Adds a delete button to the purchase show page, hooked to the existin…

…g destroy action in the Purchase controller. Restricts deletion of a purchase to organization and super admin. (#1646)
rubyforgood · Apr 26, 2020 · f9ba10a · f9ba10a
1 parent 3ffef40
commit f9ba10a
Show file tree

Hide file tree

Showing 4 changed files with 261 additions and 191 deletions.
diff --git a/app/controllers/purchases_controller.rb b/app/controllers/purchases_controller.rb
@@ -1,5 +1,7 @@
 # Provides full CRUD for Purchases, which are a way for Diaperbanks to track inventory that they purchase from vendors
 class PurchasesController < ApplicationController
+  before_action :authorize_admin, only: [:destroy]
+
   def index
     setup_date_range_picker
     @purchases = current_organization.purchases

diff --git a/app/views/purchases/show.html.erb b/app/views/purchases/show.html.erb
@@ -69,6 +69,7 @@
           </div>
           <div class="card-footer">
             <%= edit_button_to edit_purchase_path(@purchase), { text: "Make a correction", size: "md" } %>
+            <%= delete_button_to purchase_path(@purchase), { size: "md", confirm: "Are you sure you want to permanently remove this purchase?" } if current_user.organization_admin? %>
           </div>
         </div>
       </div>

diff --git a/spec/requests/purchases_requests_spec.rb b/spec/requests/purchases_requests_spec.rb
@@ -5,7 +5,7 @@
     { organization_id: @organization.to_param }
   end
 
-  context "While signed in >" do
+  context "While signed in as a user >" do
     before do
       sign_in(@user)
     end
@@ -184,11 +184,47 @@
       end
     end
 
+    describe "DELETE #destroy" do
+      # normal users are not authorized
+      it "redirects to the dashboard" do
+        delete purchase_path(default_params.merge(id: create(:purchase, organization: @organization)))
+        expect(response).to redirect_to(dashboard_path)
+      end
+
+      it "does not delete a purchase" do
+        purchase = create(:purchase, purchased_from: "Google")
+        expect { delete purchase_path(default_params.merge(id: purchase.id)) }.to_not change(Purchase, :count)
+      end
+    end
+  end
+
+  context "While signed in as an organizational admin" do
+    before do
+      sign_in(@organization_admin)
+    end
+
     describe "DELETE #destroy" do
       it "redirects to the index" do
         delete purchase_path(default_params.merge(id: create(:purchase, organization: @organization)))
         expect(response).to redirect_to(purchases_path)
       end
+
+      it "decreases storage location inventory" do
+        purchase = create(:purchase, :with_items, item_quantity: 10)
+        storage_location = purchase.storage_location
+        expect { delete purchase_path(default_params.merge(id: purchase.id)) }.to change { storage_location.size }.by(-10)
+      end
+
+      it "deletes a purchase" do
+        purchase = create(:purchase, purchased_from: "Google")
+        expect { delete purchase_path(default_params.merge(id: purchase.id)) }.to change(Purchase, :count).by(-1)
+      end
+
+      it "displays the proper flash notice" do
+        purchase_id = create(:purchase, purchased_from: "Google").id.to_s
+        delete purchase_path(default_params.merge(id: purchase_id))
+        expect(response).to have_notice "Purchase #{purchase_id} has been removed!"
+      end
     end
   end
-end
+end
-Original file line number
+Diff line change
@@ Expand Up / @@ -69,6 +69,7 @@ @@
               </div>
               <div class="card-footer">
                 <%= edit_button_to edit_purchase_path(@purchase), { text: "Make a correction", size: "md" } %>
+                <%= delete_button_to purchase_path(@purchase), { size: "md", confirm: "Are you sure you want to permanently remove this purchase?" } if current_user.organization_admin? %>
               </div>
             </div>
           </div>
@@ Expand Down @@