User and Roles
Spree by default comes withadmin
and user
roles. You can create more roles in the Admin Panel UI or rails console / seed, eg.:
Ability class
For authorization Spree uses CanCanCan library. The main ability class by default is Spree::Ability.Adding custom permissions
Let’s assume you would like to add a new Rolecustomer_service
with some limited access to Admin Panel (only Orders section).
Create a new file called app/models/customer_service_ability.rb
can/cannot
methods more.
Now we need to inform Spree to use this ability, create another file app/models/spree/ability_decorator.rb
with contents:
Replacing all permissions
As we’ve mentioned earlier, Spree uses the main Ability class. You can change that to use your own custom Ability class via Dependencies in Spree initializer (config/initializers/spree.rb
), eg.
app/models/custom_ability.rb