Class: Spree::Ability

Inherits:

Object

• Object
• Spree::Ability

Includes:

CanCan::Ability

Defined in:

app/models/spree/ability.rb

Class Method Summary

• .register_ability(ability) ⇒ Object

  Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to modify the default Ability of an application.

• .remove_ability(ability) ⇒ Object

Instance Method Summary

• #initialize(user) ⇒ Ability constructor

  A new instance of Ability.

Constructor Details

#initialize(user) ⇒ Ability

Returns a new instance of Ability.

# File 'app/models/spree/ability.rb', line 25

def initialize(user)
  self.clear_aliased_actions

  # override cancan default aliasing (we don't want to differentiate between read and index)
  alias_action :edit, to: :update
  alias_action :new, to: :create
  alias_action :new_action, to: :create
  alias_action :show, to: :read
  alias_action :delete, to: :destroy

  user ||= Spree.user_class.new
  if user.respond_to?(:has_spree_role?) && user.has_spree_role?('admin')
    can :manage, :all
  else
    #############################
    can [:read,:update,:destroy], Spree.user_class, id: user.id
    can :create, Spree.user_class
    #############################
    can :read, Order do |order, token|
      order.user == user || order.token && token == order.token
    end
    can :update, Order do |order, token|
      order.user == user || order.token && token == order.token
    end
    can :create, Order

    can :read, Address do |address|
      address.user == user
    end

    #############################
    can :read, Product
    can :index, Product
    #############################
    can :read, Taxon
    can :index, Taxon
    #############################
  end

  #include any abilities registered by extensions, etc.
  Ability.abilities.each do |clazz|
    ability = clazz.send(:new, user)
    @rules = rules + ability.send(:rules)
  end
end

Class Method Details

.register_ability(ability) ⇒ Object

Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to modify the default Ability of an application. The ability argument must be a class that includes the CanCan::Ability module. The registered ability should behave properly as a stand-alone class and therefore should be easy to test in isolation.

# File 'app/models/spree/ability.rb', line 17

def self.register_ability(ability)
  self.abilities.add(ability)
end

.remove_ability(ability) ⇒ Object

# File 'app/models/spree/ability.rb', line 21

def self.remove_ability(ability)
  self.abilities.delete(ability)
end