Skip to content
This repository has been archived by the owner on Mar 3, 2021. It is now read-only.

Authorization and supplier abilities #18

Open
ronzalo opened this issue Feb 9, 2016 · 0 comments
Open

Authorization and supplier abilities #18

ronzalo opened this issue Feb 9, 2016 · 0 comments

Comments

@ronzalo
Copy link

ronzalo commented Feb 9, 2016

Maybe I'm wrong, but as a supplier, I can add new images to a product from another vendor if I access /admin/products/not-my-product/images

From the supplier_ability.rb

can [:admin, :manage], Spree::Image do |image|
  image.viewable.product.supplier_ids.include?(user.supplier_id)
end
can :create, Spree::Image

How can i patch this?

Any help would be welcome.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ronzalo