Roles authorization with Rails 3 and Devise
Question
I have used devise ever since i got over to Rails 3, that was around the first or second beta, and now i also needs some Roles. After searching the web it looked like CanCan should be the best solution. But i'm unsure if CanCan can manage my needs, like i want a forum moderator who can edit/destroy the topic, but the user who created the topic should also be able to edit, so how can i do that?
1 answers
solution1
4 ACCPTED 2010-12-31 23:42:26
Based on your brief description above, I'd imagine CanCan should be able to handle your needs.
CanCan is primarily simplified syntax to centralize authorization rules. It doesn't provide roles out of the box. However, the CanCan wiki has a bunch of very useful links, including a simple and a more complex approach to implementing roles.
I have found it helpful to model ownership directly rather than trying to have an "owner" role. So (assuming you use the simpler role scheme above) the use case you describe above would be modelled in your Ability definition thus:
def initialize(user)
...
can :manage, Topic if user.is? :moderator
can :manage, Topic { |topic| if (topic.user_id == user.id) }
...
end
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.