Consider a scenario where we have two roles let's say a super admin (can manage all) and a safe admin ( superedmin which can not manage some model )
Now, due to the below snippet, the relative sequence of cancan rules seems to affect the effective authorization rules since cancan assumes the rules appearing below to have higher priority ( overrides any contrasting rules )
user_roles(user).each do |role|
ability(role, user)
end
Please refer the attached detailed comparison showing how the cancan rules are impacted due to this.
We can invoke the cancan rules directly from the Spree::Permission so that the rules are mapped based on the priority for each permission and remains independent of the sequence in which a role is assigned to a user.
tanmay3011
commented
7 years ago
The Problem
Consider a scenario where we have two roles let's say a super admin (can manage all) and a safe admin ( superedmin which can not manage some model )
Now, due to the below snippet, the relative sequence of cancan rules seems to affect the effective authorization rules since cancan assumes the rules appearing below to have higher priority ( overrides any contrasting rules )
Please refer the attached detailed comparison showing how the cancan rules are impacted due to this.
spree_admin_roles_and_access_bug.html.zip
Proposed Fix ( In this PR )
We can invoke the cancan rules directly from the
Spree::Permissionso that the rules are mapped based on the priority for each permission and remains independent of the sequence in which a role is assigned to a user.