Module: ActiveAdmin::BaseController::Authorization

Extended by:
ActiveSupport::Concern
Includes:
MethodOrProcHelper
Included in:
ActiveAdmin::BaseController
Defined in:
lib/active_admin/base_controller/authorization.rb

Constant Summary collapse

ACTIONS_DICTIONARY =
{
  index:   ActiveAdmin::Authorization::READ,
  show:    ActiveAdmin::Authorization::READ,
  new:     ActiveAdmin::Authorization::CREATE,
  create:  ActiveAdmin::Authorization::CREATE,
  edit:    ActiveAdmin::Authorization::UPDATE,
  update:  ActiveAdmin::Authorization::UPDATE,
  destroy: ActiveAdmin::Authorization::DESTROY
}

Instance Method Summary collapse

Methods included from MethodOrProcHelper

#call_method_or_exec_proc, #call_method_or_proc_on, #render_in_context, #render_or_call_method_or_proc_on

Instance Method Details

#action_to_permission(action) ⇒ Symbol (protected)

Converts a controller action into one of the correct Active Admin authorization names. Uses the ACTIONS_DICTIONARY to convert the action name to permission.

Parameters:

  • action (String, Symbol)

    The controller action name.

Returns:

  • (Symbol)

    The permission name to use.


97
98
99
100
101
# File 'lib/active_admin/base_controller/authorization.rb', line 97

def action_to_permission(action)
  if action && action = action.to_sym
    Authorization::ACTIONS_DICTIONARY[action] || action
  end
end

#active_admin_authorizationActiveAdmin::AuthorizationAdapter (protected)

Retrieve or instantiate the authorization instance for this resource


73
74
75
76
# File 'lib/active_admin/base_controller/authorization.rb', line 73

def active_admin_authorization
  @active_admin_authorization ||=
   active_admin_authorization_adapter.new active_admin_config, current_active_admin_user
end

#active_admin_authorization_adapterClass (protected)

Returns the class to be used as the authorization adapter

Returns:

  • (Class)

81
82
83
84
85
86
87
88
# File 'lib/active_admin/base_controller/authorization.rb', line 81

def active_admin_authorization_adapter
  adapter = active_admin_namespace.authorization_adapter
  if adapter.is_a? String
    ActiveSupport::Dependencies.constantize adapter
  else
    adapter
  end
end

#authorize!(action, subject = nil) ⇒ Boolean (protected)

Authorize the action and subject. Available in the controller as well as all the views. If the action is not allowd, it raises an ActiveAdmin::AccessDenied exception.

Parameters:

  • action (Symbol)

    The action to check if the user has permission to perform on the subject.

  • subject (any) (defaults to: nil)

    The subject that the user is trying to perform the action on.

Returns:

  • (Boolean)

    True if authorized, otherwise raises an ActiveAdmin::AccessDenied.


54
55
56
57
58
59
60
# File 'lib/active_admin/base_controller/authorization.rb', line 54

def authorize!(action, subject = nil)
  unless authorized? action, subject
    raise ActiveAdmin::AccessDenied.new(current_active_admin_user,
                                        action,
                                        subject)
  end
end

#authorize_resource!(resource) ⇒ Object (protected)

Performs authorization on the resource using the current controller action as the permission action.


65
66
67
68
# File 'lib/active_admin/base_controller/authorization.rb', line 65

def authorize_resource!(resource)
  permission = action_to_permission(params[:action])
  authorize! permission, resource
end

#authorized?(action, subject = nil) ⇒ Boolean (protected)

Authorize the action and subject. Available in the controller as well as all the views.

Parameters:

  • action (Symbol)

    The action to check if the user has permission to perform on the subject.

  • subject (any) (defaults to: nil)

    The subject that the user is trying to perform the action on.

Returns:

  • (Boolean)

37
38
39
# File 'lib/active_admin/base_controller/authorization.rb', line 37

def authorized?(action, subject = nil)
  active_admin_authorization.authorized?(action, subject)
end

#dispatch_active_admin_access_denied(exception) ⇒ Object (protected)


103
104
105
# File 'lib/active_admin/base_controller/authorization.rb', line 103

def dispatch_active_admin_access_denied(exception)
  call_method_or_exec_proc active_admin_namespace.on_unauthorized_access, exception
end

#redirect_backwards_or_to_rootObject (protected)


124
125
126
# File 'lib/active_admin/base_controller/authorization.rb', line 124

def redirect_backwards_or_to_root
  ActiveAdmin::Dependency.rails.redirect_back self, active_admin_root
end

#rescue_active_admin_access_denied(exception) ⇒ Object (protected)


107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# File 'lib/active_admin/base_controller/authorization.rb', line 107

def rescue_active_admin_access_denied(exception)
  error = exception.message

  respond_to do |format|
    format.html do
      flash[:error] = error
      redirect_backwards_or_to_root
    end

    body = ActiveAdmin::Dependency.rails.render_key

    format.csv  { render body =>        error,           status: :unauthorized }
    format.json { render json: { error: error },         status: :unauthorized }
    format.xml  { render xml: "<error>#{error}</error>", status: :unauthorized }
  end
end