ruby - Rails / CanCan allowing update of a single attribute for CarrierWave attachment -


in rails app have client model has_many :client_attachments. want non-admin users able create attachments, don't want them update other attributes client.

i'm using cancan role authorization , carrierwave attachments.

currently i'm doing:

in models/client.rb:

class client < applicationrecord   has_many :client_attachments   accepts_nested_attributes_for :client_attachments, allow_destroy: true end 

in models/client_attachment.rb:

class clientattachment < applicationrecord   mount_uploader :file, clientattachmentuploader   belongs_to :client end 

in ability.rb:

can [:update], client can [:create, :update, :destroy], clientattachment, :user_id => user.id 

in clients_controller.rb:

private   def client_params     if current_user.admin?         params.require(:client).permit(:name, :address, :etc,            client_attachments_attributes: [:id, :client_id, :file, :user_id])     elsif current_user.user?         params.require(:client).permit(client_attachments_attributes: [:id, :client_id, :file, :user_id])     end   end 

so client controller lets non-admin users update attachment out of of client's attributes.

this approach bothering me because doesn't play views. have <% if can? :edit, client %> non-admin user if edit client, when in fact can edit attachments.

any ideas on better approach this?


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -