Merge pull request #158 from solidusio-contrib/aldesantis/guest-token

Enable authorization via guest tokens
author: Alessandro Desantis <desa.alessandro@gmail.com> 2020-10-08 13:49:22 +0200
committer: GitHub <noreply@github.com> 2020-10-08 13:49:22 +0200
commit: 4bafb311fe180f3cc0bb38f01f24f2b487e8be8b (patch)
tree: 83940eec6d1e693cf43e4c3b95a6d2e8233b9cd8 /lib/solidus_subscriptions/permission_sets
parent: fb0777566944c9deef6cbacd7a7eac335838746a (diff)
parent: 1f6e8d5747f6fa995fb18443d1e264dbd779d124 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/lib/solidus_subscriptions/permission_sets/subscription_management.rb b/lib/solidus_subscriptions/permission_sets/subscription_management.rb
new file mode 100644
index 0000000..c669368
--- /dev/null
+++ b/lib/solidus_subscriptions/permission_sets/subscription_management.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module SolidusSubscriptions
+  module PermissionSets
+    class SubscriptionManagement < ::Spree::PermissionSets::Base
+      def activate!
+        can :manage, Subscription do |subscription, guest_token|
+          (subscription.guest_token.present? && subscription.guest_token == guest_token) ||
+            (subscription.user && subscription.user == user)
+        end
+
+        can :manage, LineItem do |line_item, guest_token|
+          (line_item.subscription&.guest_token.present? && line_item.subscription.guest_token == guest_token) ||
+            (line_item.subscription&.user && line_item.subscription.user == user)
+        end
+      end
+    end
+  end
+end
author	Alessandro Desantis <desa.alessandro@gmail.com>	2020-10-08 13:49:22 +0200
committer	GitHub <noreply@github.com>	2020-10-08 13:49:22 +0200
commit	4bafb311fe180f3cc0bb38f01f24f2b487e8be8b (patch)
tree	83940eec6d1e693cf43e4c3b95a6d2e8233b9cd8 /lib/solidus_subscriptions/permission_sets
parent	fb0777566944c9deef6cbacd7a7eac335838746a (diff)
parent	1f6e8d5747f6fa995fb18443d1e264dbd779d124 (diff)