Permissions audit

[filipegiusti]

I'm trying to generate a list of resources actions that each user role has access to in order to be able to audit our permissions, however I got stuck when instantiating a Resource.

This is as far as I could get.

[1] pry(main)> (Avo::Resources.constants(false) - [:BaseResource, :Helpers, :Controls, :Items]).map { |r| Avo::Resources.const_get(r).new.actions }
NoMethodError: undefined method `use' for nil (NoMethodError)

          entity_loader(entity).use({class: entity_class, arguments: arguments, icon: icon, default: default}.compact)
                               ^^^^
from /home/fgiusti/.rbenv/versions/ruby-3.3.1/gemsets/pathstream/gems/avo-3.19.3/lib/avo/resources/base.rb:354:in `block (2 levels) in <class:Base>'

Apparently the resources are missing @actions_loader being set.

My idea was to get a list of actions for each resource than get the policy of each resource and run act_on? against each user role. However I can't get a list of actions for a resource.

[Paul-Bob]

Hi @filipegiusti

I see that you're attempting to use some internal calls to retrieve that list. I'll paste a snippet of code below that might work for your case. However, please be aware that these internals might change in the future.

Avo::Resources::ResourceManager.fetch_resources.map { {_1 => _1.new(view: :index).get_actions} }