diff options
| -rw-r--r-- | app/controllers/spree/admin/subscriptions_controller.rb | 2 | ||||
| -rw-r--r-- | lib/solidus_subscriptions/permission_sets/subscription_management.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/spree/admin/subscriptions_controller.rb b/app/controllers/spree/admin/subscriptions_controller.rb index 6c92ace..7db4c77 100644 --- a/app/controllers/spree/admin/subscriptions_controller.rb +++ b/app/controllers/spree/admin/subscriptions_controller.rb @@ -6,7 +6,7 @@ module Spree skip_before_action :load_resource, only: :index def index - @search = SolidusSubscriptions::Subscription.ransack(params[:q]) + @search = SolidusSubscriptions::Subscription.accessible_by(current_ability).ransack(params[:q]) @subscriptions = @search.result(distinct: true). includes(:line_items, :user). page(params[:page]). diff --git a/lib/solidus_subscriptions/permission_sets/subscription_management.rb b/lib/solidus_subscriptions/permission_sets/subscription_management.rb index c669368..9077ab9 100644 --- a/lib/solidus_subscriptions/permission_sets/subscription_management.rb +++ b/lib/solidus_subscriptions/permission_sets/subscription_management.rb @@ -4,7 +4,7 @@ module SolidusSubscriptions module PermissionSets class SubscriptionManagement < ::Spree::PermissionSets::Base def activate! - can :manage, Subscription do |subscription, guest_token| + can :manage, Subscription, Subscription.where(user: user) do |subscription, guest_token| (subscription.guest_token.present? && subscription.guest_token == guest_token) || (subscription.user && subscription.user == user) end |