Class: RailsAdmin::Extensions::CanCanCan::AuthorizationAdapter

Inherits:

Object

• Object
• RailsAdmin::Extensions::CanCanCan::AuthorizationAdapter

Defined in:

lib/rails_admin/extensions/cancancan/authorization_adapter.rb

Overview

This adapter is for the CanCanCan authorization library.

Defined Under Namespace

Modules: ControllerExtension

Instance Method Summary

• #attributes_for(action, abstract_model) ⇒ Object

  This is called in the new/create actions to determine the initial attributes for new records.

• #authorize(action, abstract_model = nil, model_object = nil) ⇒ Object

  This method is called in every controller action and should raise an exception when the authorization fails.

• #authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean

  This method is called primarily from the view to determine whether the given user has access to perform the action on a given model.

• #initialize(controller, ability = ::Ability) ⇒ AuthorizationAdapter constructor

  See the authorize_with config method for where the initialization happens.

• #query(action, abstract_model) ⇒ Object

  This is called when needing to scope a database query.

Constructor Details

#initialize(controller, ability = ::Ability) ⇒ AuthorizationAdapter

See the authorize_with config method for where the initialization happens.

# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 15

def initialize(controller, ability = ::Ability)
  @controller = controller
  @controller.instance_variable_set '@ability', ability
  @controller.extend ControllerExtension
  @controller.current_ability.authorize! :access, :rails_admin
end

Instance Method Details

#attributes_for(action, abstract_model) ⇒ Object

This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.

# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 53

def attributes_for(action, abstract_model)
  @controller.current_ability.attributes_for(action, abstract_model && abstract_model.model)
end

#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object

This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.

# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 27

def authorize(action, abstract_model = nil, model_object = nil)
  return unless action
  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.authorize!(action, subject)
end

#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean

This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as authorize. The difference is that this will return a boolean whereas authorize will raise an exception when not authorized.

Returns:

• (Boolean)

# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 37

def authorized?(action, abstract_model = nil, model_object = nil)
  return unless action
  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.can?(action, subject)
end

#query(action, abstract_model) ⇒ Object

This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.

# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 46

def query(action, abstract_model)
  abstract_model.model.accessible_by(@controller.current_ability, action)
end