Move authorization checks outside of the backend "auth" adapter

Those are not dependent on the authentication system.

admin/app/controllers/solidus_admin/accounts_controller.rb

@@ -2,6 +2,8 @@
 
 module SolidusAdmin
   class AccountsController < SolidusAdmin::BaseController
+    skip_before_action :authorize_solidus_admin_user!
+
     def show
       redirect_to spree.edit_admin_user_path(current_solidus_admin_user)
     end

admin/app/controllers/solidus_admin/authentication_adapters/backend.rb

@@ -11,20 +11,9 @@ module SolidusAdmin::AuthenticationAdapters::Backend
   private
 
   def authenticate_solidus_backend_user!
-    if respond_to?(:model_class, true) && model_class
-      record = model_class
-    else
-      record = controller_name.to_sym
-    end
-    authorize! :admin, record
-    authorize! action_name.to_sym, record
-  rescue CanCan::AccessDenied
-    instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
-  end
+    return if spree_current_user
 
-  # Needs to be overriden so that we use Spree's Ability rather than anyone else's.
-  def current_ability
-    @current_ability ||= Spree::Ability.new(spree_current_user)
+    instance_exec(&Spree::Admin::BaseController.unauthorized_redirect)
   end
 
   def store_location

admin/app/controllers/solidus_admin/base_controller.rb

@@ -9,6 +9,7 @@ class BaseController < ApplicationController
     include GearedPagination::Controller
 
     include SolidusAdmin::ControllerHelpers::Authentication
+    include SolidusAdmin::ControllerHelpers::Authorization
     include SolidusAdmin::ControllerHelpers::Locale
     include SolidusAdmin::ComponentsHelper
     include SolidusAdmin::AuthenticationAdapters::Backend if defined?(Spree::Backend)

admin/app/controllers/solidus_admin/controller_helpers/authorization.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module SolidusAdmin::ControllerHelpers::Authorization
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :authorize_solidus_admin_user!
+  end
+
+  private
+
+  def current_ability
+    @current_ability ||= Spree::Ability.new(current_solidus_admin_user)
+  end
+
+  def authorize_solidus_admin_user!
+    subject = authorization_subject
+
+    authorize! :admin, subject
+    authorize! action_name, subject
+  end
+
+  def authorization_subject
+    "Spree::#{controller_name.classify}".constantize
+  rescue NameError
+    raise NotImplementedError, "Couldn't infer the model class from the controller name, " \
+      "please implement `#{self.class}#authorization_subject`."
+  end
+end