Properly setting board rules on a controller
15 views
Skip to first unread message
craigs...@gmail.com
Dec 31, 2014, 10:43:27 AM12/31/14
to canc...@googlegroups.com
I have a restful controller Business with an arbitrary number of actions, most of them various versions of a show action. I would like a user role, ReadOnly, to be able to do anything with that controller, aside from anything that would modify a Business model. I do not want to have to modify Ability.rb every time a new action is added, as that's really smelly.
This is what I have now:
if user.read_only?
can :manage, Business
cannot [:update, :delete], Business
end
Is this the proper way to set these permissions?
brite
Dec 31, 2014, 6:02:08 PM12/31/14
to canc...@googlegroups.com, craigs...@gmail.com
I think what you have is probably the best way. Cancancan has alias for the 7 REST actions, and supports adding non-RESTful actions, but doesn't have an action alias for it. Alternatively you could manually authorize the non-RESTful actions doing something like:
so you can say
or setup an action alias: https://github.com/CanCanCommunity/cancancan/wiki/Action-Aliases
authorize! :read, @businessso you can say
can :read, Businessor setup an action alias: https://github.com/CanCanCommunity/cancancan/wiki/Action-Aliases
Reply all
Reply to author
Forward
0 new messages