,6 @@ describe Enterprise do
         user = create(:admin_user)
         e1 = create(:enterprise)
         e2 = create(:enterprise)
-        e1.enterprise_roles.build(user: user).save
 
         enterprises = Enterprise.managed_by user
         enterprises.count.should == 2

spec/models/product_spec.rb

@@ -154,6 +154,34 @@ module Spree
           Product.in_order_cycle(oc1).should == [p1]
         end
       end
+
+      describe 'access roles' do
+        before(:each) do
+          @e1 = create(:enterprise)
+          @e2 = create(:enterprise)
+          @p1 = create(:product, supplier: @e1)
+          @p2 = create(:product, supplier: @e2)
+        end
+
+        it "shows only products for given user" do
+          user = create(:user)
+          user.spree_roles = []
+          @e1.enterprise_roles.build(user: user).save
+
+          product = Product.managed_by user
+          product.count.should == 1
+          product.should include @p1
+        end
+
+        it "shows all products for admin user" do
+          user = create(:admin_user)
+
+          product = Product.managed_by user
+          product.count.should == 2
+          product.should include @p1
+          product.should include @p2
+        end
+      end
     end
 
     describe "finders" do