Merge pull request openfoodfoundation#14022 from rioug/14014-manual-credit-customer-authorization

[Payment with Credit] Fix manual crediting customer

Author: mkllnk

app/models/spree/ability.rb

@@ -315,7 +315,8 @@ def add_order_management_abilities(user)
 
       can [:create], Spree::Order
 
-      can [:read, :update], Spree::Order do |order|
+      # Spree::Admin::PaymentController need to load the order to credit_customer
+      can [:read, :update, :credit_customer], Spree::Order do |order|
         # We allow editing orders with a nil distributor as this state occurs
         # during the order creation process from the admin backend
         order.distributor.nil? ||
@@ -367,7 +368,7 @@ def add_order_management_abilities(user)
           can_edit_as_producer(shipment.order, user)
       end
 
-      can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::Payment
+      can [:admin, :index, :read, :create, :edit, :update, :fire, :credit_customer], Spree::Payment
       can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::Adjustment
       can [:admin, :index, :read, :create, :edit, :update, :fire], Spree::ReturnAuthorization
       can [:destroy], Spree::Adjustment do |adjustment|

spec/models/spree/ability_spec.rb

@@ -634,6 +634,11 @@
                                     for: Spree::Payment)
       end
 
+      it "is able to credit a customer" do
+        is_expected.to have_ability([:credit_customer], for: Spree::Order)
+        is_expected.to have_ability([:credit_customer], for: Spree::Payment)
+      end
+
       it "should be able to read/write Shipments on a product" do
         is_expected.to have_ability([:admin, :index, :read, :create, :edit, :update, :fire],
                                     for: Spree::Shipment)
@@ -697,6 +702,10 @@
         is_expected.to have_ability([:admin, :index, :update], for: Customer)
       end
 
+      it "is able to read/write customer account transaction" do
+        is_expected.to have_ability([:admin, :index, :create], for: CustomerAccountTransaction)
+      end
+
       context "for a given order_cycle" do
         let!(:order_cycle) { create(:simple_order_cycle, coordinator: d2) }
         let!(:exchange){

spec/requests/spree/admin/payments_spec.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 RSpec.describe Spree::Admin::PaymentsController do
-  let(:user) { order.user }
   let(:order) { create(:completed_order_with_fees) }
+  let(:user) { create(:enterprise_user, enterprises: [order.distributor]) }
 
   before do
-    sign_in create(:admin_user)
+    sign_in user
   end
 
   describe "POST /admin/orders/:order_number/payments.json" do
@@ -369,8 +369,6 @@
 
     before do
       allow(customer_credit_service_mock).to receive(:apply)
-      # order setup will call Orders::CustomerCreditService once
-      expect(Orders::CustomerCreditService).to receive(:new).and_call_original
       expect(Orders::CustomerCreditService).to receive(:new).and_return(
         customer_credit_service_mock
       )