mirror of
https://github.com/openfoodfoundation/openfoodnetwork
synced 2026-01-24 20:36:49 +00:00
415 lines
17 KiB
Ruby
415 lines
17 KiB
Ruby
require 'spec_helper'
|
|
require 'open_food_network/permissions'
|
|
|
|
module OpenFoodNetwork
|
|
describe Permissions do
|
|
let(:user) { double(:user) }
|
|
let(:permissions) { Permissions.new(user) }
|
|
let(:permission) { 'one' }
|
|
let(:e1) { create(:enterprise) }
|
|
let(:e2) { create(:enterprise) }
|
|
|
|
describe "finding managed and related enterprises granting a particular permission" do
|
|
describe "as super admin" do
|
|
before { allow(user).to receive(:admin?) { true } }
|
|
|
|
it "returns all enterprises" do
|
|
expect(permissions.send(:managed_and_related_enterprises_granting, :some_permission)).to match_array [e1, e2]
|
|
end
|
|
end
|
|
|
|
describe "as an enterprise user" do
|
|
let(:e3) { create(:enterprise) }
|
|
before { allow(user).to receive(:admin?) { false } }
|
|
|
|
it "returns only my managed enterprises any that have granting them P-OC" do
|
|
expect(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e1) }
|
|
expect(permissions).to receive(:related_enterprises_granting).with(:some_permission) { Enterprise.where(id: e3).select(:id) }
|
|
expect(permissions.send(:managed_and_related_enterprises_granting, :some_permission)).to match_array [e1, e3]
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "finding managed and related enterprises granting or granted a particular permission" do
|
|
describe "as super admin" do
|
|
before { allow(user).to receive(:admin?) { true } }
|
|
|
|
it "returns all enterprises" do
|
|
expect(permissions.send(:managed_and_related_enterprises_granting, :some_permission)).to match_array [e1, e2]
|
|
end
|
|
end
|
|
|
|
describe "as an enterprise user" do
|
|
let(:e3) { create(:enterprise) }
|
|
let(:e4) { create(:enterprise) }
|
|
before { allow(user).to receive(:admin?) { false } }
|
|
|
|
it "returns only my managed enterprises any that have granting them P-OC" do
|
|
expect(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e1) }
|
|
expect(permissions).to receive(:related_enterprises_granting).with(:some_permission) { Enterprise.where(id: e3).select(:id) }
|
|
expect(permissions).to receive(:related_enterprises_granted).with(:some_permission) { Enterprise.where(id: e4).select(:id) }
|
|
expect(permissions.send(:managed_and_related_enterprises_with, :some_permission)).to match_array [e1, e3, e4]
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "finding enterprises that can be selected in order report filters" do
|
|
let(:e) { double(:enterprise) }
|
|
|
|
it "returns managed and related enterprises with add_to_order_cycle permission" do
|
|
expect(permissions).to receive(:managed_and_related_enterprises_with).
|
|
with(:add_to_order_cycle).
|
|
and_return([e])
|
|
|
|
expect(permissions.visible_enterprises_for_order_reports).to eq [e]
|
|
end
|
|
end
|
|
|
|
describe "finding visible enterprises" do
|
|
let(:e) { double(:enterprise) }
|
|
|
|
it "returns managed and related enterprises with add_to_order_cycle permission" do
|
|
expect(permissions).to receive(:managed_and_related_enterprises_granting).
|
|
with(:add_to_order_cycle).
|
|
and_return([e])
|
|
|
|
expect(permissions.visible_enterprises).to eq [e]
|
|
end
|
|
end
|
|
|
|
describe "finding enterprises whose profiles can be edited" do
|
|
let(:e) { double(:enterprise) }
|
|
|
|
it "returns managed and related enterprises with edit_profile permission" do
|
|
expect(permissions).
|
|
to receive(:managed_and_related_enterprises_granting).
|
|
with(:edit_profile).
