ruby - Rails / CanCan allowing update of a single attribute for CarrierWave attachment -
in rails app have client
model has_many :client_attachments
. want non-admin users able create attachments, don't want them update other attributes client
.
i'm using cancan
role authorization , carrierwave
attachments.
currently i'm doing:
in models/client.rb
:
class client < applicationrecord has_many :client_attachments accepts_nested_attributes_for :client_attachments, allow_destroy: true end
in models/client_attachment.rb
:
class clientattachment < applicationrecord mount_uploader :file, clientattachmentuploader belongs_to :client end
in ability.rb
:
can [:update], client can [:create, :update, :destroy], clientattachment, :user_id => user.id
in clients_controller.rb
:
private def client_params if current_user.admin? params.require(:client).permit(:name, :address, :etc, client_attachments_attributes: [:id, :client_id, :file, :user_id]) elsif current_user.user? params.require(:client).permit(client_attachments_attributes: [:id, :client_id, :file, :user_id]) end end
so client controller lets non-admin users update attachment out of of client's attributes.
this approach bothering me because doesn't play views. have <% if can? :edit, client %>
non-admin user if edit client, when in fact can edit attachments.
any ideas on better approach this?
Comments
Post a Comment