Setting up authorization without permission in Rails

I have a model like this:

class Engineer < ActiveRecord::Base
  default_scope { is_published }
  scope :is_published, -> { where(is_published: true) }


Engineers can be logged into the site through GitHub. And I want to enable authorization on the site for unpublished Engineers. Some controllers have filters like this:

before_action :authenticate_engineer!, only: [:show]


But now, after successful authorization, the Engineer still cannot pass these filters. How to tell Develop what it should look for between unlicensed engineers? Think I should override Devise method ...


source to share

2 answers

The solution was to override this Devise method in Engineer.rb:

def self.serialize_from_session(key, salt)
  Engineer.unscoped {super}




If I understand you correctly, you want:

  • certified engineers to be able to view unpublished engineers.
  • unauthenticated engineers won't be able to view them

Don't use the default scope and do something like this:

# engineer.rb
class Engineer < ActiveRecord::Base
  scope :published, -> { where(is_published: true) }


And in your controller:

# engineers_controller.rb
def show
  @engineers = engineer_signed_in? ? Engineer.all : Engineer.published


Basically you show all engineers to authenticated engineers and only published to those who don't sign with Devise.



All Articles