4

With CanCan, the load_and_authorize_resource helper method could be called in a global before_filter (in the application_controller). This would ensure that all ActiveAdmin controller actions too got authorized inherently.

But with Pundit, there is no such load_and_authorize_resource helper method. All Pundit docs and tutorials talk about calling authorize in every action. I am fine with calling authorize in every action. But in ActiveAdmin, the actions are not exposed by default. Am I supposed to open every action in every controller, and call authorize and then call super?

This seems wrong. So, could someone please tell me how to use Pundit to authorize the actions in ActiveAdmin?

Update:

I know about the Pundit authorization adapter. I am using the master branch of AA and I have configured AA to use the Pundit adapter, as described here. My question is: how do I make use of the adapter? By just setting config.authorization_adapter = ActiveAdmin::PunditAdapter, does it automatically invoke the authorization of every action in ActiveAdmin? I don't think so.

For example, in CanCan, even after setting config.authorization_adapter = ActiveAdmin::CanCanAdapter, you still have to set load_and_authorize_resource as a global before_filter for it to authorize all AA actions automatically.

Anjan
  • 1,613
  • 1
  • 19
  • 25
  • For me it was very easy. I've included Pundit module to ApplicationController, added PunditAdapter to the ActiveAdmin config and created Policies for all the models. And it works like a charm! – Dmitry Polushkin May 24 '14 at 01:58

1 Answers1

3

ActiveAdmin's master now includes a Pundit authorization adapter. If you are using the master branch of ActiveAdmin, Pundit can be easily utilized. Otherwise you can manually add the existing pundit_adapter.rb to older versions of ActiveAdmin, although more work might be required.

See ActiveAdmin PR #2857 for more context and detail on how the adapter was added.

After ActiveAdmin is setup to use the Pundit authorization adapter, it does check the authorization for the default resource actions: show, index, edit, update, new, create, destroy. Any custom actions must be manually authorized.

One detail to check is that your Pundit policy defines the methods expected by ActiveAdmin. There is a template available to be used as a starting point. The ActiveAdmin authorization docs may also be helpful.

Charles Maresh
  • 3,323
  • 22
  • 29
  • I have already set the Pundit adapter as my authorization adapter. I have updated the question to add more info. – Anjan May 07 '14 at 07:48
  • ActiveAdmin does authorize the default resource and page actions. Do you have an example? Could you be more specific about the issue? – Charles Maresh May 07 '14 at 15:16
  • I just tried a totally vanilla sample app with only activeadmin, pundit and one model. The authorization seemed to work all fine. So, I guess the problem I faced is something to do within my app. Need to check what it is. – Anjan May 21 '14 at 21:16