Add a permission set for administrators

author: Alessandro Desantis <desa.alessandro@gmail.com> 2020-10-09 09:50:03 +0200
committer: Alessandro Desantis <desa.alessandro@gmail.com> 2020-10-09 09:50:03 +0200
commit: 811e7df206c304987b3ce4984ea6840f1fa78440 (patch)
tree: a3c31a1ba2bb3e52de34cfa1327a6605ab0f8858
parent: f55ce37d3d28d7c18b8458b657431bb7c07ac4a1 (diff)
6 files changed, 136 insertions, 93 deletions
diff --git a/config/initializers/permission_sets.rb b/config/initializers/permission_sets.rb
index b4acf71..047f062 100644
--- a/config/initializers/permission_sets.rb
+++ b/config/initializers/permission_sets.rb
@@ -2,6 +2,10 @@
 
 Spree.config do |config|
   config.roles.assign_permissions :default, %w[
+    SolidusSubscriptions::PermissionSets::DefaultCustomer
+  ]
+
+  config.roles.assign_permissions :admin, %w[
     SolidusSubscriptions::PermissionSets::SubscriptionManagement
   ]
 end
diff --git a/lib/solidus_subscriptions.rb b/lib/solidus_subscriptions.rb
index 21a9b40..039b172 100644
--- a/lib/solidus_subscriptions.rb
+++ b/lib/solidus_subscriptions.rb
@@ -7,6 +7,7 @@ require 'deface'
 require 'state_machines'
 
 require 'solidus_subscriptions/configuration'
+require 'solidus_subscriptions/permission_sets/default_customer'
 require 'solidus_subscriptions/permission_sets/subscription_management'
 require 'solidus_subscriptions/version'
 require 'solidus_subscriptions/engine'
diff --git a/lib/solidus_subscriptions/permission_sets/default_customer.rb b/lib/solidus_subscriptions/permission_sets/default_customer.rb
new file mode 100644
index 0000000..156a5e1
--- /dev/null
+++ b/lib/solidus_subscriptions/permission_sets/default_customer.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module SolidusSubscriptions
+  module PermissionSets
+    class DefaultCustomer < ::Spree::PermissionSets::Base
+      def activate!
+        can :manage, Subscription, Subscription.where(user: user) do |subscription, guest_token|
+          (subscription.guest_token.present? && subscription.guest_token == guest_token) ||
+            (subscription.user && subscription.user == user)
+        end
+
+        can :manage, LineItem do |line_item, guest_token|
+          (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) ||
+            (line_item.subscription&.user && line_item.subscription.user == user)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/solidus_subscriptions/permission_sets/subscription_management.rb b/lib/solidus_subscriptions/permission_sets/subscription_management.rb
index 9077ab9..f96ed53 100644
--- a/lib/solidus_subscriptions/permission_sets/subscription_management.rb
+++ b/lib/solidus_subscriptions/permission_sets/subscription_management.rb
@@ -4,15 +4,8 @@ module SolidusSubscriptions
   module PermissionSets
     class SubscriptionManagement < ::Spree::PermissionSets::Base
       def activate!
-        can :manage, Subscription, Subscription.where(user: user) do |subscription, guest_token|
-          (subscription.guest_token.present? && subscription.guest_token == guest_token) ||
-            (subscription.user && subscription.user == user)
-        end
-
-        can :manage, LineItem do |line_item, guest_token|
-          (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) ||
-            (line_item.subscription&.user && line_item.subscription.user == user)
-        end
+        can :manage, Subscription
+        can :manage, LineItem
       end
     end
   end
diff --git a/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb
new file mode 100644
index 0000000..222f260
--- /dev/null
+++ b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb
@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do
+  context 'when the user is authenticated' do
+    it 'is allowed to manage their subscriptions' do
+      user = create(:user)
+      subscription = create(:subscription, user: user)
+
+      ability = Spree::Ability.new(user)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).to be_able_to(:manage, subscription)
+    end
+
+    it "is allowed to manage someone else's subscriptions" do
+      user = create(:user)
+      subscription = create(:subscription)
+
+      ability = Spree::Ability.new(user)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).not_to be_able_to(:manage, subscription)
+    end
+
+    it 'is allowed to manage line items on their subscriptions' do
+      user = create(:user)
+      subscription = create(:subscription, user: user)
+      line_item = create(:subscription_line_item, subscription: subscription)
+
+      ability = Spree::Ability.new(user)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).to be_able_to(:manage, line_item)
+    end
+
+    it "is not allowed to manage line items on someone else's subscriptions" do
+      user = create(:user)
+      subscription = create(:subscription)
+      line_item = create(:subscription_line_item, subscription: subscription)
+
+      ability = Spree::Ability.new(user)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).not_to be_able_to(:manage, line_item)
+    end
+  end
+
+  context 'when the user provides a guest token' do
+    it 'is allowed to manage their subscriptions' do
+      subscription = create(:subscription)
+
+      ability = Spree::Ability.new(nil)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).to be_able_to(:manage, subscription, subscription.guest_token)
+    end
+
+    it "is allowed to manage someone else's subscriptions" do
+      subscription = create(:subscription)
+
+      ability = Spree::Ability.new(nil)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).not_to be_able_to(:manage, subscription, 'invalid')
+    end
+
+    it 'is allowed to manage line items on their subscriptions' do
+      subscription = create(:subscription)
+      line_item = create(:subscription_line_item, subscription: subscription)
+
+      ability = Spree::Ability.new(nil)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).to be_able_to(:manage, line_item, subscription.guest_token)
+    end
+
+    it "is not allowed to manage line items on someone else's subscriptions" do
+      subscription = create(:subscription)
+      line_item = create(:subscription_line_item, subscription: subscription)
+
+      ability = Spree::Ability.new(nil)
+      permission_set = described_class.new(ability)
+      permission_set.activate!
+
+      expect(ability).not_to be_able_to(:manage, line_item, 'invalid')
+    end
+  end
+end
diff --git a/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb
index 7079c8a..816f83e 100644
--- a/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb
+++ b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb
@@ -1,95 +1,26 @@
 # frozen_string_literal: true
 
