diff --git a/README.md b/README.md index cf5bac0..456733d 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,10 @@ Try Spree Admin Roles and Access for Spree master with direct deployment on Hero [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/vinsol-spree-contrib/spree-demo-heroku/tree/spree-admin-roles-and-access-master) +Try Spree Admin Roles and Access for Spree 4-1 with direct deployment on Heroku: + +[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/vinsol-spree-contrib/spree-demo-heroku/tree/spree-admin-roles-and-access-4-1) + Try Spree Admin Roles and Access for Spree 3-4 with direct deployment on Heroku: [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/vinsol-spree-contrib/spree-demo-heroku/tree/spree-admin-roles-and-access-3-4) diff --git a/app/controllers/spree/admin/base_controller_decorator.rb b/app/controllers/spree/admin/base_controller_decorator.rb deleted file mode 100644 index 990928f..0000000 --- a/app/controllers/spree/admin/base_controller_decorator.rb +++ /dev/null @@ -1,27 +0,0 @@ -Spree::Admin::BaseController.class_eval do - def authorize_admin - begin - if params[:id] - record = model_class.where(PARAM_ATTRIBUTE[controller_name] => params[:id]).first - elsif new_action? - record = model_class.new - else - record = model_class - end - raise if record.blank? - rescue - record = "#{params[:controller]}" - end - authorize! :admin, record - authorize_with_attributes! params[:action].to_sym, record, params[controller_name.singularize] - end - - private - def unauthorized - redirect_unauthorized_access - end - - def new_action? - NEW_ACTIONS.include?(params[:action].to_sym) - end -end diff --git a/app/models/spree/role_decorator.rb b/app/models/spree/role_decorator.rb deleted file mode 100644 index bb1f04a..0000000 --- a/app/models/spree/role_decorator.rb +++ /dev/null @@ -1,18 +0,0 @@ -Spree::Role.class_eval do - - has_many :roles_permission_sets, dependent: :destroy - has_many :permission_sets, through: :roles_permission_sets - has_many :permissions, through: :permission_sets - - # DEPRECATED: Use permission sets instead. Only here for aiding migration for existing users - has_and_belongs_to_many :legacy_permissions, join_table: 'spree_roles_permissions', class_name: 'Spree::Permission' - - validates :name, uniqueness: true, allow_blank: true - validates :permission_sets, length: { minimum: 1, too_short: :atleast_one_permission_set_is_required }, on: :update - - def has_permission?(permission_title) - permissions.pluck(:title).include?(permission_title) - end - - scope :default_role, lambda { where(is_default: true) } -end diff --git a/app/models/spree/user_decorator.rb b/app/models/spree/user_decorator.rb deleted file mode 100644 index 35b09e7..0000000 --- a/app/models/spree/user_decorator.rb +++ /dev/null @@ -1,5 +0,0 @@ -module Spree - Spree.user_class.class_eval do - alias_attribute :roles, :spree_roles - end -end diff --git a/app/models/spree/ability_decorator.rb b/app/models/spree_admin_roles_and_access/ability_decorator.rb similarity index 80% rename from app/models/spree/ability_decorator.rb rename to app/models/spree_admin_roles_and_access/ability_decorator.rb index 52e9ef7..6fbd346 100644 --- a/app/models/spree/ability_decorator.rb +++ b/app/models/spree_admin_roles_and_access/ability_decorator.rb @@ -1,6 +1,5 @@ -module Spree - Ability.class_eval do - +module SpreeAdminRolesAndAccess + module AbilityDecorator def initialize(user) self.clear_aliased_actions @@ -15,7 +14,7 @@ def initialize(user) user_roles(user).map(&:permissions).flatten.uniq.map { |permission| permission.ability(self, user) } - Ability.abilities.each do |clazz| + ::Spree::Ability.abilities.each do |clazz| ability = clazz.send(:new, user) @rules = rules + ability.send(:rules) end @@ -26,3 +25,5 @@ def user_roles(user) end end end + +Spree::Ability.prepend SpreeAdminRolesAndAccess::AbilityDecorator \ No newline at end of file diff --git a/app/models/spree_admin_roles_and_access/role_decorator.rb b/app/models/spree_admin_roles_and_access/role_decorator.rb new file mode 100644 index 0000000..aa78101 --- /dev/null +++ b/app/models/spree_admin_roles_and_access/role_decorator.rb @@ -0,0 +1,24 @@ +module SpreeAdminRolesAndAccess + module RoleDecorator + + def self.prepended(base) + base.has_many :roles_permission_sets, dependent: :destroy + base.has_many :permission_sets, through: :roles_permission_sets + base.has_many :permissions, through: :permission_sets + + # DEPRECATED: Use permission sets instead. Only here for aiding migration for existing users + base.has_and_belongs_to_many :legacy_permissions, join_table: 'spree_roles_permissions', class_name: 'Spree::Permission' + + base.validates :name, uniqueness: true, allow_blank: true + base.validates :permission_sets, length: { minimum: 1, too_short: :atleast_one_permission_set_is_required }, on: :update + base.scope :default_role, lambda { where(is_default: true) } + end + + def has_permission?(permission_title) + permissions.pluck(:title).include?(permission_title) + end + + end +end + +Spree::Role.prepend SpreeAdminRolesAndAccess::RoleDecorator \ No newline at end of file diff --git a/app/models/spree_admin_roles_and_access/user_decorator.rb b/app/models/spree_admin_roles_and_access/user_decorator.rb new file mode 100644 index 0000000..af5196e --- /dev/null +++ b/app/models/spree_admin_roles_and_access/user_decorator.rb @@ -0,0 +1,9 @@ +module SpreeAdminRolesAndAccess + module UserDecorator + def self.prepended(base) + base.alias_attribute :roles, :spree_roles + end + end +end + +Spree.user_class.prepend SpreeAdminRolesAndAccess::UserDecorator \ No newline at end of file diff --git a/lib/controllers/backend/spree/admin/base_controller_decorator.rb b/lib/controllers/backend/spree/admin/base_controller_decorator.rb new file mode 100644 index 0000000..848b4d6 --- /dev/null +++ b/lib/controllers/backend/spree/admin/base_controller_decorator.rb @@ -0,0 +1,29 @@ +module Spree::Admin + module BaseControllerDecorator + def authorize_admin + begin + if params[:id] + record = model_class.where(PARAM_ATTRIBUTE[controller_name] => params[:id]).first + elsif new_action? + record = model_class.new + else + record = model_class + end + raise if record.blank? + rescue + record = "#{params[:controller]}" + end + authorize! :admin, record + authorize_with_attributes! params[:action].to_sym, record, params[controller_name.singularize] + end + + private + def unauthorized + redirect_unauthorized_access + end + + def new_action? + NEW_ACTIONS.include?(params[:action].to_sym) + end + end +Spree::Admin::BaseController.prepend Spree::Admin::BaseControllerDecorator \ No newline at end of file diff --git a/lib/spree/permissions.rb b/lib/spree/permissions.rb index f214d75..7c2223f 100644 --- a/lib/spree/permissions.rb +++ b/lib/spree/permissions.rb @@ -25,11 +25,11 @@ def method_missing(name, *args, &block) current_ability.can :create, Spree::Order current_ability.can :read, Spree::Order, [] do |order, token| - order.user == user || (order.guest_token && token == order.guest_token) + order.user == user || (order.token && token == order.token) end current_ability.can :update, Spree::Order do |order, token| - !order.completed? && (order.user == user || order.guest_token && token == order.guest_token) + !order.completed? && (order.user == user || order.token && token == order.token) end current_ability.can :read, Spree::Address do |address| diff --git a/spec/models/spree/ability_decorator_spec.rb b/spec/models/spree/ability_decorator_spec.rb index fd78816..6834063 100644 --- a/spec/models/spree/ability_decorator_spec.rb +++ b/spec/models/spree/ability_decorator_spec.rb @@ -26,7 +26,7 @@ let(:permission17) { Spree::Permission.create(title: 'can-create-spree/products', priority: 3) } let(:permission_set) { Spree::PermissionSet.create!(name: 'test') } - let(:user) { Spree::User.create!(email: 'abc@test.com', password: '123456') } + let(:user) { Spree.user_class.create!(email: 'abc@test.com', password: '123456') } let(:role) { Spree::Role.where(name: 'user').first_or_create! } let(:roles) { [role] } @@ -125,8 +125,8 @@ it_should_behave_like 'access denied' it_should_behave_like 'no index allowed' it_should_behave_like 'default admin permissions' - it { expect(new_ability).to_not be_able_to :create, Spree::User, :role_ids } - it { expect(new_ability).to_not be_able_to :update, Spree::User, :role_ids } + it { expect(new_ability).to_not be_able_to :create, Spree.user_class, :role_ids } + it { expect(new_ability).to_not be_able_to :update, Spree.user_class, :role_ids } end context 'with warehouse_admin user' do @@ -166,11 +166,11 @@ let(:resource) { Object.new } let(:resource_shipment) { Spree::Shipment.new } let(:resource_product) { Spree::Product.new } - let(:resource_user) { Spree::User.new } + let(:resource_user) { Spree.user_class.new } let(:resource_order) { Spree::Order.new } - let(:fakedispatch_user) { Spree::User.new } + let(:fakedispatch_user) { Spree.user_class.new } let(:admin_role) { Spree::Role.where(name: 'admin').first_or_create! } - let(:user1) { Spree::User.new } + let(:user1) { Spree.user_class.new } let(:ability) { Spree::Ability.new(user) } context 'with admin user' do @@ -262,7 +262,7 @@ it_should_behave_like 'access granted' end context 'requested by other user' do - let(:resource) { Spree::User.new } + let(:resource) { Spree.user_class.new } it_should_behave_like 'create only' end end @@ -276,7 +276,7 @@ end context 'requested by other user' do - before(:each) { resource.user = Spree::User.new } + before(:each) { resource.user = Spree.user_class.new } it_should_behave_like 'create only' end @@ -325,12 +325,12 @@ end it 'should receive new on Spree::User when there is no user passed' do - expect(Spree::User).to receive(:new).and_return(user) + expect(Spree.user_class).to receive(:new).and_return(user) Spree::Ability.new(nil) end it 'should not receive new on Spree::User when there is no user passed' do - expect(Spree::User).to_not receive(:new) + expect(Spree.user_class).to_not receive(:new) Spree::Ability.new(user) end @@ -359,10 +359,10 @@ subject { ability } - it { expect(subject).to be_able_to :create, Spree::User.new } - it { expect(subject).to be_able_to :update, Spree::User.new } - it { expect(subject).to_not be_able_to :create, Spree::User.new, :role_ids } - it { expect(subject).to_not be_able_to :update, Spree::User.new, :role_ids } + it { expect(subject).to be_able_to :create, Spree.user_class.new } + it { expect(subject).to be_able_to :update, Spree.user_class.new } + it { expect(subject).to_not be_able_to :create, Spree.user_class.new, :role_ids } + it { expect(subject).to_not be_able_to :update, Spree.user_class.new, :role_ids } end end diff --git a/spree_admin_roles_and_access.gemspec b/spree_admin_roles_and_access.gemspec index 3cc1032..1e38374 100644 --- a/spree_admin_roles_and_access.gemspec +++ b/spree_admin_roles_and_access.gemspec @@ -14,14 +14,14 @@ Gem::Specification.new do |s| s.require_path = 'lib' s.requirements << 'none' - spree_version = '>= 3.2.0', '< 4.0.0' + spree_version = '>= 4.0.0' s.add_dependency 'spree_core', spree_version s.add_dependency 'spree_auth_devise' s.add_development_dependency 'capybara' s.add_development_dependency 'ffaker' - s.add_development_dependency 'rspec-rails', '~> 3.5.0' + s.add_development_dependency 'rspec-rails', '~> 4.0.0' s.add_development_dependency 'shoulda-matchers', '~> 3.1' s.add_development_dependency 'rspec-activemodel-mocks' s.add_development_dependency 'rails-controller-testing'