Setting up authorization without permission in Rails
I have a model like this:
class Engineer < ActiveRecord::Base
default_scope { is_published }
scope :is_published, -> { where(is_published: true) }
end
Engineers can be logged into the site through GitHub. And I want to enable authorization on the site for unpublished Engineers. Some controllers have filters like this:
before_action :authenticate_engineer!, only: [:show]
But now, after successful authorization, the Engineer still cannot pass these filters. How to tell Develop what it should look for between unlicensed engineers? Think I should override Devise method ...
0
source to share
2 answers
If I understand you correctly, you want:
- certified engineers to be able to view unpublished engineers.
- unauthenticated engineers won't be able to view them
Don't use the default scope and do something like this:
# engineer.rb
class Engineer < ActiveRecord::Base
scope :published, -> { where(is_published: true) }
end
And in your controller:
# engineers_controller.rb
def show
@engineers = engineer_signed_in? ? Engineer.all : Engineer.published
end
Basically you show all engineers to authenticated engineers and only published to those who don't sign with Devise.
0
source to share