 RSpec.describe SolidusSubscriptions::PermissionSets::SubscriptionManagement do
-  context 'when the user is authenticated' do
-    it 'is allowed to manage their subscriptions' do
-      user = create(:user)
-      subscription = create(:subscription, user: user)
+  it 'is allowed to manage all subscriptions' do
+    user = create(:user)
+    subscription = create(:subscription)
 
-      ability = Spree::Ability.new(user)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
+    ability = Spree::Ability.new(user)
+    permission_set = described_class.new(ability)
+    permission_set.activate!
 
-      expect(ability).to be_able_to(:manage, subscription)
-    end
-
-    it "is allowed to manage someone else's subscriptions" do
-      user = create(:user)
-      subscription = create(:subscription)
-
-      ability = Spree::Ability.new(user)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).not_to be_able_to(:manage, subscription)
-    end
-
-    it 'is allowed to manage line items on their subscriptions' do
-      user = create(:user)
-      subscription = create(:subscription, user: user)
-      line_item = create(:subscription_line_item, subscription: subscription)
-
-      ability = Spree::Ability.new(user)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).to be_able_to(:manage, line_item)
-    end
-
-    it "is not allowed to manage line items on someone else's subscriptions" do
-      user = create(:user)
-      subscription = create(:subscription)
-      line_item = create(:subscription_line_item, subscription: subscription)
-
-      ability = Spree::Ability.new(user)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).not_to be_able_to(:manage, line_item)
-    end
+    expect(ability).to be_able_to(:manage, subscription)
   end
 
-  context 'when the user provides a guest token' do
-    it 'is allowed to manage their subscriptions' do
-      subscription = create(:subscription)
-
-      ability = Spree::Ability.new(nil)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).to be_able_to(:manage, subscription, subscription.guest_token)
-    end
-
-    it "is allowed to manage someone else's subscriptions" do
-      subscription = create(:subscription)
-
-      ability = Spree::Ability.new(nil)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).not_to be_able_to(:manage, subscription, 'invalid')
-    end
-
-    it 'is allowed to manage line items on their subscriptions' do
-      subscription = create(:subscription)
-      line_item = create(:subscription_line_item, subscription: subscription)
-
-      ability = Spree::Ability.new(nil)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
-
-      expect(ability).to be_able_to(:manage, line_item, subscription.guest_token)
-    end
-
-    it "is not allowed to manage line items on someone else's subscriptions" do
-      subscription = create(:subscription)
-      line_item = create(:subscription_line_item, subscription: subscription)
+  it "is allowed to manage all line items" do
+    user = create(:user)
+    subscription = create(:subscription)
+    line_item = create(:subscription_line_item, subscription: subscription)
 
-      ability = Spree::Ability.new(nil)
-      permission_set = described_class.new(ability)
-      permission_set.activate!
+    ability = Spree::Ability.new(user)
+    permission_set = described_class.new(ability)
+    permission_set.activate!
 
-      expect(ability).not_to be_able_to(:manage, line_item, 'invalid')
-    end
+    expect(ability).to be_able_to(:manage, line_item)
   end
 end
author	Alessandro Desantis <desa.alessandro@gmail.com>	2020-10-09 09:50:03 +0200
committer	Alessandro Desantis <desa.alessandro@gmail.com>	2020-10-09 09:50:03 +0200
commit	811e7df206c304987b3ce4984ea6840f1fa78440 (patch)
tree	a3c31a1ba2bb3e52de34cfa1327a6605ab0f8858
parent	f55ce37d3d28d7c18b8458b657431bb7c07ac4a1 (diff)