ruby on rails 4 - Field level permissions using CanCanCan or Pundit -
i using rails 4.1.14 cancancan 1.13.1 , defined granular permissions on model/record level. admins can manage articles users can edit articles authored. to prevent regular users editing specific fields make fields visible in rails_admin depending on role. visible bindings[:object].id == bindings[:view].current_user.roles.include? :admin end i using https://github.com/aasm/aasm gem , created custom actions user can move records new states. but want enable field level permissions depending on user's role / record. can't find docs on cancancan or https://github.com/elabs/pundit pages. does have experience that? you mean admin should allowed edit fields of record, editor allowed change fields x , y? yes, possible in pundit, since integrates strong parameters (which should using anyway). there's example in pundit readme (see: strong parameters). simplified example readme: # post_policy.rb def permitted_attributes if user.admin? [:title...