fix: manager can offer slot to other users

app/assets/javascripts/directives/cart.js.erb

@@ -285,6 +285,20 @@ Application.Directives.directive('cart', [ '$rootScope', '$uibModal', 'dialogs',
           return false;
         };
 
+        /**
+         * Check if the currently logged user has the 'admin' role OR the 'manager' role, but is not taking reseravtion for himself
+         * @returns {boolean}
+         */
+        $scope.isAuthorized = function () {
+          if (AuthService.isAuthorized('admin')) return true;
+
+          if (AuthService.isAuthorized('manager')) {
+            return ($rootScope.currentUser.id !== $scope.user.id);
+          }
+
+          return false;
+        }
+
         /* PRIVATE SCOPE */
 
         /**

app/assets/templates/shared/_cart.html.erb

@@ -16,7 +16,7 @@
       <div class="panel-body">
         <div class="font-sbold text-u-c">{{ 'app.shared.cart.datetime_to_time' | translate:{START_DATETIME:(slot.start | amDateFormat:'LLLL'), END_TIME:(slot.end | amDateFormat:'LT') } }}</div>
         <div class="text-base">{{ 'app.shared.cart.cost_of_TYPE' | translate:{TYPE:reservableType} }} <span ng-class="{'text-blue': !slot.promo, 'red': slot.promo}">{{slot.price | currency}}</span></div>
-        <div ng-show="isAuthorized(['admin', 'manager'])" class="m-t">
+        <div ng-show="isAuthorized()" class="m-t">
           <label for="offerSlot" class="control-label m-r" translate>{{ 'app.shared.cart.offer_this_slot' }}</label>
           <input bs-switch
                  ng-model="slot.offered"

app/controllers/api/prices_controller.rb

@@ -45,7 +45,7 @@ class API::PricesController < API::ApiController
       @amount = { elements: nil, total: 0, before_coupon: 0 }
     else
       reservable = price_parameters[:reservable_type].constantize.find(price_parameters[:reservable_id])
-      @amount = Price.compute(current_user.admin?,
+      @amount = Price.compute(current_user.admin? || (current_user.manager? && current_user.id != user.id),
                               user,
                               reservable,
                               price_parameters[:slots_attributes] || [],

app/controllers/api/reservations_controller.rb

@@ -29,7 +29,7 @@ class API::ReservationsController < API::ApiController
   # Managers can create reservations for other users
   def create
     user_id = current_user.admin? || current_user.manager? ? params[:reservation][:user_id] : current_user.id
-    amount = transaction_amount(current_user.admin?, user_id)
+    amount = transaction_amount(current_user.admin? || (current_user.manager? && current_user.id != user_id), user_id)
 
     authorize ReservationContext.new(Reservation, amount, user_id)
 

app/controllers/api/subscriptions_controller.rb

@@ -14,7 +14,7 @@ class API::SubscriptionsController < API::ApiController
   # Managers can create subscriptions for other users
   def create
     user_id = current_user.admin? || current_user.manager? ? params[:subscription][:user_id] : current_user.id
-    amount = transaction_amount(current_user.admin?, user_id)
+    amount = transaction_amount(current_user.admin? || (current_user.manager? && current_user.id != user_id), user_id)
 
     authorize SubscriptionContext.new(Subscription, amount, user_id)
 

app/models/reservation.rb

@@ -35,7 +35,7 @@ class Reservation < ApplicationRecord
   # Generate an array of {Stripe::InvoiceItem} with the elements in the current reservation, price included.
   # The training/machine price is depending of the member's group, subscription and credits already used
   # @param on_site {Boolean} true if an admin triggered the call
-  # @param coupon_code {String} pass a valid code to appy a coupon
+  # @param coupon_code {String} pass a valid code to apply a coupon
   ##
   def generate_invoice_items(on_site = false, coupon_code = nil)
     # prepare the plan