RubyGems - spree_core - Versions diffs - 5.2.0.rc3 → 5.2.1 - Mend

spree_core 5.2.0.rc3 → 5.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

checksums.yaml +4 -4
data/app/helpers/spree/integrations_helper.rb +1 -1
data/app/jobs/spree/images/save_from_url_job.rb +1 -1
data/app/models/concerns/spree/calculated_adjustments.rb +1 -1
data/app/models/concerns/spree/user_methods.rb +1 -1
data/app/models/spree/ability.rb +75 -10
data/app/models/spree/address.rb +1 -1
data/app/models/spree/adjustable/adjustments_updater.rb +1 -1
data/app/models/spree/asset.rb +2 -2
data/app/models/spree/calculator.rb +1 -1
data/app/models/spree/data_feed.rb +1 -1
data/app/models/spree/export.rb +1 -1
data/app/models/spree/gateway/bogus.rb +1 -1
data/app/models/spree/import.rb +1 -1
data/app/models/spree/metafield_definition.rb +3 -3
data/app/models/spree/order/payments.rb +2 -0
data/app/models/spree/order.rb +1 -0
data/app/models/spree/payment/processing.rb +13 -0
data/app/models/spree/payment.rb +20 -0
data/app/models/spree/payment_method.rb +1 -1
data/app/models/spree/permission_sets/base.rb +81 -0
data/app/models/spree/permission_sets/configuration_management.rb +47 -0
data/app/models/spree/permission_sets/dashboard_display.rb +17 -0
data/app/models/spree/permission_sets/default_customer.rb +66 -0
data/app/models/spree/permission_sets/order_display.rb +27 -0
data/app/models/spree/permission_sets/order_management.rb +33 -0
data/app/models/spree/permission_sets/product_display.rb +27 -0
data/app/models/spree/permission_sets/product_management.rb +27 -0
data/app/models/spree/permission_sets/promotion_management.rb +22 -0
data/app/models/spree/permission_sets/role_management.rb +21 -0
data/app/models/spree/permission_sets/stock_display.rb +19 -0
data/app/models/spree/permission_sets/stock_management.rb +19 -0
data/app/models/spree/permission_sets/super_user.rb +28 -0
data/app/models/spree/permission_sets/user_display.rb +19 -0
data/app/models/spree/permission_sets/user_management.rb +20 -0
data/app/models/spree/product.rb +37 -3
data/app/models/spree/stock/coordinator.rb +1 -1
data/app/models/spree/taxon.rb +1 -0
data/app/models/spree/theme.rb +4 -4
data/app/services/spree/compare_line_items.rb +1 -1
data/app/views/spree/shared/_base_mailer_stylesheets.html.erb +5 -0
data/config/locales/en.yml +5 -0
data/lib/friendly_id/history_decorator.rb +26 -0
data/lib/generators/spree/cursor_rules/templates/spree_rules.mdc +1 -1
data/lib/generators/spree/install/templates/config/initializers/spree.rb +56 -24
data/lib/generators/spree/model/model_generator.rb +21 -0
data/lib/generators/spree/model/templates/model.rb.tt +22 -0
data/lib/generators/spree/model_decorator/model_decorator_generator.rb +37 -0
data/lib/generators/spree/model_decorator/templates/model_decorator.rb.tt +12 -0
data/lib/spree/analytics.rb +2 -2
data/lib/spree/core/engine.rb +10 -4
data/lib/spree/core/partials.rb +42 -0
data/lib/spree/core/permission_configuration.rb +102 -0
data/lib/spree/core/token_generator.rb +1 -0
data/lib/spree/core/version.rb +1 -1
data/lib/spree/core.rb +208 -0
data/lib/spree/testing_support/factories/order_factory.rb +7 -4
data/lib/spree_core.rb +1 -0
metadata +31 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 531657763d76e0ce76fb2845acfeb30c110343666bc5e8e727de1f21249da4cd
-  data.tar.gz: 2d4f33f07d6b90d61c9578575889c7c597a39b98e19597c90f902e312832af2c
+  metadata.gz: 77f4a7f3643f4b9263ab029e06d7870f5f45397e295f4116a485bc82a280d15f
+  data.tar.gz: 482208c5fd5725818a539a4daa4d566bd4c57c1c82595166e6232c91c56b876f
 SHA512:
-  metadata.gz: 1a5aa4b5e32b63a67c2cb557a77014fe1d6cbd55d4f1df437480ff2c3502e4f9fbb533caea745e90a3cb7fd8013439d591f4247c5203e44e75dec638a62abf3e
-  data.tar.gz: 7b66c4d564e21310dbc962eb1398886441a0a374b85f955a1e317cdbaef8fb27ea312d1987c33c611138e6ff1bf48e9f4de6a7301f0666423658bf7f831ec0ab
+  metadata.gz: 6424ad89c3f5a35cade4d6fc2dc67a74bbf1e0fab459727630c49582f5f94581924b16fba3ce54844d9fddac8cf2f2c2e442c4937f00db98d4276f1e5fb45649
+  data.tar.gz: 5dbaa89fd0648e3b35d5f4d7d48ee1066d3bf2da71cae97ee2c9769600380c95054f0aee146f845d4c92910f9b1944bc52155b98508345482ba3bb47224c689f

