Class: RailsAdmin::Extensions::CanCanCan::AuthorizationAdapter

Inherits:
Object
  • Object
show all
Includes:
Config::Configurable
Defined in:
lib/rails_admin/extensions/cancancan/authorization_adapter.rb

Overview

This adapter is for the CanCanCan authorization library.

Defined Under Namespace

Modules: ControllerExtension

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Config::Configurable

#has_option?, included, #register_deprecated_instance_option, #register_instance_option

Constructor Details

#initialize(controller, ability = nil, &block) ⇒ AuthorizationAdapter

See the authorize_with config method for where the initialization happens.



23
24
25
26
27
28
29
30
31
32
33
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 23

def initialize(controller, ability = nil, &block)
  @controller = controller
  ability_class { ability } if ability
  instance_eval(&block) if block

  adapter = self
  ControllerExtension.define_method(:ability_class) do
    adapter.ability_class
  end
  @controller.current_ability.authorize! :access, :rails_admin
end

Class Method Details

.setupObject



18
19
20
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 18

def self.setup
  RailsAdmin::Extensions::ControllerExtension.include ControllerExtension
end

Instance Method Details

#attributes_for(action, abstract_model) ⇒ Object

This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.



72
73
74
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 72

def attributes_for(action, abstract_model)
  @controller.current_ability.attributes_for(action, abstract_model&.model)
end

#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object

This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.



44
45
46
47
48
49
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 44

def authorize(action, abstract_model = nil, model_object = nil)
  return unless action

  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.authorize!(action, subject)
end

#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean

This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as authorize. The difference is that this will return a boolean whereas authorize will raise an exception when not authorized.

Returns:

  • (Boolean)


55
56
57
58
59
60
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 55

def authorized?(action, abstract_model = nil, model_object = nil)
  return unless action

  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.can?(action, subject)
end

#query(action, abstract_model) ⇒ Object

This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.



65
66
67
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 65

def query(action, abstract_model)
  abstract_model.model.accessible_by(@controller.current_ability, action)
end