use cancancan2 fix from CanCanCommunity/cancancan#413

crowdtask · Aug 21, 2017 · 3aeaaaf · 3aeaaaf
1 parent ca07f9a
commit 3aeaaaf
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/lib/rails_admin/extensions/cancancan/authorization_adapter.rb b/lib/rails_admin/extensions/cancancan/authorization_adapter.rb
@@ -17,15 +17,19 @@ def initialize(controller, ability = ::Ability)
         # AbstractModel instance that applies. The third argument is the actual model
         # instance if it is available.
         def authorize(action, abstract_model = nil, model_object = nil)
-          @controller.current_ability.authorize!(action, model_object || abstract_model && abstract_model.model) if action
+          return unless action
+          subject = model_object || abstract_model && abstract_model.model
+          @controller.current_ability.authorize!(subject ? action : :read, subject)
         end
 
         # This method is called primarily from the view to determine whether the given user
         # has access to perform the action on a given model. It should return true when authorized.
         # This takes the same arguments as +authorize+. The difference is that this will
         # return a boolean whereas +authorize+ will raise an exception when not authorized.
         def authorized?(action, abstract_model = nil, model_object = nil)
-          @controller.current_ability.can?(action, model_object || abstract_model && abstract_model.model) if action
+          return unless action
+          subject = model_object || abstract_model && abstract_model.model
+          @controller.current_ability.can?(subject ? action : :read, subject)
         end
 
         # This is called when needing to scope a database query. It is called within the list