Usual way for person data?

Hi there,

What is the usual way to let a user modify his own data and the admin to edit and view the data of all users.

I could do:

  1. create a Person model with a route resources :people

that works fine, if I check the permissions for :admin and non admin accounts.

but for a user I have the /person/334/edit route. But for the user which is not an admin, I’d like not to have this id in the route.

so I

  1. routed like this:

namespace :admin do resources :people end namespace :user do resoures :people end

but then I have two controllers, can I put this together as one?

and another problem: there is no redirect_to @person , which is also bad, maybe I could get it work in the model, checking if an admin or a user should be redirected to @person.

What is the usual way to fix the user edits his own, and the admin edits all data?

Thanks, Martin

You probably should need to use some permission management system, such as cancancan or pundit, with a roles system such as rolify to control who can do what.

In the majority of systems this is preferable to having an admin system and a user system (admins after all are only special users).

That way you can scope the resources so it only returns the users record if you are a user, or all records if you are an admin