0

On a rails app I'm working on I have authentication setup with devise. I have added an additional attribute the the user model called 'role'. It is simply an integer value which controls what exactly a user can do.

The issue I'm facing is I am not sure how exactly how to assign these roles safely. Obviously I can't just put a field in the sign up form for it. The safest way I can think of is to force the value to 0 on all accounts and when creating new admin accounts I would manually set it in the database, but this seems sloppy any ideas?

Barkin MAD
  • 127
  • 1
  • 10

2 Answers2

0

There are two ways to solve your problem as I believe:

  1. Do it from rails console, if it's a one of case where you have to mark some users admin.
  2. Build feature to mark users as admin for your application which is exposed only to admins and not regular users. Mark required users as admin initially via rails console, then these users can use the feature on the application to mark others as admin.
abhishek77in
  • 1,848
  • 21
  • 41
0

On the view side (in a custom user#edit action), you can wrap the field in an if statement:

<% if current_user.role > 3 %>
  ...field(s) go here...
<% end %>

In your controller (in a custom user#update action), you can have a similar statement filtering out that param if for some reason it was passed when it shouldn't have:

if current_user.role <= 3
  params[:user][:role].delete
end

Of course, I'm just guessing that the "admin" role is 4, so replace it with the correct value. And you will have to manually change the first user role in the console.

Ryan K
  • 3,985
  • 4
  • 39
  • 42