Boolean table column which user can change only to 'false'

Question

I wonder is this possible or I need to model it differently. I have one table column which can have 'true' or 'false' values. I have two types of users, regular user and editor. This is basic model of Post:

create_table "post", force: true do |t|
    t.boolean  "post_visible",          default: false
end

Regular user can create a post but post is not visible immediately on site. Editor needs to set boolean column post_visible to 'true'. After post is visible, regular user can change post_visible back to false. How can I accomplish to allow editor to set post_visible column to true and false and regular user only to false.

Editor

• can change post_visible column to true and false

Regular User

• can change post_visible column only to false

User table has column is_editor which is false if user is regular user and true if user is editor. Security is made so I can easily access current user permission via helper like this: current_user.is_editor.

Any suggestions how to accomplish this? :)

Answer 1

I think you should consider using two fields instead of one: is_reviewed and is_visible. The editor can edit both fields and the regular user can change is_visible only. The post is published if it's reviewed and visible. If you go this way, make sure regular user cannot mass-assign is_reviewed.

Answer 2

in model file

before_validation :make_false_if_regular

private

def make_false_if_regular
  if user.type == "regular"
    post.post_visible = nil
  end
end

Answer 3

yes, You are doing good. Now, you have restrict the access to the users. For this you need some kinda of Authorization so you can check the request is legit or not. The most famous way is to do with cancan gem (https://github.com/ryanb/cancan) you can also create your own authorisation system.