-
-
Save michaelcohenunsw/c2dfb85ba36416aa7884672d8f588eab to your computer and use it in GitHub Desktop.
A user can only update certain attributes on the user model
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%= simple_form_for [:superadmin, @user] do |f| %> | |
<%= render :partial => 'form', :locals => {:f => f} %> | |
<br /> | |
<div class="form-actions"> | |
<%= f.submit "Update User", :class => "btn me-3 #{can?(:update, @user) ? '' : 'disabled'}" %> | |
<%= link_to "Back", superadmin_users_path, :class => 'btn btn-dark' %> | |
</div> | |
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class UserAbility | |
include CanCan::Ability | |
def initialize(user) | |
return unless user.present? | |
can :read, User | |
can :update, User, [:first_name, :last_name], roles: {name: 'applicant'} | |
# Allow the user to unlock other user accounts | |
can :update, User, [:user_lock] | |
cannot :update, User, id: user.id | |
# All users can read their own account | |
can :read, User, id: user.id | |
# All users can't create, unlock or activate their own account | |
cannot :create, User, id: user.id | |
cannot :update, User, [:user_lock, :user_deactivate], id: user.id | |
# All users can't lock any user account | |
cannot :update, User, [:user_lock], locked_at: nil | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using load_and_authorize_resource in the users_controller.rb