Hello,I am quite new on rails. Currently making CRUD apps in rails 3.0
in windows.
I've used devise [1.1.rc0] for authentication.In those apps, any
logged
in user can change other user's details.
How can I design the app, so that any logged in user can edit/remove
his details only if he wishes to do so and can only view others'
records.
I am trying to say that users should be recognized by his unique
username/email id and as per that he should be assigned the writing
privileges on his records only.
After logging in he should be directed to his own page,where his
details are stored.He can Update and Delete any of his details
there.But can only View the main page where his record will be kept
with other records.He should not be able to remove or edit others'
records.
How can I design the app, so that any logged in user can edit/remove
his details only if he wishes to do so and can only view others’
records.
I am trying to say that users should be recognized by his unique
username/email id and as per that he should be assigned the writing
privileges on his records only.
CanCan is probably the most popular access control solution for Rails. It can easily accomplish what you describe, and more. It works fine with Devise. You can probably do what you want with just Devise, but I would really recommend CanCan - and it is really not that difficult to implement. Here is a good rails cast for it: http://railscasts.com/episodes/192-authorization-with-cancan . There has been a a lot of capability added since that was recorded, so be sure to look at the latest release notes for CanCan on github.
