I am using rolify for assign various roles to a user. Like admin, professor, student, staff.
I am to define a condition where I have to specify that this particular condition is true for only those users who are not admin.
I know how to check if a user is admin
u=User.first
u.has_role?(:admin)
But I not able to figure out how to check the user doesn't have the role of admin?
Please help me get a solution to this.
you can implement this method in user model, this means that the user has other roles but not admin
def has_not_role?(role)
roles.where.not(name: role).exists?
end
Related
I'm making a Rails 6 application where I'm using Devise for authentication, Pundit for authorization and I added Active-Admin because I need a dashboard where admin users manage the content of the app.
Other than admin, I have a couple of more roles president, manager, guest. An admin can be president or manager.
I'm little confuse on what to use to implement the roles, with devise? pundit? I do it by hand?
Is it better to unite the User and the AdminUser model active-admin created? Because this way UserAdmin users can't log in to the application, only to the dashboard and that is not what I want.
I have seen tutorials where people add an admin:boolean column to the users, should I do something like that?
Is it better to unite the User and the AdminUser model active-admin created? Because this way UserAdmin users can't log in to the application, only to the dashboard and that is not what I want.
That depends more on your business logic. It may be a good idea to keep your users and admin_users tables separated; The users table will probably need to have a lot of associations with other tables, that will not be necessarily needed by admin_users, right?
I'm little confuse on what to use to implement the roles, with devise? pundit? I do it by hand?
You may define a role column in your admin_users table, and use that column in pundit policies, for example:
class ResourcePolicy
# ...
# ...
# ...
def update?
user.admin? || user.president?
end
end
in AdminUser, you can do the following:
class AdminUser < ActiveRecord::Base
def admin?
role == 'admin'
end
def president?
role == 'president'
end
end
There are many other ways to implement that, and they all depend on what you need to achieve.
I have two models that are generated by devise: Partner and Admin. Each of them has their own sessions currents and etc. Some controllers require only Admin that logged in, some controllers require either Partner or Admin to be logged in.
There is :authenticate_admin! and :authenticate_partner! methods that will be called in my controllers before_action.
I also use CanCanCan to define both of them roles.
That gives multiple questions:
If I logged in as Partner then I opened page where Admin must be logged in and I logged in, that means that I will have two sessions at once?
I logged in as Partner when I am also Admin, that mens I need to destroy session of Admin. How to make Devise to destroy other model sessions when current model is logged in?
Do I need to add something like this in controller where or Admin or Partner is needed?
before_action :authenticate_partner!
before_action :authenticate_admin!
And the last question is: how I can make Partners open pages (that means access controllers) only that is allowed by CanCanCan ?
I wanted to use authorize_resource, it asks only one model per controller.
Yes. There are two independent devise scopes for each model, using different session variables.
Devise does not destroy a scope session when you sign in the other scope, but you can do it manually. There is devise method sign_out(scope). In your case, you can call sign_out(:partner) and sign_out(:admin) when you need it. There also must be methods like this sign_out_partner, sign_out_admin, automatically provided for your scopes by Devise. Also, pay attention to config.sign_out_all_scopes devise option.
Yes, those filters restrict access to the controller's actions.
I hope this will help How to integrate CanCan with multiple devise models?
Do you really need two models ? Maybe you can just have one model (call it User) with a role as an integer ?
class User < ActiveRecord::Base
enum role: [ :partner, :admin ]
end
Currently i have two roles, the defaults, 'User' and 'Admin'.
And i added a new role called 'Manager' with the permissions to manage Order, User
class ManagerAbility
include CanCan::Ability
def initialize user
if user.has_spree_role?(:manager)
can :manage, Spree::Order
can :manage, Spree::User
end
end
end
If the Manager is logged in he can able to manage Orders and Users, Her he can able to create new User with Admin role. But I need an ability to create only 'User' not 'Admin' or other 'Manager' roles.
Using spree_auth_devise - 2-2-stable
I appreciate if any one can help me out. Thank you.
This is not somthing that is currently supported by Spree out of the box.
You're going to have to modify Spree's UsersController in order to add this restriction. It currently doesn't support any restrictions on roles. You will need to modify (at a minimum) the create and update functions to put a check to see if the logged in user is allowed to create/update a user to the newly selected role.
I have a rails application where I have set up a table: users another table: roles and finally a join table: user_roles where a user may have many roles, but a role belong_to_and_has_many :users
This has allowed me to create new roles and then, assuming thee user is an admin, on the user edit page, switch their role.
This is great, how ever currently no role has capabilities. What I was thinking was doing:
role_permissions table
permissions: has_and_belongs_to_many :roles
Setting up a set of checkboxes on the roles edit page to assign a set of capabilities
to said role, that can then be applied to said user, that can then be used by capybara to determine if a user has the appropriate action or not.
While you can create roles, you cannot create capabillities. so you would have a predetermined list of capabilities. Also some roles, such as administrator or member could not be destroyed or edited. (already done.)
I can set up the table and the relationship to do this, what I cannot figure out how to do is to integrate this concept with cancan. Because can can does something like:
can? :destroy #project
If I assign, say:
Role: Editor (String name)
Capabilities: Read, Write, Destroy, Update, Preview (These are just string names)
How could I then say:
can? user.role? Editor read Post - seudo code.
First of all, for capabilities, if it's a fixed list of capabilities you're working with, you're probably better off with having a number of booleans on the roles table, e.g. can_create_projects, can_create_users, etc., which encode the abilities of each role.
Then your CanCan Ability class might have something like the following,
class Ability
include CanCan::Ability
def initialize(user)
can(:create, Project) do |project|
user.roles.any?(&:can_create_projects)
end
end
end
I am creating a website in Ruby and I would like to have the option to sign up as an admin or a user. I have created the sign up system using devise and I would like to be able to give different permissions to different users, i.e Admins and Users. Thanks guys.
There's a comprehensive guide here.
Here's a post about using Devise and CanCan to accomplish what you are looking for.
You can add boolean fields admin and users into your User model. So while creating you can assign admin or user role.
This question is answered here:
how to define user roles
you can use devise + cancan and define roles like user and admin to separate common user and application admin.
class User < AB
has_many :roles
def is_admin?
roles.include?(:admin)
end
end
class Role < AB
end
and then check it in cancan's definition file like this
can :update, Model do |model|
user.admin?
end
this video give you detail about it http://railscasts.com/episodes/192-authorization-with-cancan