Scope new record instantiation by authorization scope (activeadmin#6884)

ngouy · web-flow · commit 2baf687b77c1 · 2021-04-19T09:33:03.000-04:00
diff --git a/lib/active_admin/resource_controller/data_access.rb b/lib/active_admin/resource_controller/data_access.rb
@@ -128,7 +128,7 @@ def build_resource
       #
       # @return [ActiveRecord::Base] An un-saved active record base object
       def build_new_resource
-        scoped_collection.send(
+        apply_authorization_scope(scoped_collection).send(
           method_for_build,
           *resource_params.map { |params| params.slice(active_admin_config.resource_class.inheritance_column) }
         )
diff --git a/spec/unit/resource_controller/data_access_spec.rb b/spec/unit/resource_controller/data_access_spec.rb
@@ -225,5 +225,16 @@
     it "should assign nested attributes once" do
       expect(subject.posts.size).to eq(1)
     end
+
+    context "given authorization scope" do
+      let(:authorization) { controller.send(:active_admin_authorization) }
+
+      it "should apply authorization scope" do
+        expect(authorization).to receive(:scope_collection) do |collection|
+          collection.where(age: "42")
+        end
+        expect(subject.age).to eq(42)
+      end
+    end
   end
 end

Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ def build_resource`
`128`	`128`	`#`
`129`	`129`	`# @return [ActiveRecord::Base] An un-saved active record base object`
`130`	`130`	`def build_new_resource`
`131`		`- scoped_collection.send(`
	`131`	`+ apply_authorization_scope(scoped_collection).send(`
`132`	`132`	`method_for_build,`
`133`	`133`	`*resource_params.map { \|params\| params.slice(active_admin_config.resource_class.inheritance_column) }`
`134`	`134`	`)`