Class: Spree::PermissionSets::DefaultCustomer

Inherits:
Base
  • Object
show all
Defined in:
lib/spree/permission_sets/default_customer.rb

Overview

Permissions for e-commerce customers.

This permission set is always added to the ‘:default` role, which in turn is the default role for all users without any explicit roles.

Permissions include reading and updating orders when the ability’s user has been assigned as the order’s user, unless the order is already completed. Same is true for guest checkout orders.

It grants read-only permissions for the following resources typically used during a checkout process:

  • Zones

  • Countries

  • States

  • Taxons

  • Taxonomies

  • Products

  • Properties

  • Product properties

  • Variants

  • Option types

  • Option values

  • Stock items

  • Stock locations

Abilities with this role can also create refund authorizations for orders with the same user, as well as reading and updating the user record and their associated cards.

Instance Method Summary collapse

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from Spree::PermissionSets::Base

Instance Method Details

#activate!Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/spree/permission_sets/default_customer.rb', line 35

def activate!
  can :read, Country
  can :read, OptionType
  can :read, OptionValue
  can :create, Order do |order, token|
    # same user, or both nil
    order.user == user ||
    # guest checkout order
    order.email.present? ||
    # via API, just like with show and update
    (order.guest_token.present? && token == order.guest_token)
  end
  can [:show, :update], Order, Order.where(user: user) do |order, token|
    order.user == user || (order.guest_token.present? && token == order.guest_token)
  end
  cannot :update, Order do |order|
    order.completed?
  end
  can :create, ReturnAuthorization do |return_authorization|
    return_authorization.order.user == user
  end
  can [:read, :update], CreditCard, user_id: user.id
  can :read, Product
  can :read, ProductProperty
  can :read, Property
  can :create, Spree.user_class
  can [:show, :update, :update_email], Spree.user_class, id: user.id
  can :read, State
  can :read, StockItem, stock_location: { active: true }
  can :read, StockLocation, active: true
  can :read, Taxon
  can :read, Taxonomy
  can [:save_in_address_book, :remove_from_address_book], Spree.user_class, id: user.id
  can [:read, :view_out_of_stock], Variant
  can :read, Zone
end