All threads / Admin for the specific case

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Admin for the specific case

Jan Lachowicz asked in Gems / Libraries

Hello,
I have a problem and just missing the solution.
In my project I have user accounts made in devise that are connected to Case model through Work model (with is_admin boolean attribute) with has_many through association. There are couple of models connected to Case. Every user can create a case (becoming an admin) and objects that will be associated with it. He/she can also manage them if Work object with is_admin is true for current_user and specific case. For now I wrote a method in Work model that is checking if current_user is an admin and in every controller did a callback to check this before every action and redirect to root if is_admin is false.
And my question is: Is there any gem or nice solution to do authorization like this (not just with "admin or not" user accounts)?
Sorry for my English, and thank you in advance for your help.
Janek

I think Pundit would make a lot of sense for this. With Pundit, you're passing in the user and you can use it to evaluate whether the user has access to the object. Instead of putting the authorization logic int a method on the Work model, you can do it inside the Pundit class instead. That makes things a lot better organized and manageable for you.

Thanks for answer!
Now I'm going to pundit screencast :)

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 33,665+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.