Hi everyone
I’m using devise for authentication. I have a User model and a Company
Profile model. The Company Profile model belongs to a User. But a User
can
receive a request from other user to see its Company Profile info. Once
the
request is accepted, the user can then see that profile.
I would like to know what is the best way of doing this:
-
If I create the Company Profile as a nested resource from user, how
can
I permit other user to see once I always have to have the user_id how
owns
the profile ? -
Use Can Can and create a rule table where I store user_id,
company_id,
role and add to this table permissions for admin (the owner) and read
(for
users how are authorised) ?
Any other ideas ?
Company Profile Model:
class Empresa < ActiveRecord::Base
validates :tipo, presence: true
validates :apelido, :uniqueness => true
validates :cpf_cnpj, :uniqueness => true
validates :nome, presence: true
validates :slug, :uniqueness => true
TIPO = [
'Atacadista',
'Varejista',
'Atacadista e Varejista',
'Representantes',
'Serviços',
'Imprensa'
]
validates :tipo,
inclusion: { in: TIPO }
before_validation :gera_slug
belongs_to :usuario, dependent: :destroy
def to_param
slug
end
def gera_slug
self.slug ||= apelido.parameterize if apelido
end
end
User Model:
class Usuario < ActiveRecord::Base
# after_create :send_welcome_email
#has_one :empresas, dependent: :destroy
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
validates :email,
:presence => true,
:uniqueness => true,
:format => { :with =>
/\A[^@\s]+@([^@.\s]+.)*[^@.\s]+\z/ }
# has_one :empresas, dependent: :destroy
# accepts_nested_attributes_for :empresas
# private
# def send_welcome_email
# UserMailer.signup_confirmation(self).deliver
# # redirect_to self, notice: "Conectado com sucesso.
Enviamos um email de boas vidas, verifique se você o recebeu pois será
nossa forma de comunicação !"
# end
end
User controller: Devise, nothing changed
Company Profile controller:
class EmpresasController < ApplicationController
before_filter :authenticate_usuario!
before_action :set_empresa, only: [:show, :edit, :update,
:destroy]
def index
@empresa = @usuario.empresas
end
def show
# @empresa.find(params[:usuario_id])
# @empresa = @usuario.empresas
# @empresa = Empresa.find(params[:slug])
# if !@empresa
# redirect_to
new_usuario_empresa_path(current_usuario)
# end
end
def new
@empresa = @usuario.empresas.new
@usuario.empresas.build
end
def edit
# @empresa = @usuario.empresas
end
def create
@empresa = @usuario.empresas.new(empresa_params)
respond_to do |format|
if @empresa.save
format.html { redirect_to
usuario_empresa_path(@usuario,@empresa), notice: ‘Cadastro efetuado com
sucesso !’ }
format.json { render :show, status: :created,
location: usuario_empresa_path(@usuario,@empresa) }
else
format.html { render :new }