3 files changed, 25 insertions, 11 deletions

diff --git a/app/controllers/solidus_subscriptions/api/v1/line_items_controller.rb b/app/controllers/solidus_subscriptions/api/v1/line_items_controller.rb
index 1ca466d..26d8649 100644
--- a/app/controllers/solidus_subscriptions/api/v1/line_items_controller.rb
+++ b/app/controllers/solidus_subscriptions/api/v1/line_items_controller.rb
@@ -8,7 +8,7 @@ module SolidusSubscriptions
         wrap_parameters :subscription_line_item
 
         def update
-          authorize! :crud, @line_item, @order
+          authorize! :update, @line_item, @order
           if @line_item.update(line_item_params)
             render json: @line_item.to_json
           else
@@ -17,7 +17,7 @@ module SolidusSubscriptions
         end
 
         def destroy
-          authorize! :crud, @line_item, @order
+          authorize! :destroy, @line_item, @order
           return render json: {}, status: :bad_request if @line_item.order.complete?
 
           @line_item.destroy!
diff --git a/lib/solidus_subscriptions/ability.rb b/lib/solidus_subscriptions/ability.rb
index 6ce4b2d..55b6344 100644
--- a/lib/solidus_subscriptions/ability.rb
+++ b/lib/solidus_subscriptions/ability.rb
@@ -5,15 +5,13 @@ module SolidusSubscriptions
     include CanCan::Ability
 
     def initialize(user)
-      alias_action :create, :read, :update, :destroy, to: :crud
-
       if user.has_spree_role?('admin')
         can(:manage, LineItem)
         can(:manage, Subscription)
       else
-        can([:crud, :skip, :cancel], Subscription, user_id: user.id)
-        can(:crud, LineItem) do |li, order|
-          li.order.user == user || li.order == order
+        can([:index, :show, :create, :update, :destroy, :skip, :cancel], Subscription, user_id: user.id)
+        can([:index, :show, :create, :update, :destroy], LineItem) do |line_item, order|
+          line_item.order.user == user || line_item.order == order
         end
       end
     end
diff --git a/spec/lib/solidus_subscriptions/ability_spec.rb b/spec/lib/solidus_subscriptions/ability_spec.rb
index f27c15c..07d48ab 100644
--- a/spec/lib/solidus_subscriptions/ability_spec.rb
+++ b/spec/lib/solidus_subscriptions/ability_spec.rb
@@ -13,7 +13,11 @@ RSpec.describe SolidusSubscriptions::Ability do
         create :subscription_line_item, order: order
       end
 
-      it { is_expected.to be_able_to :crud, line_item, order }
+      it { is_expected.to be_able_to :index, line_item, order }
+      it { is_expected.to be_able_to :show, line_item, order }
+      it { is_expected.to be_able_to :create, line_item, order }
+      it { is_expected.to be_able_to :update, line_item, order }
+      it { is_expected.to be_able_to :destroy, line_item, order }
     end
 
     context 'doesnt own the order' do
@@ -24,13 +28,21 @@ RSpec.describe SolidusSubscriptions::Ability do
         create :subscription_line_item, order: order
       end
 
-      it { is_expected.not_to be_able_to :crud, line_item, another_order }
+      it { is_expected.not_to be_able_to :index, line_item, another_order }
+      it { is_expected.not_to be_able_to :show, line_item, another_order }
+      it { is_expected.not_to be_able_to :create, line_item, another_order }
+      it { is_expected.not_to be_able_to :update, line_item, another_order }
+      it { is_expected.not_to be_able_to :destroy, line_item, another_order }
     end
 
     context 'the user owns a subscription' do
       let(:subscription) { create :subscription, user: user }
 
-      it { is_expected.to be_able_to :crud, subscription }
+      it { is_expected.to be_able_to :index, subscription }
+      it { is_expected.to be_able_to :show, subscription }
+      it { is_expected.to be_able_to :create, subscription }
+      it { is_expected.to be_able_to :update, subscription }
+      it { is_expected.to be_able_to :destroy, subscription }
       it { is_expected.to be_able_to :skip, subscription }
       it { is_expected.to be_able_to :cancel, subscription }
     end
@@ -39,7 +51,11 @@ RSpec.describe SolidusSubscriptions::Ability do
       let(:another_user) { create :user }
       let(:subscription) { create :subscription, user: another_user }
 
-      it { is_expected.not_to be_able_to :crud, subscription }
+      it { is_expected.not_to be_able_to :index, subscription }
+      it { is_expected.not_to be_able_to :show, subscription }
+      it { is_expected.not_to be_able_to :create, subscription }
+      it { is_expected.not_to be_able_to :update, subscription }
+      it { is_expected.not_to be_able_to :destroy, subscription }
       it { is_expected.not_to be_able_to :skip, subscription }
       it { is_expected.not_to be_able_to :cancel, subscription }
     end