declarative authorization has_(not)_permission_on

106 Views Asked by Mark Kenny At 25 July 2014 at 11:42

I have a (relatively) large rails app which uses declarative authorization for role based permissions. Admin users currently have the following permissions:

role :administrator do
  has_omnipotence
end

I need to add a higher role (root) which can exclusively have permissions on certain actions.

The obvious thing to do is to get rid of has_omnipotence from the administrator role block and manually add all permissions on all controllers but root_accounts, but this is painful. Is there a way that I could do something like the following?

role :root do
  has_permission_on [:root_accounts], :to => [:new, :create ... ]
end

role :administrator do
  has_omnipotence {except [:root_accounts], :to => [:new, :create ...]}
end

Original Q&A

There are 1 best solutions below

xiangxin On 21 May 2015 at 02:41

There's no such syntax. But you can check for a specific role in your view/controller:

<% unless has_role?(:administrator) %>
  <%= link_to 'New root account', new_root_account_path %>
<% end %>

def create
  permission_denied if has_role?(:administrator)
  ...
end

It's not very scalable tho.

declarative authorization has_(not)_permission_on

There are 1 best solutions below

Related Questions in RUBY-ON-RAILS-3

Related Questions in DECLARATIVE-AUTHORIZATION

Trending Questions

Popular # Hahtags

Popular Questions