easy-admin-rails 0.2.1 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a486a14f84c7adc080acaf93dd573f6bcd2fbe6c2118e4c37d58e3b34b254ff
-  data.tar.gz: d7e4324d5c53c1dd23ff1c3a2cd7df00d57feecea70fa4cb5a8e8e52520bb56c
+  metadata.gz: 114db756f935751ce2446ada0465829ebc368580af18e11c0e4de7d736b3e57b
+  data.tar.gz: c12a7bcdf614b7fedc87ce6cc942a26094b6eb3a62b4bed93453cab3a79ea809
 SHA512:
-  metadata.gz: 1325f6e7cf083a5a512bc8db44e3136c17dd4e4482fd7a4f08ec09d656108efe9767ed564a358cfbd5156644eeb9bb5e493b2b85254ac7e93121293dcb4875b7
-  data.tar.gz: 39933c874954b69d2678bc6e2128ac07d3dafa4578cd68e394156a1c5fa0f2bb923e1fb43f0b45f3dff49199208b16603855d1cef8fc4411a8645b1c57d29a0c
+  metadata.gz: fe827e1adac715c9bf5db4caa5a7dc8749b3b32c65c0adc4362591c5f2845c454e4e7c7b623d3e44eb892dc561854ef5087cf4e073a036127b680957e3c44be2
+  data.tar.gz: 85b294f85b2d244fa8e22ab4bc0323100a54f052f7206bcd9c425881fa5ed907ee4e66ab5b575dd751164ac3f6fd36694e4e72f88afbc64d43cd5f75881cfeb0

data/app/components/easy_admin/permissions/user_role_permissions_component.rb

@@ -13,7 +13,7 @@ module EasyAdmin
         
         # Get actual permissions from permissions_cache
         @user_permissions = get_user_permissions_from_cache(user)
-        @all_permissions = EasyAdmin::Permissions::Permission.all.order(:resource_type, :action)
+        @available_resources = EasyAdmin::Permissions.available_resources
         
         Rails.logger.debug "UserRolePermissionsComponent: user=#{@user&.id}, role=#{@current_role&.name}, cached_permissions=#{@user_permissions.size}"
       end
@@ -59,7 +59,8 @@ module EasyAdmin
               
               div do
                 span(class: "font-medium text-gray-500") { "Permissions Count:" }
-                p(class: "text-gray-900") { @current_role.permissions.count.to_s }
+                enabled_count = @user_permissions.count { |name, granted| granted == "true" || granted == true }
+                p(class: "text-gray-900") { enabled_count.to_s }
               end
               
               div do
@@ -85,12 +86,11 @@ module EasyAdmin
           end
 
           # Get permissions that are granted (true) from cache
-          granted_permission_names = @user_permissions.select { |name, granted| granted == "true" }.keys
-          granted_permissions = @all_permissions.select { |p| granted_permission_names.include?(p.name) }
+          granted_permission_names = @user_permissions.select { |name, granted| granted == "true" || granted == true }.keys
           
-          if granted_permissions.any?
+          if granted_permission_names.any?
             # Group permissions by resource type
-            grouped_permissions = granted_permissions.group_by(&:resource_type)
+            grouped_permissions = group_permissions_by_resource(granted_permission_names)
             
             div(class: "space-y-6") do
               grouped_permissions.each do |resource_type, resource_permissions|
@@ -115,14 +115,16 @@ module EasyAdmin
 
           # Permissions grid
           div(class: "grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-3") do
-            permissions.each do |permission|
-              render_permission_card(permission)
+            permissions.each do |permission_name|
+              render_permission_card(permission_name)
             end
           end
         end
       end
 
-      def render_permission_card(permission)
+      def render_permission_card(permission_name)
+        resource_type, action = permission_name.split(':')
+        
         div(class: "flex items-start p-3 bg-green-50 border border-green-200 rounded-lg") do
           # Permission icon
           div(class: "flex-shrink-0 mr-3") do
@@ -132,18 +134,14 @@ module EasyAdmin
           # Permission details
           div(class: "flex-1 min-w-0") do
             div(class: "flex items-center mb-1") do
-              span(class: "text-sm font-medium text-gray-900 capitalize") { permission.action.humanize }
+              span(class: "text-sm font-medium text-gray-900 capitalize") { action.humanize }
               span(class: "ml-2 inline-flex items-center px-2 py-1 rounded text-xs font-medium bg-green-100 text-green-800") do
-                permission.action
+                action
               end
             end
             
