Adding managed controller action which uses new order serializer to render json

2026-01-24 20:36:49 +00:00 · 2015-05-20 11:48:13 +10:00
parent 823adf3272
commit fc55a000b8
3 changed files with 147 additions and 5 deletions
--- a/app/controllers/spree/admin/orders_controller_decorator.rb
+++ b/app/controllers/spree/admin/orders_controller_decorator.rb
@@ -7,7 +7,7 @@ Spree::Admin::OrdersController.class_eval do
  # We need to add expections for collection actions other than :index here
  # because spree_auth_devise causes load_order to be called, which results
  # in an auth failure as the @order object is nil for collection actions
-  before_filter :check_authorization, :except => :bulk_management
+  before_filter :check_authorization, except: [:bulk_management, :managed]

  # After updating an order, the fees should be updated as well
  # Currently, adding or deleting line items does not trigger updating the
@@ -17,7 +17,7 @@ Spree::Admin::OrdersController.class_eval do
  after_filter :update_distribution_charge, :only => :update

  respond_override :index => { :html =>
-    { :success => lambda { 
+    { :success => lambda {
      # Filter orders to only show those distributed by current user (or all for admin user)
      @orders = @search.result.includes([:user, :shipments, :payments]).
        distributed_by_user(spree_current_user).
@@ -37,4 +37,10 @@ Spree::Admin::OrdersController.class_eval do
  def update_distribution_charge
    @order.update_distribution_charge!
  end
+
+  def managed
+    permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
+    @orders = permissions.editable_orders.ransack(params[:q]).result.page(params[:page]).per(params[:per_page])
+    render json: @orders, each_serializer: Api::Admin::OrderSerializer
+  end
 end
--- a/app/models/spree/ability_decorator.rb
+++ b/app/models/spree/ability_decorator.rb
@@ -142,7 +142,7 @@ class AbilityDecorator
      # during the order creation process from the admin backend
      order.distributor.nil? || user.enterprises.include?(order.distributor)
    end
-    can [:admin, :bulk_management], Spree::Order if user.admin? || user.enterprises.any?(&:is_distributor)
+    can [:admin, :bulk_management, :managed], Spree::Order if user.admin? || user.enterprises.any?(&:is_distributor)
    can [:admin, :create], Spree::LineItem
    can [:destroy], Spree::LineItem do |item|
      user.admin? || user.enterprises.include?(order.distributor) || user == order.order_cycle.manager
@@ -154,7 +154,6 @@ class AbilityDecorator
    can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::ReturnAuthorization
    can [:destroy], Spree::Adjustment do |adjustment|
      # Sharing code with destroying a line item. This should be unified and probably applied for other actions as well.
-      binding.pry
      if user.admin?
        true
      elsif adjustment.adjustable.instance_of? Spree::Order
--- a/spec/controllers/spree/admin/orders_controller_spec.rb
+++ b/spec/controllers/spree/admin/orders_controller_spec.rb
@@ -1,9 +1,10 @@
 require 'spec_helper'

 describe Spree::Admin::OrdersController do
-  let!(:order) { create(:order) }
+  include AuthenticationWorkflow

  context "updating an order with line items" do
+    let!(:order) { create(:order) }
    let(:line_item) { create(:line_item) }
    before { login_as_admin }

