问题
I am trying to setup roles on my app.
I have models called user, profile, organisation and roles. The associations are:
User
class User < ActiveRecord::Base
rolify strict: true
attr_accessor :current_role
Profile
belongs_to :user
belongs_to :organisation
Organisation
belongs_to :owner, class_name: 'User'
has_many :profiles
resourcify
Roles
class Role < ActiveRecord::Base
scopify
has_and_belongs_to_many :users, join_table: "users_roles"
belongs_to :resource, :polymorphic => true
validates :resource_type,
:inclusion => { :in => Rolify.resource_types },
:allow_nil => true
Im using Pundit for authorisations and I have a roles controller with CRUD actions defined.
My flow is that each organisation belongs to one user (the "owner"). That user can assign roles to profiles that belong to the same organisation. Each role assigned in this way will be scoped to the organisation that the user owns.
Is there a way, in my roles create action, to impose the class that will confine the scope of the role to the organisation that the user (owner) who assigns the role to the profile.
My create action in the roles controller has:
def create
@role = Role.new(role_params)
respond_to do |format|
if @role.save
format.html { redirect_to @role }
format.json { render :show, status: :created, location: @role }
else
format.html { render :new }
format.json { render json: @role.errors, status: :unprocessable_entity }
end
end
end
I'm wondering if I can have a new action in the roles controller called: assign_scoped_role
I can see from the rolify documentation that this is the way to assign a role scoped to a class:
user.add_role :moderator, Forum.first
I'm not sure if I should be trying to do this in the roles controller, in the organisation controller or in the profiles controller.
Can anyone see how to do this?
来源:https://stackoverflow.com/questions/38810323/rails-4-rolify-setting-scoped-roles