Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AA, Devise and Pundit not playing well together at all. #4264

Closed
jasper502 opened this issue Jan 8, 2016 · 3 comments
Closed

AA, Devise and Pundit not playing well together at all. #4264

jasper502 opened this issue Jan 8, 2016 · 3 comments

Comments

@jasper502
Copy link

Pulling my hair out over this - all the gory details are here:

http://stackoverflow.com/questions/34664645/active-admin-devise-and-pundit-punditpolicyscopingnotperformederror

I wanted to confirm I am not making matters worse with the legacy code in my existing app so I created a couple of dummy apps:

https://github.com/jasper502/aa_with_pundit (with a Admin User class)
https://github.com/jasper502/aa_with_pundit_user (with a single User class)

From what I can tell so far it looks to me (as an admitted novice programmer) that the Pundit adapter is not calling scoping or authorization at all and when you override it the main app policies are used not the /active_admin policies. I could only get the scoping and authorization to load with (Post model):

before_filter :only => [:index] do
    policy_scope(collection)
    authorize collection
end

before_filter :except => [:index] do
  authorize resource
end

and even then /admin/posts loads the /policies/post_policy.rb vs /policies/active_admin/post_policy.rb.

If I am missing something obvious here please let me know.

On a side Note I also added a dashboard controller override to eliminate Pundit wanting to scope the Dashboard.
@timoschilling
Copy link
Member

That the /policies/post_policy.rb is loaded is right, your model is Post so the policy is PostPolicy and not ActiveAdmin::Post.

And yes ActiveAdmin don't use the Pundit Scopes (the same as by cancan btw.). The problem at this point is that you can write your own scopes in the ActiveAdmin interface, which can overwrite the Pundit scopes.

class PostPolicy < ApplicationPolicy
  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      if user.admin?
        scope.all
      else
        scope.where(:published => true)
      end
    end
  end
end

ActiveAdmin.register Post do
  scope :all
  scope :published, -> { where(:published => true) }
  scope :unpublished, -> { where(:published => false) }
end

The only ActiveAdmin which now will work well is the published scope.

I think thats the may reason why ActiveAdmin don't use the cancan / pundit scopes.

@jasper502
Copy link
Author

Ok... From all the googling I did I thought that the active_admin policies would get loaded instead.

Also policy_scope is still not getting called by the pundit adapter.

@timoschilling
Copy link
Member

Yes policy_scope is not supported, but you can build it into scoped_collection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timoschilling @jasper502