I don't think it's actually defined anywhere.

What this code does is effectively:

Spree::Ability.new(<user).authorize! :admin, Spree::Order

So if we go into our console and try that, we'll see it returns the
Spree::Order class. If we replace :admin with :laurens, it will still
return the Spree::Order class.

Therefore, to answer your question, I don't think it does anything at all
and can probably be removed. I'm going to add a commit to 1-3-stable and
master removing this now.

On Thu, Jan 24, 2013 at 11:34 AM, Laurens Nienhaus wrote:

Hello,

How is the :admin action of Spree::Ability defined?

It is checked for in Spree::Admin::BaseController#authorize_admin like so:

authorize! :admin, record

Does it merely check if the user has access to the record in the context
of the admin area at all, or does it include other actions similar to the
:manage action?

Thx,
Laurens

--

--
You received this message because you are subscribed to the Google Groups "Spree" group.
To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Ryan Bigg at Jan 30, 2013 at 1:33 am
    If you give cancan an action it does not know the pen it will allow access
    through. Cancan does not define admin action anywhere inside its source.
    On Wednesday, January 30, 2013, Laurens Nienhaus wrote:

    Mmh, I have introduced users in my app that do not have the

    can :manage, :all

    abilities as admins do.


    For example those non-admins might have only the ability to read products

    can [:index], Spree::Product

    This alone still gives Unauthorized errors until I also give them access
    to the :admin action

    can [:admin, :index], Spree::Product


    So to me (I am on spree 1.2) it seems that this :admin action is in fact
    necessary.

    Maybe it is defined inside Cancan and checks access to the whole :admin
    namespace?



    Am 30.01.2013 um 01:50 schrieb Ryan Bigg:
    I don't think it's actually defined anywhere.

    What this code does is effectively:

    Spree::Ability.new(<user).authorize! :admin, Spree::Order

    So if we go into our console and try that, we'll see it returns the
    Spree::Order class. If we replace :admin with :laurens, it will still
    return the Spree::Order class.

    Therefore, to answer your question, I don't think it does anything at all
    and can probably be removed. I'm going to add a commit to 1-3-stable and
    master removing this now.


    On Thu, Jan 24, 2013 at 11:34 AM, Laurens Nienhaus <l.nienhaus@gmail.com<javascript:;>
    wrote:
    Hello,

    How is the :admin action of Spree::Ability defined?

    It is checked for in Spree::Admin::BaseController#authorize_admin like
    so:
    authorize! :admin, record

    Does it merely check if the user has access to the record in the context
    of the admin area at all, or does it include other actions similar to
    the
    :manage action?

    Thx,
    Laurens

    --

    --
    You received this message because you are subscribed to the Google
    Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to spree-user+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups
    "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to spree-user+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Laurens Nienhaus at Jan 30, 2013 at 1:36 am
    Ah, alright, I got it now!

    Thanks for laying that out, Ryan

    Am 30.01.2013 um 02:33 schrieb Ryan Bigg:
    If you give cancan an action it does not know the pen it will allow access
    through. Cancan does not define admin action anywhere inside its source.
    On Wednesday, January 30, 2013, Laurens Nienhaus wrote:

    Mmh, I have introduced users in my app that do not have the

    can :manage, :all

    abilities as admins do.


    For example those non-admins might have only the ability to read products

    can [:index], Spree::Product

    This alone still gives Unauthorized errors until I also give them access
    to the :admin action

    can [:admin, :index], Spree::Product


    So to me (I am on spree 1.2) it seems that this :admin action is in fact
    necessary.

    Maybe it is defined inside Cancan and checks access to the whole :admin
    namespace?



    Am 30.01.2013 um 01:50 schrieb Ryan Bigg:
    I don't think it's actually defined anywhere.

    What this code does is effectively:

    Spree::Ability.new(<user).authorize! :admin, Spree::Order

    So if we go into our console and try that, we'll see it returns the
    Spree::Order class. If we replace :admin with :laurens, it will still
    return the Spree::Order class.

    Therefore, to answer your question, I don't think it does anything at all
    and can probably be removed. I'm going to add a commit to 1-3-stable and
    master removing this now.


    On Thu, Jan 24, 2013 at 11:34 AM, Laurens Nienhaus <l.nienhaus@gmail.com<javascript:;>
    wrote:
    Hello,

    How is the :admin action of Spree::Ability defined?

    It is checked for in Spree::Admin::BaseController#authorize_admin like
    so:
    authorize! :admin, record

    Does it merely check if the user has access to the record in the context
    of the admin area at all, or does it include other actions similar to
    the
    :manage action?

    Thx,
    Laurens

    --

    --
    You received this message because you are subscribed to the Google
    Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to spree-user+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups
    "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to spree-user+unsubscribe@googlegroups.com <javascript:;>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupspree-user @
categoriesrubyonrails
postedJan 30, '13 at 12:50a
activeJan 30, '13 at 1:36a
posts3
users2
websitespreecommerce.com
irc#RubyOnRails

2 users in discussion

Ryan Bigg: 2 posts Laurens Nienhaus: 1 post

People

Translate

site design / logo © 2022 Grokbase