From dc061335fabffe7cb9297fa77605012e0e39c1e4 Mon Sep 17 00:00:00 2001
From: Brendan Deere <brendan@stembolt.com>
Date: Thu, 6 Oct 2016 18:35:33 -0700
Subject: Fix abilities

Dont give default customers the manage ability, it opens too many doors.
Create a second set of abilities for admin users
---
 lib/solidus_subscriptions/ability.rb | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/solidus_subscriptions/ability.rb b/lib/solidus_subscriptions/ability.rb
index e906b08..38699cd 100644
--- a/lib/solidus_subscriptions/ability.rb
+++ b/lib/solidus_subscriptions/ability.rb
@@ -3,11 +3,17 @@ module SolidusSubscriptions
     include CanCan::Ability
 
     def initialize(user)
-      can(:manage, LineItem) do |li, order|
-        li.order.user == user || li.order == order
-      end
+      alias_action :create, :read, :update, :destroy, to: :crud
 
-      can(:manage, Subscription, user_id: user.id)
+      if user.has_spree_role?('admin')
+        can(:manage, LineItem)
+        can(:manage, Subscription)
+      else
+        can([:crud, :skip, :cancel], Subscription, user_id: user.id)
+        can(:crud, LineItem) do |li, order|
+          li.order.user == user || li.order == order
+        end
+      end
     end
   end
 end
-- 
cgit v1.2.3