Usual way for person data?

Hi there,

What is the usual way to let a user modify his own data and the admin to
edit and view the data of all users.

I could do:

  1. create a Person model with a route
    resources :people

that works fine, if I check the permissions for :admin and non admin

but for a user I have the /person/334/edit route. But for the user
which is not an admin, I’d like not to have this id in the route.

so I

  1. routed like this:

namespace :admin do
resources :people
namespace :user do
resoures :people

but then I have two controllers, can I put this together as one?

and another problem: there is no redirect_to @person , which is also
bad, maybe I could get it work in the model, checking if an admin or a
user should be redirected to @person.

What is the usual way to fix the user edits his own, and the admin edits
all data?


You probably should need to use some permission management system, such
as cancancan or pundit, with a roles system such as rolify to control
who can do what.

In the majority of systems this is preferable to having an admin system
and a user system (admins after all are only special users).

That way you can scope the resources so it only returns the users record
if you are a user, or all records if you are an admin