class ActiveAdmin::AuthorizationAdapter

Active Admin’s default authorization adapter. This adapter returns true for all requests to ‘#authorized?`. It should be the starting point for implementing your own authorization adapter.

To view an example subclass, check out ‘ActiveAdmin::CanCanAdapter`

Attributes

resource[R]
user[R]

Public Class Methods

new(resource, user) click to toggle source

Initialize a new authorization adapter. This happens on each and every request to a controller.

@param [ActiveAdmin::Resource, ActiveAdmin::Page] resource The resource

that the user is currently on. Note, we may be authorizing access
to a different subject, so don't rely on this other than to
pull configuration information from.

@param [any] user The current user. The user is set to whatever is returned

from `#current_active_admin_user` in the controller.
# File lib/active_admin/authorization_adapter.rb, line 35
def initialize(resource, user)
  @resource = resource
  @user = user
end

Public Instance Methods

authorized?(action, subject = nil) click to toggle source

Returns true of false depending on if the user is authorized to perform the action on the subject.

@param [Symbol] action The name of the action to perform. Usually this will be

one of the `ActiveAdmin::Auth::*` symbols.

@param [any] subject The subject the action is being performed on usually this

is a model object. Note, that this is NOT always in instance, it can be
the class of the subject also. For example, Active Admin uses the class
of the resource to decide if the resource should be displayed in the
global navigation. To deal with this nicely in a case statement, take
a look at `#normalized(klass)`

@return [Boolean]

# File lib/active_admin/authorization_adapter.rb, line 54
def authorized?(action, subject = nil)
  true
end
scope_collection(collection, action = Auth::READ) click to toggle source

A hook method for authorization libraries to scope the collection. By default, we just return the same collection. The returned scope is used as the starting point for all queries to the db in the controller.

@param [ActiveRecord::Relation] collection The collection the user is

attempting to view.

@param [Symbol] action The name of the action to perform. Usually this will be

one of the `ActiveAdmin::Auth::*` symbols. Defaults to `Auth::READ` if
no action passed in.

@return [ActiveRecord::Relation] A new collection, scoped to the

objects that the current user has access to.
# File lib/active_admin/authorization_adapter.rb, line 71
def scope_collection(collection, action = Auth::READ)
  collection
end

Private Instance Methods

normalized(klass) click to toggle source

The ‘#authorized?` method’s subject can be set to both instances as well as classes of objects. This can make it much difficult to create simple case statements for authorization since you have to handle both the class level match and the instance level match.

For example:

class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter

  def authorized?(action, subject = nil)
    case subject
    when Post
      true
    when Class
      if subject == Post
        true
      end
    end
  end

end

To handle this, the normalized method takes care of returning a object which implements ‘===` to be matched in a case statement.

The above now becomes:

class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter

  def authorized?(action, subject = nil)
    case subject
    when normalized(Post)
      true
    end
  end

end
# File lib/active_admin/authorization_adapter.rb, line 114
def normalized(klass)
  NormalizedMatcher.new(klass)
end