1 / 7

SpreeCommerce Admin Roles and Access

Allows website owner to dynamically add new roles and define access permissions.<br>

vinsol
Download Presentation

SpreeCommerce Admin Roles and Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spreecommerce SpreeCommerce Admin Roles and Access

  2. The concept of roles and permissions is about the ability to control what users can and cannot do within a website. Often a store needs separate people to manage different aspects of the administration and an open access to all admin is not always feasible and advisable. Using the Admin Roles and Access Spree Extension, a new Admin Role can be added and its corresponding permissions can also be selected from the admin end of a SpreeCommerce application.

  3. Types of Permission levels • Default Permission - Basic permission level required by a user to perform task on user end, like creating an order etc. Every role should be provided with this permission. • Default Admin Permission - This permissions level is for the admin to be able to access the '/admin' route of the application. • Manage All - Role with this permission can do everything i.e. he/she would have permission level of a ‘Super-Admin’. This permission should only be given to users who are supposed to be able to access the complete application like store owner, super admin etc.

  4. Pattern of the permissions • More permissions levels can be created following the under mentioned pattern. • <can/cannot> <action> <subject> <attributes> • Can/cannot- specifies whether the user with that permission can do or cannot do that task. • Action- specifies the action which can be done by that model or subject like update, index, create etc. There is a special action called 'manage' which matches every action.

  5. Subject - specified the model like products, users etc. of which the permission is given. There is an special subject called all which matches every subject. • Attributes- specifies the attributes for which the permission is specified. Read-only actions shouldn't require this like index, read etc. But it is more secure if we specify them in other actions like create or update.

  6. Examples : • can-manage-spree/product - can perform every action on Spree:Productbut not on any other model or subject. • can-update-all - can update all models or subjects. • can-update-spree/product - can update only products, and not users, orders and other things. • can-update-spree/product-price - can update only price of products. • can-manage-all - can perform every action on all models.

  7. The extension is open source and the code is available here Follow us on twitter for more updates. See more at - http://vinsol.com/ Source- http://vinsol.com/spreecommerce-admin-roles-and-access

More Related