From f68064480a5f2dd6b482bb7118cafa1ece2abea5 Mon Sep 17 00:00:00 2001
From: Mohamed ABDELLANI <abdellani@gmail.com>
Date: Tue, 4 Jul 2023 09:38:47 +0100
Subject: [PATCH] authorize distributor manager to generate invoices

---
 app/models/spree/ability.rb                   |  3 +-
 .../spree/admin/orders/invoices_spec.rb       | 49 +++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/app/models/spree/ability.rb b/app/models/spree/ability.rb
index 70befb3c38..9ffa81bae9 100644
--- a/app/models/spree/ability.rb
+++ b/app/models/spree/ability.rb
@@ -29,7 +29,6 @@ module Spree
         can :update, Order do |order, token|
           order.user == user || order.token && token == order.token
         end
-        can [:index], :invoice
         can [:index, :read], Product
         can [:index, :read], ProductProperty
         can [:index, :read], Property
@@ -276,7 +275,7 @@ module Spree
       can [:admin, :bulk_management, :managed, :distribution], Spree::Order do
         user.admin? || user.enterprises.any?(&:is_distributor)
       end
-      can [:admin, :create, :show, :poll], :invoice
+      can [:admin, :index, :create, :show, :poll, :generate], :invoice
       can [:admin, :visible], Enterprise
       can [:admin, :index, :create, :update, :destroy], :line_item
       can [:admin, :index, :create], Spree::LineItem
diff --git a/spec/controllers/spree/admin/orders/invoices_spec.rb b/spec/controllers/spree/admin/orders/invoices_spec.rb
index 8ddd145029..e889534882 100644
--- a/spec/controllers/spree/admin/orders/invoices_spec.rb
+++ b/spec/controllers/spree/admin/orders/invoices_spec.rb
@@ -147,4 +147,53 @@ describe Spree::Admin::InvoicesController, type: :controller do
       end
     end
   end
+
+  describe "#generate" do
+    let(:user) { create(:user) }
+    let(:enterprise_user) { create(:user, enterprises: [create(:enterprise)]) }
+    let(:order) {
+      create(:order_with_distributor, bill_address: create(:address),
+                                      ship_address: create(:address))
+    }
+    let(:distributor) { order.distributor }
+    let(:params) { { order_id: order.number } }
+
+    context "as a normal user" do
+      before { allow(controller).to receive(:spree_current_user) { user } }
+
+      it "should prevent me from generating invoices for the order" do
+        expect do
+          spree_get :generate, params
+        end.to change{ Invoice.count }.by(0)
+
+        expect(response).to redirect_to unauthorized_path
+      end
+    end
+
+    context "as an enterprise user" do
+      context "which is not a manager of the distributor for an order" do
+        before { allow(controller).to receive(:spree_current_user) { enterprise_user } }
+
+        it "should prevent me from generating invoices for the order" do
+          expect do
+            spree_get :generate, params
+          end.to change{ Invoice.count }.by(0)
+
+          expect(response).to redirect_to unauthorized_path
+        end
+      end
+
+      context 'which is a manager of the distributor for an order' do
+        before { allow(controller).to receive(:spree_current_user) { distributor.owner } }
+
+        it "should allow me to generate a new invoice for the order" do
+          expect do
+            spree_get :generate, params
+          end.to change{ Invoice.count }.by(1)
+
+          expect(response).to redirect_to spree.admin_dashboard_path
+        end
+      end
+    end
+  end
 end