Walter Lee Davis <waltd@...> writes:
>
> Has anyone used this combination before? I am curious how I am going
> to enforce my authorization rules beyond the view layer w/r/t
> invitations.
>
> Certain groups of users will be able to invite new users, but most
> will not. When one group of users makes invitations, that magically
> sets the role of the invited user to a particular group, and locks
> that invited user into a Practice inherited from the person who
> invited them.
>
> Since the Devise Invitable controller lives in a gem, how can I reach
> in there and extend it to be aware of these restrictions?
>
> Thanks in advance,
>
> Walter
>
Since all requests must be handled by a Controller, you can simply bake your
business logic into the controller in question. For example:
load_and_authorize_resource # Be sure to specify who can create Users in
ability.rb
def create
user = User.create params[:user]
user.roles << current_user.roles # Or whatever floats your boat
end
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment