Access level and hierarchy when checking checkboxes

Asked

Viewed 118 times

2

Speak up, all right? Can you help me with something? I’ll explain:

I enter the admin user and it shows all system permissions. As an example, suppose you have 10 (index, show, create, update, delete of user and profile). Of these 10 I mark 4, save and create a new user. When logging in with this new user, I just want you to show the 4 checkboxes I checked and not the 10 as shown earlier. And so on. In short, each new user can only check the amount equal to or less than the checkboxes marked by the user who created it.

That’s my code in the form:

<% Role.to_a.in_groups_of(2, false) do |group| %>
  <div>
    <%- group.each do |role, label| %>
      <div class="col-xs-12 col-sm-12 col-md-6 col-lg-6">
        <%- f.object.permissions.to_a.group_by(&:role).each do |role_name, permissions| %>
          <% next if "#{role}" != "#{role_name}" -%>
          <br /><br />
          <div class="row">
  <div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
    <h4><%= role[:label] %></h4>
  </div>
</div>

<div class="row form-group">
  <%- role[:actions].each do |action| %>
    <%- permissions.each do |permission| %>
      <%- next if permission.action != "#{action}" %>
      <%= f.fields_for :permissions, permission do |fp| %>
        <div class="col-xs-3 col-sm-3 col-md-3 col-lg-3">
          <%= fp.hidden_field :id if f.object.persisted? %>
          <%= fp.hidden_field :role %>
          <%= fp.hidden_field :action %>
          <%= fp.label :permit, class: "label-checkbox inline" do %>
            <%= fp.check_box :permit %>
            <%= Role.action(role[:role], action)[:label] %>
          <% end %>
        </div>
      <% end %>
    <% end %>
  <% end %>
  <br/>
  <br />
  <hr/>
</div>
        <% end %>
      </div>
    <% end %>
  </div>
<% end %>

With this code I can always show all permissions, regardless of the user. How to solve this? In the old days, I had done it that way and it worked:

<div style="margin-bottom: 5px">
  <div style="float: left;" class="input-group">
    <% if current_usuario.admin? %>
      <%= f.collection_check_boxes :funcionalidade_ids, Funcionalidade.all, :id, :descricao %>
    <% else %>
      <%= f.collection_check_boxes :funcionalidade_ids, current_usuario.perfil.funcionalidades, :id, :descricao %>
    <% end %>
  </div>
  <div style="clear: both;"></div>
</div>

However, as the system has changed a lot, I can no longer do it in the previous way :( Give me a hand there, please! Hug!

ruby-on-rails ruby access-control

1 answer

2


Creates a scope that relates permissions to the user type (role), so you can get the permissions for the logged in user.

In the view you would do something like:

role.permissions.each

Browser other questions tagged ruby-on-rails ruby access-control

You are not signed in. Login or sign up in order to post.