4

So if I have a User, and he can create/update his Service, but he cannot :publish(bool) them, what would be the best solution to skip this field from the update_params hash?

I found this similar question, but it links to CanCan 2.0 which never got released, and I was wondering if there is a way to solve this problem using CanCanCan, but could not find anything in their documentation. Many thanks!

Community
  • 1
  • 1
The Whiz of Oz
  • 6,763
  • 9
  • 48
  • 85

1 Answers1

1

As far as I know you can't. I would have a seperate publish action. So I'd omit publish from the form and the service_params entirely.

Then I'd do something like this:

Class ServicesController

  def publish
    @service = Service.find(params[:id])  
    @service.update_column(:publish, true)
  end

end

Then in ability

can :manage, Service
cannot :publish, Service

Alternatively you could do this (assuming you have a current user and something defining them as an admin)

def service_params
  if current_user.admin?
    params.require(:service).permit(:my_field, :publish)
  else
    params.require(:service).permit(:my_field)
  end
end

So you'd be omitting it from the parameters if they're not an admin. In this case you'd probably want to hide the fields in the view dependent on whether or not they can change the field.

j-dexx
  • 10,286
  • 3
  • 23
  • 36
  • when performing a simple task like Service update, this will require two forms to exist, or even two different pages. What if I would like to use one form? – The Whiz of Oz Feb 10 '15 at 12:18
  • 1
    No it wouldn't, you just need an if statement around the fields. e.g. `if current_user.admin?` – j-dexx Feb 10 '15 at 12:19