Class: RailsAdmin::Extensions::CanCanCan::AuthorizationAdapter

Inherits:
Object
  • Object
show all
Defined in:
lib/rails_admin/extensions/cancancan/authorization_adapter.rb

Overview

This adapter is for the CanCanCan[https://github.com/CanCanCommunity/cancancan] authorization library.

Defined Under Namespace

Modules: ControllerExtension

Instance Method Summary collapse

Constructor Details

#initialize(controller, ability = ::Ability) ⇒ AuthorizationAdapter

See the +authorize_with+ config method for where the initialization happens.


7
8
9
10
11
12
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 7

def initialize(controller, ability = ::Ability)
  @controller = controller
  @controller.instance_variable_set '@ability', ability
  @controller.extend ControllerExtension
  @controller.current_ability.authorize! :access, :rails_admin
end

Instance Method Details

#attributes_for(action, abstract_model) ⇒ Object

This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.


41
42
43
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 41

def attributes_for(action, abstract_model)
  @controller.current_ability.attributes_for(action, abstract_model && abstract_model.model)
end

#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object

This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.


19
20
21
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 19

def authorize(action, abstract_model = nil, model_object = nil)
  @controller.current_ability.authorize!(action, model_object || abstract_model && abstract_model.model) if action
end

#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean

This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as +authorize+. The difference is that this will return a boolean whereas +authorize+ will raise an exception when not authorized.


27
28
29
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 27

def authorized?(action, abstract_model = nil, model_object = nil)
  @controller.current_ability.can?(action, model_object || abstract_model && abstract_model.model) if action
end

#query(action, abstract_model) ⇒ Object

This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.


34
35
36
# File 'lib/rails_admin/extensions/cancancan/authorization_adapter.rb', line 34

def query(action, abstract_model)
  abstract_model.model.accessible_by(@controller.current_ability, action)
end