setting authorization 2 separate devise models in rails application. current signed in medical_student should able edit or delete profile. other medical_students should able view other medical_students , regular users should able view profile well.
here code:
policy
class medicalstudentprofilepolicy attr_reader :medical_student, :medical_student_profile def initialize(medical_student, medical_student_profile) @medical_student = medical_student @medical_student_profile = medical_student_profile end def edit? @medical_student_profile.medical_student_id == medical_student end def destroy? @medical_student_profile.medical_student_id == medical_student end end pundit user
def pundit_user if medical_student_signed_in? @medical_student = current_medical_student elsif user_signed_in? @medical_student = medicalstudent.find params[:medical_student_id] end end edit
def edit authenticate_medical_student! authorize @medical_student_profile, :edit? end view
- if policy(@medical_student_profile).edit? this works when logged in user, current medical students unable edit profiles. ideas?
Comments
Post a Comment