Class: Panda::Core::PermissionRegistry
- Inherits:
-
Object
- Object
- Panda::Core::PermissionRegistry
- Defined in:
- lib/panda/core/permission_registry.rb
Overview
Registry for controller-level permission requirements.
Gems and host apps register which permissions are needed for each controller action. The AdminAuthorization concern reads this registry at request time to enforce access control.
Usage
# In a gem engine (config.to_prepare or initializer):
Panda::Core::PermissionRegistry.register(
"Panda::CMS::Admin::PagesController",
index: :edit_content,
edit: :edit_content,
destroy: :delete_content
)
# In a host app initializer:
Panda::Core::PermissionRegistry.register(
"Admin::HealthcareProvidersController",
index: :manage_providers,
destroy: :manage_providers
)
Actions not registered are allowed for any authenticated admin user. Controllers not registered are also allowed (open by default).
How enforcement works
The AdminAuthorization concern calls PermissionRegistry.permission_for to look up
the required permission, then delegates to authorize! (from
Authorizable) which checks config.authorization_policy.
Without panda-cms-pro, the default policy is user.admin? — so only
admins pass permission checks. With Pro loaded, the policy uses the
role system, allowing non-admin users with the right permissions.
Class Method Summary collapse
-
.all ⇒ Hash
Return the full registry (deep copy).
-
.permission_for(controller_name, action) ⇒ Symbol?
Look up the required permission for a specific controller action.
-
.permissions_for(controller_name) ⇒ Hash{Symbol => Symbol}?
Return all registered permissions for a controller.
-
.register(controller_name, **permissions) ⇒ Object
Register permission requirements for a controller.
-
.reset! ⇒ Object
Clear all registrations (for test isolation).
Class Method Details
.all ⇒ Hash
Return the full registry (deep copy).
72 73 74 |
# File 'lib/panda/core/permission_registry.rb', line 72 def all registry.transform_values(&:dup) end |
.permission_for(controller_name, action) ⇒ Symbol?
Look up the required permission for a specific controller action.
58 59 60 |
# File 'lib/panda/core/permission_registry.rb', line 58 def (controller_name, action) registry.dig(controller_name, action) end |
.permissions_for(controller_name) ⇒ Hash{Symbol => Symbol}?
Return all registered permissions for a controller.
66 67 68 |
# File 'lib/panda/core/permission_registry.rb', line 66 def (controller_name) registry[controller_name] end |
.register(controller_name, **permissions) ⇒ Object
Register permission requirements for a controller.
Merges with any previously registered permissions for the same controller, so multiple gems can contribute to the same controller.
49 50 51 |
# File 'lib/panda/core/permission_registry.rb', line 49 def register(controller_name, **) registry[controller_name] = (registry[controller_name] || {}).merge() end |
.reset! ⇒ Object
Clear all registrations (for test isolation).
77 78 79 |
# File 'lib/panda/core/permission_registry.rb', line 77 def reset! @registry = {} end |