Integration with rolify

Recipe contributed by Paul after discussing it here.

It is possible to implement the rolify gem in conjunction with pundit in an Avo using basic functionality. Following the next steps allows for easy management of roles within the admin panel, which can be used to control access to different parts of the application based on user roles. By assigning specific permissions to each user role, Avo users can ensure that their admin panels remain secure and accessible only to authorised users.

WARNING

You must manually require rolify in your Gemfile.

gem "rolify"

If this is a new app you need to do some initial steps, create the role model and specify which models should be handled by rolify

INFO

Check out the rolify documentation for reference.

We assume that your model for managing users is called Account (default when using rodauth) and your role model is called Role (default when using rolify).

class Account < ApplicationRecord
  rolify

  # ...
end

A Role connects to an Account through has_and_belongs_to_many while an Account connects to Role through has_many (not directly used in the model because the rolify statement manage this). Although rolify has its own functions for adding and deleting roles, normal rails operations can also be used to manage the roles. To implement this in avo, the appropriate resources need to be created.

Perhaps the creation of the account resource is not necessary, as it has already been done in previous steps or has been created automatically by the avo generator through a scaffold/model. So we assume this step is already done.

bin/rails generate avo:resource role

After this step the roles should now accessible via the avo interface. The final modification should be done in the corresponding Account resource file.

class AccountResource < Avo::BaseResource
  # ...

  field :assigned_roles, as: :tags, hide_on: :forms do
    record.roles.map {|role|role.name}
  end

  # Only show roles that have not already been assigned to the object, because Avo does not use the add_role method, so it is possible to assign a role twice
  field :roles, as: :has_many, attach_scope: -> { query.where.not(id: parent.roles.pluck(:id)) }

  # ...
end

Example of RoleResource file:

class RoleResource < Avo::BaseResource
  self.title = :name
  self.includes = []

  field :name, as: :text
  field :accounts, as: :has_and_belongs_to_many
end

The roles of an account can now be easily assigned and removed using avo. The currently assigned roles are displayed in the index and show view using the virtual `assigned_roles' field.