I need :project_owners to invite new :project_participants to a project.
Much like in Basecamp, the :project_owner needs to be able to assign the new :project_participant to projects prior to them completing their full profile (their profile will show "invited" status until they complete their profile).
Once the :project_participant has created a profile their project/index should automatically include any projects they were assigned to prior to finalising their profile.
Authlogic is used for authentication. You should use 'declarative_authorization' or 'CanCan' for authorization.
Authentication gems are used to check whether a user's record exist in database or not and authorization gems are used to check their privileges. You should check out railscasts for more information.
This on is for declarative_authorization and this one is for CanCan.
Once you set privilages you can create method to let you project_owner invite other users and you can assign them temporary status in your database. I this CanCan is best suitable for your needs.
Related
I have a functioning rails app with devise Admins and Users, and I want to create a secure way that will only allow users with specific IDs to become authorized to become admins. Currently, I have a static link that is not very secure that will make the current user an admin(website.com/make_admin), but I want to find the most secure method to turn specific users into administrators (I am open to all options that could accomplish this). What would be the best way for me to do this?
I'd recommend adding an admin field to the user form to select if they're an admin user, but do a check in the update/create actions on your users controller to check if the current_user (if using Devise) is another admin user (or whatever role type they need to be to update other admin permissions).
You would also probably want to do a check to make sure they can't set themselves as admin=false, otherwise you could end up with no admin users left on the site and no-one with permission to change this. That said, depending on the app you could always just manually manage admin users - my company will do this depending on the client and their needs.
You can use Rolify to give roles to the user's and CanCanCan for access control.
You can assign roles to user either from rails console or you can generate a view for it, and restrict it to admin and assign roles to each individual user.
You could add an admin boolean to your user model, and update it through the rails console
rails g migration add_admin_to_users admin:boolean
I have a webapp build with rails. Nothing complicated so far. Now I would like to restrict some areas for the user. I would like to implement two roles, User and Admin. Clearly the admin can do much more, like use DELETE in some of the controller methods. But there is even more. The user should be able to set some settings. For example he can set his profile to private, so only his friends can see his content. I am not sure how to build all of this with rails.
I did some research and found those two:
https://github.com/elabs/pundit
https://github.com/ledermann/rails-settings
Maybe a combination of those two would get me to the way I want the app to be?
If the app is going to be used used by real users i would go for the devise gem(https://github.com/plataformatec/devise) It allows user to create accounts, retrieve lost passwords etc. By default it allows users to edit their "profile"(rather their personal data), it should be easy to add a checkbox to toggle public/private profiles.
In conjunction with cancancan(https://github.com/CanCanCommunity/cancancan) you can assign roles to users, without having two different classes(Users and Admins for example).
I have two models one is Resident and other is User.Residents are the people that resides in hostel,they have enrolled manually.And Users that have enrolled using our Application,But all the Residents are manually registered then we seed our database with them,we have stored info about them as long before they have registered in our website.but if they registered we have all info about then just need email more,How could we associate then in Rails.User have permit to all the stuff in our Website.while the Residents can only see it,not edit!
You need to be able to restrict access depending on the type of permissions a person has. I would say the best solution for you is probably to use a Gem that handles this. There are several, CanCan is the one I usually use: https://github.com/ryanb/cancan
With CanCan you have a file called ability where you can segment which types of users have access to specific resources.
I'm a Rails noob. I'm looking to implement an application where users can purchase a multi-visit pass, then spend the credits week-by-week.
For example, register and login, then purchase 10 visits at a gym - the system should list 10 remaining visits. Sign up to a class and 9 remaining visits are listed. When the credits are low, remind the user to top them up with another 10-visit pass, etc.
I know I can use Devise and CanCan to manage the authentication and authorisation aspects.
My question is whether there's already a gem to handle the management of the user's credits, or whether I'd need to write this from scratch.
I've searched https://rubygems.org/gems/rails with no luck, but it's entirely possible I'm missing something obvious.
I don't think there is a gem to do that, but it should be pretty simple to code:
Add remaining_visits to your User model and table.
Do current_user.update(remaining_visits: current_user.remaining_visits+10) when a ticket is purchased.
Copy Devise sessions controller into app/controllers/devise/sessions_controller.rb.
Inside this controller, add this kind of code to create (where the user logs in): current_user.update(remaining_visits: current_user.remaining_visits-1).
Note: Instead of copying Devise sessions controller you can just overwrite the create action.
I am relatively new to Ruby on Rails and activeadmin. I wonder how I can make active_admin as a user control dashboard. User loged into admin dashboard, only seeing their own records, i.e posts and account info and etc. Also, I already have CanCAn role based user authorization
https://github.com/gregbell/active_admin/wiki/How-to-work-with-cancan
Based on the article pasted above, it is possible to create user only access their own records.