From fdd6400cb8271fb0bd839f1e638cfaa6b227144c Mon Sep 17 00:00:00 2001 From: Rohan Mitchell Date: Wed, 8 Jun 2016 15:14:24 +1000 Subject: [PATCH] Fix perms for API soft delete --- app/models/spree/ability_decorator.rb | 4 ++-- spec/controllers/spree/api/variants_controller_spec.rb | 2 +- spec/models/spree/ability_spec.rb | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree/ability_decorator.rb index c2bd99bcdb..b10c781fac 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree/ability_decorator.rb @@ -110,12 +110,12 @@ class AbilityDecorator def add_product_management_abilities(user) # Enterprise User can only access products that they are a supplier for can [:create], Spree::Product - can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], Spree::Product do |product| + can [:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :delete, :destroy], Spree::Product do |product| OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier end can [:create], Spree::Variant - can [:admin, :index, :read, :edit, :update, :search, :destroy], Spree::Variant do |variant| + can [:admin, :index, :read, :edit, :update, :search, :delete, :destroy], Spree::Variant do |variant| OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? variant.product.supplier end diff --git a/spec/controllers/spree/api/variants_controller_spec.rb b/spec/controllers/spree/api/variants_controller_spec.rb index 5fb9f2f2a0..39c6439999 100644 --- a/spec/controllers/spree/api/variants_controller_spec.rb +++ b/spec/controllers/spree/api/variants_controller_spec.rb @@ -47,7 +47,7 @@ module Spree spree_delete :soft_delete, {variant_id: variant.to_param, product_id: product.to_param, format: :json} response.status.should == 204 lambda { variant.reload }.should_not raise_error - variant.deleted_at.should_not be_nil + variant.deleted_at.should be_present end it "is denied access to soft deleting another enterprises' variant" do diff --git a/spec/models/spree/ability_spec.rb b/spec/models/spree/ability_spec.rb index 44321353fe..0057d377e7 100644 --- a/spec/models/spree/ability_spec.rb +++ b/spec/models/spree/ability_spec.rb @@ -149,13 +149,13 @@ module Spree it "should be able to read/write their enterprises' products and variants" do should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p1) - should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p1.master) + should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy, :delete], for: p1.master) end it "should be able to read/write related enterprises' products and variants with manage_products permission" do er_ps should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p_related) - should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy], for: p_related.master) + should have_ability([:admin, :index, :read, :edit, :update, :search, :destroy, :delete], for: p_related.master) end it "should not be able to read/write other enterprises' products and variants" do @@ -173,7 +173,7 @@ module Spree it "should be able to read/write their enterprises' product variants" do should have_ability([:create], for: Spree::Variant) - should have_ability([:admin, :index, :read, :create, :edit, :search, :update, :destroy], for: p1.master) + should have_ability([:admin, :index, :read, :create, :edit, :search, :update, :destroy, :delete], for: p1.master) end it "should not be able to read/write other enterprises' product variants" do