Reputation: 12653
Defining role-based access to the Devise User model
Can anyone point me towards documentation on this?
I'm using Devise + CanCan in a Rails3 app, and setting up Ability.rb.
I want to restrict access to the edit/ delete User paths, depending on the user's role. Normally Ability.rb would be something like :
def initialize(user)
if user.role? :moderator
can :manage, User
end
end
But in the views I'm using the Devise registration paths for edit/ delete:
<% if can? :update, @user %>
<%= link_to 'Edit', edit_user_registration_path(@user) %> |
<% end %>
"can :manage, User" doesn't seem to apply to these paths, and they remain hidden irrespective of role.
If I use "can :manage, :all", then these paths can be accessed by the moderator user.
So, "User" clearly isn't the correct model to manage. I've tried "Devise" and "Registration", to no avail.
What value should I be using - "can :manage, ????" - and where can I find documentation to explain why?
Thank you for any pointers!
Upvotes: 0
Views: 2592
Answers (1)
Reputation: 7015
The problems you are facing, I faced them back in my last project.
This link will get you all your answers.
Rails-authentication-with-devise-and-cancan-restful-resources-for-administrators
Hope it helps.
Upvotes: 3
Related Questions
- How to restrict the access to models for different user roles in rails (cancan gem)?
- Devise and multiple users models
- Devise and CanCan Roles Set By Other Users? (Rails 4.0)
- Roles authorization with Rails 3 and Devise
- Sanity check my Rails "Roles and Users" approach with Devise and Cancan
- Implementing user roles into project using CanCan
- Assign user roles with CanCan?
- Devise CanCan Roles and Profile
- CanCan Separate Role Model
- multiple roles in rails