Resource Controller: Allow overriding authorize_resource

In a host app, I want to use scopes as resource models for index actions. Scopes can not be authorized through CanCanCan like actual models can. This is a pretty remote use case, so I won't try baking that into the already pretty complex resource handling system. However, it would be convenient to be able to override the authorization logic from my host app. This commit achieves that.
AlchemyCMS · Jul 29, 2017 · ad8852b · ad8852b
1 parent a62fa91
commit ad8852b
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/app/controllers/alchemy/admin/resources_controller.rb b/app/controllers/alchemy/admin/resources_controller.rb
@@ -13,9 +13,7 @@ class ResourcesController < Alchemy::Admin::BaseController
       before_action :load_resource,
         only: [:show, :edit, :update, :destroy]
 
-      before_action do
-        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
-      end
+      before_action :authorize_resource
 
       def index
         @query = resource_handler.model.ransack(params[:q])
@@ -112,6 +110,10 @@ def load_resource
         instance_variable_set("@#{resource_handler.resource_name}", resource_handler.model.find(params[:id]))
       end
 
+      def authorize_resource
+        authorize!(action_name.to_sym, resource_instance_variable || resource_handler.model)
+      end
+
       # Permits all parameters as default!
       #
       # THIS IS INSECURE! Although only signed in admin users can send requests anyway, but we should change this.