bf4 · October 14, 2017 15:15 · saroar · Oct 14, 2017
diff --git a/ability.rb b/ability.rb
 class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.has_role? :admin # rolify
      can :manage, :all
      can :access, :ckeditor
      # Performed checks for actions:
      can [:read, :create, :destroy], Ckeditor::Picture
      can [:read, :create, :destroy], Ckeditor::AttachmentFile
    else
      # see https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md#using-the-cancan-adapter
      cannot :manage, ActiveAdmin::Page
    end
    # Define abilities for the passed in user here. For example:
    #
    #   user ||= User.new # guest user (not logged in)
    #   if user.admin?
    #     can :manage, :all
    #   else
    #     can :read, :all
    #   end
    #
    # The first argument to `can` is the action you are giving the user permission to do.
    # If you pass :manage it will apply to every action. Other common actions here are
    # :read, :create, :update and :destroy.
    #
    # The second argument is the resource the user can perform the action on. If you pass
    # :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
    #
    # The third argument is an optional hash of conditions to further filter the objects.
    # For example, here the user can only update published articles.
    #
    #   can :update, Article, :published => true
    #
    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
  end
 end
diff --git a/active_admin_authorization_adapter.rb b/active_admin_authorization_adapter.rb
 require 'cancan'

 # Add a setting to the application to configure the ability
 ActiveAdmin::Application.inheritable_setting :cancan_ability_class, "Ability"



  class ActiveAdminAuthorizationAdapter < ActiveAdmin::AuthorizationAdapter

    def authorized?(action, subject = nil)
      cancan_ability.can?(action, subject) || fail(CanCan::AccessDenied.new)
    end

    def cancan_ability
      @cancan_ability ||= initialize_cancan_ability
    end

    def scope_collection(collection)
      collection.accessible_by(cancan_ability)
    end

    private

    # The setting allows the class to be stored as a string
    # to enable reloading in development.
    def initialize_cancan_ability
      ability_class_name = resource.namespace.cancan_ability_class

      if ability_class_name.is_a?(String)
        ability_class = ActiveSupport::Dependencies.constantize(ability_class_name)
      else
        ability_class = ability_class_name
      end

      ability_class.new(user)
    end

  end

diff --git a/active_admin_initializer.rb b/active_admin_initializer.rb
  # == User Authentication
  #
  # Active Admin will automatically call an authentication
  # method in a before filter of all controller actions to
  # ensure that there is a currently logged in admin user.
  #
  # This setting changes the method which Active Admin calls
  # within the controller.
  config.authentication_method = :authenticate_user!
  # https://github.com/gregbell/active_admin/blob/master/lib/active_admin/authorization_adapter.rb
  # https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md
  # https://github.com/gregbell/active_admin/blob/master/lib/active_admin/application.rb
  require Rails.root.join('lib/active_admin_authorization_adapter')
  config.authorization_adapter = 'ActiveAdminAuthorizationAdapter'
  # config.cancan_ability_class = "Ability"
  # config.namespace :admin do |ns|
  #   ns.authorization_adapter = "AdminAuthorization"
  # end
  # class OnlyAdmins < ActiveAdmin::AuthorizationAdapter
  #   def authorized?(action, subject = nil)
  #     user.admin?
  #   end

  # end
diff --git a/application_controller.rb b/application_controller.rb
 rescue_from CanCan::AccessDenied do |exception|
  redirect_to root_path, :alert => exception.message
 end
diff --git a/user.rb b/user.rb
 # role = 'admin'
 # Role.find_or_create_by_name({ :name => role }, :without_protection => true)
 # user.add_role :admin
 class User < ActiveRecord::Base
  rolify
 end
	class Ability
	include CanCan::Ability

	def initialize(user)
	user \|\|= User.new # guest user (not logged in)
	if user.has_role? :admin # rolify
	can :manage, :all
	can :access, :ckeditor
	# Performed checks for actions:
	can [:read, :create, :destroy], Ckeditor::Picture
	can [:read, :create, :destroy], Ckeditor::AttachmentFile
	else
	# see https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md#using-the-cancan-adapter
	cannot :manage, ActiveAdmin::Page
	end
	# Define abilities for the passed in user here. For example:
	#
	# user \|\|= User.new # guest user (not logged in)
	# if user.admin?
	# can :manage, :all
	# else
	# can :read, :all
	# end
	#
	# The first argument to `can` is the action you are giving the user permission to do.
	# If you pass :manage it will apply to every action. Other common actions here are
	# :read, :create, :update and :destroy.
	#
	# The second argument is the resource the user can perform the action on. If you pass
	# :all it will apply to every resource. Otherwise pass a Ruby class of the resource.
	#
	# The third argument is an optional hash of conditions to further filter the objects.
	# For example, here the user can only update published articles.
	#
	# can :update, Article, :published => true
	#
	# See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
	end
	end
	require 'cancan'

	# Add a setting to the application to configure the ability
	ActiveAdmin::Application.inheritable_setting :cancan_ability_class, "Ability"



	class ActiveAdminAuthorizationAdapter < ActiveAdmin::AuthorizationAdapter

	def authorized?(action, subject = nil)
	cancan_ability.can?(action, subject) \|\| fail(CanCan::AccessDenied.new)
	end

	def cancan_ability
	@cancan_ability \|\|= initialize_cancan_ability
	end

	def scope_collection(collection)
	collection.accessible_by(cancan_ability)
	end

	private

	# The setting allows the class to be stored as a string
	# to enable reloading in development.
	def initialize_cancan_ability
	ability_class_name = resource.namespace.cancan_ability_class

	if ability_class_name.is_a?(String)
	ability_class = ActiveSupport::Dependencies.constantize(ability_class_name)
	else
	ability_class = ability_class_name
	end

	ability_class.new(user)
	end

	end
	# == User Authentication
	#
	# Active Admin will automatically call an authentication
	# method in a before filter of all controller actions to
	# ensure that there is a currently logged in admin user.
	#
	# This setting changes the method which Active Admin calls
	# within the controller.
	config.authentication_method = :authenticate_user!
	# https://github.com/gregbell/active_admin/blob/master/lib/active_admin/authorization_adapter.rb
	# https://github.com/gregbell/active_admin/blob/master/docs/13-authorization-adapter.md
	# https://github.com/gregbell/active_admin/blob/master/lib/active_admin/application.rb
	require Rails.root.join('lib/active_admin_authorization_adapter')
	config.authorization_adapter = 'ActiveAdminAuthorizationAdapter'
	# config.cancan_ability_class = "Ability"
	# config.namespace :admin do \|ns\|
	# ns.authorization_adapter = "AdminAuthorization"
	# end
	# class OnlyAdmins < ActiveAdmin::AuthorizationAdapter
	# def authorized?(action, subject = nil)
	# user.admin?
	# end

	# end
	rescue_from CanCan::AccessDenied do \|exception\|
	redirect_to root_path, :alert => exception.message
	end
	# role = 'admin'
	# Role.find_or_create_by_name({ :name => role }, :without_protection => true)
	# user.add_role :admin
	class User < ActiveRecord::Base
	rolify
	end