Module: ActiveAdmin::BaseController::Authorization
- Extended by:
- ActiveSupport::Concern
- Includes:
- MethodOrProcHelper
- Included in:
- ActiveAdmin::BaseController
- Defined in:
- lib/active_admin/base_controller/authorization.rb
Constant Summary collapse
- ACTIONS_DICTIONARY =
{ :index => ActiveAdmin::Authorization::READ, :show => ActiveAdmin::Authorization::READ, :new => ActiveAdmin::Authorization::CREATE, :create => ActiveAdmin::Authorization::CREATE, :edit => ActiveAdmin::Authorization::UPDATE, :update => ActiveAdmin::Authorization::UPDATE, :destroy => ActiveAdmin::Authorization::DESTROY }
Instance Method Summary collapse
-
#action_to_permission(action) ⇒ Object
protected
Converts a controller action into one of the correct Active Admin authorization names.
-
#active_admin_authorization ⇒ Object
protected
Retrieve or instantiate the authorization instance for this resource.
-
#active_admin_authorization_adapter ⇒ Object
protected
Returns the class to be used as the authorization adapter.
-
#authorize!(action, subject = nil) ⇒ Object
protected
Authorize the action and subject.
-
#authorize_resource!(resource) ⇒ Object
protected
Performs authorization on the resource using the current controller action as the permission action.
-
#authorized?(action, subject = nil) ⇒ Boolean
protected
Authorize the action and subject.
- #dispatch_active_admin_access_denied(exception) ⇒ Object protected
- #rescue_active_admin_access_denied(exception) ⇒ Object protected
Methods included from MethodOrProcHelper
#call_method_or_exec_proc, #call_method_or_proc_on, #render_in_context, #render_or_call_method_or_proc_on
Instance Method Details
#action_to_permission(action) ⇒ Object (protected)
Converts a controller action into one of the correct Active Admin authorization names. Uses the ACTIONS_DICTIONARY to convert the action name to permission.
114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/active_admin/base_controller/authorization.rb', line 114 def (action) return nil unless action action = action.to_sym if Authorization::ACTIONS_DICTIONARY.has_key?(action) Authorization::ACTIONS_DICTIONARY[action] else action end end |
#active_admin_authorization ⇒ Object (protected)
Retrieve or instantiate the authorization instance for this resource
92 93 94 |
# File 'lib/active_admin/base_controller/authorization.rb', line 92 def @active_admin_authorization ||= .new(active_admin_config, current_active_admin_user) end |
#active_admin_authorization_adapter ⇒ Object (protected)
Returns the class to be used as the authorization adapter
99 100 101 102 103 104 105 |
# File 'lib/active_admin/base_controller/authorization.rb', line 99 def if active_admin_namespace..is_a?(String) ActiveSupport::Dependencies.constantize(active_admin_namespace.) else active_admin_namespace. end end |
#authorize!(action, subject = nil) ⇒ Object (protected)
Authorize the action and subject. Available in the controller as well as all the views. If the action is not allowd, it raises an ActiveAdmin::AccessDenied exception.
73 74 75 76 77 78 79 |
# File 'lib/active_admin/base_controller/authorization.rb', line 73 def (action, subject = nil) unless action, subject raise ActiveAdmin::AccessDenied.new(current_active_admin_user, action, subject) end end |
#authorize_resource!(resource) ⇒ Object (protected)
Performs authorization on the resource using the current controller action as the permission action.
84 85 86 87 |
# File 'lib/active_admin/base_controller/authorization.rb', line 84 def (resource) = (params[:action]) , resource end |
#authorized?(action, subject = nil) ⇒ Boolean (protected)
Authorize the action and subject. Available in the controller as well as all the views.
56 57 58 |
# File 'lib/active_admin/base_controller/authorization.rb', line 56 def (action, subject = nil) .(action, subject) end |
#dispatch_active_admin_access_denied(exception) ⇒ Object (protected)
126 127 128 |
# File 'lib/active_admin/base_controller/authorization.rb', line 126 def dispatch_active_admin_access_denied(exception) call_method_or_exec_proc active_admin_namespace., exception end |
#rescue_active_admin_access_denied(exception) ⇒ Object (protected)
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
# File 'lib/active_admin/base_controller/authorization.rb', line 130 def rescue_active_admin_access_denied(exception) = exception. respond_to do |format| format.html do flash[:error] = if request.headers.key?("HTTP_REFERER") redirect_to :back else controller, action = active_admin_namespace.root_to.split("#") redirect_to :controller => controller, :action => action end end format.csv { render :text => , :status => :unauthorized} format.json { render :json => { :error => }, :status => :unauthorized} format.xml { render :xml => "<error>#{}</error>", :status => :unauthorized} end end |