Sha256: 260f2337636f73ec3e76c62d7e260b5e667352f7bfb66ea5c2e1faa92842f123
Contents?: true
Size: 1.9 KB
Versions: 15
Compression:
Stored size: 1.9 KB
Contents
module Wobauth
# AdminAbility - abilities for wobauth
# Mostly you have own abilities for your application.
# If you need access to Wobauth models for non admin users,
# there are some restrictions: i.e. navigate to Wobauth::User
# means AdminAbility is active and your abilities from your application
# are not visible. Or you may overwrite the default abilities for 'Admin',
# 'OrgaAdmin' or 'UserAdmin'
# To resolve this, extend Woauth::AdminAbility
# Example:
# role 'UserAdmin' should have only read access to all Wobauth models.
# Add a new method :user_admin to Wobauth::AdminAbility (separate file
# in your application) and define abilities for 'UserAdmin' there:
#
# --- file your_application/app/models/wobauth_ability.rb
# require 'wobauth/admin_ability'
# module Wobauth
# class AdminAbility
# include CanCan::Ability
# def user_admin(rights_for)
# can :read, [Wobauth::User, Wobauth::Group, ...]
# can :whateverelse ....
# end
# end
# end
# ---
# at least: don't forget to load wobauth_ability.rb
class AdminAbility
include CanCan::Ability
def initialize(user)
@user = user
return if @user.nil?
authorities = (@user.authorities + @user.group_authorities)
add_abilities(authorities)
end
private
def add_abilities(authorities)
Array(authorities).each do |authority|
add_ability(authority)
end
end
def add_ability(authority)
role = authority.role.name.underscore
if respond_to?(role)
send(role, authority.authorized_for)
else
fallback(authority)
end
end
def fallback(authority)
role = authority.role.to_s
if role == 'Admin'
can :manage, :all
elsif role == 'UserAdmin'
can :manage, :all
elsif role == 'OrgaAdmin'
can :read, :all
can :navigate, Wobauth::User
end
end
end
end
Version data entries
15 entries across 15 versions & 1 rubygems