diff options
| author | Elia Schito <elia@schito.me> | 2021-03-11 13:02:52 +0100 |
|---|---|---|
| committer | Elia Schito <elia@schito.me> | 2021-03-11 13:07:55 +0100 |
| commit | a72dd28a22e38fcded63207cd5a5e3c0a3ebdf9e (patch) | |
| tree | baecb1d1c955b37823ac87de0cf9bdfdd6929d6f | |
| parent | f99c56615bc625e4507e73bbc727ec6fd8b70d59 (diff) | |
Update permitted action names for Solidus v2.11
Under v2.11 :display won't be enough anymore for :show controller
actions. The latter needs to be stated explicitly.
| -rw-r--r-- | lib/solidus_subscriptions/permission_sets/default_customer.rb | 4 | ||||
| -rw-r--r-- | spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb | 16 |
2 files changed, 10 insertions, 10 deletions
diff --git a/lib/solidus_subscriptions/permission_sets/default_customer.rb b/lib/solidus_subscriptions/permission_sets/default_customer.rb index ebe888e..1fc42d2 100644 --- a/lib/solidus_subscriptions/permission_sets/default_customer.rb +++ b/lib/solidus_subscriptions/permission_sets/default_customer.rb @@ -4,12 +4,12 @@ module SolidusSubscriptions module PermissionSets class DefaultCustomer < ::Spree::PermissionSets::Base def activate! - can [:display, :update, :skip, :cancel], Subscription, ['user_id = ?', user.id] do |subscription, guest_token| + can [:show, :display, :update, :skip, :cancel], Subscription, ['user_id = ?', user.id] do |subscription, guest_token| (subscription.guest_token.present? && subscription.guest_token == guest_token) || (subscription.user && subscription.user == user) end - can [:display, :update, :destroy], LineItem do |line_item, guest_token| + can [:show, :display, :update, :destroy], LineItem do |line_item, guest_token| (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) || (line_item.subscription&.user && line_item.subscription.user == user) end diff --git a/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb index 7865aab..febe268 100644 --- a/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb +++ b/spec/lib/solidus_subscriptions/permission_sets/default_customer_spec.rb @@ -10,7 +10,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).to be_able_to([:display, :update], subscription) + expect(ability).to be_able_to([:show, :display, :update], subscription) end it "is not allowed to display or update someone else's subscriptions" do @@ -21,7 +21,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).not_to be_able_to([:display, :update], subscription) + expect(ability).not_to be_able_to([:show, :display, :update], subscription) end it 'is allowed to display and update line items on their subscriptions' do @@ -33,7 +33,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).to be_able_to([:display, :update], line_item) + expect(ability).to be_able_to([:show, :display, :update], line_item) end it "is not allowed to display or update line items on someone else's subscriptions" do @@ -45,7 +45,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).not_to be_able_to([:display, :update], line_item) + expect(ability).not_to be_able_to([:show, :display, :update], line_item) end end @@ -57,7 +57,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).to be_able_to([:display, :update], subscription, subscription.guest_token) + expect(ability).to be_able_to([:show, :display, :update], subscription, subscription.guest_token) end it "is not allowed to display or update someone else's subscriptions" do @@ -67,7 +67,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).not_to be_able_to([:display, :update], subscription, 'invalid') + expect(ability).not_to be_able_to([:show, :display, :update], subscription, 'invalid') end it 'is allowed to display and update line items on their subscriptions' do @@ -78,7 +78,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).to be_able_to([:display, :update], line_item, subscription.guest_token) + expect(ability).to be_able_to([:show, :display, :update], line_item, subscription.guest_token) end it "is not allowed to display or update line items on someone else's subscriptions" do @@ -89,7 +89,7 @@ RSpec.describe SolidusSubscriptions::PermissionSets::DefaultCustomer do permission_set = described_class.new(ability) permission_set.activate! - expect(ability).not_to be_able_to([:display, :update], line_item, 'invalid') + expect(ability).not_to be_able_to([:show, :display, :update], line_item, 'invalid') end end end |