I would like to restrict the list of manageable model entities in Active Admin based on an attribute of the current_user and the model entity.
e.g: A User (with admin rights) have a team_id == 2 and should only be able to manage Tasks with a team_id == 2
Edit: I'm trying to use scopes but I don't know how to scope using this condition:
user.team_id == task.team_id
Is that possible with Active Admin?
Thanks for your time.(This is my first post, tell me if I can improve my question)
preguntado el 28 de mayo de 14 a las 12:05
You're most probably trying to define different levels of access and authorization. You should look into the CanCan gem: https://github.com/ryanb/cancan
ActiveAdmin explains how to implement it here: http://www.activeadmin.info/docs/13-authorization-adapter.html#using_the_cancan_adapter
Then in your case you could define an ability.rb like:
class Ability include CanCan::Ability def initialize(user) user ||= User.new case user.team_id when 1 can :manage, Post when 2 can :manage, Post can :manage, Task when 3 can :manage, :all end can :read, ActiveAdmin::Page, :name => "Dashboard" end end
Yo sugeriría definir un
role attribute instead of using
team_id, but that's just being picky with semantic :)
¡Espero eso ayude!
I finally found how to use scopes:
And add to User model:
has_many :tasks, through: :team