Re: [Rails] Re: CanCan with Devise Invitable

Ruby on Rails Thursday, June 30, 2011

On Jun 30, 2011, at 8:28 PM, Andrew Skegg wrote:

> Walter Lee Davis <waltd@...> writes:
>
>>
>> Has anyone used this combination before? I am curious how I am going
>> to enforce my authorization rules beyond the view layer w/r/t
>> invitations.
>>
>> Certain groups of users will be able to invite new users, but most
>> will not. When one group of users makes invitations, that magically
>> sets the role of the invited user to a particular group, and locks
>> that invited user into a Practice inherited from the person who
>> invited them.
>>
>> Since the Devise Invitable controller lives in a gem, how can I reach
>> in there and extend it to be aware of these restrictions?
>>
>> Thanks in advance,
>>
>> Walter
>>
>
>
> Since all requests must be handled by a Controller, you can simply
> bake your
> business logic into the controller in question. For example:
>
> load_and_authorize_resource # Be sure to specify who can create
> Users in
> ability.rb
>
> def create
> user = User.create params[:user]
> user.roles << current_user.roles # Or whatever floats your boat
> end

Of course, and I've done that for the few User things that happen
inside the UsersController. But Devise Invitable injects its methods
into the User model, so there are all sorts of controllers buried
deeply in the Gem source tree that I don't have access to. In Rails
2.3, I would just freeze the gems and hack them up there, but I
haven't found a way to do that in the brave new Bundler world.
Freezing there is kind of like compiling the code or something.

Walter

>
> --
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-
> talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 6:50 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)