data/app/helpers/spree/integrations_helper.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Spree
     end
     def grouped_available_store_integrations
-      Rails.application.config.spree.integrations.group_by(&:integration_group).sort_by { |group, _| group }
+      Spree.integrations.group_by(&:integration_group).sort_by { |group, _| group }
     end
   end
 end

data/app/jobs/spree/images/save_from_url_job.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Spree
         Spree::Image.ensure_metafield_definition_exists!(Spree::Image::EXTERNAL_URL_METAFIELD_KEY)
-        external_url = external_url.downcase.strip
+        external_url = external_url.strip
         external_id = external_id.to_s.downcase.strip if external_id.present?
         image = find_or_initialize_image(viewable, external_url, external_id)

data/app/models/concerns/spree/calculated_adjustments.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Spree
       end
       def self.spree_calculators
-        Rails.application.config.spree.calculators
+        Spree.calculators
       end
     end
   end

data/app/models/concerns/spree/user_methods.rb CHANGED Viewed

@@ -160,7 +160,7 @@ module Spree
     private
     def check_completed_orders
-      raise Spree::Core::DestroyWithOrdersError if !has_spree_role?(Spree::Role::ADMIN_ROLE) && orders.complete.present?
+      raise Spree::Core::DestroyWithOrdersError if !spree_admin? && orders.complete.present?
     end
     def clone_billing_address

data/app/models/spree/ability.rb CHANGED Viewed

@@ -1,6 +1,15 @@
 # Implementation class for Cancan gem. Instead of overriding this class, consider adding new permissions
 # using the special +register_ability+ method which allows extensions to add their own abilities.
 #
+# The preferred way to add permissions is now through permission sets. See Spree::PermissionSets::Base
+# for more details on creating custom permission sets.
+#
+# @example Configuring role permissions
+#   Spree.permissions.assign(:customer_service, [
+#     Spree::PermissionSets::OrderDisplay,
+#     Spree::PermissionSets::UserManagement
+#   ])
+#
 # See https://github.com/CanCanCommunity/cancancan for more details.
 require 'cancan'
@@ -11,6 +20,12 @@ module Spree
     class_attribute :abilities
     self.abilities = Set.new
+    # @return [Object] the current user
+    attr_reader :user
+    # @return [Spree::Store, nil] the current store
+    attr_reader :store
     # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
     # modify the default +Ability+ of an application.  The +ability+ argument must be a class that includes
     # the +CanCan::Ability+ module.  The registered ability should behave properly as a stand-alone class
@@ -26,22 +41,16 @@ module Spree
     def initialize(user, options = {})
       alias_cancan_delete_action
-      user ||= Spree.user_class.new
-      store ||= options[:store] || Spree::Current.store
+      @user = user || Spree.user_class.new
+      @store = options[:store] || Spree::Current.store
-      if user.persisted? && user.is_a?(Spree.admin_user_class) && user.try(:spree_admin?, store)
-        apply_admin_permissions(user, options)
-      else
-        apply_user_permissions(user, options)
-      end
+      apply_permissions_from_sets
       # Include any abilities registered by extensions, etc.
       # this is legacy behaviour and should be removed in Spree 5.0
       Ability.abilities.merge(abilities_to_register).each do |clazz|
-        merge clazz.new(user)
+        merge clazz.new(@user)
       end
-      protect_admin_role
     end
     protected
@@ -57,6 +66,62 @@ module Spree
       alias_action :create, :update, :destroy, to: :modify
     end
+    # Applies permissions based on the user's roles and the configured permission sets.
+    def apply_permissions_from_sets
+      role_names = determine_role_names
+      permission_sets = Spree.permissions.permission_sets_for_roles(role_names)
+      # If no permission sets are configured for the user's roles, use legacy behavior
+      if permission_sets.empty?
+        apply_legacy_permissions
+      else
+        activate_permission_sets(permission_sets)
+      end
+    end
+    # Determines the role names for the current user.
+    #
+    # @return [Array<Symbol>] the role names
+    def determine_role_names
+      return [:default] unless @user.persisted?
+      # First, try to get roles from the spree_roles association
+      if @user.respond_to?(:spree_roles)
+        role_names = @user.spree_roles.pluck(:name).map(&:to_sym)
+        return role_names if role_names.any?
+      end
+      # Fall back to checking spree_admin? for backward compatibility
+      # This supports cases where roles are mocked or admin status is determined differently
+      if @user.try(:spree_admin?, @store)
+        [:admin]
+      else
+        [:default]
+      end
+    end
+    # Activates the given permission sets.
+    #
+    # @param permission_sets [Array<Class>] the permission set classes to activate
+    def activate_permission_sets(permission_sets)
+      permission_sets.each do |permission_set_class|
+        permission_set = permission_set_class.new(self)
+        permission_set.activate!
+      end
+    end
+    # Legacy permission application for backward compatibility.
+    # This is used when no permission sets are configured for the user's roles.
+    def apply_legacy_permissions
+      if @user.persisted? && @user.is_a?(Spree.admin_user_class) && @user.try(:spree_admin?, @store)
+        apply_admin_permissions(@user, { store: @store })
+      else
+        apply_user_permissions(@user, { store: @store })
+      end
+      protect_admin_role
+    end
     def apply_admin_permissions(_user, _options)
       can :manage, :all
       cannot :cancel, Spree::Order

data/app/models/spree/address.rb CHANGED Viewed

@@ -76,7 +76,7 @@ module Spree
                                     allow_nil: true }
     def address_validators
-      Rails.application.config.spree.validators.addresses.each do |validator|
+      Spree.validators.addresses.each do |validator|
         validates_with validator
       end
     end

data/app/models/spree/adjustable/adjustments_updater.rb CHANGED Viewed

@@ -55,7 +55,7 @@ module Spree
       end
       def adjusters
-        Rails.application.config.spree.adjusters
+        Spree.adjusters
       end
       def tax_adjuster

data/app/models/spree/asset.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Spree
     scope :with_session_uploaded_assets_uuid, lambda { |uuid|
       where(session_id: uuid)
     }
-    scope :with_external_url, ->(url) { url.present? ? with_metafield_key_value(EXTERNAL_URL_METAFIELD_KEY, url.downcase.strip) : none }
+    scope :with_external_url, ->(url) { url.present? ? with_metafield_key_value(EXTERNAL_URL_METAFIELD_KEY, url.strip) : none }
     def product
       @product ||= viewable_type == 'Spree::Variant' ? viewable&.product : nil
@@ -33,7 +33,7 @@ module Spree
     end
     def external_url=(url)
-      set_metafield(EXTERNAL_URL_METAFIELD_KEY, url.downcase.strip)
+      set_metafield(EXTERNAL_URL_METAFIELD_KEY, url.strip)
     end
     def skip_import?

data/app/models/spree/calculator.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Spree
     # Returns all calculators applicable for kind of work
     def self.calculators
-      Rails.application.config.spree.calculators
+      Spree.calculators
     end
     def to_s

data/app/models/spree/data_feed.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module Spree
       end
       def available_types
-        Rails.application.config.spree.data_feed_types
+        Spree.data_feed_types
       end
     end
   end

data/app/models/spree/export.rb CHANGED Viewed

@@ -175,7 +175,7 @@ module Spree
     class << self
       def available_types
-        Rails.application.config.spree.export_types
+        Spree.export_types
       end
       def available_models

data/app/models/spree/gateway/bogus.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module Spree
     end
     def void(_response_code, _credit_card, _options = {})
-      ActiveMerchant::Billing::Response.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: '12345')
+      ActiveMerchant::Billing::Response.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: 'void-12345')
     end
     def cancel(_response_code, _payment = nil)

