Class: Panda::Core::PermissionRegistry

Inherits:
Object
  • Object
show all
Defined in:
lib/panda/core/permission_registry.rb

Overview

Registry for controller-level permission requirements.

Gems and host apps register which permissions are needed for each controller action. The AdminAuthorization concern reads this registry at request time to enforce access control.

Usage

# In a gem engine (config.to_prepare or initializer):
Panda::Core::PermissionRegistry.register(
"Panda::CMS::Admin::PagesController",
index: :edit_content,
edit: :edit_content,
destroy: :delete_content
)

# In a host app initializer:
Panda::Core::PermissionRegistry.register(
"Admin::HealthcareProvidersController",
index: :manage_providers,
destroy: :manage_providers
)

Actions not registered are allowed for any authenticated admin user. Controllers not registered are also allowed (open by default).

How enforcement works

The AdminAuthorization concern calls PermissionRegistry.permission_for to look up the required permission, then delegates to authorize! (from Authorizable) which checks config.authorization_policy.

Without panda-cms-pro, the default policy is user.admin? — so only admins pass permission checks. With Pro loaded, the policy uses the role system, allowing non-admin users with the right permissions.

Class Method Summary collapse

Class Method Details

.allHash

Return the full registry (deep copy).

Returns:

  • (Hash)


72
73
74
# File 'lib/panda/core/permission_registry.rb', line 72

def all
  registry.transform_values(&:dup)
end

.permission_for(controller_name, action) ⇒ Symbol?

Look up the required permission for a specific controller action.

Parameters:

  • controller_name (String)

    Fully-qualified controller class name

  • action (Symbol)

    The controller action name

Returns:

  • (Symbol, nil)

    The required permission key, or nil if not registered



58
59
60
# File 'lib/panda/core/permission_registry.rb', line 58

def permission_for(controller_name, action)
  registry.dig(controller_name, action)
end

.permissions_for(controller_name) ⇒ Hash{Symbol => Symbol}?

Return all registered permissions for a controller.

Parameters:

  • controller_name (String)

    Fully-qualified controller class name

Returns:

  • (Hash{Symbol => Symbol}, nil)

    action → permission_key mapping



66
67
68
# File 'lib/panda/core/permission_registry.rb', line 66

def permissions_for(controller_name)
  registry[controller_name]
end

.register(controller_name, **permissions) ⇒ Object

Register permission requirements for a controller.

Merges with any previously registered permissions for the same controller, so multiple gems can contribute to the same controller.

Parameters:

  • controller_name (String)

    Fully-qualified controller class name

  • permissions (Hash{Symbol => Symbol})

    action → permission_key mapping



49
50
51
# File 'lib/panda/core/permission_registry.rb', line 49

def register(controller_name, **permissions)
  registry[controller_name] = (registry[controller_name] || {}).merge(permissions)
end

.reset!Object

Clear all registrations (for test isolation).



77
78
79
# File 'lib/panda/core/permission_registry.rb', line 77

def reset!
  @registry = {}
end