diff --git a/core/app/models/spree/permission_set.rb b/core/app/models/spree/permission_set.rb new file mode 100644 index 00000000000..51fd3242541 --- /dev/null +++ b/core/app/models/spree/permission_set.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +module Spree + class PermissionSet < Spree::Base + has_many :role_permissions + has_many :roles, through: :role_permissions + + validates :name, :set, presence: true + + scope :display_permissions, -> { where('name LIKE ?', '%Display') } + scope :management_permissions, -> { where('name LIKE ?', '%Management') } + + scope :custom_permissions, -> { + where.not(id: display_permissions) + .where.not(id: management_permissions) + } + end +end diff --git a/core/app/models/spree/role.rb b/core/app/models/spree/role.rb index 3e2d7d1a234..7ede4682d3c 100644 --- a/core/app/models/spree/role.rb +++ b/core/app/models/spree/role.rb @@ -3,12 +3,26 @@ module Spree class Role < Spree::Base has_many :role_users, class_name: "Spree::RoleUser", dependent: :destroy + has_many :role_permissions, dependent: :destroy + has_many :permission_sets, through: :role_permissions has_many :users, through: :role_users + scope :non_base_roles, -> { where.not(name: ['admin']) } + validates_uniqueness_of :name, case_sensitive: true + validates :name, uniqueness: true + after_save :assign_permissions def admin? name == "admin" end + + def permission_sets_constantized + permission_sets.map(&:set).map(&:constantize) + end + + def assign_permissions + ::Spree::Config.roles.assign_permissions name, permission_sets_constantized + end end end diff --git a/core/app/models/spree/role_permission.rb b/core/app/models/spree/role_permission.rb new file mode 100644 index 00000000000..a194df5b2f0 --- /dev/null +++ b/core/app/models/spree/role_permission.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +module Spree + class RolePermission < Spree::Base + belongs_to :role + belongs_to :permission_set + end +end