trestle-auth icon indicating copy to clipboard operation
trestle-auth copied to clipboard

Published 20 hours ago verified publisher icon TrestleAdmin

Role in trestle

Open qkhuyit opened this issue 6 years ago • 11 comments

How to custom trestle-auth by Role, Role Group . ..v..v.. Thks

qkhuyit avatar Jul 09 '18 16:07 qkhuyit

This isn't currently possible but should hopefully be very soon (I'm planning on working on it within the next couple of weeks).

spohlenz avatar Jul 10 '18 02:07 spohlenz

Would love to see this too! Been trying to have content editors / 'true' administrators, and some things are a little tricky to do

IanMitchell avatar Feb 13 '19 02:02 IanMitchell

looking forward to this

wanxsb avatar Mar 01 '19 09:03 wanxsb

Could be nice to have an idea on how to start so we can help

McRipper avatar Mar 12 '19 10:03 McRipper

This is important!

brunitob avatar Apr 16 '19 03:04 brunitob

Any word on this?

brandondrew avatar Nov 07 '19 02:11 brandondrew

Is this possible yet?

stydav avatar Nov 23 '19 11:11 stydav

Hi guys! There is any new about this issue? I will love to add some roles to my panel in order to show or hide menus in relation with user roles.

hdbreaker avatar May 25 '20 12:05 hdbreaker

I found a way, and it's also pretty straightforward. It's just an idea but I tested it and it works.

Let's use the Pundit gem, remember that roles must be managed separately.

inside an admin resource, take Customer for example:

Trestle.resource(:customers) do

  ...

  controller do
    
    include Pundit

    after_action :verify_authorized

    def index
      authorize Customer
      super
    end

    def show
      authorize instance
      super
    end

  end

end

Remember to create a policy for the customer, an easy one would be:

class CustomerPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
      scope.all
    end
  end

  def index?
    true
  end

  def show?
    false
  end

end

Adding some config to the controller could help, instead of opening all the methods of the controller, maybe @spohlenz could give us some ideas when he sees this solution, it seems that everything is inherited from "Trestle::AdminController" and "Trestle::ResourceController"

Hope this help!

McRipper avatar May 25 '20 13:05 McRipper

Hi, just wanted to ask if there is any news on this or is the pundit still the best way?

Protoplaste avatar May 27 '22 14:05 Protoplaste

I needed to have this role based support, and using @McRipper suggestion is easy enough.

The only difficulty I found was how to apply Scope policies when the resolve method is more complicated than

def resolve
    scope.all
end

It can be applied in the index, as usual, however, it is important to know that the @collection is what we need to modify.

Trestle.resource(:customers) do
  ...
  
  controller do
    include Pundit::Authorization

    after_action :verify_authorized, except: :index
    after_action :verify_policy_scoped, only: :index
   
    def index
      @collection = policy_scope @collection
    end
    ...

If we want to totally cut off some classes of users from seeing the list of resources, we could

Trestle.resource(:customers) do
  ...
  
  controller do
    include Pundit::Authorization

    after_action :verify_authorized, except: :index
   
    def index
      authorize Customer
    end

By using both authorize and policy_scope we can prevent any access to some users, and limit what the other can see. Very flexible.

This way of using pundit is the easiest very straightforward, but it has its drawbacks. When the controller's index method is called, the collection is already loaded and prepared. E.g. authorize will prevent from displaying the collection data to the user, but it will not prevent reading it all from the database. So from the purely performance point of view it could be better to call the authorize and policy_scope at the beginning of Trestle::Resource::Collection.prepare method, or even better, search adapter.

uaru avatar Sep 27 '22 06:09 uaru