RubyGems - spree_admin_roles_and_access - Versions diffs - 2.0.0 → 3.2.1.beta - Mend

spree_admin_roles_and_access 2.0.0 → 3.2.1.beta

Files changed (49) hide show

data/config/initializers/constants.rb CHANGED Viewed

@@ -1,2 +1,2 @@
-PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number})
-NEW_ACTIONS = [:new, :create]
+PARAM_ATTRIBUTE = Hash.new(:id).merge({"products" => :slug, "orders" => :number, "shipments" => :number, "payments" => :number})
+NEW_ACTIONS = [:new, :create]

data/config/locales/en.yml CHANGED Viewed

@@ -10,10 +10,24 @@ en:
     role_name: "Name"
     role_editable: "Editable"
     role_is_default: "Is default"
+    role_is_default_help: "Roles marked as default are applicable to all users who have no explicit roles assigned"
+    role_admin_accessible_help: "Roles marked as admin accessible indicate that the user has access to admin interface via the role"
     permissions: "Permissions"
     save_changes: "Save Changes"
     new_permission: "New Permission"
+    permission_set_name: "Name"
+    permission_set_description: "Description"
+    permission_set_display_permission: "Display Permission"
+    permission_set_permissions: "Permissions"
     permission_title: "Title"
     permission_priority: "Priority"
+    permission_priority_help: "Set the order of permission in list, with 0 being the highest priority"
     permission_visible: "Visible"
-    permission_boolean: "Boolean"
+    permission_visible_help: "Mark permission as publically visible to other users managing permissions"
+    select_permissions: "Select Permissions"
+    select_permission_sets: "Select Permission Sets"
+    atleast_one_permission_is_required: "Atleast One Permission Is Required"
+    atleast_one_permission_set_is_required: "Atleast One Permission Set Is Required"
+    permission_set_display_permission_help: "Set it to indicate that permission set provides permissions for display purposed only"
+    permission_set_admin_permission_required: "Ensure that the appropriate admin permission is included along with the resource permission if the user needs to access the admin interface"
+    unable_to_access_requested_resource: "You do not have access to the requested resource at %{request_path}"

data/config/routes.rb CHANGED Viewed

@@ -2,5 +2,7 @@ Spree::Core::Engine.routes.draw do
   namespace :admin do
     resources :roles, except: [:show]
     resources :permissions, except: [:show]
+    resources :permission_sets
+    resource :default_admin_dashboard, only: :show
   end
 end

data/db/migrate/20130709104101_create_spree_permissions.rb CHANGED Viewed

@@ -1,11 +1,11 @@
 class CreateSpreePermissions < ActiveRecord::Migration
   def change
     create_table :spree_permissions do |t|
-      t.string :title, :null => false, :unique => true
-      t.integer :priority, :default => 0
-      t.boolean :visible, :boolean, :default => true
+      t.string :title, null: false, unique: true
+      t.integer :priority, default: 0
+      t.boolean :visible, :boolean, default: true
-      t.timestamps
+      t.timestamps null: false
     end
     add_index :spree_permissions, :visible

data/db/migrate/20130709104945_create_spree_roles_permissions.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 class CreateSpreeRolesPermissions < ActiveRecord::Migration
   def change
-    create_table :spree_roles_permissions, :id => false do |t|
-      t.integer :role_id, :null => false
-      t.integer :permission_id, :null => false
+    create_table :spree_roles_permissions, id: false do |t|
+      t.integer :role_id, null: false
+      t.integer :permission_id, null: false
     end
     add_index(:spree_roles_permissions, :role_id)

data/db/migrate/20130709105614_add_editable_is_default_and_index_on_editable_is_default_and_name_to_spree_roles.rb CHANGED Viewed

@@ -1,9 +1,8 @@
 class AddEditableIsDefaultAndIndexOnEditableIsDefaultAndNameToSpreeRoles < ActiveRecord::Migration
   def change
-    add_column :spree_roles, :editable, :boolean, :default => true
-    add_column :spree_roles, :is_default, :boolean, :default => false
+    add_column :spree_roles, :editable, :boolean, default: true
+    add_column :spree_roles, :is_default, :boolean, default: false
-    add_index(:spree_roles, :name)
     add_index(:spree_roles, :is_default)
     add_index(:spree_roles, :editable)
   end

data/db/migrate/20170503090436_create_spree_permission_sets.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateSpreePermissionSets < ActiveRecord::Migration[5.0]
+  def change
+    create_table :spree_permission_sets do |t|
+      t.string :name, null: false, unique: true
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20170503091013_create_spree_roles_permission_sets.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class CreateSpreeRolesPermissionSets < ActiveRecord::Migration[5.0]
+  def change
+    create_table :spree_roles_permission_sets do |t|
+      t.references :role, index: true, foreign_key: { to_table: :spree_roles }
+      t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
+    end
+  end
+end

data/db/migrate/20170503101648_create_spree_permissions_permission_sets.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class CreateSpreePermissionsPermissionSets < ActiveRecord::Migration[5.0]
+  def change
+    create_table :spree_permissions_permission_sets do |t|
+      t.references :permission, index: true, foreign_key: { to_table: :spree_permissions }
+      t.references :permission_set, index: true, foreign_key: { to_table: :spree_permission_sets }
+    end
+  end
+end

data/db/migrate/20170508082615_add_description_to_permissions_and_permission_sets.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AddDescriptionToPermissionsAndPermissionSets < ActiveRecord::Migration[5.0]
+  def change
+    add_column :spree_permissions, :description, :string, default: ''
+    add_column :spree_permission_sets, :description, :string, default: ''
+  end
+end

data/db/migrate/20170508082722_add_display_boolean_to_permission_sets.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddDisplayBooleanToPermissionSets < ActiveRecord::Migration[5.0]
+  def change
+    add_column :spree_permission_sets, :display_permission, :boolean, default: false
+  end
+end

data/db/migrate/20170508091139_deprecate_legacy_roles_and_permissions.rb ADDED Viewed

@@ -0,0 +1,29 @@
+class DeprecateLegacyRolesAndPermissions < ActiveRecord::Migration[5.0]
+  def display_warning
+    ActiveSupport::Deprecation.warn('Direct relationship between roles and permissions is deprecated. Use #legacy_permissions to access old permissions')
+  end
+  def up
+    display_warning
+    ActiveSupport::Deprecation.warn('Creating Permission Sets from roles')
+    Spree::Role.find_each do |role|
+      permission_set = Spree::PermissionSet.where(name: role.name).first_or_create!
+      role_permissions = role.legacy_permissions
+      if role_permissions.present?
+        role_permissions.each do |permission|
+          permission_set.permissions << permission unless permission_set.permissions.include? permission
+        end
+        if permission_set.permissions.present?
+          permission_set.save!
+          role.permission_sets << permission_set
+        end
+      end
+    end
+  end
+  def down
+    display_warning
+    ActiveSupport::Deprecation.warn('Cannot undo creation of permission sets, Down is treated as a NOOP')
+  end
+end

data/db/migrate/20170509082144_remove_column_boolean_from_permissions.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class RemoveColumnBooleanFromPermissions < ActiveRecord::Migration[5.0]
+  def change
+    remove_column :spree_permissions, :boolean, :boolean, default: true
+  end
+end

data/db/migrate/20170509090346_add_admin_boolean_to_roles.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddAdminBooleanToRoles < ActiveRecord::Migration[5.0]
+  def change
+    add_column :spree_roles, :admin_accessible, :boolean, default: false
+  end
+end

data/lib/generators/spree_admin_roles_and_access/install/install_generator.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module SpreeAdminRolesAndAccess
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      class_option :auto_run_migrations, :type => :boolean, :default => false
+      class_option :auto_run_migrations, type: :boolean, default: false
       def add_javascripts
         append_file 'vendor/assets/javascripts/spree/frontend/all.js', "\n//= require spree/frontend/spree_admin_roles_and_access\n"
@@ -10,8 +10,8 @@ module SpreeAdminRolesAndAccess
       end
       def add_stylesheets
-        inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", :before => /\*\//, :verbose => true
-        inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", :before => /\*\//, :verbose => true
+        inject_into_file 'vendor/assets/stylesheets/spree/frontend/all.css', " *= require spree/frontend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
+        inject_into_file 'vendor/assets/stylesheets/spree/backend/all.css', " *= require spree/backend/spree_admin_roles_and_access\n", before: /\*\//, verbose: true
       end
       def add_migrations

