Module: Spree::Api::V3::StorefrontGating

Extended by:
ActiveSupport::Concern
Included in:
Spree::Api::V3::Store::BaseController, Spree::Api::V3::Store::ResourceController
Defined in:
app/controllers/concerns/spree/api/v3/storefront_gating.rb

Overview

Enforces channel-level storefront access gating on the Store API. The posture is resolved from the request's channel (+Spree::Channel#resolved_storefront_access+, with store fallback):

  • login_required → 401 on every gated read for unauthenticated requests
  • prices_hidden → price fields serialized as null for guests

"Guest" means no authenticated customer (publishable key or guest cart token without a customer JWT). Logged-in customers are never gated.