Pass auth_object to ransackable_attributes

[BoberMod]

Feature

Ransack supports authorization for ransackable_attributes by passing optional auth_object. Based on this object, we can decide which attributes to make searchable.

I expect auth_object to be an object returned by current_user_method, although I assume it could introduce breaking changes for existing users.

Current workarounds

I think it could be possible by overriding the resource index_query to something like that, but I didn't try (and don't want to override the defaults, which are fine for me).

self.index_query = {
    query: -> { query.ransack(name_eq: q, auth_object: current_user).result) }
  }

Screenshots or screen recordings

-

Additional context

Although Avo already restricts filtering by fields that are not explicitly filterable, we still need to use a different set of attributes when Avo is used as an add-on to an existing application (like active_admin).
In this case, we want to have 2 sets of attributes: one for application users and another one is for Avo users.

[linear]

AVO-860

[Paul-Bob]

@BoberMod your use case requires having different returns for ransackable_attributes depending on the context where it is called. So for Avo it would return some attributes and for other parts of the app different attributes?

PS: I got it now, is not based on the context but based on the user