spree_admin_roles_and_access 2.0.0 → 3.2.1.beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +76 -39
- data/app/assets/javascripts/spree/backend/spree_admin_roles_and_access.js +84 -1
- data/app/assets/stylesheets/spree/backend/spree_admin_roles_and_access.css +131 -1
- data/app/controllers/spree/admin/base_controller_decorator.rb +4 -0
- data/app/controllers/spree/admin/default_admin_dashboards_controller.rb +13 -0
- data/app/controllers/spree/admin/permission_sets_controller.rb +26 -0
- data/app/controllers/spree/admin/roles_controller.rb +5 -5
- data/app/models/spree/ability_decorator.rb +6 -5
- data/app/models/spree/permission.rb +11 -3
- data/app/models/spree/permission_set.rb +11 -0
- data/app/models/spree/permissions_permission_set.rb +6 -0
- data/app/models/spree/role_decorator.rb +8 -2
- data/app/models/spree/roles_permission.rb +5 -0
- data/app/models/spree/roles_permission_set.rb +6 -0
- data/app/models/spree/user_decorator.rb +2 -1
- data/app/overrides/spree/admin/roles/_form/add_permission_sets_to_role_form.html.erb.deface +28 -0
- data/app/overrides/spree/admin/shared/sub_menu/_configuration/add_permission_sets_To_configuration_sub_menu.html.erb.deface +2 -0
- data/app/views/spree/admin/default_admin_dashboards/show.html.erb +1 -0
- data/app/views/spree/admin/permission_sets/_form.html.erb +49 -0
- data/app/views/spree/admin/permission_sets/_permission_pane.html.erb +19 -0
- data/app/views/spree/admin/permission_sets/edit.html.erb +12 -0
- data/app/views/spree/admin/permission_sets/index.html.erb +33 -0
- data/app/views/spree/admin/permission_sets/new.html.erb +12 -0
- data/app/views/spree/admin/permissions/_form.html.erb +37 -6
- data/app/views/spree/admin/permissions/index.html.erb +0 -2
- data/app/views/spree/admin/shared/_checkbox_list_pane.html.erb +20 -0
- data/config/initializers/auth.rb +13 -0
- data/config/initializers/cancan_ability.rb +1 -1
- data/config/initializers/cancan_controller_additions.rb +3 -3
- data/config/initializers/constants.rb +2 -2
- data/config/locales/en.yml +15 -1
- data/config/routes.rb +2 -0
- data/db/migrate/20130709104101_create_spree_permissions.rb +4 -4
- data/db/migrate/20130709104945_create_spree_roles_permissions.rb +3 -3
- data/db/migrate/20130709105614_add_editable_is_default_and_index_on_editable_is_default_and_name_to_spree_roles.rb +2 -3
- data/db/migrate/20170503090436_create_spree_permission_sets.rb +9 -0
- data/db/migrate/20170503091013_create_spree_roles_permission_sets.rb +8 -0
- data/db/migrate/20170503101648_create_spree_permissions_permission_sets.rb +8 -0
- data/db/migrate/20170508082615_add_description_to_permissions_and_permission_sets.rb +6 -0
- data/db/migrate/20170508082722_add_display_boolean_to_permission_sets.rb +5 -0
- data/db/migrate/20170508091139_deprecate_legacy_roles_and_permissions.rb +29 -0
- data/db/migrate/20170509082144_remove_column_boolean_from_permissions.rb +5 -0
- data/db/migrate/20170509090346_add_admin_boolean_to_roles.rb +5 -0
- data/lib/generators/spree_admin_roles_and_access/install/install_generator.rb +3 -3
- data/lib/spree/permissions.rb +7 -7
- data/lib/tasks/populate.rake +354 -72
- metadata +70 -17
- data/app/overrides/spree/admin/roles/_form/add_permissions_to_role_form.html.erb.deface +0 -13
@@ -1,2 +1,2 @@
|
|
1
|
-
PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number})
|
2
|
-
NEW_ACTIONS = [:new, :create]
|
1
|
+
PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number, "payments" => :number})
|
2
|
+
NEW_ACTIONS = [:new, :create]
|
data/config/locales/en.yml
CHANGED
@@ -10,10 +10,24 @@ en:
|
|
10
10
|
role_name: "Name"
|
11
11
|
role_editable: "Editable"
|
12
12
|
role_is_default: "Is default"
|
13
|
+
role_is_default_help: "Roles marked as default are applicable to all users who have no explicit roles assigned"
|
14
|
+
role_admin_accessible_help: "Roles marked as admin accessible indicate that the user has access to admin interface via the role"
|
13
15
|
permissions: "Permissions"
|
14
16
|
save_changes: "Save Changes"
|
15
17
|
new_permission: "New Permission"
|
18
|
+
permission_set_name: "Name"
|
19
|
+
permission_set_description: "Description"
|
20
|
+
permission_set_display_permission: "Display Permission"
|
21
|
+
permission_set_permissions: "Permissions"
|
16
22
|
permission_title: "Title"
|
17
23
|
permission_priority: "Priority"
|
24
|
+
permission_priority_help: "Set the order of permission in list, with 0 being the highest priority"
|
18
25
|
permission_visible: "Visible"
|
19
|
-
|
26
|
+
permission_visible_help: "Mark permission as publically visible to other users managing permissions"
|
27
|
+
select_permissions: "Select Permissions"
|
28
|
+
select_permission_sets: "Select Permission Sets"
|
29
|
+
atleast_one_permission_is_required: "Atleast One Permission Is Required"
|
30
|
+
atleast_one_permission_set_is_required: "Atleast One Permission Set Is Required"
|
31
|
+
permission_set_display_permission_help: "Set it to indicate that permission set provides permissions for display purposed only"
|
32
|
+
permission_set_admin_permission_required: "Ensure that the appropriate admin permission is included along with the resource permission if the user needs to access the admin interface"
|
33
|
+
unable_to_access_requested_resource: "You do not have access to the requested resource at %{request_path}"
|
data/config/routes.rb
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
class CreateSpreePermissions < ActiveRecord::Migration
|
2
2
|
def change
|
3
3
|
create_table :spree_permissions do |t|
|
4
|
-
t.string :title, :
|
5
|
-
t.integer :priority, :
|
6
|
-
t.boolean :visible, :boolean, :
|
4
|
+
t.string :title, null: false, unique: true
|
5
|
+
t.integer :priority, default: 0
|
6
|
+
t.boolean :visible, :boolean, default: true
|
7
7
|
|
8
|
-
t.timestamps
|
8
|
+
t.timestamps null: false
|
9
9
|
end
|
10
10
|
|
11
11
|
add_index :spree_permissions, :visible
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class CreateSpreeRolesPermissions < ActiveRecord::Migration
|
2
2
|
def change
|
3
|
-
create_table :spree_roles_permissions, :
|
4
|
-
t.integer :role_id, :
|
5
|
-
t.integer :permission_id, :
|
3
|
+
create_table :spree_roles_permissions, id: false do |t|
|
4
|
+
t.integer :role_id, null: false
|
5
|
+
t.integer :permission_id, null: false
|
6
6
|
end
|
7
7
|
|
8
8
|
add_index(:spree_roles_permissions, :role_id)
|
@@ -1,9 +1,8 @@
|
|
1
1
|
class AddEditableIsDefaultAndIndexOnEditableIsDefaultAndNameToSpreeRoles < ActiveRecord::Migration
|
2
2
|
def change
|
3
|
-
add_column :spree_roles, :editable, :boolean, :
|
4
|
-
add_column :spree_roles, :is_default, :boolean, :
|
3
|
+
add_column :spree_roles, :editable, :boolean, default: true
|
4
|
+
add_column :spree_roles, :is_default, :boolean, default: false
|
5
5
|
|
6
|
-
