I'm using Groupify gem to create separate roles in groups such as "
manager" "accountint" etc. In documentation is clear how to add object to groups with certaing membership: group.add(user, as: 'manager'). But there's no explanation how to check user memberships in certain group. I want to create admin panel for changing user roles and groups so it's very important.
Edit
I solved my problem
memberships = user.group_memberships_as_member.where("group_id = ?", group.id)
memberships.each do |membership|
if membership.membership_type.present?
puts membership.membership_type
end
end
You can use user.in_named_group?(:admin) (e.g. to check if admin is in the group.)
You can also do this:
User.in_any_group(group1, group2) # Find users that belong to any of these groups
Related
The association is as follows
Company has_many :orders
The permissions are set as follows
if #resource.has_cached_role?(:client_admin)
can %i[read create confirm], Order, company_id: resource_company_ids
end
def resource_company_ids
#resource_company_ids ||= Company.where(id: #resource.company_id)
.or(Company.where(parent_id: #resource.company_id))
.pluck(:id)
end
#1) The client admin logging in to a company can create orders for that company and also for its child companies.
#2) Also, there are company which does not have child companies.
When a user is logged in, i need to check if the user has order create permissions for multiple companies(scenario #1)
How to achieve this using cancancan?
Any help would be appreciated.
i think a block conditions maybe help
can %i[read create confirm], Order |order|
resource_company_ids.include?(order.company_id)
end
I have a rails application where I have set up a table: users another table: roles and finally a join table: user_roles where a user may have many roles, but a role belong_to_and_has_many :users
This has allowed me to create new roles and then, assuming thee user is an admin, on the user edit page, switch their role.
This is great, how ever currently no role has capabilities. What I was thinking was doing:
role_permissions table
permissions: has_and_belongs_to_many :roles
Setting up a set of checkboxes on the roles edit page to assign a set of capabilities
to said role, that can then be applied to said user, that can then be used by capybara to determine if a user has the appropriate action or not.
While you can create roles, you cannot create capabillities. so you would have a predetermined list of capabilities. Also some roles, such as administrator or member could not be destroyed or edited. (already done.)
I can set up the table and the relationship to do this, what I cannot figure out how to do is to integrate this concept with cancan. Because can can does something like:
can? :destroy #project
If I assign, say:
Role: Editor (String name)
Capabilities: Read, Write, Destroy, Update, Preview (These are just string names)
How could I then say:
can? user.role? Editor read Post - seudo code.
First of all, for capabilities, if it's a fixed list of capabilities you're working with, you're probably better off with having a number of booleans on the roles table, e.g. can_create_projects, can_create_users, etc., which encode the abilities of each role.
Then your CanCan Ability class might have something like the following,
class Ability
include CanCan::Ability
def initialize(user)
can(:create, Project) do |project|
user.roles.any?(&:can_create_projects)
end
end
end
I am using cancan for role management in my app. I have different roles in my app like Super Admin, Admin, developer, tester. How can I display roles dropdown from Roles array without including Super Admin and Admin. Please look at my code
class User < ActiveRecord::Base
Roles = [:super_admin, :admin, :developer, :tester]
end
I need a select box containing developer and tester, and tried to create a array using following code but null item is getting in dropdown.
User::Roles.map{|r|
next if %w(super_admin admin).include?(r.to_s)
r.to_s.humanize
}
Please help
A quick one-liner:
(User::Roles - [:super_admin, :admin]).map { |r| r.to_s.humanize }
roles = User::Roles.dup
roles.delete :super_admin
roles.delete :admin
The roles array will have all roles except super_admin and admin
[EDIT]
Actually I think this way is better
ADMIN_ROLES = [:admin, :super_admin]
roles = User::Roles.select {|r| !ADMIN_ROLES.include? r}
I'm trying to figure out how to set up the relationship/association for a Document model for my rails project. I have a User model and Users can friend each another (friendship model).
Now I want users to be able to invite (give access to) CERTAIN friends to modify and edit these documents similar to Google Docs.
This is my current approach to this problem:
Create a new relationship model called "group", essentially a subset of friends. Document belongs to a user and document belongs to a group. Users can then invite their friends into these group relationships and documents can be accessed/modified through these groups.
Therefore, User has many groups and group belongs to many users.
My question:
Is there a better approach to this problem?
You might consider a "Membership" join table. So:
Group >- Membership -< User
...since you requirement is some users will have abilities others wont (editing). There are all sorts of options from there, for example STI which would give you:
class Membership < ActiveRecord::Base
...general membership functions
end
class Editor < Membership
...editor specific code...
end
class Reviewer < Membership
...reviewer specific code...
end
And a controller class something like
class MembershipController
def create invitation
if invitation.for_editor?
# assuming invitation has one group, and group_memberships method that returns group.memberships
invitation.group_memberships.create! user: current_user
else
invitation.group_memberships.create! user: current_user
end
end
end
As an example, depending on your opinion of STI.
https://github.com/scambra/devise_invitable
might have more ideas.
I want to design a role based system like Basecamp. A user can be editor of a brand and also he can be a worker in another brand. I'm using devise + cancan. How can i design a database for this situation? Thanks.
I would recommend a role model. In this scenario a user would have_and_belong_to_many :roles while a role would have_and_belong_to_many :users. This creates a many to many relationship between roles and users. See this RailsGuide for more info on associations.
In your CanCan ability.rb file you can do something like this (I am just guessing at your setup):
can :manage, Brand do |brand|
user.has_role?("brand_manager") && user.brands.include?(brand)
end
In your user.rb file it's helpful to write something like this:
def has_role?(name)
role = Role.find_by_name(name)
(self.roles.include?(role)) ? (return true) : (return false)
end
Hope this helps.
acl_system2. Its an old plugin, but checkout its readme file to see if it serves the purpose.