ruby - Rails / CanCan allowing update of a single attribute for CarrierWave attachment -


in rails app have client model has_many :client_attachments. want non-admin users able create attachments, don't want them update other attributes client.

i'm using cancan role authorization , carrierwave attachments.

currently i'm doing:

in models/client.rb:

class client < applicationrecord   has_many :client_attachments   accepts_nested_attributes_for :client_attachments, allow_destroy: true end

in models/client_attachment.rb:

class clientattachment < applicationrecord   mount_uploader :file, clientattachmentuploader   belongs_to :client end

in ability.rb:

can [:update], client can [:create, :update, :destroy], clientattachment, :user_id => user.id

in clients_controller.rb:

private   def client_params     if current_user.admin?         params.require(:client).permit(:name, :address, :etc,            client_attachments_attributes: [:id, :client_id, :file, :user_id])     elsif current_user.user?         params.require(:client).permit(client_attachments_attributes: [:id, :client_id, :file, :user_id])     end   end

so client controller lets non-admin users update attachment out of of client's attributes.

this approach bothering me because doesn't play views. have <% if can? :edit, client %> non-admin user if edit client, when in fact can edit attachments.

any ideas on better approach this?


Comments

Post a Comment

Popular posts from this blog

vue.js - Create hooks for automated testing -

Image
qa guys complained can't automate frontend testing. because our html looks same outside. lazy hack did this <template> <div :role="$options.name"> ... </div> </template> <script> export default { name: 'vmcomponentname' } </script> which takes name script , applies html. in browser get: <div role="vmcomponentname"> ... </div> line :role="$options.name" goes in every component. is there dry er solutions? please share. additional details i'll explain in details looking for. imagine have vmusercreate form creates user. test case can create user . to automatically test without role, have use following selector: .wrapper > .wrapper > .wrapper > .submit-button the test extremely brittle (will break lot). if use roles can use [role="vmusercreateform"] .submit-button selector. many folds less brittle. so basically, i'm ...
Read more

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

i've set bento/ubuntu-16.04 vagrant box using php 5.6, , getting following error quite few times when try , run shell script: "uncaught reflection exception: class domdocument not exist". i've tried adding following top of script (not together), each no success: "sudo apt-get install php5.6-xml", "sudo apt-get install php5-xml", "sudo apt-get install php-dom" i've tried resetting server "sudo service apache2 restart". does have suggestions?
Read more

serial port - hub4com OVERRUN Error -

i trying split physical serial port (com3) 2 or more virtual ports using com0com create virtual ports , hub4com split them. here commands use create virtual ports: install 0 portname=com100 portname=com101 change com100 emubr=yes, emuoverrun=yes change com101 emubr=yes, emuoverrun=yes install 1 portname=com110 portname=com111 change com110 emubr=yes, emuoverrun=yes change com111 emubr=yes, emuoverrun=yes the commands use split port: hub4com --route=0:all --baud=115200 \\.\com3 --baud=115200 \\.\com101 --baud=115200 \\.\com111 here output along error get: com3 open("\\.\com3", baud=115200, data=8, parity=no, stop=1, octs=on, odsr=off, ox=off, ix=off, idsr=off, ito=0) - ok com101 open("\\.\com101", baud=115200, data=8, parity=no, stop=1, octs=on, odsr=off, ox=off, ix=off, idsr=off, ito=0) - ok com111 open("\\.\com111", baud=115200, data=8, parity=no, stop=1, octs=on, odsr=off, ox=off...
Read more