Skip to content

Granting proper access after creating a new entity: Policies Permissions Roles

Jump to bottom Edit New page
Julien Portalier edited this page Jul 5, 2022 · 5 revisions

After creating a new entity and its corresponding permissions, or whenever we change a set of permissions (adding or removing), we must update roles and computed policies.

1. Implicit Permissions (e.g. superadmin aka institution creator):

This is accomplished by running the following commands in the corresponding server: User.all.each { |user| user.update_computed_policies } a rake task:

$ bin/rails policy:calculate_computed

2. Default Roles

You can recreate the default institution and site roles, which will reset them to their initial state (any customization will be erased) by running the following rake task:

$ bin/rails policy:update_roles

Alternatively, you can write a rake task to copy the new permissions from those JSON roles (inside app/policies/roles/) to the existing institutions and sites roles, which would only add the new permissions (instead of resetting them). You can use the policy:add_box_permissions rake task as a basis.

3. Custom Roles that need to have access to the new entity

For this there's no automated action. A user with the proper access needs to grant the new permissions in the roles that they see fit.

Add a custom footer
Add a custom sidebar
Clone this wiki locally