RailsAdmin AuthorizedFields
This gem adds ability to setup authorization rules for fields in a simple way.
Installation
Add this line to your application's Gemfile:
gem 'rails_admin_authorized_fields'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rails_admin_authorized_fields
Configuration
Create initilializers/rails_admin_authorized_fields.rb:
RailsAdminAuthorizedFields.configure do |config|
config.default_rule = proc { bindings[:view]._current_user.has_role?( :admin ) }
end
default_rule used when either authorized_fields or unauthorized_fields section included but rules for some fields are not specified.
Usage
Just add authorized_fields section to your model with specified rules:
rails_admin do
authorized_fields( {
[ :enabled, :is_default, :text_slug ] => proc { bindings[:view]._current_user.has_role?( :admin ) },
[ :domain ] => proc { !bindings[:view]._current_user.has_role?( :manager ) },
} )
field :enabled
field :name
field :domain
field :is_default
field :text_slug
end
You can also use unauthorized_fields section in opposite of authorized_fields. All rules will be checked.
rails_admin do
unauthorized_fields( {
[ :enabled, :is_default, :text_slug ] => proc { bindings[:view]._current_user.has_role?( :manager ) },
} )
field :enabled
field :name
field :domain
field :is_default
field :text_slug
end
Note: all fields are not authorized by default if any rules present.
TODO: just a small changes needed to make authorized_fields section overridable in subsection (list, edit)
Changelog
1.2.0 - added default authorization rule
1.0.0 - changed default authorized logic. In 0.0.3 all fields were authorized by default. In 1.0.0 fields unauthorized when either authorized_fields or unauthorized_fields sections are present.
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request