Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backend] More precise cancan validations for some resource links #3654

Merged
merged 2 commits into from
Jun 15, 2020
Merged

[Backend] More precise cancan validations for some resource links #3654

merged 2 commits into from
Jun 15, 2020

Conversation

spaghetticode
Copy link
Member

Description

This the continuation of the work done by @memotoro that I was unable to continue on the original PR.

I added some integration tests in order to verify permissions work as expected, and I reintroduced
the user id specification to some new order links as the context implies we're going to create an order for the given user.

Checklist:

  • I have followed Pull Request guidelines
  • I have added a detailed description into each commit message
  • I have updated Guides and README accordingly to this change (if needed)
  • I have added tests to cover this change (if needed)
  • I have attached screenshots to this PR for visual changes (if needed)

@spaghetticode
Specify user for new order link
dfe25ed 
Given we're in an area specific for a given user, when we want to
create a new order, it must be for that specific user.
@spaghetticode spaghetticode added the type:enhancement Proposed or newly added feature label Jun 5, 2020
@spaghetticode spaghetticode added this to the 2.11 milestone Jun 5, 2020
@spaghetticode spaghetticode self-assigned this Jun 5, 2020
@spaghetticode spaghetticode mentioned this pull request Jun 5, 2020
Closed
@memotoro @spaghetticode
Adds cancancan validations (or more restrictive ones when already
48f0ed5 
present) for the following resources in the backend:

* Spree::Image
* Spree::Order
* Spree::Payment
* Spree::ReturnAuthorization
@spaghetticode spaghetticode changed the title [Backend] Extra cancancan validations for some URL resource links [Backend] More precise cancan validations for some resource links Jun 12, 2020
kennyadsl
kennyadsl approved these changes Jun 15, 2020
View reviewed changes
Copy link
Member

@kennyadsl kennyadsl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@kennyadsl kennyadsl merged commit a77df8a into solidusio:master Jun 15, 2020
@kennyadsl kennyadsl deleted the memotoro/pr-2823 branch June 15, 2020 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@kennyadsl kennyadsl kennyadsl approved these changes

@jarednorman jarednorman jarednorman approved these changes

Assignees

@spaghetticode spaghetticode

Labels
type:enhancement Proposed or newly added feature
Projects
None yet
Milestone
2.11
Development

Successfully merging this pull request may close these issues.
5 participants
@spaghetticode @kennyadsl @jarednorman @houndci-bot @memotoro