Databases
StackOverflow2013
Postsdbo
PODefining abilities in more complex environment with role and group models
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PODefining abilities in more complex environment with role and group models
    text
    copied!<p>in my rails app (I use devise and cancan), each (registered) user belongs to <em>exactly</em> one role ('Administrator' or 'Users') but to <em>at least</em> one group (something like 'Family', 'Friends', 'Co-workers'). At runtime, when a new folder (see below) is created, a habtm relation to one or many groups can be set, which defines who can access the folder. Selecting <em>no</em> group at all should result in a world-wide accessible folder (i.e. users do not have to be logged in to access these folders). But right now, I don't know yet, how to define such world-wide accessible folders in my ability.rb, because I do not know how to define "can read folders which have no groups associated to it".</p> <p>The relevant snippet of my <code>app/models/ability.rb</code> looks like this:</p> <pre><code>user ||= User.new if user.role? :Administrator can :manage, :all elsif user.role? :Users # user should only be able to read folders, whose associated groups they are member of can :read, Folder, :groups =&gt; { :id =&gt; user.group_ids } else # here goes the world-wide-accessible-folders part, I guess # but I don't know how to define it: ## can :read, Folder, :groups =&gt; { 0 } ??? end </code></pre> <p>The relevant snippet of my <code>app/controllers/folders_controller.rb</code> looks like this:</p> <pre><code>class FoldersController &lt; ApplicationController before_filter :authenticate_user! load_and_authorize_resource </code></pre> <p>Can someone give me a hint?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload