Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Khairi Adnan
    @mkhairi
    Hi, i have a question about Action Access. if i have nested controller like below, how can allow all subclass action access inherit from parent controller?
    class EmployeesController < ApplicationController
      let :super_admin, :all
      ....
    end
    class Employees::SkillsController < EmployeesController
      ....
    end
    class Employees::EducationsController < EmployeesController
      ....
    end
    Matías Gagliano
    @matiasgagliano
    Hi, that's an interesting topic.
    Instead of nested, I'd say you have inherited controller classes. All the controllers you're presenting should have the same permissions, becouse they inherit from EmployeesController.
    Matías Gagliano
    @matiasgagliano
    All the permissions that you define on EmployeesController should be automatically present on the other controllers becouse of the inheritance.
    Khairi Adnan
    @mkhairi
    but in this case it won't let super_admin to access subclass controller. Seem like all subclass controller not automatically derive permissions from superclass controller.
    Matías Gagliano
    @matiasgagliano
    Could you please elaborate about your implementation?
    Does it work on EmployeesController alone?
    Are you sure that the problem is in the inheritance and not somewhere else?
    Maybe current_clearance_level doesn't match :super_admin.
    You can use the keeper to debug and confirm the existing permissions.
    Khairi Adnan
    @mkhairi
    it work for EmployeesController alone. For subclass i need to declare another same permission to gain access otherwise it will be redirect to root url without any flash notice/redirection_message "Not authorized". so i pretty sure there is no problem with 'current_clearance_level'
    Khairi Adnan
    @mkhairi
    furthermore, i try debug using keeper as you suggest. there is no user who can access subcontroller. after i declare the same permission in those subcontroller a list of user exist in keeper instance. but i have noticed when remove or comment out those permission, keeper instance not clear the list of allowed users until I restart my rails server. is this behavior is normal?
    Matías Gagliano
    @matiasgagliano
    I was wrong, I spoke without thinking it through. The body of a class is executable code that's evaluated upon definition but won't be re-evaluate when the class is inherited. That means that the let directive isn't evaluated on the subclasses.
    You might want to define the permissions inside the inhereted callback to keep it DRY.
    goutham
    @gouthamvel
    any idea how to get this working for activeadmin without adding let in every admin resource
    Matías Gagliano
    @matiasgagliano
    Hi @gouthamvel, I've never worked with activeadmin.
    What exactly are you trying to do? Where or how do you need to integrate ActionAccess into ActiveAdmin?
    goutham
    @gouthamvel
    @matiasgagliano I'm trying to
    • add access to Base controller so I don't have to add "controller do; let's :admin ....; end" all the admin files this is my current solution. Same as adding let to ApplicationControler but for admin
    Matías Gagliano
    @matiasgagliano
    Can you make all the admin controllers inherit from an AdminController?
    What I do in my apps is to have a base controller per scope and put common code there.
    The next closest thing is to infer from ApplicationController when you are in an admin scope or not and put the authorizations there.
    Maybe if admin is part of the route or something like that.
    @gouthamvel, I'm not having much time lately but whenever you write I'll get back to you as soon as possible.
    Jan Wiemers
    @janwiemers
    hey @matiasgagliano I've found a compatibility issue with the audited gem as described in matiasgagliano/action_access#12 I've found the root cause which is that the :helper_method is not available in the audited gem, but I guess it is safer to handle this in the action_access gem. I'm about to prepare the pull request for that.