Class: Spree::Api::V3::Admin::MeController

Inherits:

BaseController

• Object
• ActionController::API
• BaseController
• BaseController
• Spree::Api::V3::Admin::MeController

Defined in:

app/controllers/spree/api/v3/admin/me_controller.rb

Constant Summary

Constants included from ScopedAuthorization

ScopedAuthorization::READ_ACTIONS

Constants inherited from BaseController

BaseController::RATE_LIMIT_RESPONSE

Constants included from Idempotent

Idempotent::IDEMPOTENCY_HEADER, Idempotent::IDEMPOTENCY_TTL, Idempotent::MAX_KEY_LENGTH, Idempotent::MUTATING_METHODS

Constants included from ErrorHandler

ErrorHandler::ERROR_CODES

Constants included from JwtAuthentication

JwtAuthentication::JWT_AUDIENCE_ADMIN, JwtAuthentication::JWT_AUDIENCE_STORE, JwtAuthentication::JWT_ISSUER, JwtAuthentication::USER_TYPE_ADMIN, JwtAuthentication::USER_TYPE_CUSTOMER

Instance Method Summary

• #show ⇒ Object

  GET /api/v3/admin/me Returns the current admin user along with a serialized representation of their permissions (derived from CanCanCan rules).

Methods included from Spree::Api::V3::ApiKeyAuthentication

#authenticate_api_key!, #authenticate_secret_key!

Methods included from JwtAuthentication

#authenticate_user, #require_authentication!

Instance Method Details

#show ⇒ Object

GET /api/v3/admin/me Returns the current admin user along with a serialized representation of their permissions (derived from CanCanCan rules). The SPA uses the permissions list to decide which UI elements to show or hide. The actual authorization check is still enforced server-side by CanCanCan — the SPA list is purely for UX.

# File 'app/controllers/spree/api/v3/admin/me_controller.rb', line 14

def show
  render json: {
    user: admin_user_serializer.new(current_user, params: serializer_params).to_h,
    permissions: serialize_permissions(current_ability)
  }
end