Attribute level authorization using cancancan in rails
Question
I am using cancan for authorization. I have different admin roles and I want to show them specific columns to them according to their role(admin, mega_admin). Basically I want to do something like this.
index do
selectable_column
column :first_column if can? :read_first_column #visible to mega_admin only
column :second_column if can? :read_second_column
actions
end
How do i do this since cancancan doesn't provide attribute level authorization?
2 answers
solution1
0 2018-07-03 16:10:32
You would have to define an Ability and later check on it :
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
if user.mega_admin? // here
can :mega_manage, :all
else if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
solution2
0 2018-07-05 06:10:12
You can try the version 3.0 ( https://github.com/CanCanCommunity/cancancan/tree/feature/3.0.0 ) and the attribute level permissions feature ( https://github.com/CanCanCommunity/cancancan/tree/feature/3.0.0#version-30 ).
Note that at the present date is not released yet so you'll have to include it from github:
gem 'cancancan', github: 'CanCanCommunity/cancancan', branch: 'feature/3.0.0' .
When using version 3 you can define:
can :read, ModelClass, :first_columnn
can :read, ModelClass, :second_columnn
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.