|
|
and_return([e])
|
|
|
|
expect(permissions.editable_enterprises).to eq([e])
|
|
end
|
|
end
|
|
|
|
describe "finding all producers for which we can create variant overrides" do
|
|
let(:e1) { create(:supplier_enterprise) }
|
|
let(:e2) { create(:supplier_enterprise) }
|
|
|
|
it "compiles the list from variant_override_enterprises_per_hub" do
|
|
allow(permissions).to receive(:variant_override_enterprises_per_hub) do
|
|
{ 1 => [e1.id], 2 => [e1.id, e2.id] }
|
|
end
|
|
|
|
expect(permissions.variant_override_producers).to match_array [e1, e2]
|
|
end
|
|
end
|
|
|
|
describe "finding enterprises for which variant overrides can be created, for each hub" do
|
|
let!(:hub) { create(:distributor_enterprise) }
|
|
let!(:producer) { create(:supplier_enterprise) }
|
|
let!(:er) {
|
|
create(:enterprise_relationship, parent: producer, child: hub,
|
|
permissions_list: [:create_variant_overrides])
|
|
}
|
|
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: hub.id) }
|
|
allow(permissions).to receive(:admin?) { false }
|
|
end
|
|
|
|
it "returns enterprises as hub_id => [producer, ...]" do
|
|
expect(permissions.variant_override_enterprises_per_hub).to eq(
|
|
hub.id => [producer.id]
|
|
)
|
|
end
|
|
|
|
it "returns only permissions relating to managed hubs" do
|
|
create(:enterprise_relationship, parent: e1, child: e2,
|
|
permissions_list: [:create_variant_overrides])
|
|
|
|
expect(permissions.variant_override_enterprises_per_hub).to eq(
|
|
hub.id => [producer.id]
|
|
)
|
|
end
|
|
|
|
it "returns only create_variant_overrides permissions" do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: [hub, e2]) }
|
|
create(:enterprise_relationship, parent: e1, child: e2,
|
|
permissions_list: [:manage_products])
|
|
|
|
expect(permissions.variant_override_enterprises_per_hub).to eq(
|
|
hub.id => [producer.id]
|
|
)
|
|
end
|
|
|
|
describe "hubs connected to the user by relationships only" do
|
|
let!(:producer_managed) { create(:supplier_enterprise) }
|
|
let!(:er_oc) {
|
|
create(:enterprise_relationship, parent: hub, child: producer_managed,
|
|
permissions_list: [:add_to_order_cycle, :create_variant_overrides])
|
|
}
|
|
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: producer_managed.id) }
|
|
end
|
|
|
|
it "does not allow the user to create variant overrides for the hub" do
|
|
expect(permissions.variant_override_enterprises_per_hub).to eq({})
|
|
end
|
|
end
|
|
|
|
it "does not return managed producers (ie. only uses explicitly granted VO permissions)" do
|
|
producer2 = create(:supplier_enterprise)
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: [hub, producer2]) }
|
|
|
|
expect(permissions.variant_override_enterprises_per_hub[hub.id]).to_not include producer2.id
|
|
end
|
|
|
|
it "returns itself if self is also a primary producer (even when no explicit permission exists)" do
|
|
hub.update_attribute(:is_primary_producer, true)
|
|
|
|
expect(permissions.variant_override_enterprises_per_hub[hub.id]).to include hub.id
|
|
end
|
|
end
|
|
|
|
describe "finding editable products" do
|
|
let!(:p1) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
|
|
let!(:p2) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
|
|
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where('1=0') }
|
|
allow(permissions).to receive(:related_enterprises_granting).with(:manage_products) { Enterprise.where("1=0").select(:id) }
|
|
end
|
|
|
|
it "returns products produced by managed enterprises" do
|
|
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where(id: p1) }
|
|
expect(permissions.editable_products).to eq([p1])
|
|
end
|
|
|
|
it "returns products produced by permitted enterprises" do
|
|
allow(permissions).to receive(:related_enterprises_granting).
