Setting up authorization without permission in Rails

I have a model like this:

class Engineer < ActiveRecord::Base
  default_scope { is_published }
  scope :is_published, -> { where(is_published: true) }
end

      

Engineers can be logged into the site through GitHub. And I want to enable authorization on the site for unpublished Engineers. Some controllers have filters like this:

before_action :authenticate_engineer!, only: [:show]

      

But now, after successful authorization, the Engineer still cannot pass these filters. How to tell Develop what it should look for between unlicensed engineers? Think I should override Devise method ...

0


source to share


2 answers


The solution was to override this Devise method in Engineer.rb:



def self.serialize_from_session(key, salt)
  Engineer.unscoped {super}
end

      

+1


source


If I understand you correctly, you want:

  • certified engineers to be able to view unpublished engineers.
  • unauthenticated engineers won't be able to view them

Don't use the default scope and do something like this:

# engineer.rb
class Engineer < ActiveRecord::Base
  scope :published, -> { where(is_published: true) }
end

      



And in your controller:

# engineers_controller.rb
def show
  @engineers = engineer_signed_in? ? Engineer.all : Engineer.published
end

      

Basically you show all engineers to authenticated engineers and only published to those who don't sign with Devise.

0


source







All Articles