stackoom
  简体   繁体   中英

How to restrict the access to models for different user roles in rails (cancan gem)?

 原文  2017-07-17 10:06:10       ruby-on-rails/ ruby/ devise/ cancan

Question

I want 3 user levels as Admin ,Manager,Customer in my rails application. So i've created 3 devise models as admin,manager and customer. And in my application there are models and controllers for product,delivery,services. And I want to set access levels to each models.

So Admin have access to all models, controllers

Manager have access to Product, Delivery

Customer have access to Services

how can i write the ability model to match these requirements I've written it as follows.Don't know whether it's correct. 

class Ability
  include CanCan::Ability
    def initialize(user)
        # Define abilities for the passed in user here. For example:
        #
          user ||= User.new # guest user (not logged in)
          if user.admin?
            can :manage, :all
          elsif user.manager?
            can :manage, product ,delivery
          elsif user.customer?
            can :manage, services
          end
    end

AND PLEASE HELP ME TO WRITE THE CODE FOR THE MODELS TO RESTRICT DIFFERENT USER ROLE ACCESS. PLEASE BE KIND ENOUGH TO HELP ME!

1 answers

solution1
 1 ACCPTED  2017-07-17 10:42:44

I think the easiest way to tackle this would be in your controller. Let us say you had a book model with controller, and only wanted to allow admins to access this part. It's probably best to create a method in your bookings controller, and call it using the before action method: 

class BookingsController < ApplicationController
  before_action :check_admin

  def check_admin
    return unless admin_signed_in?
    redirect_to root_path, error: 'You are not allowed to access this part of the site'
  end
end

This will perform the check_admin method every time anything happens in the bookings controller, and will redirect to your root path unless an admin is signed in. Devise also comes with user_signed_in? and manager_signed_in? helpers if you've created models with those names.

You can tailor this more by deciding which controller actions will perform the action, for example 

before_action :check_admin, only: [:edit, :create, :delete, :update, :new]

Would only perform the check before those controller actions, and allow anyone to access the index and show actions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Devise + CanCan + Different Models (roles) Unable to access model using cancan gem in rails Rails: authorizing user with CanCan gem issue How to assign roles to a user with devise, cancan and rolify? Rails cancan (roles with weight) rails cancan roles? Rails cancan gem Rails: CanCan many roles per user can not save checkbox value Rails 3.2 CanCan - Restrict access to projects url not Owned How to restrict access to different pages in Rails?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM