From 2c374b448ae2dd17df1065aeefb8db4bd9a91727 Mon Sep 17 00:00:00 2001 From: Rohan Mitchell Date: Fri, 18 Nov 2016 12:00:11 +1100 Subject: [PATCH] check_authorization removed in Spree. Add load_order before_filter to cover our custom actions. --- app/controllers/spree/admin/orders_controller_decorator.rb | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/app/controllers/spree/admin/orders_controller_decorator.rb b/app/controllers/spree/admin/orders_controller_decorator.rb index 443eda0538..e84f7217bf 100644 --- a/app/controllers/spree/admin/orders_controller_decorator.rb +++ b/app/controllers/spree/admin/orders_controller_decorator.rb @@ -4,11 +4,7 @@ Spree::Admin::OrdersController.class_eval do include OpenFoodNetwork::SpreeApiKeyLoader helper CheckoutHelper before_filter :load_spree_api_key, :only => :bulk_management - - # We need to add expections for collection actions other than :index here - # because spree_auth_devise causes load_order to be called, which results - # in an auth failure as the @order object is nil for collection actions - before_filter :check_authorization, except: [:bulk_management, :managed] + before_filter :load_order, only: %i[show edit update fire resend invoice print] before_filter :load_distribution_choices, only: [:new, :edit, :update]