Refactor authorisation to play nice with Spree instead of patching it (thanks to Rohan's suggestions)

2026-02-17 00:07:24 +00:00 · 2013-08-23 13:25:42 +10:00
parent 1bfb54f310
commit 078bd033b6
2 changed files with 10 additions and 5 deletions
--- a/app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
+++ b/app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
@@ -1,8 +1,8 @@
 Spree::Admin::Orders::CustomerDetailsController.class_eval do
-  #Override BaseController.authorize_admin to inherit CanCan permissions for the current order
-  def authorize_admin
-      load_order unless @order
-      authorize! :admin, @order
-      authorize! params[:action].to_sym, @order
+  # Inherit CanCan permissions for the current order
+  def model_class
+    load_order unless @order
+    @order
  end
+
 end
--- a/app/controllers/spree/admin/reports_controller_decorator.rb
+++ b/app/controllers/spree/admin/reports_controller_decorator.rb
@@ -11,6 +11,11 @@ Spree::Admin::ReportsController.class_eval do
  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:payments => {:name => "Payment Reports", :description => "Reports for Payments"}})
  Spree::Admin::ReportsController::AVAILABLE_REPORTS.merge!({:order_cycles => {:name => "Order Cycle Reports", :description => "Reports for Order Cycles"}})

+  # Equivalent to CanCan's "authorize_resource :class => false" (see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
+  def model_class
+    self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym
+  end
+
  def orders_and_distributors
    params[:q] = {} unless params[:q]