spree_admin_roles_and_access 2.0.0 → 3.2.1.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +76 -39
- data/app/assets/javascripts/spree/backend/spree_admin_roles_and_access.js +84 -1
- data/app/assets/stylesheets/spree/backend/spree_admin_roles_and_access.css +131 -1
- data/app/controllers/spree/admin/base_controller_decorator.rb +4 -0
- data/app/controllers/spree/admin/default_admin_dashboards_controller.rb +13 -0
- data/app/controllers/spree/admin/permission_sets_controller.rb +26 -0
- data/app/controllers/spree/admin/roles_controller.rb +5 -5
- data/app/models/spree/ability_decorator.rb +6 -5
- data/app/models/spree/permission.rb +11 -3
- data/app/models/spree/permission_set.rb +11 -0
- data/app/models/spree/permissions_permission_set.rb +6 -0
- data/app/models/spree/role_decorator.rb +8 -2
- data/app/models/spree/roles_permission.rb +5 -0
- data/app/models/spree/roles_permission_set.rb +6 -0
- data/app/models/spree/user_decorator.rb +2 -1
- data/app/overrides/spree/admin/roles/_form/add_permission_sets_to_role_form.html.erb.deface +28 -0
- data/app/overrides/spree/admin/shared/sub_menu/_configuration/add_permission_sets_To_configuration_sub_menu.html.erb.deface +2 -0
- data/app/views/spree/admin/default_admin_dashboards/show.html.erb +1 -0
- data/app/views/spree/admin/permission_sets/_form.html.erb +49 -0
- data/app/views/spree/admin/permission_sets/_permission_pane.html.erb +19 -0
- data/app/views/spree/admin/permission_sets/edit.html.erb +12 -0
- data/app/views/spree/admin/permission_sets/index.html.erb +33 -0
- data/app/views/spree/admin/permission_sets/new.html.erb +12 -0
- data/app/views/spree/admin/permissions/_form.html.erb +37 -6
- data/app/views/spree/admin/permissions/index.html.erb +0 -2
- data/app/views/spree/admin/shared/_checkbox_list_pane.html.erb +20 -0
- data/config/initializers/auth.rb +13 -0
- data/config/initializers/cancan_ability.rb +1 -1
- data/config/initializers/cancan_controller_additions.rb +3 -3
- data/config/initializers/constants.rb +2 -2
- data/config/locales/en.yml +15 -1
- data/config/routes.rb +2 -0
- data/db/migrate/20130709104101_create_spree_permissions.rb +4 -4
- data/db/migrate/20130709104945_create_spree_roles_permissions.rb +3 -3
- data/db/migrate/20130709105614_add_editable_is_default_and_index_on_editable_is_default_and_name_to_spree_roles.rb +2 -3
- data/db/migrate/20170503090436_create_spree_permission_sets.rb +9 -0
- data/db/migrate/20170503091013_create_spree_roles_permission_sets.rb +8 -0
- data/db/migrate/20170503101648_create_spree_permissions_permission_sets.rb +8 -0
- data/db/migrate/20170508082615_add_description_to_permissions_and_permission_sets.rb +6 -0
- data/db/migrate/20170508082722_add_display_boolean_to_permission_sets.rb +5 -0
- data/db/migrate/20170508091139_deprecate_legacy_roles_and_permissions.rb +29 -0
- data/db/migrate/20170509082144_remove_column_boolean_from_permissions.rb +5 -0
- data/db/migrate/20170509090346_add_admin_boolean_to_roles.rb +5 -0
- data/lib/generators/spree_admin_roles_and_access/install/install_generator.rb +3 -3
- data/lib/spree/permissions.rb +7 -7
- data/lib/tasks/populate.rake +354 -72
- metadata +70 -17
- data/app/overrides/spree/admin/roles/_form/add_permissions_to_role_form.html.erb.deface +0 -13
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number})
|
|
2
|
-
NEW_ACTIONS = [:new, :create]
|
|
1
|
+
PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number, "payments" => :number})
|
|
2
|
+
NEW_ACTIONS = [:new, :create]
|
data/config/locales/en.yml
CHANGED
|
@@ -10,10 +10,24 @@ en:
|
|
|
10
10
|
role_name: "Name"
|
|
11
11
|
role_editable: "Editable"
|
|
12
12
|
role_is_default: "Is default"
|
|
13
|
+
role_is_default_help: "Roles marked as default are applicable to all users who have no explicit roles assigned"
|
|
14
|
+
role_admin_accessible_help: "Roles marked as admin accessible indicate that the user has access to admin interface via the role"
|
|
13
15
|
permissions: "Permissions"
|
|
14
16
|
save_changes: "Save Changes"
|
|
15
17
|
new_permission: "New Permission"
|
|
18
|
+
permission_set_name: "Name"
|
|
19
|
+
permission_set_description: "Description"
|
|
20
|
+
permission_set_display_permission: "Display Permission"
|
|
21
|
+
permission_set_permissions: "Permissions"
|
|
16
22
|
permission_title: "Title"
|
|
17
23
|
permission_priority: "Priority"
|
|
24
|
+
permission_priority_help: "Set the order of permission in list, with 0 being the highest priority"
|
|
18
25
|
permission_visible: "Visible"
|
|
19
|
-
|
|
26
|
+
permission_visible_help: "Mark permission as publically visible to other users managing permissions"
|
|
27
|
+
select_permissions: "Select Permissions"
|
|
28
|
+
select_permission_sets: "Select Permission Sets"
|
|
29
|
+
atleast_one_permission_is_required: "Atleast One Permission Is Required"
|
|
30
|
+
atleast_one_permission_set_is_required: "Atleast One Permission Set Is Required"
|
|
31
|
+
permission_set_display_permission_help: "Set it to indicate that permission set provides permissions for display purposed only"
|
|
32
|
+
permission_set_admin_permission_required: "Ensure that the appropriate admin permission is included along with the resource permission if the user needs to access the admin interface"
|
|
33
|
+
unable_to_access_requested_resource: "You do not have access to the requested resource at %{request_path}"
|
data/config/routes.rb
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class CreateSpreePermissions < ActiveRecord::Migration
|
|
2
2
|
def change
|
|
3
3
|
create_table :spree_permissions do |t|
|
|
4
|
-
t.string :title, :
|
|
5
|
-
t.integer :priority, :
|
|
6
|
-
t.boolean :visible, :boolean, :
|
|
4
|
+
t.string :title, null: false, unique: true
|
|
5
|
+
t.integer :priority, default: 0
|
|
6
|
+
t.boolean :visible, :boolean, default: true
|
|
7
7
|
|
|
8
|
-
t.timestamps
|
|
8
|
+
t.timestamps null: false
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
add_index :spree_permissions, :visible
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
class CreateSpreeRolesPermissions < ActiveRecord::Migration
|
|
2
2
|
def change
|
|
3
|
-
create_table :spree_roles_permissions, :
|
|
4
|
-
t.integer :role_id, :
|
|
5
|
-
t.integer :permission_id, :
|
|
3
|
+
create_table :spree_roles_permissions, id: false do |t|
|
|
4
|
+
t.integer :role_id, null: false
|
|
5
|
+
t.integer :permission_id, null: false
|
|
6
6
|
end
|
|
7
7
|
|
|
8
8
|
add_index(:spree_roles_permissions, :role_id)
|
|
@@ -1,9 +1,8 @@
|
|
|
1
1
|
class AddEditableIsDefaultAndIndexOnEditableIsDefaultAndNameToSpreeRoles < ActiveRecord::Migration
|
|
2
2
|
def change
|
|
3
|
-
add_column :spree_roles, :editable, :boolean, :
|
|
4
|
-
add_column :spree_roles, :is_default, :boolean, :
|
|
3
|
+
add_column :spree_roles, :editable, :boolean, default: true
|
|
4
|
+
add_column :spree_roles, :is_default, :boolean, default: false
|
|
5
5
|
|
|
6
|
-
add_index(:spree_roles, :name)
|
|
7
6
|
add_index(:spree_roles, :is_default)
|
