Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ ATTRIBUTE_TYPES = {
By default the gem adds the Export button to the partial `views/admin/application/_index_header.html.erb`. But if you have your own Administrate `index` views or override that partial in your application you can add the link manually:

```ruby
link_to('Export', [:export, namespace.to_sym, page.resource_name.to_s.pluralize.to_sym, sanitized_order_params(page, :id).to_h.merge(format: :csv)], class: 'button') if valid_action?(:export)
link_to('Export', [:export, namespace.to_sym, page.resource_name.to_s.pluralize.to_sym, sanitized_order_params(page, :id).to_h.merge(format: :csv)], class: 'button') if existing_action?(resource_class, :export)
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README: the manual Export link now uses existing_action?(resource_class, :export) but the shipped _index_header partial also checks authorization. To avoid showing an Export button to users who aren’t allowed to export, align the README snippet with the view’s authorization check (or document why the authorization check is intentionally omitted).

Copilot uses AI. Check for mistakes.
```

Example:
Expand All @@ -78,13 +78,13 @@ Example:
),
[:new, namespace.to_sym, page.resource_path.to_sym],
class: "button",
) if valid_action?(:new) && show_action?(:new, new_resource) %>
) if existing_action?(resource_class, :new) && authorized_action?(new_resource, :new) %>
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README example now uses existing_action?/authorized_action? for the New button condition, but the gem’s bundled _index_header partial uses accessible_action? for New. This inconsistency can confuse users copying the example; update the README to use the same predicate(s) as the default partial (and ideally mirror the Administrate-recommended API for action visibility).

Copilot uses AI. Check for mistakes.

<%= link_to(
'Export',
[:export, namespace.to_sym, page.resource_name.to_s.pluralize.to_sym, sanitized_order_params(page, :id).to_h.merge(format: :csv)],
class: 'button'
) if valid_action?(:export) %>
) if existing_action?(resource_class, :export) %>
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README export example later in the snippet checks only existing_action?(resource_class, :export) while the bundled partial checks both existence and authorization. Consider adding the authorization predicate here as well (or explicitly calling out that policies still need an export? method when using Pundit).

Copilot uses AI. Check for mistakes.
</div>
....
```
Expand Down
2 changes: 1 addition & 1 deletion app/views/admin/application/_index_header.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@
[:export, namespace, page.resource_name.to_s.pluralize.to_sym, sanitized_order_params(page, :id).to_h.merge(format: :csv)],
class: 'button',
target: '_blank'
) if valid_action?(:export) && show_action?(:export, resource_name) %>
) if existing_action?(resource_class, :export) && authorized_action?(resource_name, :export) %>
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The export button visibility check was changed to existing_action? + authorized_action?, but this partial already relies on accessible_action? for the New button (line 26). Given the PR goal (replace removed show_action?/valid_action?), using accessible_action? here as well would be more consistent and avoids introducing new dependencies (resource_class, existing_action?, authorized_action?) that may not exist across the supported Administrate versions.

Suggested change
) if existing_action?(resource_class, :export) && authorized_action?(resource_name, :export) %>
) if accessible_action?(resource_name, :export) %>

Copilot uses AI. Check for mistakes.
</div>
</header>