add_index(:spree_roles, :name)
|
7
6
|
add_index(:spree_roles, :is_default)
|
8
7
|
add_index(:spree_roles, :editable)
|
9
8
|
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
class CreateSpreeRolesPermissionSets < ActiveRecord::Migration[5.0]
|
2
|
+
def change
|
3
|
+
create_table :spree_roles_permission_sets do |t|
|
4
|
+
t.references :role, index: true, foreign_key: { to_table: :spree_roles }
|
5
|
+
t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
|
6
|
+
end
|
7
|
+
end
|
8
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
class CreateSpreePermissionsPermissionSets < ActiveRecord::Migration[5.0]
|
2
|
+
def change
|
3
|
+
create_table :spree_permissions_permission_sets do |t|
|
4
|
+
t.references :permission, index: true, foreign_key: { to_table: :spree_permissions }
|
5
|
+
t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
|
6
|
+
end
|
7
|
+
end
|
8
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
class DeprecateLegacyRolesAndPermissions < ActiveRecord::Migration[5.0]
|
2
|
+
def display_warning
|
3
|
+
ActiveSupport::Deprecation.warn('Direct relationship between roles and permissions is deprecated. Use #legacy_permissions to access old permissions')
|
4
|
+
end
|
5
|
+
|
6
|
+
def up
|
7
|
+
display_warning
|
8
|
+
ActiveSupport::Deprecation.warn('Creating Permission Sets from roles')
|
9
|
+
Spree::Role.find_each do |role|
|
10
|
+
permission_set = Spree::PermissionSet.where(name: role.name).first_or_create!
|
11
|
+
role_permissions = role.legacy_permissions
|
12
|
+
if role_permissions.present?
|
13
|
+
role_permissions.each do |permission|
|
14
|
+
permission_set.permissions << permission unless permission_set.permissions.include? permission
|
15
|
+
end
|
16
|
+
|
17
|
+
if permission_set.permissions.present?
|
18
|
+
permission_set.save!
|
19
|
+
role.permission_sets << permission_set
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def down
|
26
|
+
display_warning
|
27
|
+
ActiveSupport::Deprecation.warn('Cannot undo creation of permission sets, Down is treated as a NOOP')
|
28
|
+
end
|
29
|
+
end
|
@@ -2,7 +2,7 @@ module SpreeAdminRolesAndAccess
|
|
2
2
|
module Generators
|
3
3
|
class InstallGenerator < Rails::Generators::Base
|
4
4
|
|
5
|
-
class_option :auto_run_migrations, :
|
5
|
+
class_option :auto_run_migrations, type: :boolean, default: false
|
6
6
|
|
7
7
|
def add_javascripts
|
8
8
|
append_file 'vendor/assets/javascripts/spree/frontend/all.js', "\n//= require spree/frontend/spree_admin_roles_and_access\n"
|
@@ -10,8 +10,8 @@ module SpreeAdminRolesAndAccess
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def add_stylesheets
|
13
|
-
inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", :
|
14
|
-
inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", :
|
13
|
+
inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
|
14
|
+
inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
|
15
15
|
end
|
16
16
|
|
17
17
|
def add_migrations
|
data/lib/spree/permissions.rb
CHANGED
@@ -16,16 +16,16 @@ module Spree
|
|
16
16
|
super
|
17
17
|
end
|
18
18
|
end
|
19
|
-
|
19
|
+
|
20
20
|
define_method('default-permissions') do |current_ability, user|
|
21
21
|
current_ability.can [:read, :update, :destroy], Spree.user_class do |resource|
|
22
22
|
resource == user
|
23
23
|
end
|
24
|
-
|
24
|
+
|
25
25
|
current_ability.can [:read, :update], Spree::Order do |order, token|
|
26
26
|
