I need help figuring out the best way to do this.
Im using declarative authorization gem.
I have 4 roles, admin, master, junior, subscriber.
When it comes to new users:
I want the admins to be able to create any kind of user they wish.
But I also want masters to be able to create users with master, junior or subscriber roles.
So whats the best way to make this secure?.
I need help on both sides, view and model/controller logic...
The view should display all 4 roles to the admin in the colletion_select but just the other 3 options to the masters....
The rest of the users dont have access to get to that view thanks to declarative auhorization.
And on the model/controller logic I want it to validate that the user being created is not an admin role if the user creating it is not an admin... dont know how to do that either....Please help.
Ryan Bates did Railscasts on declarative_authorization and authlogic. I think the declarative authorization one in particular will help you get started and explain how to do the kinds of things you're trying to do in general. You can also read them on ASCIIcasts (declarative_authorization, authlogic).
Related
I'm working on a project that involves two Devise models (User and Admin). What I'd like to do is allow for Admin members to be able to view and manage Users in a RESTful way (i.e: index, show, create, update, destroy).
Would the best way be to create a users_controller and treat it like an average RESTful model (modifying each controller action to work with Devise where applicable)?
Any suggestions would be much appreciated.
Thanks.
CLARIFICATION UPDATE
It seems I wasn't clear about the question above. Answers below are about the authorisation of actions affecting the User model. This isn't what I'm asking about. I'm asking about the best way to facilitate the transaction itself, not the authorisation and restriction of the transaction. What would be the best way to have Admin members creating Users and updating User records without using the standard Devise self-signup. My intention is to disable self-signup so as to only allow new User registration by an Admin member creating the User account. Hopefully, this is more clear. Thanks.
I advise you take a look at the following gems Rolify and CanCan, there were integrated with devise here.
Here's a link
I am working on a job portal. I am confused on how I should create and manage users. For example: there will be 3 types of users(which may expand later) in my application: Company, Consultancy, and Candidates. Each of them will have a completely different role and access to the admin(i.e. account) panel/console, or you can say they will have a completely different views for managing their account. So, if a user logs in with a company account, he/she should be able to create jobs and update company profile, if a user logs in as a consultant then he/ she should be able post jobs on behalf of other companies(who may or may not be registered on the website/app) and should also be to surf/ search the jobs from companies and should be able to post applications(i.e. apply for a job) of candidates on candidates(who may or may not be registered yet on the website/app) behalf. And, if a user logs in as a candidate then he/she should be able to create their resumes/ cvs, search jobs, and apply for jobs posted by companies.
Here is what I'd thought: Create a User model and then have STI(Single table inheritance) for Company, Consultancy, and Candidate. But, STI gets complicated sooner than later. Later, I thought of creating different models for each, but then code will be repeated for login/ signups and other similar activities, which means no DRY.
I would like to follow the best approach possible. So, would like to know how experts will go about solving such a scenario? Thanks.
Some suggestions:
Look at the CanCan gem for user roles.
Look at devise for a login system where you can login users.
You can use active admin gem to create an administration backend ( crud, create remove update delete ) users. Or build an admin backend yourself
Also checkout railscasts.com ( theres a cast on cancan and devise also!) for general ruby on rails tips and tricks. http://railscasts.com/episodes/192-authorization-with-cancan
Checkout "micheal hartl ruby on rails course " for some general understanding of how models, controllers and views all relate to each other.
Does anyone know of a quick way to add a role CRUD system to rails?
I only want admins to create users and have all currently signed up users listed on a page in my app.
Im trying to figure out a way to assign users to different roles and restrict them for performing certain actions using collection select or a series of checkboxes.
Ive followed a few tutorials but none seem to be working for me :/
Can anyone recommend a solution? I us devise for my authorization it that matters.
You can think about CanCan. Using it you're able to define roles and restrict access to certain actions or model elements according to the role.
It can be also easily integrated with Devise mentioned by Scott Schulthess.
Devise on github has a wiki page showing how to do this
https://github.com/plataformatec/devise/wiki/How-To:-Add-an-Admin-role
You can also try using API Keys if you want to expose this API to many others
Prefface
I'm new to rails & programming. Working on my first rails app--I have authentication with omniauth and devise and a simple article submission working for users.
I want to do two things:
If a user isn't a specific role,
reroute them to another page.
If a preference is 'offline' only
allow admins to view the site.
I have yet to create a prefferences table--looking for suggestions. :)
What's the best way to set up simple roles?
What's the easiest way to redirect users if they're not admin and if the site is 'offline'?
I'm currently using CanCan for role-based authorization on my current project. I've found it works great including the ability to do both of what you're looking for. And the documentation! Oh, the documentation. If all gem authors wrote documentation like CanCan's, I do believe it would bring about world peace.
And as an added bonus, because it was written by Ryan Bates, it has a RailsCast already recorded for it.
I'm slowly but surely putting together my first rails app (first web-app of any kind in fact - I'm not really a programmer) and it's time to set up a user registration/login system. The nature of my app is such that each user will be completely separated from each other user (except for admin roles). When users log in they will have their own unique index page looking at only their data which they and no-one else can ever see or edit. However, I may later want to add a role for a user to be able to view and edit several other user's data (e.g. a group of users may want to allow their secretary to access and edit their data but their secretary would not need any data of their own).
My plan is to use authlogic to create the login system and declarative authorization to control permissions but before I embark on this fairly major and crucial task I thought I would canvas a few opinions as to whether this combo was appropriate for the tasks I envisage or whether there would be a better/simpler/faster/cheaper/awesomer option.
What about cancan by Ryan Bates?
Here you can get a complete visual guided implementation
Take a look at this, it might help:
Basic Rails 3 engine utilizing Authlogic, CanCan and Easy Roles
What about Devise? Take a look at the railscasts.com site.