data/lib/spree/permissions.rb CHANGED Viewed

@@ -16,16 +16,16 @@ module Spree
         super
       end
     end
     define_method('default-permissions') do |current_ability, user|
       current_ability.can [:read, :update, :destroy], Spree.user_class do |resource|
         resource == user
       end
       current_ability.can [:read, :update], Spree::Order do |order, token|
         order.user == user || (order.guest_token && token == order.guest_token)
       end
       current_ability.can :create, Spree::Order
       current_ability.can :read, Spree::Address do |address|
         address.user == user
@@ -36,7 +36,7 @@ module Spree
     end
     define_method('default-admin-permissions') do |current_ability, user|
-      current_ability.can :admin, Spree::Store.default
+      current_ability.can :admin, Spree::Store
     end
     define_method('can-update-spree/users') do |current_ability, user|
@@ -53,14 +53,14 @@ module Spree
     private
       def find_action_and_subject(name)
         can, action, subject, attribute = name.to_s.split('-')
         if subject == 'all'
           return can.to_sym, action.to_sym, subject.to_sym, attribute.try(:to_sym)
-        elsif (subject_class = subject.classify.safe_constantize) && subject_class.ancestors.include?(ActiveRecord::Base)
+        elsif (subject_class = subject.classify.safe_constantize) && subject_class.respond_to?(:ancestors) && subject_class.ancestors.include?(ActiveRecord::Base)
           return can.to_sym, action.to_sym, subject_class, attribute.try(:to_sym)
         else
           return can.to_sym, action.to_sym, subject, attribute.try(:to_sym)
         end
       end
   end
-end
+end

