raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-01-25 20:46:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cdfaf4fc92b4a4594de97d03e4ef47c9eeae6b20
openfoodnetwork/spec/models/spree/ability_spec.rb

193 lines
7.1 KiB
Ruby
Raw Blame History

require 'spec_helper'
require "cancan/matchers"
require 'support/cancan_helper'
module Spree
describe User do
describe 'Roles' do
# create enterprises
let(:s1) { create(:supplier_enterprise) }
let(:s2) { create(:supplier_enterprise) }
let(:d1) { create(:distributor_enterprise) }
let(:d2) { create(:distributor_enterprise) }
let(:p1) { create(:product, supplier: s1, distributors:[d1, d2]) }
let(:p2) { create(:product, supplier: s2, distributors:[d1, d2]) }
subject { user }
let(:user) { nil }
context "when is a supplier enterprise user" do
# create supplier_enterprise1 user without full admin access
let(:user) do
user = create(:user)
user.spree_roles = []
s1.enterprise_roles.build(user: user).save
user
end
let(:order) {create(:order)}
it "should be able to read/write their enterprises' products" do
should have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p1)
end
it "should not be able to read/write other enterprises' products" do
should_not have_ability([:admin, :read, :update, :product_distributions, :bulk_edit, :bulk_update, :clone, :destroy], for: p2)
end
it "should be able to create a new product" do
should have_ability(:create, for: Spree::Product)
end
it "should be able to read/write their enterprises' product variants" do
should have_ability([:admin, :index, :read, :create, :edit, :search, :update, :destroy], for: Spree::Variant)
end
it "should be able to read/write their enterprises' product properties" do
should have_ability([:admin, :index, :read, :create, :edit, :update_positions, :destroy], for: Spree::ProductProperty)
end
it "should be able to read/write their enterprises' product images" do
should have_ability([:admin, :index, :read, :create, :edit, :update, :destroy], for: Spree::Image)
end
it "should be able to read Taxons (in order to create classifications)" do
should have_ability([:admin, :index, :read, :search], for: Spree::Taxon)
end
it "should be able to read/write Classifications on a product" do
should have_ability([:admin, :index, :read, :create, :edit], for: Spree::Classification)
end
end
context "when is a distributor enterprise user" do
# create distributor_enterprise1 user without full admin access
let (:user) do
user = create(:user)
user.spree_roles = []
d1.enterprise_roles.build(user: user).save
user
end
# create order for each enterprise
let(:o1) do
o = create(:order, distributor: d1, bill_address: create(:address))
create(:line_item, order: o, product: p1)
o
end
let(:o2) do
o = create(:order, distributor: d2, bill_address: create(:address))
create(:line_item, order: o, product: p1)
o
end
let(:o3) do
o = create(:order, distributor: nil, bill_address: create(:address))
create(:line_item, order: o, product: p1)
o
end
it "should be able to read/write their enterprises' orders" do
should have_ability([:admin, :index, :read, :edit], for: o1)
end
it "should not be able to read/write other enterprises' orders" do
should_not have_ability([:admin, :index, :read, :edit], for: o2)
end
it "should be able to read/write orders that are in the process of being created" do
should have_ability([:admin, :index, :read, :edit], for: o3)
end
it "should be able to create and search on nil (required for creating an order)" do
should have_ability([:create, :search], for: nil)
end
it "should be able to create a new order" do
should have_ability([:admin, :index, :read, :create, :update], for: Spree::Order)
end
it "should be able to create a new line item" do
should have_ability([:admin, :create], for: Spree::LineItem)
end
it "should be able to read/write Payments on a product" do
should have_ability([:admin, :index, :read, :create, :edit, :update, :fire], for: Spree::Payment)
end
it "should be able to read/write Shipments on a product" do
should have_ability([:admin, :index, :read, :create, :edit, :update, :fire], for: Spree::Shipment)
end
it "should be able to read/write Adjustments on a product" do
should have_ability([:admin, :index, :read, :create, :edit, :update, :fire], for: Spree::Adjustment)
end
it "should be able to read/write ReturnAuthorizations on a product" do
should have_ability([:admin, :index, :read, :create, :edit, :update, :fire], for: Spree::ReturnAuthorization)
end
it "should be able to read/write PaymentMethods" do
should have_ability([:admin, :index, :create, :update, :destroy], for: Spree::PaymentMethod)
end
it "should be able to read/write ShippingMethods" do
should have_ability([:admin, :index, :create, :update, :destroy], for: Spree::ShippingMethod)
end
end
context 'Order Cycle co-ordinator' do
let (:user) do
user = create(:user)
user.spree_roles = []
s1.enterprise_roles.build(user: user).save
user
end
let(:oc1) { create(:simple_order_cycle, {coordinator: s1}) }
let(:oc2) { create(:simple_order_cycle) }
it "should be able to read/write OrderCycles they are the co-ordinator of" do
should have_ability([:admin, :index, :read, :edit, :update, :clone], for: oc1)
end
it "should not be able to read/write OrderCycles they are not the co-ordinator of" do
should_not have_ability([:admin, :index, :read, :create, :edit, :update, :clone], for: oc2)
end
it "should be able to create OrderCycles" do
should have_ability([:create], for: OrderCycle)
end
it "should be able to read/write EnterpriseFees" do
should have_ability([:admin, :index, :read, :create, :edit, :bulk_update, :destroy], for: EnterpriseFee)
end
end
context 'Enterprise manager' do
let (:user) do
user = create(:user)
user.spree_roles = []
s1.enterprise_roles.build(user: user).save
user
end
it 'should have the ability to read and edit enterprises that I manage' do
should have_ability([:read, :edit, :update, :bulk_update], for: s1)
end
it 'should not have the ability to read and edit enterprises that I do not manage' do
should_not have_ability([:read, :edit, :update, :bulk_update], for: s2)
end
it 'should have the ability administrate and create enterpises' do
should have_ability([:admin, :index, :create], for: Enterprise)
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink