Skip to content

Commit

Permalink
Merge pull request #3840 from nebulab/kennyadsl/fix-menu-permissions
Browse files Browse the repository at this point in the history 
Fix permissions to see admin menu items
  • Loading branch information
@kennyadsl
kennyadsl authored Nov 18, 2020
2 parents 7887e34 + 6e42ac9 commit 472c16b
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 19 deletions.
10 changes: 5 additions & 5 deletions backend/app/views/spree/admin/shared/_settings_sub_menu.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,24 @@
<%= tab :stores, label: :stores, url: spree.admin_stores_path %>
<% end %>

<% if can?(:show, Spree::PaymentMethod) %>
<% if can?(:admin, Spree::PaymentMethod) %>
<%= tab :payments, url: spree.admin_payment_methods_path %>
<% end %>

<% if can?(:show, Spree::TaxCategory) || can?(:show, Spree::TaxRate) %>
<% if can?(:admin, Spree::TaxCategory) || can?(:admin, Spree::TaxRate) %>
<%= tab :taxes, url: spree.admin_tax_categories_path, match_path: %r(tax_categories|tax_rates) %>
<% end %>

<% if can?(:show, Spree::RefundReason) || can?(:show, Spree::ReimbursementType) ||
<% if can?(:admin, Spree::RefundReason) || can?(:admin, Spree::ReimbursementType) ||
can?(:show, Spree::ReturnReason) || can?(:show, Spree::AdjustmentReason) %>
<%= tab :checkout, url: spree.admin_refund_reasons_path, match_path: %r(refund_reasons|reimbursement_types|return_reasons|adjustment_reasons|store_credit_reasons) %>
<% end %>

<% if can?(:show, Spree::ShippingMethod) || can?(:show, Spree::ShippingCategory) || can?(:show, Spree::StockLocation) %>
<% if can?(:admin, Spree::ShippingMethod) || can?(:admin, Spree::ShippingCategory) || can?(:admin, Spree::StockLocation) %>
<%= tab :shipping, url: spree.admin_shipping_methods_path, match_path: %r(shipping_methods|shipping_categories|stock_locations) %>
<% end %>

<% if can?(:show, Spree::Zone) %>
<% if can?(:admin, Spree::Zone) %>
<%= tab :zones, url: spree.admin_zones_path %>
<% end %>
</ul>
22 changes: 11 additions & 11 deletions backend/lib/spree/backend_configuration.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,17 +133,17 @@ def menu_items
'wrench',
condition: -> {
can?(:admin, Spree::Store) ||
can?(:show, Spree::AdjustmentReason) ||
can?(:show, Spree::PaymentMethod) ||
can?(:show, Spree::RefundReason) ||
can?(:show, Spree::ReimbursementType) ||
can?(:show, Spree::ShippingCategory) ||
can?(:show, Spree::ShippingMethod) ||
can?(:show, Spree::StockLocation) ||
can?(:show, Spree::TaxCategory) ||
can?(:show, Spree::TaxRate) ||
can?(:show, Spree::ReturnReason) ||
can?(:show, Spree::Zone)
can?(:admin, Spree::AdjustmentReason) ||
can?(:admin, Spree::PaymentMethod) ||
can?(:admin, Spree::RefundReason) ||
can?(:admin, Spree::ReimbursementType) ||
can?(:admin, Spree::ShippingCategory) ||
can?(:admin, Spree::ShippingMethod) ||
can?(:admin, Spree::StockLocation) ||
can?(:admin, Spree::TaxCategory) ||
can?(:admin, Spree::TaxRate) ||
can?(:admin, Spree::ReturnReason) ||
can?(:admin, Spree::Zone)
},
label: :settings,
partial: 'spree/admin/shared/settings_sub_menu',
Expand Down
8 changes: 5 additions & 3 deletions backend/spec/features/admin/homepage_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,16 +73,18 @@
custom_authorization! do |_user|
can [:admin, :home], :dashboards
can [:admin, :edit, :index, :show], Spree::Order
cannot [:show], Spree::StockLocation
cannot [:show], Spree::Zone
cannot [:admin], Spree::StockLocation
can [:admin], Spree::Zone
end

it 'should only display tabs fakedispatch has access to' do
visit spree.admin_path
expect(page).to have_link('Orders')
expect(page).not_to have_link('Products')
expect(page).not_to have_link('Promotions')
expect(page).not_to have_link('Settings')
expect(page).to have_link('Settings')
expect(page).not_to have_link('Stock Locations', visible: false)
expect(page).to have_link('Zones', visible: false)
end
end
end

0 comments on commit 472c16b

Please sign in to comment.