class CustomAbility < Spree::Ability
def initialize(user)
alias_cancan_delete_action
user ||= Spree.user_class.new
if user.respond_to?(:has_spree_role?) && user.has_spree_role?('admin')
apply_admin_permissions(user)
# add some more permissions here for the admin role
else
if user.respond_to?(:has_spree_role?) && user.has_spree_role?(:customer_service)
apply_customer_service_permissions(user)
end
apply_user_permissions(user)
end
protect_admin_role
end
protected
def apply_customer_service_permissions(user)
can :manage, Spree::Order
end
end