Created by: nando
DISCLAIMER: the original message of this PR written two months ago has been updated to represent better its current state (however the original one has been kept at the end).
Problem: If the resource managed by the dashboard has scopes defined there's no way to limit the scope of the search with them.
Solution: Declare a new constant in the dashboard (COLLECTION_SCOPES) to define the valid scopes that could be used in the query while searching in the index page. The following is the current definition of the COLLECTION_SCOPES constant in the template used to generate new dashboards:
# COLLECTION_SCOPES
# an array or hash that define the valid scopes that could be used while
# searching as part of the query string.
COLLECTION_SCOPES = [] # Comment to use any scope, but read this text below.
# If the above COLLECTION_SCOPES definition doesn't exist then any "scope"
# defined could be used searching *scope:<name_of_the_scope>*. Though this
# could be a nice feature in applications that has the dashboard access
# properly secured **this approach is not recommended**. Administrate has
# no way to know the scopes defined in the model and will send to the model
# anything not included in its blacklist.
#
# When defined buttons will appear in the index header in order to filter the
# resources displayed. If it's an array it will be treated internally as if
# it were a hash with a single key called *scopes* pointing to our array. The
# hash's keys and the scope definitions will be used to show a localized
# caption for each button using *administrate.scopes.<model_class>* as I18n's
# scope. If no translation the scope in that model, Administrate'll retry the
# translation with the scope *administrate.scopes*. That will let us share
# the same translation between different models (and be DRY!).
#
# Definition example with an Array:
#
# COLLECTION_SCOPES = [
# :opened,
# :closed
# ]
#
# Definition example with a Hash:
#
# COLLECTION_SCOPES = {
# status: [:opened, :closed],
# headquarters: [:madrid, :oviedo, :mexicodf]
# }
#
# Scopes with an argument can also be defined. An explicit value for the
# argument can be defined adding that value after scope name between
# parenthesis and without quotes. For example:
#
# COLLECTION_SCOPES = {
# headquarter: ["office(madrid)", "office(oviedo)", "office(mexicodf)"]
# }
#
# Will use the scope *office(city)* using "madrid", "oviedo" and "mexicodf"
# as arguments.
#
# Finally, it's possible to let the user indicate the value of the argument
# as part of the search query adding ":*" after the scope name. For example:
#
# COLLECTION_SCOPES = {
# headquarter: ["office(madrid)", "office(oviedo)", "office:*"]
# }
#
# Won't show any scope button for "office:*" but will let us indicate any
# value after "office:" to use it as argument for the *office(city)* scope.
# If our search query is "office:mexicodf" we'll get the same results than
# clicking in the third button of the previous example (which query would be
# "scope:office(mexicodf)").
ORIGINAL MESSAGE I hope you like the idea (I've modified the original PR to avoid sending the scope to the model if it looks suspicious. We do not have that security problem in our project since our AdministrateController has 'before_filter :require_admin' at the beginning of its definition.