data/app/models/spree/import.rb CHANGED Viewed

@@ -224,7 +224,7 @@ module Spree
       # Returns the available types for the import
       # @return [Array<Class>]
       def available_types
-        Rails.application.config.spree.import_types
+        Spree.import_types
       end
       # Returns the available models for the import

data/app/models/spree/metafield_definition.rb CHANGED Viewed

@@ -61,13 +61,13 @@ module Spree
     # Returns the available types
     # @return [Array<Class>]
     def self.available_types
-      Rails.application.config.spree.metafield_types
+      Spree.metafields.types
     end
     # Returns the available resources
     # @return [Array<Class>]
     def self.available_resources
-      Rails.application.config.spree.metafield_enabled_resources
+      Spree.metafields.enabled_resources
     end
     private
@@ -81,7 +81,7 @@ module Spree
     end
     def set_default_type
-      self.metafield_type ||= Rails.application.config.spree.metafield_types.first.to_s
+      self.metafield_type ||= Spree.metafields.types.first.to_s
     end
     def set_name_from_key

data/app/models/spree/order/payments.rb CHANGED Viewed

@@ -44,6 +44,8 @@ module Spree
         def process_payments_with(method)
           # Don't run if there is nothing to pay.
           return if payment_total >= total
+          # Don't run if there are authorized payments
+          return if pending_payments.any? && unprocessed_payments.empty?
           # Prevent orders from transitioning to complete without a successfully processed payment.
           raise Core::GatewayError, Spree.t(:no_payment_found) if unprocessed_payments.empty?

data/app/models/spree/order.rb CHANGED Viewed

@@ -910,6 +910,7 @@ module Spree
         payments.completed.store_credits.each(&:void!)
       else
         payments.completed.each(&:cancel!)
+        payments.incomplete.not_store_credits.each(&:void_transaction!)
         payments.store_credits.pending.each(&:void!)
       end

data/app/models/spree/payment/processing.rb CHANGED Viewed

@@ -26,6 +26,19 @@ module Spree
         handle_payment_preconditions { process_purchase }
       end
+      # Confirms a payment by completing it or pending it depending on the payment method's auto_capture setting
+      # Useful for payments that are authorized/captured with SDK/Drop-in elements
+      def confirm!
+        started_processing! if checkout?
+        if payment_method&.auto_capture? && can_complete?
+          complete!
+          capture_events.create!(amount: amount)
+        elsif can_pend?
+          pend!
+        end
+      end
       # Takes the amount in cents to capture.
       # Can be used to capture partial amounts of a payment, and will create
       # a new pending payment record for the remaining amount to capture later.

data/app/models/spree/payment.rb CHANGED Viewed

@@ -255,6 +255,26 @@ module Spree
       payment_method&.source_required?
     end
+    def add_gateway_processing_error(error_message)
+      if has_metafield?('gateway.processing_errors')
+        errors = JSON.parse(get_metafield('gateway.processing_errors').value)
+        errors << { message: error_message }
+        set_metafield('gateway.processing_errors', errors.to_json)
+      else
+        set_metafield('gateway.processing_errors', [{ message: error_message }].to_json)
+      end
+    end
+    def gateway_processing_error_messages
+      @gateway_processing_error_messages ||= begin
+        errors = JSON.parse(get_metafield('gateway.processing_errors')&.value || '[]')
+        errors.map { |error| error['message'] }
+      rescue JSON::ParserError
+        []
+      end
+    end
     private
     def set_amount

data/app/models/spree/payment_method.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module Spree
     has_many :gateway_customers, class_name: 'Spree::GatewayCustomer', dependent: :destroy
     def self.providers
-      Rails.application.config.spree.payment_methods
+      Spree.payment_methods
     end
     def provider_class

