Skip to content

Commit

Permalink
Merge pull request #5390 from solidusio/elia/admin/authorization
Browse files Browse the repository at this point in the history 
[admin] Separate authorization from authentication
  • Loading branch information
@elia
elia authored Sep 21, 2023
2 parents 7f55370 + 3dbae49 commit 64b4c8e
Show file tree
Hide file tree
Showing 9 changed files with 67 additions and 44 deletions.
2 changes: 1 addition & 1 deletion admin/app/components/solidus_admin/sidebar/account_nav/component.html.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
<% end %>
</li>
<li class="h-8 flex items-center hover:bg-gray-25 rounded">
<%= link_to @logout_path, method: @logout_method, class: 'flex gap-2 items-center px-2' do %>
<%= button_to @logout_path, method: @logout_method, class: 'flex gap-2 items-center px-2' do %>
<%= icon_tag("logout-box-line", class: "w-5 h-5 fill-current shrink") %>
<span><%= t('.logout') %></span>
<% end %>
Expand Down
2 changes: 2 additions & 0 deletions admin/app/controllers/solidus_admin/accounts_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

module SolidusAdmin
class AccountsController < SolidusAdmin::BaseController
skip_before_action :authorize_solidus_admin_user!

def show
redirect_to spree.edit_admin_user_path(current_solidus_admin_user)
end
Expand Down
37 changes: 0 additions & 37 deletions admin/app/controllers/solidus_admin/auth_adapters/backend.rb
View file

This file was deleted.

26 changes: 26 additions & 0 deletions admin/app/controllers/solidus_admin/authentication_adapters/backend.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# frozen_string_literal: true

module SolidusAdmin::AuthenticationAdapters::Backend
extend ActiveSupport::Concern

included do
delegate :admin_logout_path, to: :spree
helper_method :admin_logout_path
end

private

def authenticate_solidus_backend_user!
return if spree_current_user

instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
end

def store_location
Spree::UserLastUrlStorer.new(self).store_location
end

def spree_current_user
defined?(super) ? super : nil
end
end
5 changes: 3 additions & 2 deletions admin/app/controllers/solidus_admin/base_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,11 @@ class BaseController < ApplicationController
include Spree::Core::ControllerHelpers::Store
include GearedPagination::Controller

include SolidusAdmin::ControllerHelpers::Auth
include SolidusAdmin::ControllerHelpers::Authentication
include SolidusAdmin::ControllerHelpers::Authorization
include SolidusAdmin::ControllerHelpers::Locale
include SolidusAdmin::ComponentsHelper
include SolidusAdmin::AuthAdapters::Backend if defined?(Spree::Backend)
include SolidusAdmin::AuthenticationAdapters::Backend if defined?(Spree::Backend)

layout 'solidus_admin/application'
helper 'solidus_admin/components'
Expand Down
2 changes: 1 addition & 1 deletion .../solidus_admin/controller_helpers/auth.rb → ...dmin/controller_helpers/authentication.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# frozen_string_literal: true

module SolidusAdmin::ControllerHelpers::Auth
module SolidusAdmin::ControllerHelpers::Authentication
extend ActiveSupport::Concern

included do
Expand Down
29 changes: 29 additions & 0 deletions admin/app/controllers/solidus_admin/controller_helpers/authorization.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# frozen_string_literal: true

module SolidusAdmin::ControllerHelpers::Authorization
extend ActiveSupport::Concern

included do
before_action :authorize_solidus_admin_user!
end

private

def current_ability
@current_ability ||= Spree::Ability.new(current_solidus_admin_user)
end

def authorize_solidus_admin_user!
subject = authorization_subject

authorize! :admin, subject
authorize! action_name, subject
end

def authorization_subject
"Spree::#{controller_name.classify}".constantize
rescue NameError
raise NotImplementedError, "Couldn't infer the model class from the controller name, " \
"please implement `#{self.class}#authorization_subject`."
end
end
2 changes: 1 addition & 1 deletion admin/lib/solidus_admin/preview.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ module ControllerHelper
extend ActiveSupport::Concern

included do
include SolidusAdmin::ControllerHelpers::Auth
include SolidusAdmin::ControllerHelpers::Authentication
helper ActionView::Helpers
helper SolidusAdmin::ComponentsHelper
helper_method :current_component
Expand Down
6 changes: 4 additions & 2 deletions admin/spec/components/solidus_admin/sidebar/account_nav/component_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,10 @@

# Links are hidden within a <details> element
expect(page).to have_link("Account", href: "/admin/account", visible: :any)
expect(page).to have_link("Logout", href: "/admin/logout", visible: :any)
expect(page.find_link("Logout", visible: :any)["data-method"]).to eq("delete")
within('form[action="/admin/logout"]') do
expect(page).to have_button("Logout", visible: :any)
expect(page).to have_css('input[type="hidden"][name="_method"][value="delete"]')
end
end
end
end

0 comments on commit 64b4c8e

Please sign in to comment.