order.user == user || (order.guest_token && token == order.guest_token)
|
27
27
|
end
|
28
|
-
|
28
|
+
|
29
29
|
current_ability.can :create, Spree::Order
|
30
30
|
current_ability.can :read, Spree::Address do |address|
|
31
31
|
address.user == user
|
@@ -36,7 +36,7 @@ module Spree
|
|
36
36
|
end
|
37
37
|
|
38
38
|
define_method('default-admin-permissions') do |current_ability, user|
|
39
|
-
current_ability.can :admin, Spree::Store
|
39
|
+
current_ability.can :admin, Spree::Store
|
40
40
|
end
|
41
41
|
|
42
42
|
define_method('can-update-spree/users') do |current_ability, user|
|
@@ -53,14 +53,14 @@ module Spree
|
|
53
53
|
private
|
54
54
|
def find_action_and_subject(name)
|
55
55
|
can, action, subject, attribute = name.to_s.split('-')
|
56
|
-
|
56
|
+
|
57
57
|
if subject == 'all'
|
58
58
|
return can.to_sym, action.to_sym, subject.to_sym, attribute.try(:to_sym)
|
59
|
-
elsif (subject_class = subject.classify.safe_constantize) && subject_class.ancestors.include?(ActiveRecord::Base)
|
59
|
+
elsif (subject_class = subject.classify.safe_constantize) && subject_class.respond_to?(:ancestors) && subject_class.ancestors.include?(ActiveRecord::Base)
|
60
60
|
return can.to_sym, action.to_sym, subject_class, attribute.try(:to_sym)
|
61
61
|
else
|
62
62
|
return can.to_sym, action.to_sym, subject, attribute.try(:to_sym)
|
63
63
|
end
|
64
64
|
end
|
65
65
|
end
|
66
|
-
end
|
66
|
+
end
|
data/lib/tasks/populate.rake
CHANGED
@@ -1,79 +1,361 @@
|
|
1
1
|
namespace :spree_roles do
|
2
2
|
namespace :permissions do
|
3
|
-
desc "Create admin username and password"
|
4
|
-
task :populate => :environment do
|
5
|
-
admin = Spree::Role.where(name: 'admin').first_or_create!
|
6
|
-
user = Spree::Role.where(name: 'user').first_or_create!
|
7
|
-
user.is_default = true
|
8
|
-
user.save!
|
9
3
|
|
10
|
-
|
11
|
-
|
4
|
+
def description_from_title(title)
|
5
|
+
permission = title.split('/')
|
6
|
+
description = ["Permitted user"]
|
7
|
+
description << permission.first.gsub('-', '_').gsub('index', 'list').gsub('_spree', '').humanize
|
8
|
+
description << permission.second.titleize if permission[1].present?
|
9
|
+
description.join(" ")
|
10
|
+
end
|
11
|
+
|
12
|
+
def make_permission(title, priority)
|
13
|
+
permission = Spree::Permission.where(title: title).first_or_create!
|
14
|
+
permission.priority = priority
|
15
|
+
permission.description = description_from_title(title)
|
16
|
+
permission.save!
|
17
|
+
permission
|
18
|
+
end
|
19
|
+
|
20
|
+
def make_permission_set(permissions, permission_set_name, description, display_permission: false)
|
21
|
+
permission_set = Spree::PermissionSet.where(name: permission_set_name).first_or_initialize
|
22
|
+
permission_set.description = description
|
23
|
+
permissions.each do |permission|
|
24
|
+
unless permission_set.permissions.include? permission
|
25
|
+
permission_set.permissions << permission
|
26
|
+
end
|
27
|
+
end
|
28
|
+
permission_set.display_permission = display_permission
|
29
|
+
permission_set.save!
|
30
|
+
permission_set
|
31
|
+
end
|
32
|
+
|
33
|
+
def create_role_with_permission_sets(permission_sets, role)
|
34
|
+
role = Spree::Role.where(name: role).first_or_initialize
|
35
|
+
permission_sets.each do |permission_set|
|
36
|
+
unless role.permission_sets.include? permission_set
|
37
|
+
role.permission_sets << permission_set
|
38
|
+
end
|
39
|
+
end
|
40
|
+
role.save!
