Class: RubyUIAdmin::Authorization::CanCanCanAdapter

Inherits:
Adapter
  • Object
show all
Defined in:
lib/ruby_ui_admin/authorization/can_can_can_adapter.rb

Overview

CanCanCan-backed adapter. Maps the admin's CRUD rules onto Ability#can?(action, subject) and the index scope onto relation.accessible_by(ability).

⚠️ PARTIAL by design (CanCanCan is action/subject-based, not policy-class-based):

* No `policy_class` — a single global Ability (`config.cancancan_ability_class`, default
`Ability`) decides everything; `authorization_policy` per resource is ignored.
* **No field-level authorization** — CanCanCan has no per-rule "is it defined?" concept, so
`defines_rule?`/`has_rule?` return false (every field stays visible). Use action_policy or
Pundit if you need field-level rules.
* **`explicit_authorization` has no effect** — CanCanCan denies whatever the Ability doesn't
grant; there's no `manage?`/undefined-rule fallback. Grant access in your Ability.
* `true_user` (impersonation) is not passed to the Ability.
* The index scope follows the Ability's rules for the action (e.g. `can :read, Post, ...`);
with no matching rule it resolves to an empty relation, the CanCanCan way.

Instance Attribute Summary

Attributes inherited from Adapter

#policy_class, #record, #user

Instance Method Summary collapse

Methods inherited from Adapter

#allowed?, #initialize, #set_record, #true_user

Constructor Details

This class inherits a constructor from RubyUIAdmin::Authorization::Adapter

Instance Method Details

#apply_policy(scope) ⇒ Object



40
41
42
43
44
45
46
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 40

def apply_policy(scope)
  return scope unless RubyUIAdmin.configuration.authorization_enabled?

  scope.accessible_by(ability)
rescue CanCan::Error
  scope
end

#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object



26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 26

def authorize_action(rule, record: nil, raise_exception: true)
  return true unless RubyUIAdmin.configuration.authorization_enabled?

  target = record.nil? ? @record : record
  action = cancan_action(rule)
  result = ability.can?(action, target)

  if !result && raise_exception
    raise NotAuthorizedError, "Not authorized to #{action} on #{target.inspect}"
  end

  result
end

#defines_rule?(_rule) ⇒ Boolean

Returns:

  • (Boolean)


51
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 51

def defines_rule?(_rule) = false

#has_rule?(_rule, record: nil) ⇒ Boolean

Field-level authorization is not supported by CanCanCan (no per-rule definition concept).

Returns:

  • (Boolean)


49
# File 'lib/ruby_ui_admin/authorization/can_can_can_adapter.rb', line 49

def has_rule?(_rule, record: nil) = false