Answer the question
In order to leave comments, you need to log in
How to organize an authorization system?
Hi all! Got me in a dead end! Please help!
I do not know how to differentiate access rights for users in different organizations!
The situation is the following. There are many organizations and users, a user can belong to several organizations, a user can have many organizations
User.rb
class User < ActiveRecord::Base
has_many :companies, through: :users_companies
has_many :users_companies
end
class Company < ActiveRecord::Base
has_many :users_companies
has_many :users, through: :users_companies
end
class Role < ActiveRecord::Base
has_many :users_roles
has_many :users, through: :users_roles
end
Answer the question
In order to leave comments, you need to log in
You can do this: you need to be able to get a list of roles for it from Company. For example, in Role add a reference to Company, and in Company has_many :roles.
Also in Role you need a column with the type of role - admin, secretary, director. Something like admin, secretary, director. Let the column be role.
Then write abilities like this:
Companies.each do |company|
role = company.roles.where(user: user).first
can role.role.to_sym, company, id: company.id if role.present?
end
if can? :admin, @company
# do smth
end
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question