You probably should need to use some permission management system, such as cancancan or pundit, with a roles system such as rolify to control who can do what.
In the majority of systems this is preferable to having an admin system and a user system (admins after all are only special users).
That way you can scope the resources so it only returns the users record if you are a user, or all records if you are an admin
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d8ac6215-11ec-4cbc-8897-dc53ed8d26a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment