Authorization on an association with CanCan,Devise and Rolify
Question
I have the current database estructure in my application:
Publisher has_many videos, has_many users
Video belongs_to publisher
User belongs_to publisher
I want to be able to give permissions to the users based on the publisher, but the object that actually gets edited it's the video object.
Meaning that an User X can edit videos from publisher 1 and 2 but User Y can only edit videos from publisher 2 and 3 and so on. I'm pretty sure this can be done with the CanCan, Devise, Rolify combo.
Can anyone point me in the right direction here?
1 answers
solution1
1 ACCPTED 2012-08-13 15:56:31
sorry for the delayed response. Hopefully you've figured out your problem by now, but I will provide a solution for you.
In your CanCan ability you have something like this:
def initialize(current_user)
current_user ||= User.new
can :update, Video do |video|
current_user.publisher_list.contains? video.publisher
end
end
The above code will work if user.publisher_list returns a list of publishers a user can modify. I believe you can also do:
def initialize(current_user)
current_user ||= User.new
can :update, Video, publisher: {id: current_user.publisher_list}
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.