From 4be2fe5fe9fcb722761769b800b2a7990b42d5f2 Mon Sep 17 00:00:00 2001 From: David Cook Date: Mon, 19 Aug 2013 11:29:54 +1000 Subject: [PATCH] Only show payment methods that user has access to --- .../admin/payment_methods_controller_decorator.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 app/controllers/spree/admin/payment_methods_controller_decorator.rb diff --git a/app/controllers/spree/admin/payment_methods_controller_decorator.rb b/app/controllers/spree/admin/payment_methods_controller_decorator.rb new file mode 100644 index 0000000000..d1d367fc47 --- /dev/null +++ b/app/controllers/spree/admin/payment_methods_controller_decorator.rb @@ -0,0 +1,14 @@ +Spree::Admin::PaymentMethodsController.class_eval do + # Only show payment methods that user has access to. + # ! Redundant code copied from Spree::Admin::ResourceController with two added lines + def collection + return parent.send(controller_name) if parent_data.present? + if model_class.respond_to?(:accessible_by) && !current_ability.has_block?(params[:action], model_class) + model_class.accessible_by(current_ability, action). + managed_by(spree_current_user) # this line added + else + model_class.scoped. + managed_by(spree_current_user) # this line added + end + end +end \ No newline at end of file