Hi everyone
I'm using devise for authentication. I have a User model and a Company
Profile model. The Company Profile model belongs to a User. But a User can
receive a request from other user to see its Company Profile info. Once the
request is accepted, the user can then see that profile.
I would like to know what is the best way of doing this:
1) If I create the Company Profile as a nested resource from user, how can
I permit other user to see once I always have to have the user_id how owns
the profile ?
2) Use Can Can and create a rule table where I store user_id, company_id,
role and add to this table permissions for admin (the owner) and read (for
users how are authorised) ?
Any other ideas ?
Company Profile Model:
class Empresa < ActiveRecord::Base
validates :tipo, presence: true
validates :apelido, :uniqueness => true
validates :cpf_cnpj, :uniqueness => true
validates :nome, presence: true
validates :slug, :uniqueness => true
TIPO = [
'Atacadista',
'Varejista',
'Atacadista e Varejista',
'Representantes',
'Serviços',
'Imprensa'
]
validates :tipo,
inclusion: { in: TIPO }
before_validation :gera_slug
belongs_to :usuario, dependent: :destroy
def to_param
slug
end
def gera_slug
self.slug ||= apelido.parameterize if apelido
end
end
User Model:
class Usuario < ActiveRecord::Base
# after_create :send_welcome_email
#has_one :empresas, dependent: :destroy
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
validates :email,
:presence => true,
:uniqueness => true,
:format => { :with =>
/\A[^@\s]+@([^@.\s]+\.)*[^@.\s]+\z/ }
# has_one :empresas, dependent: :destroy
# accepts_nested_attributes_for :empresas
# private
# def send_welcome_email
# UserMailer.signup_confirmation(self).deliver
# # redirect_to self, notice: "Conectado com sucesso.
Enviamos um email de boas vidas, verifique se você o recebeu pois será nossa
forma de comunicação !"
# end
end
User controller: Devise, nothing changed
Company Profile controller:
class EmpresasController < ApplicationController
before_filter :authenticate_usuario!
before_action :set_empresa, only: [:show, :edit, :update, :destroy]
def index
@empresa = @usuario.empresas
end
def show
# @empresa.find(params[:usuario_id])
# @empresa = @usuario.empresas
# @empresa = Empresa.find(params[:slug])
# if !@empresa
# redirect_to new_usuario_empresa_path(current_usuario)
# end
end
def new
@empresa = @usuario.empresas.new
@usuario.empresas.build
end
def edit
# @empresa = @usuario.empresas
end
def create
@empresa = @usuario.empresas.new(empresa_params)
respond_to do |format|
if @empresa.save
format.html { redirect_to
usuario_empresa_path(@usuario,@empresa), notice: 'Cadastro efetuado com
sucesso !' }
format.json { render :show, status: :created, location:
usuario_empresa_path(@usuario,@empresa) }
else
format.html { render :new }
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/176ca8f6-24af-4973-bbe2-87bae81f61c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.