|
41
|
+
role
|
42
|
+
end
|
43
|
+
|
44
|
+
def make_resource_permission_set(resource_name)
|
45
|
+
resource_admin_permission = make_permission("can-admin-#{ resource_name }", 3)
|
46
|
+
resource_read_permission = make_permission("can-read-#{ resource_name }", 3)
|
47
|
+
resource_index_permission = make_permission("can-index-#{ resource_name }", 3)
|
48
|
+
resource_update_permission = make_permission("can-update-#{ resource_name }", 3)
|
49
|
+
resource_create_permission = make_permission("can-create-#{ resource_name }", 3)
|
50
|
+
resource_delete_permission = make_permission("can-destroy-#{ resource_name }", 3)
|
51
|
+
resource_human_name = resource_name.gsub('/', '').gsub('spree', '').titleize
|
52
|
+
|
53
|
+
display = make_permission_set(
|
54
|
+
[resource_admin_permission, resource_read_permission, resource_index_permission],
|
55
|
+
"#{ resource_human_name } Display",
|
56
|
+
"Permitted user can view #{ resource_human_name }",
|
57
|
+
display_permission: true
|
58
|
+
)
|
59
|
+
|
60
|
+
edit = make_permission_set(
|
61
|
+
[resource_admin_permission, resource_update_permission, resource_create_permission],
|
62
|
+
"#{ resource_human_name } Manage",
|
63
|
+
"Permitted user can create or update #{ resource_human_name }"
|
64
|
+
)
|
65
|
+
|
66
|
+
delete = make_permission_set(
|
67
|
+
[resource_admin_permission, resource_delete_permission],
|
68
|
+
"#{ resource_human_name } Destroy",
|
69
|
+
"Permitted user can delete #{ resource_human_name }"
|
70
|
+
)
|
71
|
+
|
72
|
+
[display, edit, delete]
|
73
|
+
end
|
74
|
+
|
75
|
+
def permission_prefix_from_name(name)
|
76
|
+
case name
|
77
|
+
when :admin
|
78
|
+
'can-admin'
|
79
|
+
when :new
|
80
|
+
'can-create'
|
81
|
+
when :show
|
82
|
+
'can-read'
|
83
|
+
when :delete
|
84
|
+
'can-delete'
|
85
|
+
when :index
|
86
|
+
'can-read'
|
87
|
+
when :update
|
88
|
+
'can-update'
|
89
|
+
when :manage
|
90
|
+
'can-manage'
|
91
|
+
else
|
92
|
+
"can-#{ name }"
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
def make_grouped_permission_set(permission_group, permission_set_name, description, display: false)
|
97
|
+
permissions = permission_group.collect do |resource_name, permission_names|
|
98
|
+
permission_names.collect { |permission_name| make_permission("#{ permission_prefix_from_name(permission_name) }-#{ resource_name }", 3) }
|
99
|
+
end.flat_map
|
100
|
+
ps = make_permission_set(
|
101
|
+
permissions,
|
102
|
+
permission_set_name,
|
103
|
+
description
|
104
|
+
)
|
105
|
+
if display
|
106
|
+
ps.display_permission = display
|
107
|
+
ps.save!
|
108
|
+
end
|
109
|
+
ps
|
110
|
+
end
|
111
|
+
|
112
|
+
def build_permission_group(permission_list)
|
113
|
+
group = {}
|
114
|
+
permission_list.each_slice(2) do |permissions, resource_class|
|
115
|
+
group[resource_class.to_s.underscore.pluralize] = permissions
|
116
|
+
end
|
117
|
+
group
|
118
|
+
end
|
119
|
+
|
120
|
+
def admin_controller?(controller_name)
|
121
|
+
return false unless controller_name
|
122
|
+
controller_name.include?('/admin/') && !controller_name.include?('/api/')
|
123
|
+
end
|
124
|
+
|
125
|
+
def permission_name(controller, action)
|
126
|
+
"#{ permission_prefix_from_name(action.to_sym) }-#{ controller.gsub('/admin','') }"
|
127
|
+
end
|
128
|
+
|
129
|
+
def add_to_permission_set(permission_set, permissions)
|
130
|
+
permissions.each do |permission|
|
131
|
+
unless permission_set.permissions.include? permission
|
132
|
+
permission_set.permissions << permission
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
desc "Create admin username and password"
|
138
|
+
task populate: :environment do
|
139
|
+
default_permission = make_permission('default-permissions', 0)
|
140
|
+
default_permission_set = make_permission_set(
|
141
|
+
[default_permission],
|
142
|
+
'default',
|
143
|
+
'Permission for general users including the customers, Note: *users without this permission cannot checkout*'
|
144
|
+
)
|
145
|
+
default_role = create_role_with_permission_sets([default_permission_set], 'default')
|
146
|
+
default_role.is_default = true
|
147
|
+
default_role.save!
