Advanced Role Permissions in Rails

StackOverflow https://stackoverflow.com/questions/21516023

Question

I have an app where there are different layers of permissions that can manage, or just simply create/view different objects. An example of my breakdown:

  • A host can view a reservation for a restaurant, and make an edit, but cannot create
  • A doorman can create a new reservation, and edit.
  • A customer service rep (on our side), can do pretty much everything.
  • A superadmin can do everything.

Is there a gem or mountable engine that I can use to take care of this? What would be the best practice?

Était-ce utile?

La solution

Cancan is a good choice but lately I've been looking at Pundit as a better alternative. In your case you would have something like this:

# app/policies/reservation_policy.rb
ReservationPolicy = Struct.new(:user, :reservation) do
  def create?
    user.service_rep? || user.doorman?
  end
end

Then in your controller:

# app/controllers/reservations_controller.rb
class ReservationsController < ApplicationController
  def create
    @reservation = Reservation.new(reservation_params)
    authorize @reservation
    @reservation.save

    respond_with(@reservation)
  end
end

This isn't tested and will need to be adapted to your exact situation but I hope it's a starting point.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top