module Spree::Admin::OrdersControllerDecorator

Public Class Methods

prepended(base) click to toggle source
# File lib/controllers/backend/spree/admin/orders_controller_decorator.rb, line 3
def self.prepended(base)
  base.before_action :check_authorization
end

Private Instance Methods

check_authorization() click to toggle source
# File lib/controllers/backend/spree/admin/orders_controller_decorator.rb, line 13
def check_authorization
  action = params[:action].to_sym
  if load_order_action.include?(action)
    load_order
    session[:access_token] ||= params[:token]
    resource = @order || Spree::Order.new
    authorize! action, resource, session[:access_token]
  else
    authorize! :index, Spree::Order
  end
end
load_order_action() click to toggle source
# File lib/controllers/backend/spree/admin/orders_controller_decorator.rb, line 9
def load_order_action
  [:edit, :update, :cancel, :resume, :approve, :resend, :open_adjustments, :close_adjustments, :cart]
end