0

I am trying to setup roles on my app.

I have models called user, profile, organisation and roles. The associations are:

User

class User < ActiveRecord::Base
   rolify strict: true 
   attr_accessor :current_role

Profile

belongs_to :user
belongs_to :organisation

Organisation

belongs_to :owner, class_name: 'User'
has_many :profiles

resourcify

Roles

class Role < ActiveRecord::Base

  scopify

  has_and_belongs_to_many :users, join_table: "users_roles"
  belongs_to :resource, :polymorphic => true


  validates :resource_type,
            :inclusion => { :in => Rolify.resource_types },
            :allow_nil => true

Im using Pundit for authorisations and I have a roles controller with CRUD actions defined.

My flow is that each organisation belongs to one user (the "owner"). That user can assign roles to profiles that belong to the same organisation. Each role assigned in this way will be scoped to the organisation that the user owns.

Is there a way, in my roles create action, to impose the class that will confine the scope of the role to the organisation that the user (owner) who assigns the role to the profile.

My create action in the roles controller has:

def create
    @role = Role.new(role_params)

    respond_to do |format|
      if @role.save
        format.html { redirect_to @role }
        format.json { render :show, status: :created, location: @role }
      else
        format.html { render :new }
        format.json { render json: @role.errors, status: :unprocessable_entity }
      end
    end
  end

I'm wondering if I can have a new action in the roles controller called: assign_scoped_role

I can see from the rolify documentation that this is the way to assign a role scoped to a class:

user.add_role :moderator, Forum.first

I'm not sure if I should be trying to do this in the roles controller, in the organisation controller or in the profiles controller.

Can anyone see how to do this?

Mel
  • 2,481
  • 26
  • 113
  • 273
  • why do you have a roles controller? Why are you creating roles using Role.new if you are using rolify gem? – Rahul Singh Aug 07 '16 at 09:13
  • http://stackoverflow.com/questions/33950172/defining-roles-with-rolify see 1.2 in this answer: 1.2 The task of adding/removing/modifying roles is done by a support team or technical executives. In such cases it would be required to provide an administrative interface for managing roles. In this case you will have a rails controller to manage the roles. The create action will be used for creating role, show action will be there to present the role etc. These actions will have accompanying views that will provide a graphical user interface to end user to manage the roles. – Mel Aug 07 '16 at 09:26
  • Still that's not correct way of adding roles if u are using rolify gem, you must be adding roles to particular resource by selecting or clicking links etc, you should use resource.add_role method. If you can create chat room, we can discuss more. – Rahul Singh Aug 07 '16 at 09:36
  • The answer to the post I linked is one of the authors of rolify. I am trying to figure out how to assign roles that are created (I use the roles action to create them within the app). I then want to figure out how to assign them to users (with constraints). – Mel Aug 07 '16 at 09:39
  • I see what you are saying. So thats the problem, you should send resource id & resource type in roles params also. – Rahul Singh Aug 07 '16 at 09:57
  • I don't understand that suggestion. What do you mean? Is there a controller action I should create in the roles controller to assign a role to a user (scoped to an organisation)? – Mel Aug 07 '16 at 09:59
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/120342/discussion-between-rahul-singh-and-mel). – Rahul Singh Aug 07 '16 at 10:01

0 Answers0