spree_admin_roles_and_access icon indicating copy to clipboard operation
spree_admin_roles_and_access copied to clipboard

Published 20 hours ago verified publisher icon vinsol-spree-contrib

not able to add the product in the cart

Open ghost opened this issue 5 years ago • 4 comments

When I am adding a product into cart without login then getting 403 forbidden error.

ghost avatar Nov 01 '19 11:11 ghost

/lib/spree/permissions.rb at line#28 and line#32 there's a call to a guest_token which was completely renamed to a token since spree 3.7

It's fixed in this PR https://github.com/vinsol-spree-contrib/spree_admin_roles_and_access/pull/57

And also a default permission set should include read variant permission

storhet avatar Nov 22 '19 11:11 storhet

Still the issue did not resolved.

I am also wanted to know that when I am adding a product in cart which permission should be enable. current_ability.can :update, Spree::Order.

ghost avatar Nov 23 '19 10:11 ghost

For example if you check the add_item action in the latest stable version of the spree https://github.com/spree/spree/blob/4-0-stable/api/app/controllers/spree/api/v2/storefront/cart_controller.rb#L24 you will find the spree_authorize! calls inside with these options

spree_authorize! :update, spree_current_order, order_token
spree_authorize! :show, variant

I hope it helps :)

storhet avatar Nov 23 '19 11:11 storhet

I am getting the same problem.
It's working when i allow Can Manage Orders but then guest can mange orders in dashboard without login.

shkhalid avatar Oct 14 '20 17:10 shkhalid