> On Jan 26, 2018, at 12:36 PM, Prince Bansal <er.princebansal@gmail.com> wrote:
>
> Okay. You're not going to be able to access current_user in a model like this. There's just no notion of who is using the app in the Model context. In a controller or view, yes, you can do this (although I would recommend you use CanCanCan or Pundit to abstract the authorization away into its own domain).
>
> - There are two type of users updating this record. One with admin permission and another with area_admin. But in case of area admin I also need to check that record should not be older than 7 days. I am already using pundit for authorization.
>
> You want to think about this from the perspective of can_edit? rather than is_editable?. The former works on a user, which the controller or view would know about. The latter is specific to the instance of the model -- has it had the "publish" checkbox clicked? has an admin approved it? etc.
>
> I suspect you will keep your is_editable? method (without the user-specific stuff) and then add on to that with a can_edit? method that may in fact also invoke the is_editable? method from its target.
>
> - It means I need to remove before_save callback and simply keep is_editable method and invoke it on target object with can_edit? in controller? Right?
That could work. Another way to do this is to loop it into a validation. can_edit? could govern whether the edit button appears in the view, but if you added it to the validations, then it could also keep you from saving a record you shouldn't if you somehow manage to get the form to load (by hacking the path).
Walter
>
> On Friday, January 26, 2018 at 6:36:50 PM UTC+5:30, Prince Bansal wrote:
> Hello Guys,
>
> I faced a situation in Rails that I need current_user method inside model. There is a condition that I do not have any column that is associated
> with current_user in model. I do not want to declare virtual attribute in each activerecord model also do not want to set it in global variable. How can I achieve this?
>
> Your help will be highly appreciated.
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7c51e795-9593-47d9-a3c6-99b3cc6c8cbc%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/471BC3D5-648A-4C22-96B3-E5A9E61DEE25%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment