Merge pull request #4399 from rmparr/fix-user-restricted-stock-manage…

…ment-v3.0 Fix user restricted stock management v3.0
solidusio · Jun 2, 2022 · 018e06a · 018e06a
2 parents a8a7b55 + 28d532c
commit 018e06a
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 1 deletion.
diff --git a/backend/app/views/spree/admin/users/_form.html.erb b/backend/app/views/spree/admin/users/_form.html.erb
@@ -40,6 +40,7 @@
         <%= label_tag nil, plural_resource_name(Spree::StockLocation) %>
         <ul>
           <% if can?(:manage, Spree::UserStockLocation) %>
+            <%= hidden_field_tag('user[stock_location_ids][]', nil) %>
             <% @stock_locations.each do |stock_location| %>
               <li>
                 <label>

diff --git a/backend/spec/controllers/spree/admin/users_controller_spec.rb b/backend/spec/controllers/spree/admin/users_controller_spec.rb
@@ -321,7 +321,7 @@ def user
       end
     end
 
-    context "when the user can manage only some stock locations" do
+    context "when the user can manage only some roles" do
       stub_authorization! do |_user|
         can :manage, Spree.user_class
         can :manage, Spree::Role
@@ -406,6 +406,13 @@ def user
         put :update, params: { id: user.id, user: { stock_location_ids: [location2.id] } }
         expect(user.reload.stock_locations).to eq([location2])
       end
+
+      it "can clear stock locations" do
+        user.stock_locations << Spree::StockLocation.create(name: "my_location")
+        expect {
+          put :update, params: { id: user.id, user: { name: "Bob Bloggs", stock_location_ids: [""] } }
+        }.to change { user.reload.stock_locations.to_a }.to([])
+      end
     end
 
     context "when the user cannot manage stock locations" do

diff --git a/backend/spec/features/admin/users_spec.rb b/backend/spec/features/admin/users_spec.rb
@@ -229,6 +229,41 @@
       expect(page).to have_text 'Account updated'
     end
 
+    context 'when :can_restrict_stock_management is true' do
+      custom_authorization! do |_user|
+        can [:show], Spree::StockLocation
+      end
+
+      before do
+        stub_spree_preferences(Spree::Config, can_restrict_stock_management: true)
+      end
+
+      let!(:stock_location) { create(:stock_location, name: "location_1") }
+
+      it 'can edit user stock locations' do
+        click_link 'Account'
+
+        check 'user_spree_stock_locations_location_1'
+        click_button 'Update'
+        expect(page).to have_text 'Account updated'
+        expect(find_field('user_spree_stock_locations_location_1')).to be_checked
+      end
+
+      it 'can delete user stock locations' do
+        user_a.stock_locations << Spree::StockLocation.create(name: "dummy")
+        click_link 'Account'
+
+        user_a.stock_locations.each do |location|
+          uncheck "user_spree_stock_locations_#{location.name}"
+        end
+
+        click_button 'Update'
+        expect(page).to have_text 'Account updated'
+        expect(find_field('user_spree_stock_locations_dummy')).not_to be_checked
+        expect(user_a.reload.stock_locations).to be_empty
+      end
+    end
+
     context 'without password permissions' do
       custom_authorization! do |_user|
         cannot [:update_password], Spree.user_class