How do I use CanCan with rails admin to check for

2019-09-08 06:33发布

问题:

When a user in my app isn't an admin user i want to only let them see the fields that they have ownership of.

Is there a so set can :see or something like that on a per field basis so that it displays just the fields that that use "can see", or should I have an ability called can :oversee to state that they can see everything instead.

I suppose it's much easier to just check if the user is admin or not in rails admin, so where set rails admin to only pull the current user's records.

回答1:

With cancan, you can check permissions on objects like this:

if can?(:read, order)
  # do something!
end

if can?(:email, order)
  # do something!
end

But that's only referring to visibility at the object level.

In RailsAdmin, you can set field visibility by passing in a blocks, described here.

For example:

RailsAdmin.config do |config|
  config.model Order do
    list do
      field :name
      field :profit do
        visible do
          current_user.roles.include?(:admin)
        end
      end
    end
  end
end