|
12
148
|
|
13
|
-
|
14
|
-
|
149
|
+
admin_permission = make_permission('can-manage-all', 0)
|
150
|
+
admin_permission_set = make_permission_set([admin_permission], 'admin', 'Can manage everything')
|
151
|
+
admin_role = create_role_with_permission_sets([admin_permission_set], 'admin')
|
152
|
+
admin_role.admin_accessible = true
|
153
|
+
admin_role.save!
|
15
154
|
end
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
155
|
+
|
156
|
+
desc "Create utility permission sets for common store admin tasks"
|
157
|
+
task populate_permission_sets: :environment do
|
158
|
+
config_management =
|
159
|
+
make_grouped_permission_set(
|
160
|
+
build_permission_group(
|
161
|
+
[
|
162
|
+
[:admin], Spree::Store,
|
163
|
+
[:admin, :manage], Spree::TaxCategory,
|
164
|
+
[:admin, :manage], Spree::TaxRate,
|
165
|
+
[:admin, :manage], Spree::Zone,
|
166
|
+
[:admin, :manage], Spree::Country,
|
167
|
+
[:admin, :manage], Spree::State,
|
168
|
+
[:admin, :manage], Spree::PaymentMethod,
|
169
|
+
[:admin, :manage], Spree::Taxonomy,
|
170
|
+
[:admin, :manage], Spree::ShippingMethod,
|
171
|
+
[:admin, :manage], Spree::ShippingCategory,
|
172
|
+
[:admin, :manage], Spree::StockLocation,
|
173
|
+
[:admin, :manage], Spree::StockTransfer,
|
174
|
+
[:admin, :manage], Spree::StockMovement,
|
175
|
+
[:admin, :manage], Spree::RefundReason,
|
176
|
+
[:admin, :manage], Spree::ReturnAuthorizationReason,
|
177
|
+
[:admin, :manage], Spree::ReimbursementType
|
178
|
+
]
|
179
|
+
),
|
180
|
+
"Configuration Management",
|
181
|
+
"Manage configuration of spree store 1:1 mapping of all options available in submenu/configuration."
