Usual way for person data?

[Martin]

Hi there,

What is the usual way to let a user modify his own data and the admin to
edit and view the data of all users.

I could do:

1) create a Person model with a route
resources :people

that works fine, if I check the permissions for :admin and non admin
accounts.

but for a user I have the /person/334/edit route.  But for the user
which is not an admin, I'd like not to have this id in the route.

so I

2) routed like this:

namespace :admin do
    resources :people
end
namespace :user do
    resoures :people
end

but then I have two controllers, can I put this together as one?

and another problem:  there is no redirect_to @person , which is also
bad, maybe I could get it work in the model, checking if an admin or a
user should be redirected to @person.

What is the usual way to fix the user edits his own, and the admin edits
all data?

Thanks,
Martin

[Mike]

You probably should need to use some permission management system, such as cancancan or pundit, with a roles system such as rolify to control who can do what.

In the majority of systems this is preferable to having an admin system and a user system (admins after all are only special users).

That way you can scope the resources so it only returns the users record if you are a user, or all records if you are an admin