|
8
7
|
add_index(:spree_roles, :editable)
|
|
9
8
|
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
class CreateSpreeRolesPermissionSets < ActiveRecord::Migration[5.0]
|
|
2
|
+
def change
|
|
3
|
+
create_table :spree_roles_permission_sets do |t|
|
|
4
|
+
t.references :role, index: true, foreign_key: { to_table: :spree_roles }
|
|
5
|
+
t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
class CreateSpreePermissionsPermissionSets < ActiveRecord::Migration[5.0]
|
|
2
|
+
def change
|
|
3
|
+
create_table :spree_permissions_permission_sets do |t|
|
|
4
|
+
t.references :permission, index: true, foreign_key: { to_table: :spree_permissions }
|
|
5
|
+
t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
class DeprecateLegacyRolesAndPermissions < ActiveRecord::Migration[5.0]
|
|
2
|
+
def display_warning
|
|
3
|
+
ActiveSupport::Deprecation.warn('Direct relationship between roles and permissions is deprecated. Use #legacy_permissions to access old permissions')
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
def up
|
|
7
|
+
display_warning
|
|
8
|
+
ActiveSupport::Deprecation.warn('Creating Permission Sets from roles')
|
|
9
|
+
Spree::Role.find_each do |role|
|
|
10
|
+
permission_set = Spree::PermissionSet.where(name: role.name).first_or_create!
|
|
11
|
+
role_permissions = role.legacy_permissions
|
|
12
|
+
if role_permissions.present?
|
|
13
|
+
role_permissions.each do |permission|
|
|
14
|
+
permission_set.permissions << permission unless permission_set.permissions.include? permission
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
if permission_set.permissions.present?
|
|
18
|
+
permission_set.save!
|
|
19
|
+
role.permission_sets << permission_set
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def down
|
|
26
|
+
display_warning
|
|
27
|
+
ActiveSupport::Deprecation.warn('Cannot undo creation of permission sets, Down is treated as a NOOP')
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -2,7 +2,7 @@ module SpreeAdminRolesAndAccess
|
|
|
2
2
|
module Generators
|
|
3
3
|
class InstallGenerator < Rails::Generators::Base
|
|
4
4
|
|
|
5
|
-
class_option :auto_run_migrations, :
|
|
5
|
+
class_option :auto_run_migrations, type: :boolean, default: false
|
|
6
6
|
|
|
7
7
|
def add_javascripts
|
|
8
8
|
append_file 'vendor/assets/javascripts/spree/frontend/all.js', "\n//= require spree/frontend/spree_admin_roles_and_access\n"
|
|
@@ -10,8 +10,8 @@ module SpreeAdminRolesAndAccess
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def add_stylesheets
|
|
13
|
-
inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", :
|
|
14
|
-
inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", :
|
|
13
|
+
inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
|
|
14
|
+
inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def add_migrations
|
data/lib/spree/permissions.rb
CHANGED
|
@@ -16,16 +16,16 @@ module Spree
|
|
|
16
16
|
super
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
|
-
|
|
19
|
+
|
|
20
20
|
define_method('default-permissions') do |current_ability, user|
|
|
21
21
|
current_ability.can [:read, :update, :destroy], Spree.user_class do |resource|
|
|
22
22
|
resource == user
|
|
23
23
|
end
|
|
24
|
-
|
|
24
|
+
|
|
25
25
|
current_ability.can [:read, :update], Spree::Order do |order, token|
|
|
26
26
|
order.user == user || (order.guest_token && token == order.guest_token)
|
|
27
27
|
end
|
|
28
|
-
|
|
28
|
+
|
|
29
29
|
current_ability.can :create, Spree::Order
|
|
30
30
|
current_ability.can :read, Spree::Address do |address|
|
|
31
31
|
address.user == user
|
|
@@ -36,7 +36,7 @@ module Spree
|
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
define_method('default-admin-permissions') do |current_ability, user|
|
|
39
|
-
current_ability.can :admin, Spree::Store
|
|
39
|
+
current_ability.can :admin, Spree::Store
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
define_method('can-update-spree/users') do |current_ability, user|
|
|
@@ -53,14 +53,14 @@ module Spree
|
|
|
53
53
|
private
|
|
54
54
|
def find_action_and_subject(name)
|
|
55
55
|
can, action, subject, attribute = name.to_s.split('-')
|
|
56
|
-
|
|
56
|
+
|
|
57
57
|
if subject == 'all'
|
|
58
58
|
return can.to_sym, action.to_sym, subject.to_sym, attribute.try(:to_sym)
|
|
59
|
-
elsif (subject_class = subject.classify.safe_constantize) && subject_class.ancestors.include?(ActiveRecord::Base)
|
|
59
|
+
elsif (subject_class = subject.classify.safe_constantize) && subject_class.respond_to?(:ancestors) && subject_class.ancestors.include?(ActiveRecord::Base)
|
|
60
60
|
return can.to_sym, action.to_sym, subject_class, attribute.try(:to_sym)
|
|
61
61
|
else
|
|
62
62
|
return can.to_sym, action.to_sym, subject, attribute.try(:to_sym)
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
|
-
end
|
|
66
|
+
end
|
data/lib/tasks/populate.rake
CHANGED
|
@@ -1,79 +1,361 @@
|
|
|
1
1
|
namespace :spree_roles do
|
|
2
2
|
namespace :permissions do
|
|
3
|
-
desc "Create admin username and password"
|
|
4
|
-
task :populate => :environment do
|
|
5
|
-
admin = Spree::Role.where(name: 'admin').first_or_create!
|
|
6
|
-
user = Spree::Role.where(name: 'user').first_or_create!
|
|
7
|
-
user.is_default = true
|
|
8
|
-
user.save!
|
|
9
3
|
|
|
10
|
-
|
|
11
|
-
|
|
4
|
+
def description_from_title(title)
|
|
5
|
+
permission = title.split('/')
|
|
6
|
+
description = ["Permitted user"]
|
|
7
|
+
description << permission.first.gsub('-', '_').gsub('index', 'list').gsub('_spree', '').humanize
|
|
8
|
+
description << permission.second.titleize if permission[1].present?
|
|
9
|
+
description.join(" ")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def make_permission(title, priority)
|
|
13
|
+
permission = Spree::Permission.where(title: title).first_or_create!
|
|
14
|
+
permission.priority = priority
|
|
15
|
+
permission.description = description_from_title(title)
|
|
16
|
+
permission.save!
|
|
17
|
+
permission
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def make_permission_set(permissions, permission_set_name, description, display_permission: false)
|
|
21
|
+
permission_set = Spree::PermissionSet.where(name: permission_set_name).first_or_initialize
|
|
22
|
+
permission_set.description = description
|
|
23
|
+
permissions.each do |permission|
|
|
24
|
+
unless permission_set.permissions.include? permission
|
|
25
|
+
permission_set.permissions << permission
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
permission_set.display_permission = display_permission
|
|
29
|
+
permission_set.save!
|
|
30
|
+
permission_set
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def create_role_with_permission_sets(permission_sets, role)
|
|
34
|
+
role = Spree::Role.where(name: role).first_or_initialize
|
|
35
|
+
permission_sets.each do |permission_set|
|
|
36
|
+
unless role.permission_sets.include? permission_set
|
|
37
|
+
role.permission_sets << permission_set
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
role.save!
|
|
41
|
+
role
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def make_resource_permission_set(resource_name)
|
|
45
|
+
resource_admin_permission = make_permission("can-admin-#{ resource_name }", 3)
|
|
46
|
+
resource_read_permission = make_permission("can-read-#{ resource_name }", 3)
|
|
47
|
+
resource_index_permission = make_permission("can-index-#{ resource_name }", 3)
|
|
48
|
+
resource_update_permission = make_permission("can-update-#{ resource_name }", 3)
|
|
49
|
+
resource_create_permission = make_permission("can-create-#{ resource_name }", 3)
|
|
50
|
+
resource_delete_permission = make_permission("can-destroy-#{ resource_name }", 3)
|
|
51
|
+
resource_human_name = resource_name.gsub('/', '').gsub('spree', '').titleize
|
|
52
|
+
|
|
53
|
+
display = make_permission_set(
|
|
54
|
+
[resource_admin_permission, resource_read_permission, resource_index_permission],
|
|
55
|
+
"#{ resource_human_name } Display",
|
|
56
|
+
"Permitted user can view #{ resource_human_name }",
|
|
57
|
+
display_permission: true
|
|
58
|
+
)
|
|
59
|
+
|
|
60
|
+
edit = make_permission_set(
|
|
61
|
+
[resource_admin_permission, resource_update_permission, resource_create_permission],
|
|
62
|
+
"#{ resource_human_name } Manage",
|
|
63
|
+
"Permitted user can create or update #{ resource_human_name }"
|
|
64
|
+
)
|
|
65
|
+
|
|
66
|
+
delete = make_permission_set(
|
|
67
|
+
[resource_admin_permission, resource_delete_permission],
|
|
68
|
+
"#{ resource_human_name } Destroy",
|
|
69
|
+
"Permitted user can delete #{ resource_human_name }"
|
|
70
|
+
)
|
|
71
|
+
|
|
72
|
+
[display, edit, delete]
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def permission_prefix_from_name(name)
|
|
76
|
+
case name
|
|
77
|
+
when :admin
|
|
78
|
+
'can-admin'
|
|
79
|
+
when :new
|
|
80
|
+
'can-create'
|
|
81
|
+
when :show
|
|
82
|
+
'can-read'
|
|
83
|
+
when :delete
|
|
84
|
+
'can-delete'
|
|
85
|
+
when :index
|
|
86
|
+
'can-read'
|
|
87
|
+
when :update
|
|
88
|
+
'can-update'
|
|
89
|
+
when :manage
|
|
90
|
+
'can-manage'
|
|
91
|
+
else
|
|
92
|
+
"can-#{ name }"
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def make_grouped_permission_set(permission_group, permission_set_name, description, display: false)
|
|
97
|
+
permissions = permission_group.collect do |resource_name, permission_names|
|
|
98
|
+
permission_names.collect { |permission_name| make_permission("#{ permission_prefix_from_name(permission_name) }-#{ resource_name }", 3) }
|
|
99
|
+
end.flat_map
|
|
100
|
+
ps = make_permission_set(
|
|
101
|
+
permissions,
|
|
102
|
+
permission_set_name,
|
|
103
|
+
description
|
|
104
|
+
)
|
|
105
|
+
if display
|
|
106
|
+
ps.display_permission = display
|
|
107
|
+
ps.save!
|
|
108
|
+
end
|
|
109
|
+
ps
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def build_permission_group(permission_list)
|
|
113
|
+
group = {}
|
|
114
|
+
permission_list.each_slice(2) do |permissions, resource_class|
|
|
115
|
+
group[resource_class.to_s.underscore.pluralize] = permissions
|
|
116
|
+
end
|
|
117
|
+
group
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
def admin_controller?(controller_name)
|
|
121
|
+
return false unless controller_name
|
|
122
|
+
controller_name.include?('/admin/') && !controller_name.include?('/api/')
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
def permission_name(controller, action)
|
|
126
|
+
"#{ permission_prefix_from_name(action.to_sym) }-#{ controller.gsub('/admin','') }"
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def add_to_permission_set(permission_set, permissions)
|
|
130
|
+
permissions.each do |permission|
|
|
131
|
+
unless permission_set.permissions.include? permission
|
|
132
|
+
permission_set.permissions << permission
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
desc "Create admin username and password"
|
|
138
|
+
task populate: :environment do
|
|
139
|
+
default_permission = make_permission('default-permissions', 0)
|
|
140
|
+
default_permission_set = make_permission_set(
|
|
141
|
+
[default_permission],
|
|
142
|
+
'default',
|
|
143
|
+
'Permission for general users including the customers, Note: *users without this permission cannot checkout*'
|
|
144
|
+
)
|
|
145
|
+
default_role = create_role_with_permission_sets([default_permission_set], 'default')
|
|
146
|
+
default_role.is_default = true
|
|
147
|
+
default_role.save!
