Skip to content

Instantly share code, notes, and snippets.

@bf4
Last active October 14, 2017 15:15
Show Gist options
  • Save bf4/5397990 to your computer and use it in GitHub Desktop.
Save bf4/5397990 to your computer and use it in GitHub Desktop.
Cancan, rolify, and active admin
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.has_role? :admin # rolify
can :manage, :all
can :access, :ckeditor
# Performed checks for actions:
can [:read, :create, :destroy], Ckeditor::Picture
can [:read, :create, :destroy], Ckeditor::AttachmentFile
else
# see https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md#using-the-cancan-adapter
cannot :manage, ActiveAdmin::Page
end
# Define abilities for the passed in user here. For example:
#
# user ||= User.new # guest user (not logged in)
# if user.admin?
# can :manage, :all
# else
# can :read, :all
# end
#
# The first argument to `can` is the action you are giving the user permission to do.
# If you pass :manage it will apply to every action. Other common actions here are
# :read, :create, :update and :destroy.
#
# The second argument is the resource the user can perform the action on. If you pass
# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
#
# The third argument is an optional hash of conditions to further filter the objects.
# For example, here the user can only update published articles.
#
# can :update, Article, :published => true
#
# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
end
end
require 'cancan'
# Add a setting to the application to configure the ability
ActiveAdmin::Application.inheritable_setting :cancan_ability_class, "Ability"
class ActiveAdminAuthorizationAdapter < ActiveAdmin::AuthorizationAdapter
def authorized?(action, subject = nil)
cancan_ability.can?(action, subject) || fail(CanCan::AccessDenied.new)
end
def cancan_ability
@cancan_ability ||= initialize_cancan_ability
end
def scope_collection(collection)
collection.accessible_by(cancan_ability)
end
private
# The setting allows the class to be stored as a string
# to enable reloading in development.
def initialize_cancan_ability
ability_class_name = resource.namespace.cancan_ability_class
if ability_class_name.is_a?(String)
ability_class = ActiveSupport::Dependencies.constantize(ability_class_name)
else
ability_class = ability_class_name
end
ability_class.new(user)
end
end
# == User Authentication
#
# Active Admin will automatically call an authentication
# method in a before filter of all controller actions to
# ensure that there is a currently logged in admin user.
#
# This setting changes the method which Active Admin calls
# within the controller.
config.authentication_method = :authenticate_user!
# https://github.com/gregbell/active_admin/blob/master/lib/active_admin/authorization_adapter.rb
# https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md
# https://github.com/gregbell/active_admin/blob/master/lib/active_admin/application.rb
require Rails.root.join('lib/active_admin_authorization_adapter')
config.authorization_adapter = 'ActiveAdminAuthorizationAdapter'
# config.cancan_ability_class = "Ability"
# config.namespace :admin do |ns|
# ns.authorization_adapter = "AdminAuthorization"
# end
# class OnlyAdmins < ActiveAdmin::AuthorizationAdapter
# def authorized?(action, subject = nil)
# user.admin?
# end
# end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_path, :alert => exception.message
end
# role = 'admin'
# Role.find_or_create_by_name({ :name => role }, :without_protection => true)
# user.add_role :admin
class User < ActiveRecord::Base
rolify
end
@saroar
Copy link

saroar commented Oct 14, 2017

ArgumentError (wrong number of arguments (given 2, expected 1)):

lib/active_admin_authorization_adapter.rb:15:in `scope_collection'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment