spreecommerce n.
Skip this Video
Loading SlideShow in 5 Seconds..
SpreeCommerce Admin Roles and Access PowerPoint Presentation
Download Presentation
SpreeCommerce Admin Roles and Access

Loading in 2 Seconds...

play fullscreen
1 / 7
Download Presentation

SpreeCommerce Admin Roles and Access - PowerPoint PPT Presentation

Download Presentation

SpreeCommerce Admin Roles and Access

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Spreecommerce SpreeCommerce Admin Roles and Access

  2. The concept of roles and permissions is about the ability to control what users can and cannot do within a website. Often a store needs separate people to manage different aspects of the administration and an open access to all admin is not always feasible and advisable. Using the Admin Roles and Access Spree Extension, a new Admin Role can be added and its corresponding permissions can also be selected from the admin end of a SpreeCommerce application.

  3. Types of Permission levels • Default Permission - Basic permission level required by a user to perform task on user end, like creating an order etc. Every role should be provided with this permission. • Default Admin Permission - This permissions level is for the admin to be able to access the '/admin' route of the application. • Manage All - Role with this permission can do everything i.e. he/she would have permission level of a ‘Super-Admin’. This permission should only be given to users who are supposed to be able to access the complete application like store owner, super admin etc.

  4. Pattern of the permissions • More permissions levels can be created following the under mentioned pattern. • <can/cannot> <action> <subject> <attributes> • Can/cannot- specifies whether the user with that permission can do or cannot do that task. • Action- specifies the action which can be done by that model or subject like update, index, create etc. There is a special action called 'manage' which matches every action.

  5. Subject - specified the model like products, users etc. of which the permission is given. There is an special subject called all which matches every subject. • Attributes- specifies the attributes for which the permission is specified. Read-only actions shouldn't require this like index, read etc. But it is more secure if we specify them in other actions like create or update.

  6. Examples : • can-manage-spree/product - can perform every action on Spree:Productbut not on any other model or subject. • can-update-all - can update all models or subjects. • can-update-spree/product - can update only products, and not users, orders and other things. • can-update-spree/product-price - can update only price of products. • can-manage-all - can perform every action on all models.

  7. The extension is open source and the code is available here Follow us on twitter for more updates. See more at - http://vinsol.com/ Source- http://vinsol.com/spreecommerce-admin-roles-and-access