Following on from Rails_admin: Should I have admin_user or user with admin role to manage users and admin panel I'm wanting to adopt Pundit for its policy elegance for an application. The application has both a User model and an Admin model - one for customers, the other for staff. It is also multi-tenanted, though that should not impact the problem terribly.
I'd also like to have a separate Role model, allowing customers to mix-and-match their own "title" for a Role as they need. This again shouldn't be terribly difficult in implementation.
The hard part is the support for the Pundit Policies to support two different user models - the User (Customer) and Admin (Staff).
Is it a case that I should be using the pundit_user method to set either the Admin or User as the pundit_user (based on the availability of these through current_user and current_admin_user) or is there another method. I haven't found much good documentation on this use case (other than the short line on github).
def pundit_user
if !current_admin_user.nil?
current_admin_user
elsif !current_user.nil?
current_user
else
nil
end
end
In the publicly accesible part of my application, the User model is used. The default Pundit configuration works since
pundit_user
returnscurrent_user
.In the admin part of my application, the Administrator model is used. One reason for this is that an admin can stay logged in while impersonating a user (to see what they see in their profile and help troubleshoot).
In admin controllers
pundit_user
returnscurrent_administrator
.In Rails Admin, the current user is set to the current administrator:
While I don't use authorization in Rails Admin(all admins have all powers), you should be able to use the
rails_admin_pundit
gem since it does@controller.class.send(:alias_method, :pundit_user, :_current_user)
which is defined in Rails Admin as