Class: Spree::PermissionSets::DefaultCustomer

Inherits:
Base
  • Object
show all
Defined in:
app/models/spree/permission_sets/default_customer.rb

Overview

Permissions for e-commerce customers.

This permission set is always added to the ‘:default` role, which in turn is the default role for all users without any explicit roles.

Permissions include reading and updating orders when the ability’s user has been assigned as the order’s user, unless the order is already completed. Same is true for guest checkout orders.

It grants read-only permissions for the following resources typically used during a checkout process:

  • Zones

  • Countries

  • States

  • Taxons

  • Taxonomies

  • Products

  • Properties

  • Product properties

  • Variants

  • Option types

  • Option values

  • Stock items

  • Stock locations

Abilities with this role can also create refund authorizations for orders with the same user, as well as reading and updating the user record and their associated cards.

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from Spree::PermissionSets::Base

Class Method Details

.categoryObject 



40
41
42
 
# File 'app/models/spree/permission_sets/default_customer.rb', line 40

def category
  :default_customer
end

.privilegeObject 



36
37
38
 
# File 'app/models/spree/permission_sets/default_customer.rb', line 36

def privilege
  :other
end

Instance Method Details

#activate!Object 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/models/spree/permission_sets/default_customer.rb', line 45

def activate!
  can :read, Country
  can :read, OptionType
  can :read, OptionValue
  can :create, Order do |order, token|
    # same user, or both nil
    order.user == user ||
      # guest checkout order
      order.email.present? ||
      # via API, just like with show and update
      (order.guest_token.present? && token == order.guest_token)
  end
  can [:show, :update], Order, Order.where(user:) do |order, token|
    order.user == user || (order.guest_token.present? && token == order.guest_token)
  end
  cannot :update, Order do |order|
    order.completed?
  end
  can :create, ReturnAuthorization do |return_authorization|
    return_authorization.order.user == user
  end
  can [:read, :update], CreditCard, user_id: user.id
  can :read, Product
  can :read, ProductProperty
  can :read, Property
  can :create, Spree.user_class
  can [:show, :update, :update_email], Spree.user_class, id: user.id
  can :read, State
  can :read, StockItem, stock_location: { active: true }
  can :read, StockLocation, active: true
  can :read, Taxon
  can :read, Taxonomy
  can [:save_in_address_book, :remove_from_address_book], Spree.user_class, id: user.id
  can [:read, :view_out_of_stock], Variant
  can :read, Zone
end