Skip to content

Commit

Permalink
Move authorization checks outside of the backend "auth" adapter
Browse files Browse the repository at this point in the history
Those are not dependent on the authentication system.
  • Loading branch information
elia committed Sep 27, 2023
1 parent 09ed961 commit 673deb7
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 13 deletions.
2 changes: 2 additions & 0 deletions admin/app/controllers/solidus_admin/accounts_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

module SolidusAdmin
class AccountsController < SolidusAdmin::BaseController
skip_before_action :authorize_solidus_admin_user!

def show
redirect_to spree.edit_admin_user_path(current_solidus_admin_user)
end
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,9 @@ module SolidusAdmin::AuthenticationAdapters::Backend
private

def authenticate_solidus_backend_user!
if respond_to?(:model_class, true) && model_class
record = model_class
else
record = controller_name.to_sym
end
authorize! :admin, record
authorize! action_name.to_sym, record
rescue CanCan::AccessDenied
instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
end
return if spree_current_user

# Needs to be overriden so that we use Spree's Ability rather than anyone else's.
def current_ability
@current_ability ||= Spree::Ability.new(spree_current_user)
instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
end

def store_location
Expand Down
1 change: 1 addition & 0 deletions admin/app/controllers/solidus_admin/base_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ class BaseController < ApplicationController
include GearedPagination::Controller

include SolidusAdmin::ControllerHelpers::Authentication
include SolidusAdmin::ControllerHelpers::Authorization
include SolidusAdmin::ControllerHelpers::Locale
include SolidusAdmin::ComponentsHelper
include SolidusAdmin::AuthenticationAdapters::Backend if defined?(Spree::Backend)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# frozen_string_literal: true

module SolidusAdmin::ControllerHelpers::Authorization
extend ActiveSupport::Concern

included do
before_action :authorize_solidus_admin_user!
end

private

def current_ability
@current_ability ||= Spree::Ability.new(current_solidus_admin_user)
end

def authorize_solidus_admin_user!
subject = authorization_subject

authorize! :admin, subject
authorize! action_name, subject
end

def authorization_subject
"Spree::#{controller_name.classify}".constantize
rescue NameError
raise NotImplementedError, "Couldn't infer the model class from the controller name, " \
"please implement `#{self.class}#authorization_subject`."
end
end

0 comments on commit 673deb7

Please sign in to comment.