raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-12 23:27:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hiding personal details of customers, where the user does not manage the distributor of the order or the coordinator of the order cycle

Browse Source
This commit is contained in:
Rob Harrington
2015-05-02 17:43:21 +10:00
parent 4259b466f5
commit f79fba52be
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/spree/admin/reports_controller_decorator.rb
View File

@@ -416,6 +416,15 @@ Spree::Admin::ReportsController.class_eval do
@line_items = permissions.visible_line_items.merge(Spree::LineItem.where(order_id: orders))
@line_items = @line_items.supplied_by_any(params[:supplier_id_in]) if params[:supplier_id_in].present?
line_items_with_hidden_details = @line_items.where("id NOT IN (?)", permissions.editable_line_items)
@line_items.select{ |li| line_items_with_hidden_details.include? li }.each do |line_item|
# TODO We should really be hiding customer code here too, but until we
# have an actual association between order and customer, it's a bit tricky
line_item.order.bill_address.assign_attributes(firstname: "HIDDEN", lastname: "", phone: "", address1: "", address2: "", city: "", zipcode: "", state: nil)
line_item.order.ship_address.assign_attributes(firstname: "HIDDEN", lastname: "", phone: "", address1: "", address2: "", city: "", zipcode: "", state: nil)
line_item.order.assign_attributes(email: "HIDDEN")
end
# My distributors and any distributors distributing products I supply
@distributors = permissions.order_cycle_enterprises.is_distributor