Reputation: 1527
How to check cancan permission on ActiveAdmin custom page?
I've the following Ability:
can :manage, ActiveAdmin::Page, name: 'My Page'
And it is working fine, but I want to check if the user has the ability to manage this ActiveAdmin::Page in different pages. So, when I used the following:
can? :manage, ActiveAdmin::Page, name: 'My Page'
It returned true for any page even if it does not exist!
Upvotes: 6
Views: 1446
Answers (4)
Reputation: 11
After I applied register_page solution, the menu dropdowns extended to individual menu links.
This github issue leads me to answer. https://github.com/activeadmin/activeadmin/issues/4783#issuecomment-479562966
I solved like this.
def find_custom_page(name)
ActiveAdmin.application.namespaces[:admin].resources.find{|r| r.resource_name.name == name }
end
can? :manage, (find_custom_page 'MyPage')
Upvotes: 1
Reputation: 332
I just wanted to share what I did for my case:
# ability.rb
can(:manage, ActiveAdmin::Page, name: 'Page Title')
And in the ActiveAdmin page:
action_item :specific_page, only: :show, if: proc { authorized?(:manage, controller.instance_variable_get(:@specific_page)) } do
link_to 'Page Title', "/admin/..."
end
...
controller do
def show
@specific_page = ActiveAdmin.application.namespaces[:admin].resources.select { |resource| resource.resource_label == 'Page Title' }.first
end
end
Upvotes: 0
Reputation: 1527
Finally, I figured out a way, it looks weird because it uses register_page but it is working:
can? :manage, (ActiveAdmin::register_page 'My Page')
Upvotes: 1
Reputation: 2498
The code
can? :manage, ActiveAdmin::Page, name: 'My Page'
checks if the current user can manage an instance of ActiveAdmin::Page whose name attribute is equal to My Page. That is exactly the condition you stated in your abilities file, and that is why it always returns true.
In case you want to know if a user can or cannot access a specific page (which is what I think you are trying to do) you should ask "can I manage this page?" instead of "can I manage a page whose name is My Page?". In the former you are talking about a specific page, and in the later you are talking about pages with a certain characteristic.
In order to ask CanCan whether the current user can access a specific page, just ask:
can? :manage, my_specific_page
where my_specific_page needs to be an instance of ActiveAdmin::Page.
Upvotes: 9
Related Questions
- Activeadmin, page_action and cancan rules
- Unable to configure cancancan with active_admin in rails
- Unable to configure cancancan in Rails
- ActiveAdmin checking create authorization
- Need help to configure CanCanCan for activeadmin
- how set the permissions for cancan gem?
- ActiveAdmin, CanCan: privelegies
- Activeadmin custom pages and Cancan
- How do I use CanCan with rails admin to check for ownership
- How do you give a user permission with CanCan