I want to add a role of 'supplier' to create, edit, view and destroy only
their products. I've read through can can and understand the concept of
granting abilities with abilitydecorator. But after reading through posts
most discussions seem to address user roles before spree_auth_devise was
implemented fully.

But my feeling is that the community has been working to standardize the
process of adding user roles and permissions. Would anyone care to give a
quick overview of the best practice to add a user role and then grant
permissions to that role? Sort of bringing the process together as what
I've found is scattered and not sure if all of it is relevant anymore.

--
You received this message because you are subscribed to the Google Groups "Spree" group.
To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Brian Quinn at Feb 5, 2013 at 9:59 am
    Hi Chad,
    I've actually just been adding a lot of refactoring around that. The first thing to note is I've moved all Cancan / Ability related stuff back into Spree core (from spree_auth_devise, which is only for authentication not authorisation).

    I've also updated the admin controllers to use Cancan's accessible_by method that will allow custom roles to access actions like Products index and only view the relevant products.

    The main requirement is that in your custom ability that you use Cancan's hash syntax to limit when defining abilities (and not blocks), here's any example supplier Ability:


    if user.has_spree_role?("supplier") && user.supplier_id.present?
    can :manage, Product, :supplier_id => user.supplier_id
    end



    HTH,



    --
    Brian Quinn

    Co-Founder, CTO
    Spree Commerce, Inc.
    http://spreecommerce.com

    On Monday 4 February 2013 at 16:37, Chad Schofield wrote:

    I want to add a role of 'supplier' to create, edit, view and destroy only their products. I've read through can can and understand the concept of granting abilities with abilitydecorator. But after reading through posts most discussions seem to address user roles before spree_auth_devise was implemented fully.

    But my feeling is that the community has been working to standardize the process of adding user roles and permissions. Would anyone care to give a quick overview of the best practice to add a user role and then grant permissions to that role? Sort of bringing the process together as what I've found is scattered and not sure if all of it is relevant anymore.

    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com (mailto:spree-user+unsubscribe@googlegroups.com).
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Mahinder124 at Feb 6, 2013 at 8:05 am
    u have any idea how 'supplier can relate to product so he can see there own
    product because i already create partener role but i dont know how product
    will relate to role

    --
    You received this message because you are subscribed to the Google Groups "Spree" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to spree-user+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupspree-user @
categoriesrubyonrails
postedFeb 4, '13 at 4:37p
activeFeb 6, '13 at 8:05a
posts3
users3
websitespreecommerce.com
irc#RubyOnRails

People

Translate

site design / logo © 2022 Grokbase