Mass assignment and roles in Rails
-
21-06-2021 - |
题
I have Users, Roles, and Network
models in Rails 3. Users
and Networks
have a HMT relationship through Roles
. If a User
has an Role
type of 'admin' with a specific Network
, he/she can change the Role
of other Users
.
It seems like the Role
type should not be available via mass-assignment. So how does a Network
admin change the position type of other Users
? I actually think this is a really basic question, but I just can't find the answer.
I am using CanCan and have a current_user method. Does that simply mean the controller would have a simple if/then check to see if the user has the appropriate role in a network?
Does mass assignment only apply to pages that have no authentication?
解决方案
So a couple things
- You'll presumably display a role select box on the users/1/edit page if the user is an admin
- On the update action on the controller, you'll have some kind of authorization to make sure the user is an admin
- When the time comes to make the update
:
class myModel < ActiveRecord::Base
attr_accessible :some_attr, :other_attr
attr_accessible :some_attr, :other_attr, :role_id, :as => :admin
end
class myController < ApplicationController
#admin check before doing the following
if @user.update_attributes(params[:user], :as => :admin)
redirect_to root_path
end
end
不隶属于 StackOverflow