-            if permission.description.present?
-              p(class: "text-xs text-gray-600 leading-relaxed") { permission.description }
-            end
-            
             # Permission name (technical)
-            p(class: "text-xs text-gray-500 font-mono mt-1") { permission.name }
+            p(class: "text-xs text-gray-500 font-mono mt-1") { permission_name }
           end
         end
       end
@@ -181,6 +179,17 @@ module EasyAdmin
           {}
         end
       end
+
+      # Group permission names by resource type
+      def group_permissions_by_resource(permission_names)
+        grouped = {}
+        permission_names.each do |permission_name|
+          resource_type, action = permission_name.split(':')
+          grouped[resource_type] ||= []
+          grouped[resource_type] << permission_name
+        end
+        grouped
+      end
     end
   end
 end

data/app/components/easy_admin/sidebar_component.rb

@@ -213,13 +213,18 @@ module EasyAdmin
       # Allow non-resource items (like Dashboard, Settings, etc.)
       return true unless item[:resource]
 
-      # For resource items, check permission
-      resource_name = item[:resource]
-      # Convert complex resource names to permission format
-      permission_resource_name = convert_resource_to_permission_name(resource_name)
-      permission_name = "#{permission_resource_name}:read"
-      
-      EasyAdmin::Permissions.authorized?(@current_user, permission_name)
+      # For resource items, check permission only if EasyAdmin::Permissions is available
+      if defined?(EasyAdmin::Permissions) && EasyAdmin::Permissions.enabled?
+        resource_name = item[:resource]
+        # Convert complex resource names to permission format
+        permission_resource_name = convert_resource_to_permission_name(resource_name)
+        permission_name = "#{permission_resource_name}:read"
+        
+        EasyAdmin::Permissions.authorized?(@current_user, permission_name)
+      else
+        # If permissions are not available, allow access to all resource items
+        true
+      end
     end
 
     def convert_resource_to_permission_name(resource_name)

data/app/controllers/easy_admin/application_controller.rb

@@ -1,7 +1,17 @@
 module EasyAdmin
   class ApplicationController < ActionController::Base
     include Pagy::Backend
-    include ActionPolicy::Controller
+    
+    # Only include ActionPolicy if it's available
+    if defined?(ActionPolicy)
+      include ActionPolicy::Controller
+      
+      # ActionPolicy authorization context
+      authorize :user, through: :current_admin_user
+
+      # Handle ActionPolicy authorization failures
+      rescue_from ActionPolicy::Unauthorized, with: :handle_authorization_failure
+    end
     
     helper EasyAdmin::FieldsHelper
     helper EasyAdmin::PagyHelper
@@ -11,16 +21,12 @@ module EasyAdmin
     before_action :set_feature_toggles
     before_action :set_paper_trail_whodunnit
     
-    # ActionPolicy authorization context
-    authorize :user, through: :current_admin_user
-
-    # Handle ActionPolicy authorization failures
-    rescue_from ActionPolicy::Unauthorized, with: :handle_authorization_failure
-    
-    # Configure ActionPolicy to use ApplicationPolicy as default for all models
-    def policy_for(record:, **opts)
-      # Always use ApplicationPolicy for all models (EasyAdmin and regular models)
-      ApplicationPolicy.new(record, **authorization_context, **opts)
+    # Configure ActionPolicy to use ApplicationPolicy as default for all models (only if ActionPolicy is available)
+    if defined?(ActionPolicy)
+      def policy_for(record:, **opts)
+        # Always use ApplicationPolicy for all models (EasyAdmin and regular models)
+        ApplicationPolicy.new(record, **authorization_context, **opts)
+      end
     end
     
     protected
@@ -104,11 +110,16 @@ module EasyAdmin
       
       respond_to do |format|
         format.html do
-          flash[:alert] = error_message
-          
-          # Try to redirect back, fallback to dashboard
-          redirect_path = request.referer&.start_with?(request.base_url) ? request.referer : easy_admin.root_path
-          redirect_to redirect_path
+          # Check if this is a turbo_frame request (like inline editing)
+          if turbo_frame_request?
+            render template: 'easy_admin/application/authorization_failure', layout: false
+          else
+            flash[:alert] = error_message
+            
+            # Try to redirect back, fallback to dashboard
+            redirect_path = request.referer&.start_with?(request.base_url) ? request.referer : easy_admin.root_path
+            redirect_to redirect_path
+          end
         end
         
         format.turbo_stream do

data/app/controllers/easy_admin/concerns/resource_authorization.rb

@@ -2,53 +2,60 @@ module EasyAdmin
   module Concerns
     # ResourceAuthorization concern handles authorization checks for resource actions
     # Provides before_action callbacks and authorization methods for all CRUD operations
+    # Only active when ActionPolicy is available
     module ResourceAuthorization
       extend ActiveSupport::Concern
 
       included do
-        before_action :authorize_resource_access!, only: [:index]
-        before_action :authorize_record_access!, only: [:show]
-        before_action :authorize_record_creation!, only: [:new, :create]
-        before_action :authorize_record_update!, only: [
-          :edit, :update, :edit_field, :update_field, 
-          :belongs_to_reattach, :belongs_to_edit_attached, :update_belongs_to_attached
-        ]
-        before_action :authorize_record_destruction!, only: [:destroy]
-        before_action :authorize_versioning_access!, only: [:versions, :revert_version, :version_diff]
+        # Only add authorization callbacks if ActionPolicy is available
+        if defined?(ActionPolicy)
+          before_action :authorize_resource_access!, only: [:index]
+          before_action :authorize_record_access!, only: [:show]
+          before_action :authorize_record_creation!, only: [:new, :create]
+          before_action :authorize_record_update!, only: [
+            :edit, :update, :edit_field, :update_field, 
+            :belongs_to_reattach, :belongs_to_edit_attached, :update_belongs_to_attached
+          ]
+          before_action :authorize_record_destruction!, only: [:destroy]
+          before_action :authorize_versioning_access!, only: [:versions, :revert_version, :version_diff]
+        end
       end
 
       private
 
-      # Authorize access to resource index
-      def authorize_resource_access!
-        authorize! @resource_class.model_class, to: :index?
-      end
-      
-      # Authorize access to view a specific record
-      def authorize_record_access!
-        authorize! @record, to: :show?
-      end
-      
-      # Authorize creation of new records
-      def authorize_record_creation!
-        authorize! @resource_class.model_class, to: :create?
-      end
-      
-      # Authorize updating of existing records
-      def authorize_record_update!
-        authorize! @record, to: :update?
-      end
-      
-      # Authorize destruction of existing records
-      def authorize_record_destruction!
-        authorize! @record, to: :destroy?
-      end
-      
-      # Authorize access to versioning features (PaperTrail integration)
-      def authorize_versioning_access!
-        # Check if user can view record and has versioning permissions
-        authorize! @record, to: :show?
-        authorize! @record, to: :manage_versions?
+      # Authorization methods - only defined if ActionPolicy is available
+      if defined?(ActionPolicy)
+        # Authorize access to resource index
+        def authorize_resource_access!
+          authorize! @resource_class.model_class, to: :index?
+        end
+        
+        # Authorize access to view a specific record
+        def authorize_record_access!
+          authorize! @record, to: :show?
+        end
+        
+        # Authorize creation of new records
+        def authorize_record_creation!
+          authorize! @resource_class.model_class, to: :create?
+        end
+        
+        # Authorize updating of existing records
+        def authorize_record_update!
+          authorize! @record, to: :update?
+        end
+        
+        # Authorize destruction of existing records
+        def authorize_record_destruction!
+          authorize! @record, to: :destroy?
+        end
+        
+        # Authorize access to versioning features (PaperTrail integration)
+        def authorize_versioning_access!
+          # Check if user can view record and has versioning permissions
+          authorize! @record, to: :show?
+          authorize! @record, to: :manage_versions?
+        end
       end
     end
   end

data/app/views/easy_admin/application/authorization_failure.html.erb

@@ -0,0 +1,9 @@
+<turbo-frame id="modal">
+  <%= turbo_stream.update("notifications") do %>
+    <%== EasyAdmin::NotificationComponent.new(
+      type: :error,
+      message: @error_message,
+      title: "Access Denied"
+    ).call %>
+  <% end %>
+</turbo-frame>

data/lib/easy_admin/version.rb

@@ -1,3 +1,3 @@
 module EasyAdmin
-  VERSION = "0.2.1"
+  VERSION = "0.2.3"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: easy-admin-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.3
 platform: ruby
 authors:
 - Slaurmagan
@@ -355,6 +355,7 @@ files:
 - app/models/easy_admin/application_record.rb
 - app/policies/admin_user_policy.rb
 - app/policies/application_policy.rb
+- app/views/easy_admin/application/authorization_failure.html.erb
 - app/views/easy_admin/application/authorization_failure.turbo_stream.erb
 - app/views/easy_admin/dashboard/index.html.erb
 - app/views/easy_admin/dashboards/card.html.erb