Module: Panda::Core::AdminAuthorization
- Extended by:
- ActiveSupport::Concern
- Included in:
- Panda::Core::Admin::BaseController
- Defined in:
- app/controllers/concerns/panda/core/admin_authorization.rb
Overview
Automatic permission enforcement for admin controllers.
Reads from PermissionRegistry to determine which permission is required
for the current controller action, then delegates to authorize! (from
Authorizable) to check the configured authorization_policy.
This concern is included in Panda::Core::Admin::BaseController so all admin controllers automatically get permission enforcement. No per-controller configuration is needed — just register permissions in the registry.
Admin users (+user.admin?+) bypass all checks via Panda::Core::Authorizable#authorize!.
Behavior for unmapped controllers/actions
- Controller not in registry → access allowed (open by default)
- Action not in registry → access allowed
- Action mapped →
authorize!(permission_key)is called
Example
# Register permissions (in an engine or initializer):
Panda::Core::PermissionRegistry.register(
"Panda::CMS::Admin::PagesController",
index: :edit_content, destroy: :delete_content
)
# Enforcement happens automatically via before_action