Enabling access rights



  • Good afternoon.

    class Ability

    can :manage, Company do |company|
      user.available_roles.include?(company.role)
    end
    

    class User

    belongs_to :company
    delegate :admin?, :operator?, :agent?, :sales?, :visitor?, :available_roles, :role, to: :company
    

    class Company

    has_many :users
    

    def admin?
    role == 'admin'
    end

    def operator?
    role == 'operator'
    end

    def agent?
    role == 'agent'
    end

    def sales?
    role == 'sales'
    end

    def visitor?
    role == 'visitor'
    end

    def available_roles
    case role
    when 'admin'
    %w[visitor sales agent operator admin]
    when 'operator'
    %w[visitor sales agent]
    else
    []
    end
    end

    class CompaniesController

      authorize_resource

    def new
    @company = Company.new
    respond_with @company
    end

    def create
    @company = Company.create(company_params)
    respond_with @company
    end

    In establishing the Companies, Admin can define the role of companies %w[visitor sales agent operator admin]

    When establishing the Companies, the Operator can determine the role of companies only [visitor sales agent]

    Through the console:
    User.last That's it. user rights operator

    » Ability.new(User.last).can? :manage, Company.new(role: :admin, name: 'Company Administrator')
    User Load (1.5ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1
    Company Load (0.8ms) SELECT "companies".* FROM "companies" WHERE "companies"."id" = $1 LIMIT 1 [["id", 4]]

    false

    » Ability.new(User.last).can? :manage, Company.new(role: :agent, name: 'Company Agent')
    User Load (1.4ms) SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1
    Company Load (0.5ms) SELECT "companies".* FROM "companies" WHERE "companies"."id" = $1 LIMIT 1 [["id", 4]]

    true

    But through the web interface, the operator can create a company with a role. admin and operator

    Please tell me what's wrong?



  • Helped. class CompaniesController

    authorize_resource replaced load_and_authorize_resource


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2