Katee
commented
7 years ago I accidentally opened this PR too early, treat it as a work in progress.
Closed Katee closed 7 years ago
Katee
commented
7 years ago I accidentally opened this PR too early, treat it as a work in progress.
Katee
commented
7 years ago This is ready for review. It is an implementation of the 'shim' you mentioned in https://github.com/ywwg/ffagc/pull/73#issuecomment-290710934 and does not disrupt any existing functionality.
Previous checks like this:
if !admin_logged_in?
redirect_to '/'
endwill be updated with logic that checks the specific ACL for a model in controllers and views:
unless can? :manage, GrantsVoter.new(voter: @voter)
redirect_to '/'
endCanCan can automatically load the resources a user has access to in a controller (see Controller Authorization Example). However I cannot currently use this feature yet as the existing controllers break convention.
This PR does not touch views, although they do need to be updated to use the same logic.
I also purposely did not edit many controllers in this PR as most of them are severely breaking convention and are probably better handled outside of this PR. I did update
VotersControlleras an example.