data/app/models/spree/permission_sets/base.rb ADDED Viewed

@@ -0,0 +1,81 @@
+# Base class for all permission sets.
+#
+# Permission sets are reusable groups of permissions that can be assigned to roles.
+# They provide a clean abstraction over CanCanCan abilities, making it easier to
+# manage permissions in a modular way.
+#
+# @example Creating a custom permission set
+#   class Spree::PermissionSets::InventoryManagement < Spree::PermissionSets::Base
+#     def activate!
+#       can :manage, Spree::StockItem
+#       can :manage, Spree::StockLocation
+#       can :manage, Spree::StockMovement
+#     end
+#   end
+#
+# @example Assigning the permission set to a role
+#   Spree.permissions.assign(:warehouse_manager, Spree::PermissionSets::InventoryManagement)
+#
+module Spree
+  module PermissionSets
+    class Base
+      # @return [CanCan::Ability] the ability instance to add permissions to
+      attr_reader :ability
+      # @param ability [CanCan::Ability] the ability instance to add permissions to
+      def initialize(ability)
+        @ability = ability
+      end
+      # Activates this permission set by adding its permissions to the ability.
+      # Override this method in subclasses to define the permissions.
+      #
+      # @abstract
+      # @return [void]
+      def activate!
+        raise NotImplementedError, "#{self.class} must implement #activate!"
+      end
+      protected
+      # Delegates the `can` method to the ability instance.
+      #
+      # @param args [Array] arguments to pass to CanCan::Ability#can
+      # @param block [Proc] optional block for conditional permissions
+      def can(*args, &block)
+        ability.can(*args, &block)
+      end
+      # Delegates the `cannot` method to the ability instance.
+      #
+      # @param args [Array] arguments to pass to CanCan::Ability#cannot
+      # @param block [Proc] optional block for conditional permissions
+      def cannot(*args, &block)
+        ability.cannot(*args, &block)
+      end
+      # Delegates the `can?` method to the ability instance.
+      #
+      # @param args [Array] arguments to pass to CanCan::Ability#can?
+      # @return [Boolean]
+      def can?(*args)
+        ability.can?(*args)
+      end
+      # Returns the user from the ability instance.
+      # This method assumes the ability has a user accessor.
+      #
+      # @return [Object] the current user
+      def user
+        ability.user
+      end
+      # Returns the store from the ability instance options.
+      #
+      # @return [Spree::Store, nil] the current store
+      def store
+        ability.store
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/configuration_management.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# Permission set for managing store configuration and settings.
+#
+# This permission set provides access to manage store settings,
+# payment methods, shipping methods, and other configuration.
+#
+# @example
+#   Spree.permissions.assign(:store_admin, Spree::PermissionSets::ConfigurationManagement)
+#
+module Spree
+  module PermissionSets
+    class ConfigurationManagement < Base
+      def activate!
+        # Store settings
+        can :manage, Spree::Store
+        # Payment configuration
+        can :manage, Spree::PaymentMethod
+        can :manage, Spree::Gateway
+        # Shipping configuration
+        can :manage, Spree::ShippingMethod
+        can :manage, Spree::ShippingCategory
+        can :manage, Spree::Zone
+        can :manage, Spree::ZoneMember
+        # Tax configuration
+        can :manage, Spree::TaxCategory
+        can :manage, Spree::TaxRate
+        # General configuration
+        can :manage, Spree::RefundReason
+        can :manage, Spree::ReimbursementType
+        can :manage, Spree::ReturnReason
+        # Restrictions on immutable types
+        cannot [:edit, :update], Spree::RefundReason, mutable: false
+        cannot [:edit, :update], Spree::ReimbursementType, mutable: false
+        # Metafield configuration
+        can :manage, Spree::MetafieldDefinition
+        # Policies
+        can :manage, Spree::Policy
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/dashboard_display.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# Permission set for viewing the admin dashboard.
+#
+# This permission set provides access to view the admin dashboard
+# and basic admin navigation.
+#
+# @example
+#   Spree.permissions.assign(:viewer, Spree::PermissionSets::DashboardDisplay)
+#
+module Spree
+  module PermissionSets
+    class DashboardDisplay < Base
+      def activate!
+        can [:admin, :index, :show], :dashboard
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/default_customer.rb ADDED Viewed