|
182
|
+
)
|
183
|
+
|
184
|
+
admin_general_settings_admin = make_permission('can-admin-spree/admin/general_settings', 3)
|
185
|
+
admin_general_settings_manage = make_permission('can-manage-spree/admin/general_settings', 3)
|
186
|
+
|
187
|
+
add_to_permission_set(config_management, [admin_general_settings_admin, admin_general_settings_manage])
|
188
|
+
|
189
|
+
order_display =
|
190
|
+
make_grouped_permission_set(
|
191
|
+
build_permission_group(
|
192
|
+
[
|
193
|
+
[:admin, :read, :edit], Spree::User,
|
194
|
+
[:read, :admin, :edit, :cart], Spree::Order,
|
195
|
+
[:read, :admin], Spree::Payment,
|
196
|
+
[:read, :admin], Spree::Shipment,
|
197
|
+
[:read, :admin], Spree::Adjustment,
|
198
|
+
[:read, :admin], Spree::LineItem,
|
199
|
+
[:read, :admin], Spree::ReturnAuthorization,
|
200
|
+
[:read, :admin], Spree::CustomerReturn,
|
201
|
+
[:read, :admin], Spree::Reimbursement,
|
202
|
+
[:read, :admin], Spree::ReturnItem,
|
203
|
+
[:read, :admin], Spree::Refund
|
204
|
+
]
|
205
|
+
),
|
206
|
+
"Order Display",
|
207
|
+
"Display Orders",
|
208
|
+
display: true
|
209
|
+
)
|
210
|
+
|
211
|
+
|
212
|
+
admin_return_idx = make_permission('can-admin-spree/admin/return_index', 3)
|
213
|
+
manage_return_idx = make_permission('can-manage-spree/admin/return_index', 3)
|
214
|
+
return_auth = make_permission('can-return_authorizations-spree/admin/return_index', 3)
|
215
|
+
customer_auth = make_permission('can-customer_returns-spree/admin/return_index', 3)
|
216
|
+
|
217
|
+
# Required because of access of returns
|
218
|
+
add_to_permission_set(order_display, [admin_return_idx, return_auth, customer_auth])
|
219
|
+
|
220
|
+
order_mgmt = make_grouped_permission_set(
|
221
|
+
build_permission_group(
|
222
|
+
[
|
223
|
+
[:admin, :read], Spree::ReimbursementType,
|
224
|
+
[:admin, :read, :edit], Spree::User,
|
225
|
+
[:admin, :manage], Spree::Order,
|
226
|
+
[:admin, :manage], Spree::Payment,
|
227
|
+
[:admin, :manage], Spree::Shipment,
|
228
|
+
[:admin, :manage], Spree::Adjustment,
|
229
|
+
[:admin, :manage], Spree::LineItem,
|
230
|
+
[:admin, :manage], Spree::ReturnAuthorization,
|
231
|
+
[:admin, :manage], Spree::CustomerReturn,
|
232
|
+
[:admin, :manage], Spree::Reimbursement,
|
233
|
+
[:admin, :manage], Spree::ReturnItem,
|
234
|
+
[:admin, :manage], Spree::Refund
|
235
|
+
]
|
236
|
+
),
|
237
|
+
"Order Management",
|
238
|
+
"Manage Orders"
|
239
|
+
)
|
240
|
+
|
241
|
+
add_to_permission_set(order_mgmt, [admin_return_idx, manage_return_idx])
|
242
|
+
|
243
|
+
make_grouped_permission_set(
|
244
|
+
build_permission_group(
|
245
|
+
[
|
246
|
+
[:read, :admin, :edit], Spree::Product,
|
247
|
+
[:read, :admin], Spree::Image,
|
248
|
+
[:read, :admin], Spree::Variant,
|
249
|
+
[:read, :admin], Spree::OptionValue,
|
250
|
+
[:read, :admin], Spree::ProductProperty,
|
251
|
+
[:read, :admin], Spree::OptionType,
|
252
|
+
[:read, :admin], Spree::Property,
|
253
|
+
[:read, :admin], Spree::Taxonomy,
|
254
|
+
[:read, :admin], Spree::Taxon,
|
255
|
+
[:admin, :read], Spree::Classification
|
256
|
+
]
|
257
|
+
),
|
258
|
+
"Product Display",
|
259
|
+
"Display Products",
|
260
|
+
display: true
|
261
|
+
)
|
262
|
+
|
263
|
+
make_grouped_permission_set(
|
264
|
+
build_permission_group(
|
265
|
+
