CanCan allows one to avoid access control logic being scattered throughout the application source code. Instead, it enables one to define all user permissions in Ability classes.
Solidus takes this concept to the next level, by allowing to specify different permission sets classes, and assign them to specific user roles.
Let's see in details what these concepts represent and how to manage them.
Solidus comes with two pre-configured roles: admin and default. User that
has_spree_role?(:admin) has access to the admin panel and can manage all
resources. User that
has_spree_role?(:default) resembles a client or a website
visitor, that can view certain resources, manage their shopping carts, etc.
Each user can have multiple roles and admin users can change the roles of other
users using the Admin panel, under the Users section.
Solidus comes with a list of ready permission sets, that you can find in
, and a
preference, that you can use to change or extend default permission sets.
By default, roles and permission sets are configured with the following code :
# ... Spree::RoleConfiguration.new.tap do |roles| roles.assign_permissions :default, ['Spree::PermissionSets::DefaultCustomer'] roles.assign_permissions :admin, ['Spree::PermissionSets::SuperUser'] end # ...
Which maps a list of permission sets to each role that we can use:
If we want to add a new role with its own set of permissions to our store
then first we must create a new
Spree::Role, which can be done
in one of the following ways:
spree_rolestable by executing
Spree::Role.create(name: 'role_name')in the Rails console
db/seeds) add a line
Spree::Role.find_or_create_by(name: 'role_name')for each role you wish to create
Now that the new role has been created you can simply assign a new list of permission sets to it, in the Solidus initializer:
Spree.config do |config| config.roles.assign_permissions :role_name, ['Spree::PermissionSets::AnotherPermissionSet'] end
Spree::PermissionSets::AnotherPermissionSet can be selected by the list of
the roles provided by Solidus, or alternatively can be a custom role that you
New permission sets should be created in their own dedicated classes that
Spree::PermissionSets::Base. Permission rules defined with the CanCan
DSL should be created in the
activate! method. To add a new permission set you
can simply create this new class in
module Spree module PermissionSets class BlogManagement < PermissionSets::Base def activate! can :manage, Spree::Page end end end end
Finally, remember to load permission sets files in your application
configuration, by adding the following code to
config.before_initialize do Dir.glob(File.join(File.dirname(__FILE__), "../lib/spree/permission_sets/*.rb")) do |c| require_dependency(c) end end
Solidus is an open source platform supported by the community. We encourage everyone using Solius to contribute back to the documentation and the code.