@@ -27,4 +28,140 @@ describe Spree::Admin::OrdersController do
      }
    end
  end
+
+  describe "managed" do
+    render_views
+
+    let(:order_attributes) { [:id, :full_name, :email, :phone, :completed_at, :line_items, :distributor, :order_cycle, :number] }
+
+    def self.make_simple_data!
+      let!(:dist1) { FactoryGirl.create(:distributor_enterprise) }
+      let!(:order1) { FactoryGirl.create(:order, state: 'complete', completed_at: Time.now, distributor: dist1, billing_address: FactoryGirl.create(:address) ) }
+      let!(:order2) { FactoryGirl.create(:order, state: 'complete', completed_at: Time.now, distributor: dist1, billing_address: FactoryGirl.create(:address) ) }
+      let!(:order3) { FactoryGirl.create(:order, state: 'complete', completed_at: Time.now, distributor: dist1, billing_address: FactoryGirl.create(:address) ) }
+      let!(:line_item1) { FactoryGirl.create(:line_item, order: order1) }
+      let!(:line_item2) { FactoryGirl.create(:line_item, order: order2) }
+      let!(:line_item3) { FactoryGirl.create(:line_item, order: order2) }
+      let!(:line_item4) { FactoryGirl.create(:line_item, order: order3) }
+      let(:line_item_attributes) { [:id, :quantity, :max_quantity, :supplier, :units_product, :units_variant] }
+    end
+
+    context "as a normal user" do
+      before { controller.stub spree_current_user: create_enterprise_user }
+
+      make_simple_data!
+
+      it "should deny me access to managed orders" do
+        spree_get :managed, { :template => 'bulk_index', :format => :json }
+        expect(response).to redirect_to spree.unauthorized_path
+      end
+    end
+
+    context "as an administrator" do
+      make_simple_data!
+
+      before do
+        controller.stub spree_current_user: quick_login_as_admin
+        spree_get :managed, { :template => 'bulk_index', :format => :json }
+      end
+
+      it "retrieves a list of orders with appropriate attributes, including line items with appropriate attributes" do
+        keys = json_response.first.keys.map{ |key| key.to_sym }
+        order_attributes.all?{ |attr| keys.include? attr }.should == true
+      end
+
+      it "retrieves a list of line items with appropriate attributes" do
+        li_keys = json_response.first['line_items'].first.keys.map{ |key| key.to_sym }
+        line_item_attributes.all?{ |attr| li_keys.include? attr }.should == true
+      end
+
+      it "sorts orders in ascending id order" do
+        ids = json_response.map{ |order| order['id'] }
+        ids[0].should < ids[1]
+        ids[1].should < ids[2]
+      end
+
+      it "formats completed_at to 'yyyy-mm-dd hh:mm'" do
+        json_response.map{ |order| order['completed_at'] }.all?{ |a| a.match("^\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}$") }.should == true
+      end
+
+      it "returns an array for line_items" do
+        json_response.map{ |order| order['line_items'] }.all?{ |a| a.is_a? Array }.should == true
+      end
+
+      it "returns quantity and max quantity at integers" do
+        json_response.map{ |order| order['line_items'] }.flatten.map{ |li| li['quantity'] }.all?{ |q| q.is_a? Fixnum }.should == true
+        json_response.map{ |order| order['line_items'] }.flatten.map{ |li| li['max_quantity'] }.all?{ |mq| mq.nil? || mq.is_a?( Fixnum ) }.should == true
+      end
+
+      it "returns supplier object with id and name keys" do
+        json_response.map{ |order| order['line_items'] }.flatten.map{ |li| li['supplier'] }.all?{ |s| s.has_key?('id') && s.has_key?('name') }.should == true
+      end
+
+      it "returns distributor object with id and name keys" do
+        json_response.map{ |order| order['distributor'] }.all?{ |d| d.has_key?('id') && d.has_key?('name') }.should == true
+      end
+
+      it "retrieves the order number" do
+        json_response.map{ |order| order['number'] }.all?{ |number| number.match("^R\\d{5,10}$") }.should == true
+      end
+    end
+
+    context "as an enterprise user" do
+      let(:supplier) { create(:supplier_enterprise) }
+      let(:distributor1) { create(:distributor_enterprise) }
+      let(:distributor2) { create(:distributor_enterprise) }
+      let(:coordinator) { create(:distributor_enterprise) }
+      let(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator) }
+      let!(:order1) { FactoryGirl.create(:order, order_cycle: order_cycle, state: 'complete', completed_at: Time.now, distributor: distributor1, billing_address: FactoryGirl.create(:address) ) }
+      let!(:line_item1) { FactoryGirl.create(:line_item, order: order1, product: FactoryGirl.create(:product, supplier: supplier)) }
+      let!(:line_item2) { FactoryGirl.create(:line_item, order: order1, product: FactoryGirl.create(:product, supplier: supplier)) }
+      let!(:order2) { FactoryGirl.create(:order, order_cycle: order_cycle, state: 'complete', completed_at: Time.now, distributor: distributor2, billing_address: FactoryGirl.create(:address) ) }
+      let!(:line_item3) { FactoryGirl.create(:line_item, order: order2, product: FactoryGirl.create(:product, supplier: supplier)) }
+
+      context "producer enterprise" do
+
+        before do
+          controller.stub spree_current_user: supplier.owner
+          spree_get :managed, { :format => :json }
+        end
+
+        it "does not display line items for which my enterprise is a supplier" do
+          expect(response).to redirect_to spree.unauthorized_path
+        end
+      end
+
+      context "coordinator enterprise" do
+        before do
+          controller.stub spree_current_user: coordinator.owner
+          spree_get :managed, { :format => :json }
+        end
+
+        it "retrieves a list of orders" do
+          keys = json_response.first.keys.map{ |key| key.to_sym }
+          order_attributes.all?{ |attr| keys.include? attr }.should == true
+        end
+
+        it "only displays line items from orders for which my enterprise is the order_cycle coorinator" do
+          json_response.map{ |order| order['line_items'] }.flatten.map{ |line_item| line_item["id"] }.sort.should == [line_item1.id, line_item2.id, line_item3.id].sort
+        end
+      end
+
+      context "hub enterprise" do
+        before do
+          controller.stub spree_current_user: distributor1.owner
+          spree_get :managed, { :format => :json }
+        end
+
+        it "retrieves a list of orders" do
+          keys = json_response.first.keys.map{ |key| key.to_sym }
+          order_attributes.all?{ |attr| keys.include? attr }.should == true
+        end
+
+        it "only displays line items from orders for which my enterprise is a distributor" do
+          json_response.map{ |order| order['line_items'] }.flatten.map{ |line_item| line_item["id"] }.sort.should == [line_item1.id, line_item2.id].sort
+        end
+      end
+    end
+  end
 end