Class: RubyUIAdmin::Authorization::CanCanCanAdapter
- Defined in:
- lib/ruby_ui_admin/authorization/can_can_can_adapter.rb
Overview
CanCanCan-backed adapter. Maps the admin's CRUD rules onto Ability#can?(action, subject) and
the index scope onto relation.accessible_by(ability).
⚠️ PARTIAL by design (CanCanCan is action/subject-based, not policy-class-based):
* No `policy_class` — a single global Ability (`config.cancancan_ability_class`, default
`Ability`) decides everything; `authorization_policy` per resource is ignored.
* **No field-level authorization** — CanCanCan has no per-rule "is it defined?" concept, so
`defines_rule?`/`has_rule?` return false (every field stays visible). Use action_policy or
Pundit if you need field-level rules.
* **`explicit_authorization` has no effect** — CanCanCan denies whatever the Ability doesn't
grant; there's no `manage?`/undefined-rule fallback. Grant access in your Ability.
* `true_user` (impersonation) is not passed to the Ability.
* The index scope follows the Ability's rules for the action (e.g. `can :read, Post, ...`);
with no matching rule it resolves to an empty relation, the CanCanCan way.
Instance Attribute Summary
Attributes inherited from Adapter
Instance Method Summary collapse
- #apply_policy(scope) ⇒ Object
- #authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
- #defines_rule?(_rule) ⇒ Boolean
-
#has_rule?(_rule, record: nil) ⇒ Boolean
Field-level authorization is not supported by CanCanCan (no per-rule definition concept).
Methods inherited from Adapter
#allowed?, #initialize, #set_record, #true_user
Constructor Details
This class inherits a constructor from RubyUIAdmin::Authorization::Adapter
Instance Method Details
#apply_policy(scope) ⇒ Object
40 41 42 43 44 45 46 |
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 40 def apply_policy(scope) return scope unless RubyUIAdmin.configuration. scope.accessible_by(ability) rescue CanCan::Error scope end |
#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 26 def (rule, record: nil, raise_exception: true) return true unless RubyUIAdmin.configuration. target = record.nil? ? @record : record action = cancan_action(rule) result = ability.can?(action, target) if !result && raise_exception raise NotAuthorizedError, "Not authorized to #{action} on #{target.inspect}" end result end |
#defines_rule?(_rule) ⇒ Boolean
51 |
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 51 def defines_rule?(_rule) = false |
#has_rule?(_rule, record: nil) ⇒ Boolean
Field-level authorization is not supported by CanCanCan (no per-rule definition concept).
49 |
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 49 def has_rule?(_rule, record: nil) = false |