@@ -0,0 +1,66 @@
+# Permission set for default storefront customers (both authenticated and guests).
+#
+# This permission set provides the standard permissions needed for browsing
+# the store and making purchases.
+#
+# @example
+#   Spree.permissions.assign(:default, Spree::PermissionSets::DefaultCustomer)
+#
+module Spree
+  module PermissionSets
+    class DefaultCustomer < Base
+      def activate!
+        # Read-only access to catalog
+        can :read, Spree::Country
+        can :read, Spree::OptionType
+        can :read, Spree::OptionValue
+        can :read, Spree::Product
+        can :read, Spree::ProductProperty
+        can :read, Spree::Property
+        can :read, Spree::State
+        can :read, Spree::Store
+        can :read, Spree::Taxon
+        can :read, Spree::Taxonomy
+        can :read, Spree::Variant
+        can :read, Spree::Zone
+        # Content pages
+        can :read, Spree::Policy
+        can :read, Spree::Page
+        can :read, Spree::Post
+        can :read, Spree::PostCategory
+        # Order management for the user's own orders
+        can :create, Spree::Order
+        can :show, Spree::Order do |order, token|
+          order.user == user || order.token && token == order.token
+        end
+        can :update, Spree::Order do |order, token|
+          !order.completed? && (order.user == user || order.token && token == order.token)
+        end
+        # User account management - available to all users (including guests for their own record)
+        can :create, Spree.user_class
+        can [:show, :update, :destroy], Spree.user_class, id: user.id
+        # Address management
+        can :manage, Spree::Address, user_id: user.id
+        # Credit card management
+        can [:read, :destroy], Spree::CreditCard, user_id: user.id
+        # Wishlist management
+        can :manage, Spree::Wishlist, user_id: user.id
+        can :show, Spree::Wishlist do |wishlist|
+          wishlist.user == user || wishlist.is_private == false
+        end
+        can [:create, :update, :destroy], Spree::WishedItem do |wished_item|
+          wished_item.wishlist.user == user
+        end
+        # Invitation acceptance
+        can :accept, Spree::Invitation, invitee_id: [user.id, nil], invitee_type: user.class.name, status: 'pending'
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/order_display.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# Permission set for viewing orders and related resources.
+#
+# This permission set provides read-only access to orders and associated
+# models like payments, shipments, and refunds.
+#
+# @example
+#   Spree.permissions.assign(:customer_service, Spree::PermissionSets::OrderDisplay)
+#
+module Spree
+  module PermissionSets
+    class OrderDisplay < Base
+      def activate!
+        can [:read, :admin, :index], Spree::Order
+        can [:read, :admin], Spree::Payment
+        can [:read, :admin], Spree::Shipment
+        can [:read, :admin], Spree::Adjustment
+        can [:read, :admin], Spree::LineItem
+        can [:read, :admin], Spree::ReturnAuthorization
+        can [:read, :admin], Spree::CustomerReturn
+        can [:read, :admin], Spree::Reimbursement
+        can [:read, :admin], Spree::Refund
+        can [:read, :admin], Spree::StoreCredit
+        can [:read, :admin], Spree::GiftCard
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/order_management.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# Permission set for full order management.
+#
+# This permission set provides complete access to manage orders,
+# including creating, updating, and processing payments and shipments.
+#
+# @example
+#   Spree.permissions.assign(:order_manager, Spree::PermissionSets::OrderManagement)
+#
+module Spree
+  module PermissionSets
+    class OrderManagement < Base
+      def activate!
+        can :manage, Spree::Order
+        can :manage, Spree::Payment
+        can :manage, Spree::Shipment
+        can :manage, Spree::Adjustment
+        can :manage, Spree::LineItem
+        can :manage, Spree::ReturnAuthorization
+        can :manage, Spree::CustomerReturn
+        can :manage, Spree::Reimbursement
+        can :manage, Spree::Refund
+        can :manage, Spree::StoreCredit
+        can :manage, Spree::GiftCard
+        # Order-specific restrictions
+        cannot :cancel, Spree::Order
+        can :cancel, Spree::Order, &:allow_cancel?
+        cannot :destroy, Spree::Order
+        can :destroy, Spree::Order, &:can_be_deleted?
+      end
+    end
+  end
+end

data/app/models/spree/permission_sets/product_display.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# Permission set for viewing products and catalog information.
+#
+# This permission set provides read-only access to products, variants,
+# and related catalog models.
+#
+# @example
+#   Spree.permissions.assign(:content_editor, Spree::PermissionSets::ProductDisplay)
+#
+module Spree
+  module PermissionSets
+    class ProductDisplay < Base
+      def activate!
+        can [:read, :admin, :index], Spree::Product
+        can [:read, :admin], Spree::Variant
+        can [:read, :admin], Spree::OptionType
+        can [:read, :admin], Spree::OptionValue
+        can [:read, :admin], Spree::Property
+        can [:read, :admin], Spree::ProductProperty
+        can [:read, :admin], Spree::Metafield
+        can [:read, :admin], Spree::Taxon
+        can [:read, :admin], Spree::Taxonomy
+        can [:read, :admin], Spree::Classification
+        can [:read, :admin], Spree::Price
+      end
+    end
+  end
+end