matiasgagliano/action_access

Access control system for Ruby on Rails.

Khairi Adnan

@mkhairi

Hi, i have a question about Action Access. if i have nested controller like below, how can allow all subclass action access inherit from parent controller?

class EmployeesController < ApplicationController
  let :super_admin, :all
  ....
end

class Employees::SkillsController < EmployeesController
  ....
end

class Employees::EducationsController < EmployeesController
  ....
end

Matías Gagliano

@matiasgagliano

Hi, that's an interesting topic.

Instead of nested, I'd say you have inherited controller classes. All the controllers you're presenting should have the same permissions, becouse they inherit from EmployeesController.

Matías Gagliano

@matiasgagliano

All the permissions that you define on EmployeesController should be automatically present on the other controllers becouse of the inheritance.

Khairi Adnan

@mkhairi

but in this case it won't let super_admin to access subclass controller. Seem like all subclass controller not automatically derive permissions from superclass controller.

Matías Gagliano

@matiasgagliano

Could you please elaborate about your implementation?
Does it work on EmployeesController alone?
Are you sure that the problem is in the inheritance and not somewhere else?
Maybe current_clearance_level doesn't match :super_admin.
You can use the keeper to debug and confirm the existing permissions.

Khairi Adnan

@mkhairi

it work for EmployeesController alone. For subclass i need to declare another same permission to gain access otherwise it will be redirect to root url without any flash notice/redirection_message "Not authorized". so i pretty sure there is no problem with 'current_clearance_level'

Khairi Adnan

@mkhairi

furthermore, i try debug using keeper as you suggest. there is no user who can access subcontroller. after i declare the same permission in those subcontroller a list of user exist in keeper instance. but i have noticed when remove or comment out those permission, keeper instance not clear the list of allowed users until I restart my rails server. is this behavior is normal?

Matías Gagliano

@matiasgagliano

I was wrong, I spoke without thinking it through. The body of a class is executable code that's evaluated upon definition but won't be re-evaluate when the class is inherited. That means that the let directive isn't evaluated on the subclasses.

You might want to define the permissions inside the inhereted callback to keep it DRY.

goutham

@gouthamvel

any idea how to get this working for activeadmin without adding let in every admin resource

Matías Gagliano

@matiasgagliano

Hi @gouthamvel, I've never worked with activeadmin.
What exactly are you trying to do? Where or how do you need to integrate ActionAccess into ActiveAdmin?

goutham

@gouthamvel

@matiasgagliano I'm trying to

add access to Base controller so I don't have to add "controller do; let's :admin ....; end" all the admin files this is my current solution. Same as adding let to ApplicationControler but for admin

Matías Gagliano

@matiasgagliano

Can you make all the admin controllers inherit from an AdminController?
What I do in my apps is to have a base controller per scope and put common code there.
The next closest thing is to infer from ApplicationController when you are in an admin scope or not and put the authorizations there.

Maybe if admin is part of the route or something like that.

@gouthamvel, I'm not having much time lately but whenever you write I'll get back to you as soon as possible.

Jan Wiemers

@janwiemers

hey @matiasgagliano I've found a compatibility issue with the audited gem as described in matiasgagliano/action_access#12 I've found the root cause which is that the :helper_method is not available in the audited gem, but I guess it is safer to handle this in the action_access gem. I'm about to prepare the pull request for that.

Where communities thrive

People

Repo info

Activity