Allow guests to edit their subss line items

Previously the ability assumed that all subscription_line_items would have a user through the order. This however is not the case since the user login is not enforced until after the user tries to transition out of the cart step. Allow guests to edit their line items if the line item matches the current checkout_id (order guest token )
author: Brendan Deere <brendan@stembolt.com> 2016-10-04 16:56:50 -0700
committer: Brendan Deere <brendan@stembolt.com> 2016-10-04 16:56:50 -0700
commit: 817dfc136fd79faf468f56306d0d9e05fa0dc920 (patch)
tree: 1875efd41116b8030ec8fedab6c49df27808792a /lib/solidus_subscriptions
parent: fa4d3ea0be1968938b4a3ade9f421748ab800858 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/solidus_subscriptions/ability.rb b/lib/solidus_subscriptions/ability.rb
index 37c8206..5a16f9e 100644
--- a/lib/solidus_subscriptions/ability.rb
+++ b/lib/solidus_subscriptions/ability.rb
@@ -3,7 +3,10 @@ module SolidusSubscriptions
     include CanCan::Ability
 
     def initialize(user)
-      can(:manage, LineItem) { |li| li.order.user == user }
+      can(:manage, LineItem) do |li, order|
+        li.order.user == user || li.order == order
+      end
+
       can(:manage, Subscription) { |s| s.user == user }
     end
   end
author	Brendan Deere <brendan@stembolt.com>	2016-10-04 16:56:50 -0700
committer	Brendan Deere <brendan@stembolt.com>	2016-10-04 16:56:50 -0700
commit	817dfc136fd79faf468f56306d0d9e05fa0dc920 (patch)
tree	1875efd41116b8030ec8fedab6c49df27808792a /lib/solidus_subscriptions
parent	fa4d3ea0be1968938b4a3ade9f421748ab800858 (diff)