-
Notifications
You must be signed in to change notification settings - Fork 45
Active Admin integration
kristianmandrup edited this page Nov 8, 2011
·
1 revision
For Active Admin it makes sense to use the CanTango Attribute API (see CanTango APIs. Having attribute permissions defined for a model lets you display each model model instance and only display the columns for the attributes which the current user has permission to access.
The Attribute API lets you define whether the user has :read or :write access to an attribute. This lets you disable any editing buttons for the given attribute without o_:write_ access. In short: Even more fine grained control!
Work on Active Admin integration has been started at Cantango demo
Several developers have been interested in this feature/integration and are looking into it. Stay tuned!
The current (experimental) setup:
# config/initializers/cantango.rb
CanTango.config do |config|
config.debug!
config.engine(:permission).set :off
config.engine(:permit).set :on
config.ability.mode = :no_cache
# not yet pushed to master!
config.register_hook :to_prepare, lambda {
CanTango.config.permits.register_permit_class AdminUserPermit
}
end
# in order to make #current_admin accessible at the class level
module CanTango::Api
def self.current_admin
@current_admin ||= AdminUser.first
end
end
# app/admin/admin_users.rb
ActiveAdmin.register AdminUser do
controller.skip_load_resource :only => :index
controller.authorize_resource
menu :if => proc{ admin_can?(:manage, AdminUser) }
if CanTango::Api.current_user_ability(:admin).can?( :change_password, AdminUser )
action_item :only => [:show, :edit] do
link_to "Change Password", change_password_app_admin_user_path( resource )
end
end
index do
Post.column_names do |name|
column name.to_sym # if admin_can?(:read, AdminUser)
column "Actions" do |model|
link_to "View", admin_admin_user_path(model) if admin_can?(:access, model)
link_to "Edit", admin_edit_admin_user_path(model) if admin_can?(:edit, model)
end
end
end
end
# app/admin/posts.rb
ActiveAdmin.register Post do
controller.skip_load_resource :only => :index
controller.authorize_resource
menu :if => proc{ admin_can?(:manage, Post) }
index do
Post.column_names do |name|
column name.to_sym # if admin_can?(:read, Post)
column "Actions" do |post|
link_to "View", admin_post_path(post) if admin_can?(:access, Post)
link_to "Edit", admin_edit_post_path(post) if admin_can?(:edit, Post)
end
end
end
end