Skip to content

Instantly share code, notes, and snippets.

@superacidjax
Forked from watson/ability.rb
Created December 17, 2012 19:01

Revisions

  1. @watson watson revised this gist Mar 14, 2012. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion foobars.rb
    Original file line number Diff line number Diff line change
    @@ -1,7 +1,7 @@
    # app/admin/foobars.rb

    ActiveAdmin.register Foobar do
    # This will authorize the SomeModel class
    # This will authorize the Foobar class
    # The authorization is done using the AdminAbility class
    controller.authorize_resource
    end
  2. @watson watson revised this gist Mar 13, 2012. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions admin_ability.rb
    Original file line number Diff line number Diff line change
    @@ -12,16 +12,16 @@ def initialize(user)
    # - Moderator
    # - Manager

    # An editor can to the following:
    # An editor can do the following:
    can :manage, Foobar
    can :read, SomeOtherModel

    # A moderator can to the following:
    # A moderator can do the following:
    if user.role?('moderator')
    can :manage, SomeOtherModel
    end

    # A manager can to the following:
    # A manager can do the following:
    if user.role?('manager')
    can :manage, SomeThirdModel
    end
  3. @watson watson revised this gist Oct 5, 2011. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions active_admin.rb
    Original file line number Diff line number Diff line change
    @@ -2,6 +2,7 @@

    ActiveAdmin.setup do |config|
    # You don't need to modify any settings here to get CanCan to work
    # Just remember to add CanCan to your Gemfile
    # ...
    end

  4. @watson watson revised this gist Oct 5, 2011. 4 changed files with 4 additions and 5 deletions.
    2 changes: 1 addition & 1 deletion ability.rb
    Original file line number Diff line number Diff line change
    @@ -9,4 +9,4 @@ def initialize(user)

    can :read, :all
    end
    end
    end
    3 changes: 1 addition & 2 deletions active_admin.rb
    Original file line number Diff line number Diff line change
    @@ -16,5 +16,4 @@
    def current_ability
    @current_ability ||= AdminAbility.new(current_user)
    end
    end

    end
    2 changes: 1 addition & 1 deletion admin_ability.rb
    Original file line number Diff line number Diff line change
    @@ -26,4 +26,4 @@ def initialize(user)
    can :manage, SomeThirdModel
    end
    end
    end
    end
    2 changes: 1 addition & 1 deletion foobars.rb
    Original file line number Diff line number Diff line change
    @@ -4,4 +4,4 @@
    # This will authorize the SomeModel class
    # The authorization is done using the AdminAbility class
    controller.authorize_resource
    end
    end
  5. @watson watson created this gist Oct 5, 2011.
    12 changes: 12 additions & 0 deletions ability.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,12 @@
    # app/models/ability.rb

    # All front end users are authorized using this class
    class Ability
    include CanCan::Ability

    def initialize(user)
    user ||= User.new

    can :read, :all
    end
    end
    20 changes: 20 additions & 0 deletions active_admin.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,20 @@
    # config/initializers/active_admin.rb

    ActiveAdmin.setup do |config|
    # You don't need to modify any settings here to get CanCan to work
    # ...
    end

    # Below the ActiveAdmin.setup block, I've opened up the ActiveAdmin::ResourceController
    # and modified the current_ability method to use a special AdminAbility class.
    # Technically you can put this code almost anywere, but I've added it here because
    # I think it belongs together with the other Active Admin initializer code.

    ActiveAdmin::ResourceController.class_eval do
    protected

    def current_ability
    @current_ability ||= AdminAbility.new(current_user)
    end
    end

    29 changes: 29 additions & 0 deletions admin_ability.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,29 @@
    # app/models/admin_ability.rb

    # All back end users (i.e. Active Admin users) are authorized using this class
    class AdminAbility
    include CanCan::Ability

    def initialize(user)
    user ||= User.new

    # We operate with three role levels:
    # - Editor
    # - Moderator
    # - Manager

    # An editor can to the following:
    can :manage, Foobar
    can :read, SomeOtherModel

    # A moderator can to the following:
    if user.role?('moderator')
    can :manage, SomeOtherModel
    end

    # A manager can to the following:
    if user.role?('manager')
    can :manage, SomeThirdModel
    end
    end
    end
    7 changes: 7 additions & 0 deletions foobars.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,7 @@
    # app/admin/foobars.rb

    ActiveAdmin.register Foobar do
    # This will authorize the SomeModel class
    # The authorization is done using the AdminAbility class
    controller.authorize_resource
    end
    17 changes: 17 additions & 0 deletions user.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,17 @@
    # app/models/user.rb

    class User < ActiveRecord::Base
    # The order of the ROLES array is important!
    # All privileges are inherited from left to right
    ROLES = %w(editor moderator manager)

    # Privileges are inherited between roles in the order specified in the ROLES
    # array. E.g. A moderator can do the same as an editor + more.
    #
    # This method understands that and will therefore return true for moderator
    # users even if you call `role?('editor')`.
    def role?(base_role)
    return false unless role # A user have a role attribute. If not set, the user does not have any roles.
    ROLES.index(base_role.to_s) <= ROLES.index(role)
    end
    end