|
|
with(:manage_products) { Enterprise.where(id: p2.supplier).select(:id) }
|
|
expect(permissions.editable_products).to eq([p2])
|
|
end
|
|
end
|
|
|
|
describe "finding visible products" do
|
|
let!(:p1) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
|
|
let!(:p2) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
|
|
let!(:p3) { create(:simple_product, supplier: create(:supplier_enterprise) ) }
|
|
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where("1=0") }
|
|
allow(permissions).to receive(:related_enterprises_granting).with(:manage_products) { Enterprise.where("1=0").select(:id) }
|
|
allow(permissions).to receive(:related_enterprises_granting).with(:add_to_order_cycle) { Enterprise.where("1=0").select(:id) }
|
|
end
|
|
|
|
it "returns products produced by managed enterprises" do
|
|
allow(permissions).to receive(:managed_enterprise_products) { Spree::Product.where(id: p1) }
|
|
expect(permissions.visible_products).to eq([p1])
|
|
end
|
|
|
|
it "returns products produced by enterprises that have granted manage products" do
|
|
allow(permissions).to receive(:related_enterprises_granting).
|
|
with(:manage_products) { Enterprise.where(id: p2.supplier).select(:id) }
|
|
expect(permissions.visible_products).to eq([p2])
|
|
end
|
|
|
|
it "returns products produced by enterprises that have granted P-OC" do
|
|
allow(permissions).to receive(:related_enterprises_granting).
|
|
with(:add_to_order_cycle) { Enterprise.where(id: p3.supplier).select(:id) }
|
|
expect(permissions.visible_products).to eq([p3])
|
|
end
|
|
end
|
|
|
|
describe "finding enterprises that we manage products for" do
|
|
let(:e) { double(:enterprise) }
|
|
|
|
it "returns managed and related enterprises with manage_products permission" do
|
|
expect(permissions).
|
|
to receive(:managed_and_related_enterprises_granting).
|
|
with(:manage_products).
|
|
and_return([e])
|
|
|
|
expect(permissions.managed_product_enterprises).to eq([e])
|
|
end
|
|
end
|
|
|
|
########################################
|
|
|
|
describe "finding related enterprises with a particular permission" do
|
|
let!(:er) { create(:enterprise_relationship, parent: e1, child: e2, permissions_list: [permission]) }
|
|
|
|
it "returns the enterprises" do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e2) }
|
|
expect(permissions.send(:related_enterprises_granting, permission)).to eq([e1])
|
|
end
|
|
|
|
it "returns an empty array when there are none" do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e1) }
|
|
expect(permissions.send(:related_enterprises_granting, permission)).to eq([])
|
|
end
|
|
end
|
|
|
|
describe "finding enterprises that are managed or with a particular permission" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where('1=0') }
|
|
allow(permissions).to receive(:related_enterprises_granting) { Enterprise.where('1=0').select(:id) }
|
|
allow(permissions).to receive(:admin?) { false }
|
|
end
|
|
|
|
it "returns managed enterprises" do
|
|
expect(permissions).to receive(:managed_enterprises) { Enterprise.where(id: e1) }
|
|
expect(permissions.send(:managed_and_related_enterprises_granting, permission)).to eq([e1])
|
|
end
|
|
|
|
it "returns permitted enterprises" do
|
|
expect(permissions).to receive(:related_enterprises_granting).with(permission).
|
|
and_return(Enterprise.where(id: e2).select(:id))
|
|
expect(permissions.send(:managed_and_related_enterprises_granting, permission)).to eq([e2])
|
|
end
|
|
end
|
|
|
|
describe "finding orders that are visible in reports" do
|
|
let(:distributor) { create(:distributor_enterprise) }
|
|
let(:coordinator) { create(:distributor_enterprise) }
|
|
let(:random_enterprise) { create(:distributor_enterprise) }
|
|
let(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor]) }
|
|
let(:order) { create(:order, order_cycle: order_cycle, distributor: distributor ) }
|
|
let!(:line_item) { create(:line_item, order: order) }
|
|
let!(:producer) { create(:supplier_enterprise) }
|
|
|
|
before do
|
|
allow(permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") }
|
|
end
|
|
|
|
context "as the hub through which the order was placed" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: distributor) }
|
|
end
|
|
|
|
it "should let me see the order" do
|
|
expect(permissions.visible_orders).to include order
|
|
end
|
|
end
|
|
|
|
context "as the coordinator of the order cycle through which the order was placed" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: coordinator) }
|
|
allow(permissions).to receive(:coordinated_order_cycles) { OrderCycle.where(id: order_cycle) }
|
|
end
|
|
|
|
it "should let me see the order" do
|
|
expect(permissions.visible_orders).to include order
|
|
end
|
|
end
|
|
|
|
context "as a producer which has granted P-OC to the distributor of an order" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: producer) }
|
|
create(:enterprise_relationship, parent: producer, child: distributor, permissions_list: [:add_to_order_cycle])
|
|
end
|
|
|
|
context "which contains my products" do
|
|
before do
|
|
line_item.product.supplier = producer
|
|
line_item.product.save
|
|
end
|
|
|
|
it "should let me see the order" do
|
|
expect(permissions.visible_orders).to include order
|
|
end
|
|
end
|
|
|
|
context "which does not contain my products" do
|
|
it "should not let me see the order" do
|
|
expect(permissions.visible_orders).to_not include order
|
|
end
|
|
end
|
|
end
|
|
|
|
context "as an enterprise that is a distributor in the order cycle, but not the distributor of the order" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: random_enterprise) }
|
|
end
|
|
|
|
it "should not let me see the order" do
|
|
expect(permissions.visible_orders).to_not include order
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "finding line items that are visible in reports" do
|
|
let(:distributor) { create(:distributor_enterprise) }
|
|
let(:coordinator) { create(:distributor_enterprise) }
|
|
let(:random_enterprise) { create(:distributor_enterprise) }
|
|
let(:order_cycle) { create(:simple_order_cycle, coordinator: coordinator, distributors: [distributor]) }
|
|
let(:order) { create(:order, order_cycle: order_cycle, distributor: distributor ) }
|
|
let!(:line_item1) { create(:line_item, order: order) }
|
|
let!(:line_item2) { create(:line_item, order: order) }
|
|
let!(:producer) { create(:supplier_enterprise) }
|
|
|
|
before do
|
|
allow(permissions).to receive(:coordinated_order_cycles) { Enterprise.where("1=0") }
|
|
end
|
|
|
|
context "as the hub through which the parent order was placed" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: distributor) }
|
|
end
|
|
|
|
it "should let me see the line_items" do
|
|
expect(permissions.visible_line_items).to include line_item1, line_item2
|
|
end
|
|
end
|
|
|
|
context "as the coordinator of the order cycle through which the parent order was placed" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: coordinator) }
|
|
allow(permissions).to receive(:coordinated_order_cycles) { OrderCycle.where(id: order_cycle) }
|
|
end
|
|
|
|
it "should let me see the line_items" do
|
|
expect(permissions.visible_line_items).to include line_item1, line_item2
|
|
end
|
|
end
|
|
|
|
context "as the manager producer which has granted P-OC to the distributor of the parent order" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: producer) }
|
|
create(:enterprise_relationship, parent: producer, child: distributor, permissions_list: [:add_to_order_cycle])
|
|
|
|
line_item1.product.supplier = producer
|
|
line_item1.product.save
|
|
end
|
|
|
|
it "should let me see the line_items pertaining to variants I produce" do
|
|
ps = permissions.visible_line_items
|
|
expect(ps).to include line_item1
|
|
expect(ps).to_not include line_item2
|
|
end
|
|
end
|
|
|
|
context "as an enterprise that is a distributor in the order cycle, but not the distributor of the parent order" do
|
|
before do
|
|
allow(permissions).to receive(:managed_enterprises) { Enterprise.where(id: random_enterprise) }
|
|
end
|
|
|
|
it "should not let me see the line_items" do
|
|
expect(permissions.visible_line_items).to_not include line_item1, line_item2
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "finding visible subscriptions" do
|
|
let!(:so1) { create(:subscription) }
|
|
let!(:so2) { create(:subscription) }
|
|
|
|
it "returns subscriptions placed with managed shops" do
|
|
expect(permissions).to receive(:managed_enterprises) { [so1.shop] }
|
|
|
|
expect(permissions.visible_subscriptions).to eq [so1]
|
|
end
|
|
end
|
|
end
|
|
end
|