Cancancan nested resources Routes

Asked Dec 09 '14 at 23:05

Active Dec 09 '14 at 23:05

Viewed 492 times

I got a controller named FileRecord, it can be accessed from two different paths

From a User with Role Admin

/customers/:customer_id/record_types/:record_type_id/file_records

From a Common User

record_types/:record_type_id/file_records

Is there a way to block access to admin to the route of the common user and viceversa?

Thanks

asked Dec 09 '14 at 23:05

jupazave

define an ability that forbids the certain user from the actions you don't wan't them to view, for example if a user is the only one able to view his record files... then add this to his ability ex `can :manage FileRecord, owner_id: user.id` assuming that your `FileRecord` model has a `owner_id` filed that maps to the owner of the file – a14m Jan 12 '15 at 00:19

0 Answers0