[
|
266
|
+
[:admin, :manage], Spree::Product,
|
267
|
+
[:admin, :manage], Spree::ProductOptionType,
|
268
|
+
[:manage, :admin], Spree::Image,
|
269
|
+
[:manage, :admin], Spree::Variant,
|
270
|
+
[:manage, :admin], Spree::OptionValue,
|
271
|
+
[:admin, :manage], Spree::ProductProperty,
|
272
|
+
[:admin, :manage], Spree::OptionType,
|
273
|
+
[:admin, :manage], Spree::Property,
|
274
|
+
[:admin, :manage], Spree::Taxonomy,
|
275
|
+
[:admin, :manage], Spree::Taxon,
|
276
|
+
[:admin, :manage], Spree::Classification
|
277
|
+
]
|
278
|
+
),
|
279
|
+
"Product Management",
|
280
|
+
"Manage Products"
|
281
|
+
)
|
282
|
+
|
283
|
+
make_grouped_permission_set(
|
284
|
+
build_permission_group(
|
285
|
+
[
|
286
|
+
[:read, :admin, :edit], Spree::Promotion,
|
287
|
+
[:read, :admin, :edit], Spree::PromotionCategory,
|
288
|
+
[:read, :admin], Spree::PromotionRule,
|
289
|
+
[:read, :admin], Spree::PromotionAction,
|
290
|
+
]
|
291
|
+
),
|
292
|
+
"Promotion Display",
|
293
|
+
"Promotion Display",
|
294
|
+
display: true
|
295
|
+
)
|
296
|
+
|
297
|
+
|
298
|
+
make_grouped_permission_set(
|
299
|
+
build_permission_group(
|
300
|
+
[
|
301
|
+
[:admin, :manage], Spree::Promotion,
|
302
|
+
[:admin, :manage], Spree::PromotionRule,
|
303
|
+
[:admin, :manage], Spree::PromotionAction,
|
304
|
+
[:admin, :manage], Spree::PromotionCategory
|
305
|
+
]
|
306
|
+
),
|
307
|
+
"Promotion management",
|
308
|
+
"Promotion management"
|
309
|
+
)
|
310
|
+
|
311
|
+
make_grouped_permission_set(
|
312
|
+
build_permission_group(
|
313
|
+
[
|
314
|
+
[:admin], Spree::Store,
|
315
|
+
[:manage, :admin], Spree::StockItem,
|
316
|
+
[:manage, :admin], Spree::StockLocation,
|
317
|
+
[:admin, :manage], Spree::StockMovement,
|
318
|
+
[:admin, :manage], Spree::StockTransfer,
|
319
|
+
]
|
320
|
+
),
|
321
|
+
"Stock Management",
|
322
|
+
"Manage Stock"
|
323
|
+
)
|
324
|
+
|
325
|
+
make_grouped_permission_set(
|
326
|
+
build_permission_group(
|
327
|
+
[
|
328
|
+
[:admin], Spree::Store,
|
329
|
+
[:admin, :manage], Spree::StoreCreditCategory,
|
330
|
+
[:admin, :manage], Spree::StoreCredit,
|
331
|
+
[:admin, :read, :edit], Spree::User
|
332
|
+
]
|
333
|
+
),
|
334
|
+
"Store Credit Managment",
|
335
|
+
"Store Credit Management"
|
336
|
+
)
|
337
|
+
|
338
|
+
|
339
|
+
user_display, user_edit, user_delete = make_resource_permission_set('spree/users')
|
340
|
+
|
341
|
+
[
|
342
|
+
make_permission('can-orders-spree/users', 3),
|
343
|
+
make_permission('can-edit-spree/users', 3),
|
344
|
+
make_permission('can-items-spree/users', 3),
|
345
|
+
make_permission('can-addresses-spree/users', 3),
|
346
|
+
make_permission('can-admin-spree/store_credits', 3),
|
347
|
+
make_permission('can-read-spree/store_credits', 3),
|
348
|
+
make_permission('can-orders-spree/users', 3),
|
349
|
+
make_permission('can-edit-spree/users', 3),
|
350
|
+
make_permission('can-items-spree/users', 3),
|
351
|
+
make_permission('can-addresses-spree/users', 3),
|
352
|
+
make_permission('can-read-spree/store_credits', 3)
|
353
|
+
].each do |permission|
|
354
|
+
unless user_display.permissions.include? permission
|
355
|
+
user_display.permissions << permission
|
356
|
+
end
|
357
|
+
end
|
77
358
|
end
|
359
|
+
|
78
360
|
end
|
79
|
-
end
|
361
|
+
end
|