Class: Spree::ApiKeyAbility

Inherits:

Object

• Object
• Spree::ApiKeyAbility

Includes:

CanCan::Ability

Defined in:

app/models/spree/api_key_ability.rb

Overview

CanCanCan ability used for API-key-authenticated admin requests. Grants full access — authorization happens at the scope-check layer (Spree::Api::V3::ScopedAuthorization), not at the per-record CanCanCan layer. This exists so that ‘accessible_by(current_ability, :show)` in admin controllers returns the unrestricted scope (it would otherwise require a real Spree::Ability with role lookups, which doesn’t apply to API key principals).

Instance Method Summary

• #initialize(_options = {}) ⇒ ApiKeyAbility constructor

  A new instance of ApiKeyAbility.

Constructor Details

#initialize(_options = {}) ⇒ ApiKeyAbility

Returns a new instance of ApiKeyAbility.

# File 'app/models/spree/api_key_ability.rb', line 12

def initialize(_options = {})
  can :manage, :all
end