Feature #5537
closedMenu/authorization: need alternative to rails controller centric authorization
Description
The methods authorized? and allowed_to should be less controller centric.
In bastion we only have one controller: https://github.com/Katello/katello/blob/master/engines/bastion/app/controllers/bastion/bastion_controller.rb. That controller simply renders html, js, and css which in turn powers the application.
We cannot show menu items based on permissions because the menu item authorization relies on there being a controller `entity` with an action `action`. We need some way to specify the entity and action without undue reliance on the existence of a rails controller.
One solution ehelms proposed was to "allow passing in a Proc to define a path or pass in 'url' if the user wants to".
References:
https://github.com/theforeman/foreman/blob/develop/app/services/menu/item.rb#L36
https://github.com/theforeman/foreman/blob/acfbc45886c4d81a2a3ca5af433a6124a0a7191a/app/models/role.rb#L79