\uD83D\uDCD8 Instructions
| Info |
|---|
Highlight important information in a panel like this one. To edit this panel's color or style, select one of the options in the menu. |
\uD83D\uDCCB Related articles
...
| Info |
|---|
Summary: An overview of how Samvera applications authorize users to see content and perform actions. |
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Quickstart
Samvera uses cancancan to do authorization of many actions.
Cancancan generates app/models/ability.rb into your application and then hydra-head’s generator and later Hyrax’s generator each adds a couple of lines so that the class looks like this:
| Code Block | ||
|---|---|---|
| ||
class Ability
include Hydra::Ability
include Hyrax::Ability
self.ability_logic += [:everyone_can_create_curation_concerns]
# Define any customized permissions here.
def custom_permissions
# Limits deleting objects to a the admin user
#
# if current_user.admin?
# can [:destroy], ActiveFedora::Base
# end
# Limits creating new objects to a specific group
#
# if user_groups.include? 'special_group'
# can [:create], ActiveFedora::Base
# end
end
end
|
You don’t need to make any changes to this class as the included behavior provides all that you need to get started. However, if you are integrating an group system other than the default (See Hydra::RoleMapper), then you may want to change who has the admin role.
You can do this by overriding the admin? method on the Ability class like this:
| Code Block | ||
|---|---|---|
| ||
def admin?
user_groups.include? 'librarians'
end
|
Additional Technical Documentation
https://github.com/samvera/hyrax/wiki/Making-Admin-Users-in-Hyrax
Legacy
In-depth tutorials and explanations of the structure
Potential for Refactoring
Notes, links and ideas