How to authorize ActiveAdmin resources with Pundit?

StackOverflow https://stackoverflow.com/questions/23498813

Question

With CanCan, the load_and_authorize_resource helper method could be called in a global before_filter (in the application_controller). This would ensure that all ActiveAdmin controller actions too got authorized inherently.

But with Pundit, there is no such load_and_authorize_resource helper method. All Pundit docs and tutorials talk about calling authorize in every action. I am fine with calling authorize in every action. But in ActiveAdmin, the actions are not exposed by default. Am I supposed to open every action in every controller, and call authorize and then call super?

This seems wrong. So, could someone please tell me how to use Pundit to authorize the actions in ActiveAdmin?

Update:

I know about the Pundit authorization adapter. I am using the master branch of AA and I have configured AA to use the Pundit adapter, as described here. My question is: how do I make use of the adapter? By just setting config.authorization_adapter = ActiveAdmin::PunditAdapter, does it automatically invoke the authorization of every action in ActiveAdmin? I don't think so.

For example, in CanCan, even after setting config.authorization_adapter = ActiveAdmin::CanCanAdapter, you still have to set load_and_authorize_resource as a global before_filter for it to authorize all AA actions automatically.

Was it helpful?

Solution

ActiveAdmin's master now includes a Pundit authorization adapter. If you are using the master branch of ActiveAdmin, Pundit can be easily utilized. Otherwise you can manually add the existing pundit_adapter.rb to older versions of ActiveAdmin, although more work might be required.

See ActiveAdmin PR #2857 for more context and detail on how the adapter was added.

After ActiveAdmin is setup to use the Pundit authorization adapter, it does check the authorization for the default resource actions: show, index, edit, update, new, create, destroy. Any custom actions must be manually authorized.

One detail to check is that your Pundit policy defines the methods expected by ActiveAdmin. There is a template available to be used as a starting point. The ActiveAdmin authorization docs may also be helpful.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top