Fix abilities

Dont give default customers the manage ability, it opens too many doors. Create a second set of abilities for admin users
author: Brendan Deere <brendan@stembolt.com> 2016-10-06 18:35:33 -0700
committer: Brendan Deere <brendan@stembolt.com> 2016-10-06 18:35:33 -0700
commit: dc061335fabffe7cb9297fa77605012e0e39c1e4 (patch)
tree: 92234ee588e1d302f774b94f512709154206c5f6 /lib/solidus_subscriptions
parent: 7a5caa194a591b71c4b0013afe331c6a763be773 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/solidus_subscriptions/ability.rb b/lib/solidus_subscriptions/ability.rb
index e906b08..38699cd 100644
--- a/lib/solidus_subscriptions/ability.rb
+++ b/lib/solidus_subscriptions/ability.rb
@@ -3,11 +3,17 @@ module SolidusSubscriptions
     include CanCan::Ability
 
     def initialize(user)
-      can(:manage, LineItem) do |li, order|
-        li.order.user == user || li.order == order
-      end
+      alias_action :create, :read, :update, :destroy, to: :crud
 
-      can(:manage, Subscription, user_id: user.id)
+      if user.has_spree_role?('admin')
+        can(:manage, LineItem)
+        can(:manage, Subscription)
+      else
+        can([:crud, :skip, :cancel], Subscription, user_id: user.id)
+        can(:crud, LineItem) do |li, order|
+          li.order.user == user || li.order == order
+        end
+      end
     end
   end
 end
author	Brendan Deere <brendan@stembolt.com>	2016-10-06 18:35:33 -0700
committer	Brendan Deere <brendan@stembolt.com>	2016-10-06 18:35:33 -0700
commit	dc061335fabffe7cb9297fa77605012e0e39c1e4 (patch)
tree	92234ee588e1d302f774b94f512709154206c5f6 /lib/solidus_subscriptions
parent	7a5caa194a591b71c4b0013afe331c6a763be773 (diff)