I have a problem and just missing the solution.
In my project I have user accounts made in devise that are connected to Case model through Work model (with is_admin boolean attribute) with has_many through association. There are couple of models connected to Case. Every user can create a case (becoming an admin) and objects that will be associated with it. He/she can also manage them if Work object with is_admin is true for current_user and specific case. For now I wrote a method in Work model that is checking if current_user is an admin and in every controller did a callback to check this before every action and redirect to root if is_admin is false.
And my question is: Is there any gem or nice solution to do authorization like this (not just with "admin or not" user accounts)?
Sorry for my English, and thank you in advance for your help.
I think Pundit would make a lot of sense for this. With Pundit, you're passing in the user and you can use it to evaluate whether the user has access to the object. Instead of putting the authorization logic int a method on the Work model, you can do it inside the Pundit class instead. That makes things a lot better organized and manageable for you.
Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.