diff options
author | Alessandro Desantis <desa.alessandro@gmail.com> | 2020-10-09 09:50:03 +0200 |
---|---|---|
committer | Alessandro Desantis <desa.alessandro@gmail.com> | 2020-10-09 09:50:03 +0200 |
commit | 811e7df206c304987b3ce4984ea6840f1fa78440 (patch) | |
tree | a3c31a1ba2bb3e52de34cfa1327a6605ab0f8858 | |
parent | f55ce37d3d28d7c18b8458b657431bb7c07ac4a1 (diff) |
Add a permission set for administrators
6 files changed, 136 insertions, 93 deletions
diff --git a/config/initializers/permission_sets.rb b/config/initializers/permission_sets.rb index b4acf71..047f062 100644 --- a/config/initializers/permission_sets.rb +++ b/config/initializers/permission_sets.rb @@ -2,6 +2,10 @@ Spree.config do |config| config.roles.assign_permissions :default, %w[ + SolidusSubscriptions::PermissionSets::DefaultCustomer + ] + + config.roles.assign_permissions :admin, %w[ SolidusSubscriptions::PermissionSets::SubscriptionManagement ] end diff --git a/lib/solidus_subscriptions.rb b/lib/solidus_subscriptions.rb index 21a9b40..039b172 100644 --- a/lib/solidus_subscriptions.rb +++ b/lib/solidus_subscriptions.rb @@ -7,6 +7,7 @@ require 'deface' require 'state_machines' require 'solidus_subscriptions/configuration' +require 'solidus_subscriptions/permission_sets/default_customer' require 'solidus_subscriptions/permission_sets/subscription_management' require 'solidus_subscriptions/version' require 'solidus_subscriptions/engine' diff --git a/lib/solidus_subscriptions/permission_sets/default_customer.rb b/lib/solidus_subscriptions/permission_sets/default_customer.rb new file mode 100644 index 0000000..156a5e1 --- /dev/null +++ b/lib/solidus_subscriptions/permission_sets/default_customer.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module SolidusSubscriptions + module PermissionSets + class DefaultCustomer < ::Spree::PermissionSets::Base + def activate! + can :manage, Subscription, Subscription.where(user: user) do |subscription, guest_token| + (subscription.guest_token.present? && subscription.guest_token == guest_token) || + (subscription.user && subscription.user == user) + end + + can :manage, LineItem do |line_item, guest_token| + (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) || + (line_item.subscription&.user && line_item.subscription.user == user) + end + end + end + end +end diff --git a/lib/solidus_subscriptions/permission_sets/subscription_management.rb b/lib/solidus_subscriptions/permission_sets/subscription_management.rb index 9077ab9..f96ed53 100644 --- a/lib/solidus_subscriptions/permission_sets/subscription_management.rb +++ b/lib/solidus_subscriptions/permission_sets/subscription_management.rb @@ -4,15 +4,8 @@ module SolidusSubscriptions module PermissionSets class SubscriptionManagement < ::Spree::PermissionSets::Base def activate! - can :manage, Subscription, Subscription.where(user: user) do |subscription, guest_token| - (subscription.guest_token.present? && subscription.guest_token == guest_token) || - (subscription.user && subscription.user == user) - end - - can :manage, LineItem do |line_item, guest_token| - (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) || - (line_item.subscription&.user && line_item.subscription.user == user) - end + can :manage, Subscription + can :manage, LineItem end end end diff --git a/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb new file mode 100644 index 0000000..222f260 --- /dev/null +++ b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do + context 'when the user is authenticated' do + it 'is allowed to manage their subscriptions' do + user = create(:user) + subscription = create(:subscription, user: user) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, subscription) + end + + it "is allowed to manage someone else's subscriptions" do + user = create(:user) + subscription = create(:subscription) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, subscription) + end + + it 'is allowed to manage line items on their subscriptions' do + user = create(:user) + subscription = create(:subscription, user: user) + line_item = create(:subscription_line_item, subscription: subscription) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, line_item) + end + + it "is not allowed to manage line items on someone else's subscriptions" do + user = create(:user) + subscription = create(:subscription) + line_item = create(:subscription_line_item, subscription: subscription) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, line_item) + end + end + + context 'when the user provides a guest token' do + it 'is allowed to manage their subscriptions' do + subscription = create(:subscription) + + ability = Spree::Ability.new(nil) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, subscription, subscription.guest_token) + end + + it "is allowed to manage someone else's subscriptions" do + subscription = create(:subscription) + + ability = Spree::Ability.new(nil) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, subscription, 'invalid') + end + + it 'is allowed to manage line items on their subscriptions' do + subscription = create(:subscription) + line_item = create(:subscription_line_item, subscription: subscription) + + ability = Spree::Ability.new(nil) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, line_item, subscription.guest_token) + end + + it "is not allowed to manage line items on someone else's subscriptions" do + subscription = create(:subscription) + line_item = create(:subscription_line_item, subscription: subscription) + + ability = Spree::Ability.new(nil) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, line_item, 'invalid') + end + end +end diff --git a/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb index 7079c8a..816f83e 100644 --- a/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb +++ b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb @@ -1,95 +1,26 @@ # frozen_string_literal: true RSpec.describe SolidusSubscriptions::PermissionSets::SubscriptionManagement do - context 'when the user is authenticated' do - it 'is allowed to manage their subscriptions' do - user = create(:user) - subscription = create(:subscription, user: user) + it 'is allowed to manage all subscriptions' do + user = create(:user) + subscription = create(:subscription) - ability = Spree::Ability.new(user) - permission_set = described_class.new(ability) - permission_set.activate! + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! - expect(ability).to be_able_to(:manage, subscription) - end - - it "is allowed to manage someone else's subscriptions" do - user = create(:user) - subscription = create(:subscription) - - ability = Spree::Ability.new(user) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).not_to be_able_to(:manage, subscription) - end - - it 'is allowed to manage line items on their subscriptions' do - user = create(:user) - subscription = create(:subscription, user: user) - line_item = create(:subscription_line_item, subscription: subscription) - - ability = Spree::Ability.new(user) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).to be_able_to(:manage, line_item) - end - - it "is not allowed to manage line items on someone else's subscriptions" do - user = create(:user) - subscription = create(:subscription) - line_item = create(:subscription_line_item, subscription: subscription) - - ability = Spree::Ability.new(user) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).not_to be_able_to(:manage, line_item) - end + expect(ability).to be_able_to(:manage, subscription) end - context 'when the user provides a guest token' do - it 'is allowed to manage their subscriptions' do - subscription = create(:subscription) - - ability = Spree::Ability.new(nil) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).to be_able_to(:manage, subscription, subscription.guest_token) - end - - it "is allowed to manage someone else's subscriptions" do - subscription = create(:subscription) - - ability = Spree::Ability.new(nil) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).not_to be_able_to(:manage, subscription, 'invalid') - end - - it 'is allowed to manage line items on their subscriptions' do - subscription = create(:subscription) - line_item = create(:subscription_line_item, subscription: subscription) - - ability = Spree::Ability.new(nil) - permission_set = described_class.new(ability) - permission_set.activate! - - expect(ability).to be_able_to(:manage, line_item, subscription.guest_token) - end - - it "is not allowed to manage line items on someone else's subscriptions" do - subscription = create(:subscription) - line_item = create(:subscription_line_item, subscription: subscription) + it "is allowed to manage all line items" do + user = create(:user) + subscription = create(:subscription) + line_item = create(:subscription_line_item, subscription: subscription) - ability = Spree::Ability.new(nil) - permission_set = described_class.new(ability) - permission_set.activate! + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! - expect(ability).not_to be_able_to(:manage, line_item, 'invalid') - end + expect(ability).to be_able_to(:manage, line_item) end end |