Usual way for person data?

Sadaf_N · January 27, 2016, 8:29pm

Hi there,

What is the usual way to let a user modify his own data and the admin to
edit and view the data of all users.

I could do:

create a Person model with a route
resources :people

that works fine, if I check the permissions for :admin and non admin
accounts.

but for a user I have the /person/334/edit route. But for the user
which is not an admin, I’d like not to have this id in the route.

so I

routed like this:

namespace :admin do
resources :people
end
namespace :user do
resoures :people
end

but then I have two controllers, can I put this together as one?

and another problem: there is no redirect_to @person , which is also
bad, maybe I could get it work in the model, checking if an admin or a
user should be redirected to @person.

What is the usual way to fix the user edits his own, and the admin edits
all data?

Thanks,
Martin

martin · January 30, 2016, 12:45am

You probably should need to use some permission management system, such
as cancancan or pundit, with a roles system such as rolify to control
who can do what.

In the majority of systems this is preferable to having an admin system
and a user system (admins after all are only special users).

That way you can scope the resources so it only returns the users record
if you are a user, or all records if you are an admin