Revisions
-
watson revised this gist
Mar 14, 2012 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ # app/admin/foobars.rb ActiveAdmin.register Foobar do # This will authorize the Foobar class # The authorization is done using the AdminAbility class controller.authorize_resource end -
watson revised this gist
Mar 13, 2012 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,16 +12,16 @@ def initialize(user) # - Moderator # - Manager # An editor can do the following: can :manage, Foobar can :read, SomeOtherModel # A moderator can do the following: if user.role?('moderator') can :manage, SomeOtherModel end # A manager can do the following: if user.role?('manager') can :manage, SomeThirdModel end -
watson revised this gist
Oct 5, 2011 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,7 @@ ActiveAdmin.setup do |config| # You don't need to modify any settings here to get CanCan to work # Just remember to add CanCan to your Gemfile # ... end -
watson revised this gist
Oct 5, 2011 . 4 changed files with 4 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,4 +9,4 @@ def initialize(user) can :read, :all end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,5 +16,4 @@ def current_ability @current_ability ||= AdminAbility.new(current_user) end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,4 +26,4 @@ def initialize(user) can :manage, SomeThirdModel end end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,4 +4,4 @@ # This will authorize the SomeModel class # The authorization is done using the AdminAbility class controller.authorize_resource end -
watson created this gist
Oct 5, 2011 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,12 @@ # app/models/ability.rb # All front end users are authorized using this class class Ability include CanCan::Ability def initialize(user) user ||= User.new can :read, :all end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ # config/initializers/active_admin.rb ActiveAdmin.setup do |config| # You don't need to modify any settings here to get CanCan to work # ... end # Below the ActiveAdmin.setup block, I've opened up the ActiveAdmin::ResourceController # and modified the current_ability method to use a special AdminAbility class. # Technically you can put this code almost anywere, but I've added it here because # I think it belongs together with the other Active Admin initializer code. ActiveAdmin::ResourceController.class_eval do protected def current_ability @current_ability ||= AdminAbility.new(current_user) end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,29 @@ # app/models/admin_ability.rb # All back end users (i.e. Active Admin users) are authorized using this class class AdminAbility include CanCan::Ability def initialize(user) user ||= User.new # We operate with three role levels: # - Editor # - Moderator # - Manager # An editor can to the following: can :manage, Foobar can :read, SomeOtherModel # A moderator can to the following: if user.role?('moderator') can :manage, SomeOtherModel end # A manager can to the following: if user.role?('manager') can :manage, SomeThirdModel end end end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,7 @@ # app/admin/foobars.rb ActiveAdmin.register Foobar do # This will authorize the SomeModel class # The authorization is done using the AdminAbility class controller.authorize_resource end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,17 @@ # app/models/user.rb class User < ActiveRecord::Base # The order of the ROLES array is important! # All privileges are inherited from left to right ROLES = %w(editor moderator manager) # Privileges are inherited between roles in the order specified in the ROLES # array. E.g. A moderator can do the same as an editor + more. # # This method understands that and will therefore return true for moderator # users even if you call `role?('editor')`. def role?(base_role) return false unless role # A user have a role attribute. If not set, the user does not have any roles. ROLES.index(base_role.to_s) <= ROLES.index(role) end end