2022-08-19 19:59:13 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
# Check the access policies for API::CartController
|
|
|
|
class CartPolicy < ApplicationPolicy
|
|
|
|
def create?
|
2022-10-13 17:56:34 +02:00
|
|
|
!Setting.get('store_hidden') || user&.privileged?
|
2022-08-19 19:59:13 +02:00
|
|
|
end
|
|
|
|
|
2022-09-27 19:44:39 +02:00
|
|
|
%w[add_item remove_item set_quantity refresh_item validate].each do |action|
|
2022-08-19 19:59:13 +02:00
|
|
|
define_method "#{action}?" do
|
2022-08-20 20:49:51 +02:00
|
|
|
return user.privileged? || (record.statistic_profile_id == user.statistic_profile.id) if user
|
|
|
|
|
2022-09-05 15:24:08 +02:00
|
|
|
record.statistic_profile_id.nil? && record.operator_profile_id.nil?
|
2022-08-19 19:59:13 +02:00
|
|
|
end
|
|
|
|
end
|
2022-09-08 15:10:56 +02:00
|
|
|
|
|
|
|
def set_offer?
|
2022-11-04 12:13:53 +01:00
|
|
|
!record.is_offered || (user.privileged? && record.customer_id != user.id)
|
2022-09-08 15:10:56 +02:00
|
|
|
end
|
2022-08-19 19:59:13 +02:00
|
|
|
end
|