Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Add Authorization Adapter & Default CanCan Adapter #1817

Merged
merged 16 commits into from

6 participants

@pcreux
Collaborator

Add an Authorization mechanism to ActiveAdmin.

@pcreux pcreux commented on the diff
spec/unit/authorization/controller_authorization_spec.rb
@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe Admin::PostsController, "Controller Authorization", :type => :controller do
+
+ let(:user) { AdminUser.create!(:email => "example@admin.com", :password => "password", :password_confirmation => "password") }
+ let(:app) { ActiveAdmin.application }
+ let(:authorization){ controller.send(:active_admin_authorization) }
+
+ before do
+ # TODO: Get these tests passing...
@pcreux Collaborator
pcreux added a note

@gregbell #todo! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@malachaifrazier

+1 for this!

Joshua Collins and others added some commits
Joshua Collins authorization_adapter documentation additions 2c85228
@gregbell gregbell Added #normalized to help in simple matching in auth adapters.
The `#authorized?` method's subject can be set to both instances as well
as classes of objects. This can make it much difficult to create simple
case statements for authorization since you have to handle both the
class level match and the instance level match.

For example:

    class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter

      def authorized?(action, subject = nil)
        case subject
        when Post
          true
        when Class
          if subject == Post
            true
          end
        end
      end

    end

To handle this, the normalized method takes care of returning a lambda
which implements `===` to be matched in a case statement.

The above now becomes:

    class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter

      def authorized?(action, subject = nil)
        case subject
        when normalized(Post)
          true
        end
      end

    end
1110f16
@gregbell gregbell Added additional docs 7ac4547
@gregbell gregbell Merge branch 'authorization-documentation' into authorization-adapter 14fb97b
@gregbell gregbell Added authorization docs for Actions and Authorization methods 26c306f
@gregbell gregbell Added support for #normalized matcher in ruby 1.8
Ruby 1.8 Proc's do not implement === like they do in Ruby 1.9. Instead
of using a Proc, we now implement our own matching class with ===.
4ca013a
@gregbell gregbell Merge branch 'master' into authorization-adapter 16f4852
@gregbell
Owner

The build was killed on TravisCI even though it looks like it would have passed.

https://travis-ci.org/gregbell/active_admin/builds/3762599

gregbell added some commits
@gregbell gregbell Merge branch 'master' into authorization-adapter
Conflicts:
	lib/active_admin/page_controller.rb
	lib/active_admin/resource_controller/collection.rb
	spec/unit/resource_controller/data_access_spec.rb
b7f60f2
@gregbell gregbell Implemented configurable access denied handling.
* Added config.on_unauthorized_access to the inheritable configurations
  for Active Admin.
* Added a test suite for MethodOrProcHelper
* Implemented default access denied handling for HTML, JSON, and XML
bb95d3d
lib/active_admin/dsl.rb
@@ -86,7 +86,15 @@ def controller(&block)
def action_item(options = {}, &block)
config.add_action_item(options, &block)
end
-
+
+ def authorization(&block)

@gregbell - I don't see this block used in the code anywhere, I'm guessing usage would be along the lines of:

ActiveAdmin.register Post do
  authorization do
    # what would I be doing here, presumably in the context of the controller or the adapter itself
  end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@macfanatic macfanatic merged commit 948eea5 into from
@TheEricMiller

Greg, really appreciate all of your work on building Active Admin. I have been killing myself and hit a wall trying to get ActiveAdmin to work with a generic CanCan / Devise / Rolify setup.

Was this adapter finalized? Is there a "current" guide to configuring to work with CanCan?

Most of the discussion I have seen on web and here looks to be out of date or duplicate what has been done in this commit.

Thank you so much for any help you can provide!
-E

Hi @TheEricMiller

I haven't used the new authorization system yet, but it certainly helps to read the docs.

There are also a couple CanCan entries in the wiki, but those haven't been updated to match this new auth system.

@seanlinsley seanlinsley deleted the branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 16, 2012
  1. @gregbell
  2. @gregbell

    Added authorization to Pages

    gregbell authored
  3. @gregbell
  4. @gregbell

    Added tests and docs

    gregbell authored
Commits on Dec 5, 2012
  1. @pcreux

    Fix error message

    pcreux authored
Commits on Dec 17, 2012
  1. authorization_adapter documentation additions

    Joshua Collins authored
Commits on Dec 20, 2012
  1. @gregbell

    Added #normalized to help in simple matching in auth adapters.

    gregbell authored
    The `#authorized?` method's subject can be set to both instances as well
    as classes of objects. This can make it much difficult to create simple
    case statements for authorization since you have to handle both the
    class level match and the instance level match.
    
    For example:
    
        class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter
    
          def authorized?(action, subject = nil)
            case subject
            when Post
              true
            when Class
              if subject == Post
                true
              end
            end
          end
    
        end
    
    To handle this, the normalized method takes care of returning a lambda
    which implements `===` to be matched in a case statement.
    
    The above now becomes:
    
        class MyAuthAdapter < ActiveAdmin::AuthorizationAdapter
    
          def authorized?(action, subject = nil)
            case subject
            when normalized(Post)
              true
            end
          end
    
        end
  2. @gregbell

    Added additional docs

    gregbell authored
  3. @gregbell
  4. @gregbell
  5. @gregbell

    Added support for #normalized matcher in ruby 1.8

    gregbell authored
    Ruby 1.8 Proc's do not implement === like they do in Ruby 1.9. Instead
    of using a Proc, we now implement our own matching class with ===.
  6. @gregbell
Commits on Jan 15, 2013
  1. @gregbell

    Merge branch 'master' into authorization-adapter

    gregbell authored
    Conflicts:
    	lib/active_admin/page_controller.rb
    	lib/active_admin/resource_controller/collection.rb
    	spec/unit/resource_controller/data_access_spec.rb
Commits on Jan 16, 2013
  1. @gregbell

    Implemented configurable access denied handling.

    gregbell authored
    * Added config.on_unauthorized_access to the inheritable configurations
      for Active Admin.
    * Added a test suite for MethodOrProcHelper
    * Implemented default access denied handling for HTML, JSON, and XML
Commits on Mar 1, 2013
  1. @macfanatic
Commits on Mar 4, 2013
  1. @macfanatic
Something went wrong with that request. Please try again.