Module: ActiveAdmin::BaseController::Authorization

Extended by:

ActiveSupport::Concern

Includes:

MethodOrProcHelper

Included in:

ActiveAdmin::BaseController

Defined in:

lib/active_admin/base_controller/authorization.rb

Constant Summary

ACTIONS_DICTIONARY =

{
  :index   => ActiveAdmin::Authorization::READ,
  :show    => ActiveAdmin::Authorization::READ,
  :new     => ActiveAdmin::Authorization::CREATE,
  :create  => ActiveAdmin::Authorization::CREATE,
  :edit    => ActiveAdmin::Authorization::UPDATE,
  :update  => ActiveAdmin::Authorization::UPDATE,
  :destroy => ActiveAdmin::Authorization::DESTROY
}

Instance Method Summary

• #action_to_permission(action) ⇒ Object protected

  Converts a controller action into one of the correct Active Admin authorization names.

• #active_admin_authorization ⇒ Object protected

  Retrieve or instantiate the authorization instance for this resource.

• #active_admin_authorization_adapter ⇒ Object protected

  Returns the class to be used as the authorization adapter.

• #authorize!(action, subject = nil) ⇒ Object protected

  Authorize the action and subject.

• #authorize_resource!(resource) ⇒ Object protected

  Performs authorization on the resource using the current controller action as the permission action.

• #authorized?(action, subject = nil) ⇒ Boolean protected

  Authorize the action and subject.

• #dispatch_active_admin_access_denied(exception) ⇒ Object protected
• #rescue_active_admin_access_denied(exception) ⇒ Object protected

Methods included from MethodOrProcHelper

#call_method_or_exec_proc, #call_method_or_proc_on, #render_in_context, #render_or_call_method_or_proc_on

Instance Method Details

#action_to_permission(action) ⇒ Object (protected)

Converts a controller action into one of the correct Active Admin authorization names. Uses the ACTIONS_DICTIONARY to convert the action name to permission.

Parameters:

• action (String, Symbol) —

  The controller action name.

# File 'lib/active_admin/base_controller/authorization.rb', line 114

def action_to_permission(action)
  return nil unless action

  action = action.to_sym

  if Authorization::ACTIONS_DICTIONARY.has_key?(action)
    Authorization::ACTIONS_DICTIONARY[action]
  else
    action
  end
end

#active_admin_authorization ⇒ Object (protected)

Retrieve or instantiate the authorization instance for this resource

# File 'lib/active_admin/base_controller/authorization.rb', line 92

def active_admin_authorization
  @active_admin_authorization ||= active_admin_authorization_adapter.new(active_admin_config, current_active_admin_user)
end

#active_admin_authorization_adapter ⇒ Object (protected)

Returns the class to be used as the authorization adapter

# File 'lib/active_admin/base_controller/authorization.rb', line 99

def active_admin_authorization_adapter
  if active_admin_namespace.authorization_adapter.is_a?(String)
    ActiveSupport::Dependencies.constantize(active_admin_namespace.authorization_adapter)
  else
    active_admin_namespace.authorization_adapter
  end
end

#authorize!(action, subject = nil) ⇒ Object (protected)

Authorize the action and subject. Available in the controller as well as all the views. If the action is not allowd, it raises an ActiveAdmin::AccessDenied exception.

Parameters:

• action (Symbol) —

  The action to check if the user has permission to perform on the subject.

• subject (any) (defaults to: nil) —

  The subject that the user is trying to perform the action on.

# File 'lib/active_admin/base_controller/authorization.rb', line 73

def authorize!(action, subject = nil)
  unless authorized? action, subject
    raise ActiveAdmin::AccessDenied.new(current_active_admin_user,
                                        action,
                                        subject)
  end
end

#authorize_resource!(resource) ⇒ Object (protected)

Performs authorization on the resource using the current controller action as the permission action.

# File 'lib/active_admin/base_controller/authorization.rb', line 84

def authorize_resource!(resource)
  permission = action_to_permission(params[:action])
  authorize! permission, resource
end

#authorized?(action, subject = nil) ⇒ Boolean (protected)

Authorize the action and subject. Available in the controller as well as all the views.

Parameters:

• action (Symbol) —

  The action to check if the user has permission to perform on the subject.

• subject (any) (defaults to: nil) —

  The subject that the user is trying to perform the action on.

Returns:

• (Boolean)

# File 'lib/active_admin/base_controller/authorization.rb', line 56

def authorized?(action, subject = nil)
  active_admin_authorization.authorized?(action, subject)
end

#dispatch_active_admin_access_denied(exception) ⇒ Object (protected)

# File 'lib/active_admin/base_controller/authorization.rb', line 126

def dispatch_active_admin_access_denied(exception)
  call_method_or_exec_proc active_admin_namespace.on_unauthorized_access, exception
end

#rescue_active_admin_access_denied(exception) ⇒ Object (protected)

# File 'lib/active_admin/base_controller/authorization.rb', line 130

def rescue_active_admin_access_denied(exception)
  error_message = exception.message

  respond_to do |format|
    format.html do
      flash[:error] = error_message

      if request.headers.key?("HTTP_REFERER")
        redirect_to :back
      else
        controller, action = active_admin_namespace.root_to.split("#")
        redirect_to :controller => controller, :action => action
      end
    end

    format.csv { render :text => error_message, :status => :unauthorized}
    format.json { render :json => { :error => error_message }, :status => :unauthorized}
    format.xml { render :xml => "<error>#{error_message}</error>", :status => :unauthorized}
  end
end