diff --git a/app/controllers/admin/enterprises_controller.rb b/app/controllers/admin/enterprises_controller.rb index 838175126f..64ba997950 100644 --- a/app/controllers/admin/enterprises_controller.rb +++ b/app/controllers/admin/enterprises_controller.rb @@ -5,7 +5,8 @@ module Admin before_filter :load_methods_and_fees, :only => [:new, :edit, :update, :create] before_filter :check_type, only: :update before_filter :check_bulk_type, only: :bulk_update - before_filter :check_owner, only: :create + before_filter :override_owner, only: :create + before_filter :check_owner, only: :update helper 'spree/products' include OrderCyclesHelper @@ -73,10 +74,16 @@ module Admin params[:enterprise].delete :type unless spree_current_user.admin? end - def check_owner + def override_owner params[:enterprise][:owner_id] = spree_current_user.id unless spree_current_user.admin? end + def check_owner + unless spree_current_user == @enterprise.owner || spree_current_user.admin? + params[:enterprise].delete :owner_id + end + end + # Overriding method on Spree's resource controller def location_after_save if params[:enterprise].key? :producer_properties_attributes diff --git a/spec/controllers/admin/enterprises_controller_spec.rb b/spec/controllers/admin/enterprises_controller_spec.rb index bdad9558fa..44421aad8e 100644 --- a/spec/controllers/admin/enterprises_controller_spec.rb +++ b/spec/controllers/admin/enterprises_controller_spec.rb @@ -2,7 +2,12 @@ require 'spec_helper' module Admin describe EnterprisesController do - let(:distributor) { create(:distributor_enterprise) } + let(:distributor_owner) do + user = create(:user) + user.spree_roles = [] + user + end + let(:distributor) { create(:distributor_enterprise, owner: distributor_owner ) } let(:user) do user = create(:user) user.spree_roles = [] @@ -37,6 +42,44 @@ module Admin enterprise = Enterprise.find_by_name 'zzz' admin_user.enterprise_roles.where(enterprise_id: enterprise).should be_empty end + + it "it overrides the owner_id submitted by the user unless current_user is super admin" do + controller.stub spree_current_user: user + enterprise_params[:enterprise][:owner_id] = admin_user + + spree_put :create, enterprise_params + enterprise = Enterprise.find_by_name 'zzz' + user.enterprise_roles.where(enterprise_id: enterprise).first.should be + end + end + + describe "updating an enterprise" do + it "allows current owner to change ownership" do + controller.stub spree_current_user: distributor_owner + update_params = { id: distributor, enterprise: { owner_id: user } } + spree_post :update, update_params + + distributor.reload + expect(distributor.owner).to eq user + end + + it "allows super admin to change ownership" do + controller.stub spree_current_user: admin_user + update_params = { id: distributor, enterprise: { owner_id: user } } + spree_post :update, update_params + + distributor.reload + expect(distributor.owner).to eq user + end + + it "does not allow managers to change ownership" do + controller.stub spree_current_user: user + update_params = { id: distributor, enterprise: { owner_id: user } } + spree_post :update, update_params + + distributor.reload + expect(distributor.owner).to eq distributor_owner + end end describe "updating an enterprise" do diff --git a/spec/models/enterprise_spec.rb b/spec/models/enterprise_spec.rb index c9d4426d74..c6418def09 100644 --- a/spec/models/enterprise_spec.rb +++ b/spec/models/enterprise_spec.rb @@ -58,7 +58,7 @@ describe Enterprise do let(:u2) { create(:user) } let(:e) { create(:enterprise, owner: u1 ) } - it "allows owner to be changed" do + it "adds new owner to list of managers" do expect(e.owner).to eq u1 expect(e.users).to include u1 expect(e.users).to_not include u2