Permissions

Spree::Role.find_or_create_by(name: 'customer_service')

Spree.user_class.find_by(email: 'john@example.com').spree_roles << Spree::Role.find_or_create_by(name: 'customer_service')

class CustomerServiceAbility
  include CanCan::Ability

  def initialize(user)
    if user.respond_to?(:has_spree_role?) && user.has_spree_role?('customer_service')
      can :manage, Spree::Order
    end
  end
end

module Spree
  module AbilityDecorator
    def abilities_to_register
      [CustomerServiceAbility]
    end
  end

  Ability.prepend(AbilityDecorator)
end

Spree::Dependencies.ability_class = 'CustomAbility'

class CustomAbility < Spree::Ability
  def initialize(user)
    alias_cancan_delete_action

    user ||= Spree.user_class.new

    if user.respond_to?(:has_spree_role?) && user.has_spree_role?('admin')
      apply_admin_permissions(user)
      # add some more permissions here for the admin role
    else 
      if user.respond_to?(:has_spree_role?) && user.has_spree_role?(:customer_service)
        apply_customer_service_permissions(user)
      end

      apply_user_permissions(user)
    end

    protect_admin_role
  end

  protected

  def apply_customer_service_permissions(user)
    can :manage, Spree::Order
  end
end