raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-20 04:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix perms for API soft delete

Browse Source
This commit is contained in:
Rohan Mitchell
2016-06-08 15:14:24 +10:00
parent 225e436293
commit fdd6400cb8
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/spree/ability_decorator.rb
View File

@@ -110,12 +110,12 @@ class AbilityDecorator
def add_product_management_abilities(user)
# Enterprise User can only access products that they are a supplier for
can [:create], Spree::Product
can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product|
can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :delete, :destroy], Spree::Product do |product|
OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier
end
can [:create], Spree::Variant
can [:admin, :index, :read, :edit, :update, :search, :destroy], Spree::Variant do |variant|
can [:admin, :index, :read, :edit, :update, :search, :delete, :destroy], Spree::Variant do |variant|
OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? variant.product.supplier
end

2
spec/controllers/spree/api/variants_controller_spec.rb
View File

@@ -47,7 +47,7 @@ module Spree
spree_delete :soft_delete, {variant_id: variant.to_param, product_id: product.to_param, format: :json}
response.status.should == 204
lambda { variant.reload }.should_not raise_error
variant.deleted_at.should_not be_nil
variant.deleted_at.should be_present
end
it "is denied access to soft deleting another enterprises' variant" do

6
spec/models/spree/ability_spec.rb
View File

@@ -149,13 +149,13 @@ module Spree
it "should be able to read/write their enterprises' products and variants" do
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p1)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p1.master)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy, :delete], for: p1.master)
end
it "should be able to read/write related enterprises' products and variants with manage_products permission" do
er_ps
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p_related)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p_related.master)
should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy, :delete], for: p_related.master)
end
it "should not be able to read/write other enterprises' products and variants" do
@@ -173,7 +173,7 @@ module Spree
it "should be able to read/write their enterprises' product variants" do
should have_ability([:create], for: Spree::Variant)
should have_ability([:admin, :index, :read, :create, :edit, :search, :update, :destroy], for: p1.master)
should have_ability([:admin, :index, :read, :create, :edit, :search, :update, :destroy, :delete], for: p1.master)
end
it "should not be able to read/write other enterprises' product variants" do