How do I use CanCan with rails admin to check for ownership

StackOverflow https://stackoverflow.com/questions/8591654

Question

When a user in my app isn't an admin user i want to only let them see the fields that they have ownership of.

Is there a so set can :see or something like that on a per field basis so that it displays just the fields that that use "can see", or should I have an ability called can :oversee to state that they can see everything instead.

I suppose it's much easier to just check if the user is admin or not in rails admin, so where set rails admin to only pull the current user's records.

Was it helpful?

Solution

With cancan, you can check permissions on objects like this:

if can?(:read, order)
  # do something!
end

if can?(:email, order)
  # do something!
end

But that's only referring to visibility at the object level.

In RailsAdmin, you can set field visibility by passing in a blocks, described here.

For example:

RailsAdmin.config do |config|
  config.model Order do
    list do
      field :name
      field :profit do
        visible do
          current_user.roles.include?(:admin)
        end
      end
    end
  end
end
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top