Custom Authorization #86
Comments
|
I know it's a very old issue, but I have recently found a way to address it, inspired by this article: use rails constraints. This is how it works: # config/routes.rb
class AdminOnly
def self.matches?(request)
user = UserService.find_from request
user.admin?
end
end
constraints AdminOnly do
mount DelayedJobWeb.new, at: "/delayed_job"
endIn my case I am using # config/routes.rb
class AbilityConstraint
def initialize(action, resource)
@action, @resource = action, resource
end
def matches?(request)
user = UserService.find_from request
user.present? && user.can?(@action, @resource)
end
end
constraints AbilityConstraint.new(:manage, :delayed_job) do
mount DelayedJobWeb.new, at: "/delayed_job"
endHope it helps. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I have a problem securing the access in my backend. I'm not using Devise but a custom auth (based on M.Hartl's tutorial) with cancancan.
Ideally, I'd like to do the same than my other routes/controllers using load_and_authorize_resource and the can :manage of cancancan.
I'm really confused on how to do this, even more after reading different posts about the subject. The examples provided didn't really help.
Any ideas on how to solve this?
Thanks!
The text was updated successfully, but these errors were encountered: