Administrate: How to create read-only dashboard or restrict actions by some conditions

Created on 12 Jul 2017  路  11Comments  路  Source: thoughtbot/administrate

Hello!

Is there option to disable links to create/update/delete? For instance, I have list of Orders, and some of them are not editable after completion. I'd like to make them read-only not by introducing some logic into controller/model, but also by disabling corresponding buttons in the administrate.

I a nutshell, I'd like to see following options:

  1. Completely disable create/update/delete (in any combination) for certain dashboards
  2. Disable some actions per model by some logic

Thanks!

documentation security
Source
picture rozhok

Most helpful comment

Cool, we now have documented answer to 1st question.
Is there anything about 2nd?

picture rozhok on 20 Jul 2017
👍7

All 11 comments

you can append some checks to extend #valid_action?(name, resource) method on your admin controller. It is used on views for conditional display of links. Not sure if it works per model on views. For example, you can append call of some https://github.com/elabs/pundit object.

pustomytnyk picture pustomytnyk on 14 Jul 2017

@pustomytnyk thanks, that's works:

    def valid_action?(name, resource = resource_class)
      if name.to_s == 'edit' or name.to_s == 'destroy'
        return false
      end
      !!routes.detect do |controller, action|
        controller == resource.to_s.underscore.pluralize && action == name.to_s
      end
    end

Could you please check out this approach so I could add into docs?

rozhok picture rozhok on 17 Jul 2017

@rozhok you can shorten it, like %w[edit destroy].exclude?(name.to_s) && super

pustomytnyk picture pustomytnyk on 18 Jul 2017

This sounds like something which would be great in the docs, if one of you would be up for doing that?

nickcharlton picture nickcharlton on 18 Jul 2017
👍1

@pustomytnyk thanks! definitely shorten :)

@nickcharlton I'll submit PR.

rozhok picture rozhok on 19 Jul 2017

Cool, we now have documented answer to 1st question.
Is there anything about 2nd?

rozhok picture rozhok on 20 Jul 2017
👍7

~Update request: could really use this feature at the model-instance level~

Turns out there's show_action?, which does exactly this :D

G-Rath picture G-Rath on 25 Jan 2019

@rozhok @G-Rath although late to the scene, would Pundit and Administrate::Punditize solve the model actions per model logic?

frm picture frm on 26 Feb 2019

@rozhok @G-Rath is it possible to get a use case for disabling controller actions?

Administrate checks against the routes if the given action is valid. If you don't generate the routes, what's the use case that might make you want to explicitly disable them in the code?

frm picture frm on 26 Feb 2019

So the solution could be in config/routes.rb, ex if I want to exclude the edit action:

Rails.application.routes.draw do
  namespace :admin do
    resources :items, only: [:index, :show, :new, :create, :destroy]

    root to: "items#index"
  end
...
end
batdevis picture batdevis on 25 Mar 2019
👍1

I'm going to close this, as it should be solved through the Authorization functionality. Please open a new issue if this isn't the case.

nickcharlton picture nickcharlton on 2 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

amyin picture amyin  路  4Comments
trandoanhung1991 picture trandoanhung1991  路  3Comments
rmarronnier picture rmarronnier  路  4Comments
MatthiasRMS picture MatthiasRMS  路  3Comments
namiwang picture namiwang  路  4Comments