data/lib/tasks/populate.rake CHANGED Viewed

@@ -1,79 +1,361 @@
 namespace :spree_roles do
   namespace :permissions do
-    desc "Create admin username and password"
-    task :populate => :environment do
-      admin = Spree::Role.where(name: 'admin').first_or_create!
-      user = Spree::Role.where(name: 'user').first_or_create!
-      user.is_default = true
-      user.save!
-      permission1 = Spree::Permission.where(title: 'can-manage-all', priority: 0).first_or_create!
-      permission2 = Spree::Permission.where(title: 'default-permissions', priority: 1).first_or_create!
+    def description_from_title(title)
+      permission = title.split('/')
+      description = ["Permitted user"]
+      description << permission.first.gsub('-', '_').gsub('index', 'list').gsub('_spree', '').humanize
+      description << permission.second.titleize if permission[1].present?
+      description.join(" ")
+    end
+    def make_permission(title, priority)
+      permission = Spree::Permission.where(title: title).first_or_create!
+      permission.priority =  priority
+      permission.description = description_from_title(title)
+      permission.save!
+      permission
+    end
+    def make_permission_set(permissions, permission_set_name, description, display_permission: false)
+      permission_set = Spree::PermissionSet.where(name: permission_set_name).first_or_initialize
+      permission_set.description = description
+      permissions.each do |permission|
+        unless permission_set.permissions.include? permission
+          permission_set.permissions << permission
+        end
+      end
+      permission_set.display_permission = display_permission
+      permission_set.save!
+      permission_set
+    end
+    def create_role_with_permission_sets(permission_sets, role)
+      role = Spree::Role.where(name: role).first_or_initialize
+      permission_sets.each do |permission_set|
+        unless role.permission_sets.include? permission_set
+          role.permission_sets << permission_set
+        end
+      end
+      role.save!
+      role
+    end
+    def make_resource_permission_set(resource_name)
+      resource_admin_permission  = make_permission("can-admin-#{ resource_name }", 3)
+      resource_read_permission   = make_permission("can-read-#{ resource_name }", 3)
+      resource_index_permission  = make_permission("can-index-#{ resource_name }", 3)
+      resource_update_permission = make_permission("can-update-#{ resource_name }", 3)
+      resource_create_permission = make_permission("can-create-#{ resource_name }", 3)
+      resource_delete_permission = make_permission("can-destroy-#{ resource_name }", 3)
+      resource_human_name = resource_name.gsub('/', '').gsub('spree', '').titleize
+      display = make_permission_set(
+        [resource_admin_permission, resource_read_permission, resource_index_permission],
+        "#{ resource_human_name  } Display",
+        "Permitted user can view #{ resource_human_name }",
+        display_permission: true
+      )
+      edit = make_permission_set(
+        [resource_admin_permission, resource_update_permission, resource_create_permission],
+        "#{ resource_human_name } Manage",
+        "Permitted user can create or update #{ resource_human_name }"
+      )
+      delete = make_permission_set(
+        [resource_admin_permission, resource_delete_permission],
+        "#{ resource_human_name } Destroy",
+        "Permitted user can delete #{ resource_human_name }"
+      )
+      [display, edit, delete]
+    end
+    def permission_prefix_from_name(name)
+      case name
+      when :admin
+        'can-admin'
+      when :new
+        'can-create'
+      when :show
+        'can-read'
+      when :delete
+        'can-delete'
+      when :index
+        'can-read'
+      when :update
+        'can-update'
+      when :manage
+        'can-manage'
+      else
+        "can-#{ name }"
+      end
+    end
+    def make_grouped_permission_set(permission_group, permission_set_name, description, display: false)
+      permissions = permission_group.collect do |resource_name, permission_names|
+        permission_names.collect { |permission_name| make_permission("#{ permission_prefix_from_name(permission_name) }-#{ resource_name }", 3) }
+      end.flat_map
+      ps = make_permission_set(
+        permissions,
+        permission_set_name,
+        description
+      )
+      if display
+        ps.display_permission = display
+        ps.save!
+      end
+      ps
+    end
+    def build_permission_group(permission_list)
+      group = {}
+      permission_list.each_slice(2) do |permissions, resource_class|
+        group[resource_class.to_s.underscore.pluralize] = permissions
+      end
+      group
+    end
+    def admin_controller?(controller_name)
+      return false unless controller_name
+      controller_name.include?('/admin/') && !controller_name.include?('/api/')
+    end
+    def permission_name(controller, action)
+      "#{ permission_prefix_from_name(action.to_sym) }-#{ controller.gsub('/admin','') }"
+    end
+    def add_to_permission_set(permission_set, permissions)
+      permissions.each do |permission|
+        unless permission_set.permissions.include? permission
+          permission_set.permissions << permission
+        end
+      end
+    end
+    desc "Create admin username and password"
+    task populate: :environment do
+      default_permission = make_permission('default-permissions', 0)
+      default_permission_set = make_permission_set(
+        [default_permission],
+        'default',
+        'Permission for general users including the customers, Note: *users without this permission cannot checkout*'
+      )
+      default_role = create_role_with_permission_sets([default_permission_set], 'default')
+      default_role.is_default = true
+      default_role.save!
-      user.permissions = [permission2]
-      admin.permissions = [permission1]
+      admin_permission = make_permission('can-manage-all', 0)
+      admin_permission_set = make_permission_set([admin_permission], 'admin', 'Can manage everything')
+      admin_role = create_role_with_permission_sets([admin_permission_set], 'admin')
+      admin_role.admin_accessible = true
+      admin_role.save!
     end
-    task :populate_other_roles => :environment do
-      manager = Spree::Role.where(name: 'manager').first_or_create!
-      customer_service = Spree::Role.where(name: 'customer service').first_or_create!
-      warehouse = Spree::Role.where(name: 'warehouse').first_or_create!
-      permission2 = Spree::Permission.where(title: 'default-permissions', priority: 1).first_or_create!
-      permission3 = Spree::Permission.where(title: 'can-manage-spree/products', priority: 2).first_or_create!
-      permission4 = Spree::Permission.where(title: 'can-manage-spree/orders', priority: 2).first_or_create!
-      permission5 = Spree::Permission.where(title: 'can-manage-spree/users', priority: 2).first_or_create!
-      permission6 = Spree::Permission.where(title: 'can-manage-spree/stock_locations', priority: 2).first_or_create!
-      permission7 = Spree::Permission.where(title: 'can-read-spree/products', priority: 3).first_or_create!
-      permission8 = Spree::Permission.where(title: 'can-index-spree/products', priority: 3).first_or_create!
-      permission9 = Spree::Permission.where(title: 'can-update-spree/products', priority: 3).first_or_create!
-      permission10 = Spree::Permission.where(title: 'can-create-spree/products', priority: 3).first_or_create!
-      permission11 = Spree::Permission.where(title: 'can-read-spree/users', priority: 3).first_or_create!
-      permission12 = Spree::Permission.where(title: 'can-index-spree/users', priority: 3).first_or_create!
-      permission13 = Spree::Permission.where(title: 'can-update-spree/users', priority: 3).first_or_create!
-      permission14 = Spree::Permission.where(title: 'can-create-spree/users', priority: 3).first_or_create!
-      permission15 = Spree::Permission.where(title: 'can-read-spree/orders', priority: 3).first_or_create!
-      permission16 = Spree::Permission.where(title: 'can-index-spree/orders', priority: 3).first_or_create!
-      permission17 = Spree::Permission.where(title: 'can-update-spree/orders', priority: 3).first_or_create!
-      permission18 = Spree::Permission.where(title: 'can-create-spree/orders', priority: 3).first_or_create!
-      permission19 = Spree::Permission.where(title: 'can-read-spree/stock_locations', priority: 3).first_or_create!
-      permission20 = Spree::Permission.where(title: 'can-index-spree/stock_locations', priority: 3).first_or_create!
-      permission21 = Spree::Permission.where(title: 'can-update-spree/stock_locations', priority: 3).first_or_create!
-      permission22 = Spree::Permission.where(title: 'can-create-spree/stock_locations', priority: 3).first_or_create!
-      permission23 = Spree::Permission.where(title: 'can-manage-spree/taxons', priority: 2).first_or_create!
-      permission24 = Spree::Permission.where(title: 'can-manage-spree/option_types', priority: 2).first_or_create!
-      permission25 = Spree::Permission.where(title: 'can-manage-spree/taxonomies', priority: 2).first_or_create!
-      permission26 = Spree::Permission.where(title: 'can-manage-spree/images', priority: 2).first_or_create!
-      permission27 = Spree::Permission.where(title: 'can-manage-spree/product_properties', priority: 2).first_or_create!
-      permission28 = Spree::Permission.where(title: 'can-manage-spree/stocks', priority: 2).first_or_create!
-      manager.permissions = [ permission2,
-                              permission3,
-                              permission4,
-                              permission24,
-                              permission25,
-                              permission26,
-                              permission27,
-                              permission28,
-                              permission6
-                            ]
-      customer_service.permissions =  [ permission2,
-                                        permission15,
-                                        permission16,
-                                        permission17
-                                      ]
-      warehouse.permissions = [ permission2,
-                                permission4,
-                                permission6,
-                                permission15,
-                                permission16,
-                                permission17,
-                                permission28
-                              ]
+    desc "Create utility permission sets for common store admin tasks"
+    task populate_permission_sets: :environment do
+      config_management =
+        make_grouped_permission_set(
+          build_permission_group(
+            [
+              [:admin], Spree::Store,
+              [:admin, :manage], Spree::TaxCategory,
+              [:admin, :manage], Spree::TaxRate,
+              [:admin, :manage], Spree::Zone,
+              [:admin, :manage], Spree::Country,
+              [:admin, :manage], Spree::State,
+              [:admin, :manage], Spree::PaymentMethod,
+              [:admin, :manage], Spree::Taxonomy,
+              [:admin, :manage], Spree::ShippingMethod,
+              [:admin, :manage], Spree::ShippingCategory,
+              [:admin, :manage], Spree::StockLocation,
+              [:admin, :manage], Spree::StockTransfer,
+              [:admin, :manage], Spree::StockMovement,
+              [:admin, :manage], Spree::RefundReason,
+              [:admin, :manage], Spree::ReturnAuthorizationReason,
+              [:admin, :manage], Spree::ReimbursementType
+            ]
+          ),
+          "Configuration Management",
+          "Manage configuration of spree store 1:1 mapping of all options available in submenu/configuration."
+        )
+      admin_general_settings_admin = make_permission('can-admin-spree/admin/general_settings', 3)
+      admin_general_settings_manage = make_permission('can-manage-spree/admin/general_settings', 3)
+      add_to_permission_set(config_management, [admin_general_settings_admin, admin_general_settings_manage])
+      order_display =
+        make_grouped_permission_set(
+          build_permission_group(
+            [
+              [:admin, :read, :edit], Spree::User,
+              [:read, :admin, :edit, :cart], Spree::Order,
+              [:read, :admin], Spree::Payment,
+              [:read, :admin], Spree::Shipment,
+              [:read, :admin], Spree::Adjustment,
+              [:read, :admin], Spree::LineItem,
+              [:read, :admin], Spree::ReturnAuthorization,
+              [:read, :admin], Spree::CustomerReturn,
+              [:read, :admin], Spree::Reimbursement,
+              [:read, :admin], Spree::ReturnItem,
+              [:read, :admin], Spree::Refund
+            ]
+          ),
+          "Order Display",
+          "Display Orders",
+          display: true
+        )
+      admin_return_idx = make_permission('can-admin-spree/admin/return_index', 3)
+      manage_return_idx = make_permission('can-manage-spree/admin/return_index', 3)
+      return_auth      = make_permission('can-return_authorizations-spree/admin/return_index', 3)
+      customer_auth    = make_permission('can-customer_returns-spree/admin/return_index', 3)
+      # Required because of access of returns
+      add_to_permission_set(order_display, [admin_return_idx, return_auth, customer_auth])
+      order_mgmt = make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:admin, :read], Spree::ReimbursementType,
+            [:admin, :read, :edit], Spree::User,
+            [:admin, :manage], Spree::Order,
+            [:admin, :manage], Spree::Payment,
+            [:admin, :manage], Spree::Shipment,
+            [:admin, :manage], Spree::Adjustment,
+            [:admin, :manage], Spree::LineItem,
+            [:admin, :manage], Spree::ReturnAuthorization,
+            [:admin, :manage], Spree::CustomerReturn,
+            [:admin, :manage], Spree::Reimbursement,
+            [:admin, :manage], Spree::ReturnItem,
+            [:admin, :manage], Spree::Refund
+          ]
+        ),
+        "Order Management",
+        "Manage Orders"
+      )
+      add_to_permission_set(order_mgmt, [admin_return_idx, manage_return_idx])
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:read, :admin, :edit], Spree::Product,
+            [:read, :admin], Spree::Image,
+            [:read, :admin], Spree::Variant,
+            [:read, :admin], Spree::OptionValue,
+            [:read, :admin], Spree::ProductProperty,
+            [:read, :admin], Spree::OptionType,
+            [:read, :admin], Spree::Property,
+            [:read, :admin], Spree::Taxonomy,
+            [:read, :admin], Spree::Taxon,
+            [:admin, :read], Spree::Classification
+          ]
+        ),
+        "Product Display",
+        "Display Products",
+        display: true
+      )
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:admin, :manage], Spree::Product,
+            [:admin, :manage], Spree::ProductOptionType,
+            [:manage, :admin], Spree::Image,
+            [:manage, :admin], Spree::Variant,
+            [:manage, :admin], Spree::OptionValue,
+            [:admin, :manage], Spree::ProductProperty,
+            [:admin, :manage], Spree::OptionType,
+            [:admin, :manage], Spree::Property,
+            [:admin, :manage], Spree::Taxonomy,
+            [:admin, :manage], Spree::Taxon,
+            [:admin, :manage], Spree::Classification
+          ]
+        ),
+        "Product Management",
+        "Manage Products"
+      )
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:read, :admin, :edit], Spree::Promotion,
+            [:read, :admin, :edit], Spree::PromotionCategory,
+            [:read, :admin], Spree::PromotionRule,
+            [:read, :admin], Spree::PromotionAction,
+          ]
+        ),
+        "Promotion Display",
+        "Promotion Display",
+        display: true
+      )
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:admin, :manage], Spree::Promotion,
+            [:admin, :manage], Spree::PromotionRule,
+            [:admin, :manage], Spree::PromotionAction,
+            [:admin, :manage], Spree::PromotionCategory
+          ]
+        ),
+        "Promotion management",
+        "Promotion management"
+      )
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:admin], Spree::Store,
+            [:manage, :admin], Spree::StockItem,
+            [:manage, :admin], Spree::StockLocation,
+            [:admin, :manage], Spree::StockMovement,
+            [:admin, :manage], Spree::StockTransfer,
+          ]
+        ),
+        "Stock Management",
+        "Manage Stock"
+      )
+      make_grouped_permission_set(
+        build_permission_group(
+          [
+            [:admin], Spree::Store,
+            [:admin, :manage], Spree::StoreCreditCategory,
+            [:admin, :manage], Spree::StoreCredit,
+            [:admin, :read, :edit], Spree::User
+          ]
+        ),
+        "Store Credit Managment",
+        "Store Credit Management"
+      )
+      user_display, user_edit, user_delete = make_resource_permission_set('spree/users')
+      [
+        make_permission('can-orders-spree/users', 3),
+        make_permission('can-edit-spree/users', 3),
+        make_permission('can-items-spree/users', 3),
+        make_permission('can-addresses-spree/users', 3),
+        make_permission('can-admin-spree/store_credits', 3),
+        make_permission('can-read-spree/store_credits', 3),
+        make_permission('can-orders-spree/users', 3),
+        make_permission('can-edit-spree/users', 3),
+        make_permission('can-items-spree/users', 3),
+        make_permission('can-addresses-spree/users', 3),
+        make_permission('can-read-spree/store_credits', 3)
+      ].each do |permission|
+        unless user_display.permissions.include? permission
+          user_display.permissions << permission
+        end
+      end
     end
   end
-end
+end