rails administrate with cancancan

Question

Im using rails administrate for my application, but I want to limit access via the administrate dashboard to the resources being administered.

Im also using cancancan in the other parts of my rails app to manage access and permissions.

Has anyone managed to use cancancan within administrate, so that the administrate dashboard can use the abilities defined in cancancan, do display the resources and apply the same persmissions ?

Thanks

Answer 1

You can find some info about what needs to be done here: https://administrate-prototype.herokuapp.com/authorization

What is mentioned there works well for filtering collections of records, but breaks when trying to authorize individual resources. The solution is to override the find_resource method. Here is the final working code:

# app/controllers/admin/application_controller.rb

rescue_from CanCan::AccessDenied do |exception|
  flash[:notice] = "Access Denied"
  redirect_to admin_root_path
end

# Override find_resource, because it initially calls scoped_resource.find(param)
# which breaks since we are overriding that method as well.
def find_resource(param)
  resource_class.default_scoped.find(param)
end

# Limit the scope of the given resource
def scoped_resource
  super.accessible_by(current_ability)
end

# Raise an exception if the user is not permitted to access this resource
def authorize_resource(resource)
  raise CanCan::AccessDenied unless show_action?(params[:action], resource)
end

# Hide links to actions if the user is not allowed to do them      
def show_action?(action, resource)
  # translate :show action to :read for cancan
  if ["show", :show].include?(action)
    action = :read
  end
  can? action, resource
end

This will get you started for basic resource authorization with CanCan. Further customization of field views might be needed if you need to restrict access to nested resources etc. But that should be pretty standard from that point forward. Hope this helps. :)