Usual way for person data?

Martin14 · January 27, 2016, 7:27pm

Hi there,

What is the usual way to let a user modify his own data and the admin to edit and view the data of all users.

I could do:

create a Person model with a route resources :people

that works fine, if I check the permissions for :admin and non admin accounts.

but for a user I have the /person/334/edit route. But for the user which is not an admin, I’d like not to have this id in the route.

so I

routed like this:

namespace :admin do resources :people end namespace :user do resoures :people end

but then I have two controllers, can I put this together as one?

and another problem: there is no redirect_to @person , which is also bad, maybe I could get it work in the model, checking if an admin or a user should be redirected to @person.

What is the usual way to fix the user edits his own, and the admin edits all data?

Thanks, Martin

Mike14 · January 29, 2016, 11:43pm

You probably should need to use some permission management system, such as cancancan or pundit, with a roles system such as rolify to control who can do what.

In the majority of systems this is preferable to having an admin system and a user system (admins after all are only special users).

That way you can scope the resources so it only returns the users record if you are a user, or all records if you are an admin

Topic		Replies	Views
user routing versus admin routing strategies? rubyonrails-talk	5	144	June 4, 2010
how to assign edit/remove privileges for only own details and not on others? rubyonrails-talk	0	135	February 9, 2012
Tapping into routing helpers rubyonrails-talk	17	94	May 28, 2008
Multiple views with same controller rubyonrails-talk	1	133	November 12, 2008
devise administrating users rubyonrails-talk	2	196	August 8, 2017

Usual way for person data?

Related topics

More Resources