From 9304c02e54754cdc59e18f0bda4bd1cd26ff6e66 Mon Sep 17 00:00:00 2001 From: Luuk Veenis Date: Fri, 9 Mar 2018 10:56:18 -0800 Subject: [PATCH] Set model_class on admin promotion rules controller If a user has the `PromotionManagement` permission set, they are currently unable to add new promotion rules to promotions. This is happening because the promotion rules controller doesn't inherit from the `ResourceController`, so if it doesn't respond to `:model_class`, it will try to authorize using `controller_name.to_sym` instead of the correct class constant. --- .../spree/admin/promotion_rules_controller.rb | 4 ++ .../admin/promotion_rules_controller_spec.rb | 37 +++++++++++++------ 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/backend/app/controllers/spree/admin/promotion_rules_controller.rb b/backend/app/controllers/spree/admin/promotion_rules_controller.rb index 497b62d0aa0..1f7438f3288 100644 --- a/backend/app/controllers/spree/admin/promotion_rules_controller.rb +++ b/backend/app/controllers/spree/admin/promotion_rules_controller.rb @@ -35,6 +35,10 @@ def load_promotion @promotion = Spree::Promotion.find(params[:promotion_id]) end + def model_class + Spree::PromotionRule + end + def validate_promotion_rule_type requested_type = params[:promotion_rule].delete(:type) promotion_rule_types = Rails.application.config.spree.promotions.rules diff --git a/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb b/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb index 2db34b4a9d5..ee4d2966954 100644 --- a/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb +++ b/backend/spec/controllers/spree/admin/promotion_rules_controller_spec.rb @@ -3,21 +3,34 @@ require 'spec_helper' describe Spree::Admin::PromotionRulesController, type: :controller do - stub_authorization! - let!(:promotion) { create(:promotion) } - it "can create a promotion rule of a valid type" do - post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } } - expect(response).to be_redirect - expect(response).to redirect_to spree.edit_admin_promotion_path(promotion) - expect(promotion.rules.count).to eq(1) + context "when the user is authorized" do + stub_authorization! do |_u| + Spree::PermissionSets::PromotionManagement.new(self).activate! + end + + it "can create a promotion rule of a valid type" do + post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } } + expect(response).to be_redirect + expect(response).to redirect_to spree.edit_admin_promotion_path(promotion) + expect(promotion.rules.count).to eq(1) + end + + it "can not create a promotion rule of an invalid type" do + post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::InvalidType" } } + expect(response).to be_redirect + expect(response).to redirect_to spree.edit_admin_promotion_path(promotion) + expect(promotion.rules.count).to eq(0) + end end - it "can not create a promotion rule of an invalid type" do - post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::InvalidType" } } - expect(response).to be_redirect - expect(response).to redirect_to spree.edit_admin_promotion_path(promotion) - expect(promotion.rules.count).to eq(0) + context "when the user is not authorized" do + it "sets an error message and redirects the user" do + post :create, params: { promotion_id: promotion.id, promotion_rule: { type: "Spree::Promotion::Rules::Product" } } + + expect(flash[:error]).to eq("Authorization Failure") + expect(response).to redirect_to('/unauthorized') + end end end