ruby on rails - Restrict access for admin part and user's management -


i'm using cancan. there user registration page , admin namespace admin manages users. there 2 abilities: "normal" , "admin_ability" admin part of web site:

  namespace :admin     resources :users   end

how restrict access that:

  • anyone can create user registration

  • an user can edit themself , delete

  • and admin can user , delete

i tried didn't found how wanted. thoughts?

you need define permissions in abilities model, placed in app/models.

for instance, in app/model/admin_ability.rb:

class adminability   include cancan::ability    def initialize(admin)     if admin       can :manage, :all     end   end end

then in app/models/user_ability.rb (i guess mean "normal"):

class userability   include cancan::ability    def initialize(user)     if user      user ||= user.new # guest user (not logged in)         can :manage, user, :id => user.id     end end

you can restrict actions allowed role; :manage all, can use :read, :show, :edit, :destroy or array of them.

you can find deeper information here: https://github.com/ryanb/cancan/wiki/defining-abilities


Comments

Post a Comment

Popular posts from this blog

c# - Operator '==' incompatible with operand types 'Guid' and 'Guid' using DynamicExpression.ParseLambda<T, bool> -

i'm using dynamic linq library , there source code , basic docu , nuget version pm> install-package dynamiclinq i'm trying construct clause involves guids i have tried string "id == @0" . parameter array object[] value ( guid xxxx ) var whereclausesb = buildlogicalkeywhereclause2(entity, logicalkey); //build string var parms = buildparamarray(entity, logicalkey); // object[] var wherelambda = ofsi.bos.core.dynamicexpression.parselambda<t, bool>(whereclausesb.tostring(),parms); //parse an exception thrown in dynamicexpression.parselambda operator '==' incompatible operand types 'guid' , 'guid' i have tried guid , string.(fail) i tried , "id = @0" (fail). string == string works, int32==int32 not guid == guid not any ideas? try using equals method instead of == operator in string: "id.equals(@0)"
Read more