|
|
12
148
|
|
|
13
|
-
|
|
14
|
-
|
|
149
|
+
admin_permission = make_permission('can-manage-all', 0)
|
|
150
|
+
admin_permission_set = make_permission_set([admin_permission], 'admin', 'Can manage everything')
|
|
151
|
+
admin_role = create_role_with_permission_sets([admin_permission_set], 'admin')
|
|
152
|
+
admin_role.admin_accessible = true
|
|
153
|
+
admin_role.save!
|
|
15
154
|
end
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
155
|
+
|
|
156
|
+
desc "Create utility permission sets for common store admin tasks"
|
|
157
|
+
task populate_permission_sets: :environment do
|
|
158
|
+
config_management =
|
|
159
|
+
make_grouped_permission_set(
|
|
160
|
+
build_permission_group(
|
|
161
|
+
[
|
|
162
|
+
[:admin], Spree::Store,
|
|
163
|
+
[:admin, :manage], Spree::TaxCategory,
|
|
164
|
+
[:admin, :manage], Spree::TaxRate,
|
|
165
|
+
[:admin, :manage], Spree::Zone,
|
|
166
|
+
[:admin, :manage], Spree::Country,
|
|
167
|
+
[:admin, :manage], Spree::State,
|
|
168
|
+
[:admin, :manage], Spree::PaymentMethod,
|
|
169
|
+
[:admin, :manage], Spree::Taxonomy,
|
|
170
|
+
[:admin, :manage], Spree::ShippingMethod,
|
|
171
|
+
[:admin, :manage], Spree::ShippingCategory,
|
|
172
|
+
[:admin, :manage], Spree::StockLocation,
|
|
173
|
+
[:admin, :manage], Spree::StockTransfer,
|
|
174
|
+
[:admin, :manage], Spree::StockMovement,
|
|
175
|
+
[:admin, :manage], Spree::RefundReason,
|
|
176
|
+
[:admin, :manage], Spree::ReturnAuthorizationReason,
|
|
177
|
+
[:admin, :manage], Spree::ReimbursementType
|
|
178
|
+
]
|
|
179
|
+
),
|
|
180
|
+
"Configuration Management",
|
|
181
|
+
"Manage configuration of spree store 1:1 mapping of all options available in submenu/configuration."
|
|
182
|
+
)
|
|
183
|
+
|
|
184
|
+
admin_general_settings_admin = make_permission('can-admin-spree/admin/general_settings', 3)
|
|
185
|
+
admin_general_settings_manage = make_permission('can-manage-spree/admin/general_settings', 3)
|
|
186
|
+
|
|
187
|
+
add_to_permission_set(config_management, [admin_general_settings_admin, admin_general_settings_manage])
|
|
188
|
+
|
|
189
|
+
order_display =
|
|
190
|
+
make_grouped_permission_set(
|
|
191
|
+
build_permission_group(
|
|
192
|
+
[
|
|
193
|
+
[:admin, :read, :edit], Spree::User,
|
|
194
|
+
[:read, :admin, :edit, :cart], Spree::Order,
|
|
195
|
+
[:read, :admin], Spree::Payment,
|
|
196
|
+
[:read, :admin], Spree::Shipment,
|
|
197
|
+
[:read, :admin], Spree::Adjustment,
|
|
198
|
+
[:read, :admin], Spree::LineItem,
|
|
199
|
+
[:read, :admin], Spree::ReturnAuthorization,
|
|
200
|
+
[:read, :admin], Spree::CustomerReturn,
|
|
201
|
+
[:read, :admin], Spree::Reimbursement,
|
|
202
|
+
[:read, :admin], Spree::ReturnItem,
|
|
203
|
+
[:read, :admin], Spree::Refund
|
|
204
|
+
]
|
|
205
|
+
),
|
|
206
|
+
"Order Display",
|
|
207
|
+
"Display Orders",
|
|
208
|
+
display: true
|
|
209
|
+
)
|
|
210
|
+
|
|
211
|
+
|
|
212
|
+
admin_return_idx = make_permission('can-admin-spree/admin/return_index', 3)
|
|
213
|
+
manage_return_idx = make_permission('can-manage-spree/admin/return_index', 3)
|
|
214
|
+
return_auth = make_permission('can-return_authorizations-spree/admin/return_index', 3)
|
|
215
|
+
customer_auth = make_permission('can-customer_returns-spree/admin/return_index', 3)
|
|
216
|
+
|
|
217
|
+
# Required because of access of returns
|
|
218
|
+
add_to_permission_set(order_display, [admin_return_idx, return_auth, customer_auth])
|
|
219
|
+
|
|
220
|
+
order_mgmt = make_grouped_permission_set(
|
|
221
|
+
build_permission_group(
|
|
222
|
+
[
|
|
223
|
+
[:admin, :read], Spree::ReimbursementType,
|
|
224
|
+
[:admin, :read, :edit], Spree::User,
|
|
225
|
+
[:admin, :manage], Spree::Order,
|
|
226
|
+
[:admin, :manage], Spree::Payment,
|
|
227
|
+
[:admin, :manage], Spree::Shipment,
|
|
228
|
+
[:admin, :manage], Spree::Adjustment,
|
|
229
|
+
[:admin, :manage], Spree::LineItem,
|
|
230
|
+
[:admin, :manage], Spree::ReturnAuthorization,
|
|
231
|
+
[:admin, :manage], Spree::CustomerReturn,
|
|
232
|
+
[:admin, :manage], Spree::Reimbursement,
|
|
233
|
+
[:admin, :manage], Spree::ReturnItem,
|
|
234
|
+
[:admin, :manage], Spree::Refund
|
|
235
|
+
]
|
|
236
|
+
),
|
|
237
|
+
"Order Management",
|
|
238
|
+
"Manage Orders"
|
|
239
|
+
)
|
|
240
|
+
|
|
241
|
+
add_to_permission_set(order_mgmt, [admin_return_idx, manage_return_idx])
|
|
242
|
+
|
|
243
|
+
make_grouped_permission_set(
|
|
244
|
+
build_permission_group(
|
|
245
|
+
[
|
|
246
|
+
[:read, :admin, :edit], Spree::Product,
|
|
247
|
+
[:read, :admin], Spree::Image,
|
|
248
|
+
[:read, :admin], Spree::Variant,
|
|
249
|
+
[:read, :admin], Spree::OptionValue,
|
|
250
|
+
[:read, :admin], Spree::ProductProperty,
|
|
251
|
+
[:read, :admin], Spree::OptionType,
|
|
252
|
+
[:read, :admin], Spree::Property,
|
|
253
|
+
[:read, :admin], Spree::Taxonomy,
|
|
254
|
+
[:read, :admin], Spree::Taxon,
|
|
255
|
+
[:admin, :read], Spree::Classification
|
|
256
|
+
]
|
|
257
|
+
),
|
|
258
|
+
"Product Display",
|
|
259
|
+
"Display Products",
|
|
260
|
+
display: true
|
|
261
|
+
)
|
|
262
|
+
|
|
263
|
+
make_grouped_permission_set(
|
|
264
|
+
build_permission_group(
|
|
265
|
+
[
|
|
266
|
+
[:admin, :manage], Spree::Product,
|
|
267
|
+
[:admin, :manage], Spree::ProductOptionType,
|
|
268
|
+
[:manage, :admin], Spree::Image,
|
|
269
|
+
[:manage, :admin], Spree::Variant,
|
|
270
|
+
[:manage, :admin], Spree::OptionValue,
|
|
271
|
+
[:admin, :manage], Spree::ProductProperty,
|
|
272
|
+
[:admin, :manage], Spree::OptionType,
|
|
273
|
+
[:admin, :manage], Spree::Property,
|
|
274
|
+
[:admin, :manage], Spree::Taxonomy,
|
|
275
|
+
[:admin, :manage], Spree::Taxon,
|
|
276
|
+
[:admin, :manage], Spree::Classification
|
|
277
|
+
]
|
|
278
|
+
),
|
|
279
|
+
"Product Management",
|
|
280
|
+
"Manage Products"
|
|
281
|
+
)
|
|
282
|
+
|
|
283
|
+
make_grouped_permission_set(
|
|
284
|
+
build_permission_group(
|
|
285
|
+
[
|
|
286
|
+
[:read, :admin, :edit], Spree::Promotion,
|
|
287
|
+
[:read, :admin, :edit], Spree::PromotionCategory,
|
|
288
|
+
[:read, :admin], Spree::PromotionRule,
|
|
289
|
+
[:read, :admin], Spree::PromotionAction,
|
|
290
|
+
]
|
|
291
|
+
),
|
|
292
|
+
"Promotion Display",
|
|
293
|
+
"Promotion Display",
|
|
294
|
+
display: true
|
|
295
|
+
)
|
|
296
|
+
|
|
297
|
+
|
|
298
|
+
make_grouped_permission_set(
|
|
299
|
+
build_permission_group(
|
|
300
|
+
[
|
|
301
|
+
[:admin, :manage], Spree::Promotion,
|
|
302
|
+
[:admin, :manage], Spree::PromotionRule,
|
|
303
|
+
[:admin, :manage], Spree::PromotionAction,
|
|
304
|
+
[:admin, :manage], Spree::PromotionCategory
|
|
305
|
+
]
|
|
306
|
+
),
|
|
307
|
+
"Promotion management",
|
|
308
|
+
"Promotion management"
|
|
309
|
+
)
|
|
310
|
+
|
|
311
|
+
make_grouped_permission_set(
|
|
312
|
+
build_permission_group(
|
|
313
|
+
[
|
|
314
|
+
[:admin], Spree::Store,
|
|
315
|
+
[:manage, :admin], Spree::StockItem,
|
|
316
|
+
[:manage, :admin], Spree::StockLocation,
|
|
317
|
+
[:admin, :manage], Spree::StockMovement,
|
|
318
|
+
[:admin, :manage], Spree::StockTransfer,
|
|
319
|
+
]
|
|
320
|
+
),
|
|
321
|
+
"Stock Management",
|
|
322
|
+
"Manage Stock"
|
|
323
|
+
)
|
|
324
|
+
|
|
325
|
+
make_grouped_permission_set(
|
|
326
|
+
build_permission_group(
|
|
327
|
+
[
|
|
328
|
+
[:admin], Spree::Store,
|
|
329
|
+
[:admin, :manage], Spree::StoreCreditCategory,
|
|
330
|
+
[:admin, :manage], Spree::StoreCredit,
|
|
331
|
+
[:admin, :read, :edit], Spree::User
|
|
332
|
+
]
|
|
333
|
+
),
|
|
334
|
+
"Store Credit Managment",
|
|
335
|
+
"Store Credit Management"
|
|
336
|
+
)
|
|
337
|
+
|
|
338
|
+
|
|
339
|
+
user_display, user_edit, user_delete = make_resource_permission_set('spree/users')
|
|
340
|
+
|
|
341
|
+
[
|
|
342
|
+
make_permission('can-orders-spree/users', 3),
|
|
343
|
+
make_permission('can-edit-spree/users', 3),
|
|
344
|
+
make_permission('can-items-spree/users', 3),
|
|
345
|
+
make_permission('can-addresses-spree/users', 3),
|
|
346
|
+
make_permission('can-admin-spree/store_credits', 3),
|
|
347
|
+
make_permission('can-read-spree/store_credits', 3),
|
|
348
|
+
make_permission('can-orders-spree/users', 3),
|
|
349
|
+
make_permission('can-edit-spree/users', 3),
|
|
350
|
+
make_permission('can-items-spree/users', 3),
|
|
351
|
+
make_permission('can-addresses-spree/users', 3),
|
|
352
|
+
make_permission('can-read-spree/store_credits', 3)
|
|
353
|
+
].each do |permission|
|
|
354
|
+
unless user_display.permissions.include? permission
|
|
355
|
+
user_display.permissions << permission
|
|
356
|
+
end
|
|
357
|
+
end
|
|
77
358
|
end
|
|
359
|
+
|
|
78
360
|
end
|
|
79
|
-
end
|
|
361
|
+
end
|