How can I clean up my user permissions code in Ruby/Rails?

Question

I am writing a system where every user can manage other users' permissions.

I have a business requirement where a logged_in_user can't demote someone higher than them in rankings. My positions are the following:

STAFF < MANAGER < ORGANIZATION_ADMIN

I am trying to display the permission buttons for the users and have the following (ugly) method that gets the job done, but feels like awful code.

# Iterate through all users and allow for their permissions to be modified
other_users.each do |other_user|
  buttons_to_show = get_buttons_to_show(logged_in_user, other_user)

  if buttons_to_show.include?(ORGANIZATION_ADMIN)
    puts "Make other_user #{ORGANIZATION_ADMIN}" # Will be a button on UI

  if buttons_to_show.include?(MANAGER)
    puts "Make other_user #{MANAGER}" # Will be a button on UI

  if buttons_to_show.include?(STAFF)
    puts "Make other_user #{STAFF}" # Will be a button on UI
end


def get_buttons_to_show(current_user, other_user)
  buttons_to_show = []

  if (current_user.at_least_staff? && other_user.role != MANAGER && other_user.role != ORGANIZATION_ADMIN) ||
      (current_user.at_least_manager? && other_user.role != ORGANIZATION_ADMIN) ||
      (current_user.at_least_organization_admin?)
    buttons_to_show << STAFF
  end

  if (current_user.at_least_manager? && other_user.role != ORGANIZATION_ADMIN) ||
      (current_user.at_least_organization_admin?)
    buttons_to_show << MANAGER
  end

  if current_user.at_least_organization_admin?
    buttons_to_show << ORGANIZATION_ADMIN
  end

  buttons_to_show
end

Kamilski81 · Accepted Answer

I decided to use Pundit and move all of those methods into my policies. Works like a charm and is much cleaner.

How can I clean up my user permissions code in Ruby/Rails?

Answers (2)

Related Questions