diff options
author | Alessandro Desantis <desa.alessandro@gmail.com> | 2020-10-07 16:28:34 +0200 |
---|---|---|
committer | Alessandro Desantis <desa.alessandro@gmail.com> | 2020-10-07 16:33:44 +0200 |
commit | ae1b46fe30793cecb13a8591e9d753ada9f89039 (patch) | |
tree | 693299715c4e98ed7c626e218d39d363960421b4 | |
parent | fb0777566944c9deef6cbacd7a7eac335838746a (diff) |
Migrate ability to permission sets
Custom abilities are deprecated in favor of the new permission sets
API.
-rw-r--r-- | config/initializers/permission_sets.rb | 7 | ||||
-rw-r--r-- | lib/solidus_subscriptions.rb | 2 | ||||
-rw-r--r-- | lib/solidus_subscriptions/ability.rb | 19 | ||||
-rw-r--r-- | lib/solidus_subscriptions/engine.rb | 6 | ||||
-rw-r--r-- | lib/solidus_subscriptions/permission_sets/subscription_management.rb | 18 | ||||
-rw-r--r-- | spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb | 70 | ||||
-rw-r--r-- | spec/support/cancancan.rb | 1 |
7 files changed, 97 insertions, 26 deletions
diff --git a/config/initializers/permission_sets.rb b/config/initializers/permission_sets.rb new file mode 100644 index 0000000..b4acf71 --- /dev/null +++ b/config/initializers/permission_sets.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +Spree.config do |config| + config.roles.assign_permissions :default, %w[ + SolidusSubscriptions::PermissionSets::SubscriptionManagement + ] +end diff --git a/lib/solidus_subscriptions.rb b/lib/solidus_subscriptions.rb index a6b2edf..21a9b40 100644 --- a/lib/solidus_subscriptions.rb +++ b/lib/solidus_subscriptions.rb @@ -7,7 +7,7 @@ require 'deface' require 'state_machines' require 'solidus_subscriptions/configuration' -require 'solidus_subscriptions/ability' +require 'solidus_subscriptions/permission_sets/subscription_management' require 'solidus_subscriptions/version' require 'solidus_subscriptions/engine' diff --git a/lib/solidus_subscriptions/ability.rb b/lib/solidus_subscriptions/ability.rb deleted file mode 100644 index 55b6344..0000000 --- a/lib/solidus_subscriptions/ability.rb +++ /dev/null @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -module SolidusSubscriptions - class Ability - include CanCan::Ability - - def initialize(user) - if user.has_spree_role?('admin') - can(:manage, LineItem) - can(:manage, Subscription) - else - can([:index, :show, :create, :update, :destroy, :skip, :cancel], Subscription, user_id: user.id) - can([:index, :show, :create, :update, :destroy], LineItem) do |line_item, order| - line_item.order.user == user || line_item.order == order - end - end - end - end -end diff --git a/lib/solidus_subscriptions/engine.rb b/lib/solidus_subscriptions/engine.rb index ad43db3..c45ecfc 100644 --- a/lib/solidus_subscriptions/engine.rb +++ b/lib/solidus_subscriptions/engine.rb @@ -47,12 +47,6 @@ module SolidusSubscriptions ) end end - - def self.activate - ::Spree::Ability.register_ability(SolidusSubscriptions::Ability) - end - - config.to_prepare(&method(:activate).to_proc) end def self.table_name_prefix diff --git a/lib/solidus_subscriptions/permission_sets/subscription_management.rb b/lib/solidus_subscriptions/permission_sets/subscription_management.rb new file mode 100644 index 0000000..8f5edfb --- /dev/null +++ b/lib/solidus_subscriptions/permission_sets/subscription_management.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +module SolidusSubscriptions + module PermissionSets + class SubscriptionManagement < ::Spree::PermissionSets::Base + def activate! + can :manage, Subscription do |subscription| + subscription.user == user + end + + can :manage, LineItem do |line_item, order| + (line_item.order && line_item.order == order) || + (line_item.order&.user && line_item.order.user == user) + end + end + end + end +end diff --git a/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb new file mode 100644 index 0000000..779fc9b --- /dev/null +++ b/spec/lib/solidus_subscriptions/permission_sets/subscription_management_spec.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +RSpec.describe SolidusSubscriptions::PermissionSets::SubscriptionManagement do + it 'is allowed to manage their subscriptions' do + user = create(:user) + subscription = create(:subscription, user: user) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, subscription) + end + + it "is allowed to manage someone else's subscriptions" do + user = create(:user) + subscription = create(:subscription) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, subscription) + end + + it 'is allowed to manage line items on their orders' do + user = create(:user) + order = create(:order, user: user) + line_item = create( + :subscription_line_item, + spree_line_item: create(:line_item, order: create(:order, user: user)), + ) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, line_item, order) + end + + it 'is allowed to manage line items on the given order' do + user = create(:user) + order = create(:order, user: user) + line_item = create( + :subscription_line_item, + spree_line_item: create(:line_item, order: order), + ) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).to be_able_to(:manage, line_item, order) + end + + it "is not allowed to manage line items on someone else's orders" do + user = create(:user) + order = create(:order) + line_item = create( + :subscription_line_item, + spree_line_item: create(:line_item), + ) + + ability = Spree::Ability.new(user) + permission_set = described_class.new(ability) + permission_set.activate! + + expect(ability).not_to be_able_to(:manage, line_item, order) + end +end diff --git a/spec/support/cancancan.rb b/spec/support/cancancan.rb new file mode 100644 index 0000000..7fdda0c --- /dev/null +++ b/spec/support/cancancan.rb @@ -0,0 +1 @@ +require 'cancan/matchers' |