not able to add the product in the cart

[ghost]

When I am adding a product into cart without login then getting 403 forbidden error.

[storhet]

/lib/spree/permissions.rb at line#28 and line#32 there's a call to a guest_token which was completely renamed to a token since spree 3.7

It's fixed in this PR https://github.com/vinsol-spree-contrib/spree_admin_roles_and_access/pull/57

And also a default permission set should include read variant permission

[ghost]

Still the issue did not resolved.

I am also wanted to know that when I am adding a product in cart which permission should be enable. current_ability.can :update, Spree::Order.

[storhet]

For example if you check the add_item action in the latest stable version of the spree https://github.com/spree/spree/blob/4-0-stable/api/app/controllers/spree/api/v2/storefront/cart_controller.rb#L24 you will find the spree_authorize! calls inside with these options

spree_authorize! :update, spree_current_order, order_token
spree_authorize! :show, variant

I hope it helps :)

[shkhalid]

I am getting the same problem.
It's working when i allow Can Manage Orders but then guest can mange orders in dashboard without login.