ruby on rails 4 - Field level permissions using CanCanCan or Pundit -


i using rails 4.1.14 cancancan 1.13.1 , defined granular permissions on model/record level. admins can manage articles users can edit articles authored.

to prevent regular users editing specific fields make fields visible in rails_admin depending on role.

visible    bindings[:object].id == bindings[:view].current_user.roles.include? :admin end 

i using https://github.com/aasm/aasm gem , created custom actions user can move records new states.

but want enable field level permissions depending on user's role / record. can't find docs on cancancan or https://github.com/elabs/pundit pages.

does have experience that?

you mean admin should allowed edit fields of record, editor allowed change fields x , y?

yes, possible in pundit, since integrates strong parameters (which should using anyway). there's example in pundit readme (see: strong parameters). simplified example readme:

# post_policy.rb def permitted_attributes   if user.admin?   [:title, :body, :tag_list] else   [:tag_list] end  # posts_controller.rb @post.update_attributes(permitted_attributes(@post)) 

the permitted_attributes helper in controller provided pundit , automagically calls permitted_attributes method of infered policy.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -