class RailsAdmin::Extensions::CanCanCan::AuthorizationAdapter

This adapter is for the CanCanCan authorization library.

Public Class Methods

new(controller, ability = nil, &block) click to toggle source

See the authorize_with config method for where the initialization happens.

# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 23
def initialize(controller, ability = nil, &block)
  @controller = controller
  ability_class { ability } if ability
  instance_eval(&block) if block

  adapter = self
  ControllerExtension.define_method(:ability_class) do
    adapter.ability_class
  end
  @controller.current_ability.authorize! :access, :rails_admin
end
setup() click to toggle source
# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 18
def self.setup
  RailsAdmin::Extensions::ControllerExtension.include ControllerExtension
end

Public Instance Methods

attributes_for(action, abstract_model) click to toggle source

This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.

# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 72
def attributes_for(action, abstract_model)
  @controller.current_ability.attributes_for(action, abstract_model&.model)
end
authorize(action, abstract_model = nil, model_object = nil) click to toggle source

This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.

# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 44
def authorize(action, abstract_model = nil, model_object = nil)
  return unless action

  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.authorize!(action, subject)
end
authorized?(action, abstract_model = nil, model_object = nil) click to toggle source

This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as authorize. The difference is that this will return a boolean whereas authorize will raise an exception when not authorized.

# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 55
def authorized?(action, abstract_model = nil, model_object = nil)
  return unless action

  action, subject = resolve_action_and_subject(action, abstract_model, model_object)
  @controller.current_ability.can?(action, subject)
end
query(action, abstract_model) click to toggle source

This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.

# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 65
def query(action, abstract_model)
  abstract_model.model.accessible_by(@controller.current_ability, action)
end

Private Instance Methods

resolve_action_and_subject(action, abstract_model, model_object) click to toggle source
# File lib/rails_admin/extensions/cancancan/authorization_adapter.rb, line 78
def resolve_action_and_subject(action, abstract_model, model_object)
  subject = model_object || abstract_model&.model
  if subject
    [action, subject]
  else
    # For :dashboard compatibility
    [:read, action]
  end
end