diff options
| author | Sean <seand7565@gmail.com> | 2020-12-29 08:04:13 -0600 |
|---|---|---|
| committer | Sean <seand7565@gmail.com> | 2020-12-30 09:15:19 -0600 |
| commit | 20a34c861807d05575b08635d186dbf3608b1427 (patch) | |
| tree | 9ef242fe3dceb3ba7eecfa832070e568d9b0c6aa | |
| parent | b98bcf5a2b47af4790f88c21e573c79233ff1671 (diff) | |
Update permissions check on user subscription tab
Previously, it would check your permissions on an ActiveRecord
association - which would in most non-admin cases be false, even
if they had permissions to manage subscriptions. This changes the
check to return a new instance of the users subscriptions, so
people with manage subscriptions permissions will still be able
to view this tab, while also allowing for you to conditionally
allow/deny permissions based on what users subscriptions they
are attempting to view.
| -rw-r--r-- | app/views/spree/admin/users/_subscription_tab.html.erb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/spree/admin/users/_subscription_tab.html.erb b/app/views/spree/admin/users/_subscription_tab.html.erb index cfb9205..4bde827 100644 --- a/app/views/spree/admin/users/_subscription_tab.html.erb +++ b/app/views/spree/admin/users/_subscription_tab.html.erb @@ -1,4 +1,4 @@ -<% if can? :admin, @user.subscriptions %> +<% if can? :admin, SolidusSubscriptions::Subscription.new(user: @user) %> <li<%== ' class="active"' if current == :subscriptions %>> <%= link_to t("spree.admin.user.subscriptions"), spree.admin_user_subscriptions_path(@user) %> </li> |