Rails - How to handle requiring different administ

2019-08-19 08:29发布

问题:

Apologies for the terrible title, but I'm having trouble expressing succinctly what I'm trying to do.

I have Accounts, and these accounts can do things like create Projects or Credits or Trades. I need to require administrator approval for any changes to these things. The catch is, all of these models are tagged as belonging to a particular State (as in a US state). I need to have administrator Accounts that belong to each state and are required to authorize any changes to anything that happens in their state. So for example, if you create a project that's in Virginia, I need to have functionality that allows a Virginia administrator to come in and approve the project, or approve any trades happening in Virginia.

The best analogy I can think of is how in a web forum you would have users that are moderators over specific forums but not the whole site.

Is there some way that I can "tag" anything that belongs to this model needs to require that admin's approval?

回答1:

It'd be worth looking at a gem like cancan.

You can define abilities there which would, I believe, allow you to model what you're describing.

So, for example, you could define your abilities:

class Ability
  include CanCan::Ability

  def initialize(user)
    can :manage, Project, :state_id => user.state_id
  end
end

And you can then check abilities to if your user can perform actions on a project in your controller, say:

if can?(:update, @project)
  ...
else
  flash[:notice] = 'You can only manage projects in your state.'
end

Cancan can do a lot more than just this simple example but that gives you some idea of what's possible.