0

I am creating an app where there are many Users and many Organisations.

A user can be in multiple organisations, and within each Organisation they can have a single role. Currently, only 'Organisation Admin' and 'Basic User'. EDIT: For more context, I would like a User to be able to be an Org Admin for Org 1 and a Basic User for Org 2, meaning this user would have different abilities for each Organisation.

Org Admins can add users to the Org, but the way I have abilities set does not currently prevent Basic User's from also doing it.

   ...
   else
      #Can manage Orgs where Role = OrgAdmin
      can :manage, Organisation do |org|
        user.users_roles.where(:organisation_id => org.id).first.role.name == 'Organisation Admin'
      end

      #Can view Orgs where Role = Basic User
      can :read, Organisation do |org|
        user.users_roles.where(:organisation_id => org.id).first.role.name == 'Basic User'
      end

After this, I currently have... 

can :create, User

...which of course, allows anyone to create a User

I require something like 

if can? :manage, @org
  can :create, User 
end

but only for the Org they are OrgAdmin for, so this would prevent a URL change. However, this doesn't work, as any form either return false and prevents any User creation, or return :manage Org as true for everyone to do everything, regardless of role.

Any ideas or pointing in the right direction would be appreciated.

EDIT: Additionally, the way I can created the :manage/:read, Organisation part correctly prevents people from managing/viewing what they shouldn't, but throws up a

undefined method `role' for nil:NilClass

instead of redirecting the user.

Thanks! - Jaliso

Jaliso
  • 21
  • 8

2 Answers2

1

I suggest you to use gem Devise. However you can create a Boolean field in User where you say if each user belongs or not to org Admin. Then you create a controller (a page) that only admins can access where they define the Boolean field created before of each users and so if they belong or not to org Admin. Tell me if I'm not clear.

Lorenzo Camaione
  • 505
  • 3
  • 15
  • I am currently using Devise, and there is an admin field for the user, but this is used for the entire application. I want to allow a user to be an Org Admin for Org 1, and a Basic User for Org 2. If that makes sense? I'll update my question. – Jaliso Jul 29 '15 at 10:05
  • It's a bit complex. However you can create in table users a field called "permission_level" default = 0. Here you say that user whose permission_level = 0 can do something, users with permission_level = 10 can do something else and so on. I hope you can understand me. – Lorenzo Camaione Jul 29 '15 at 11:44
  • Currently, I have Users, and user's have users_roles (user.users_roles), and this includes Role ID, Org ID and User ID, which gives them a role for each Organisation. How would I be able to grant permission levels for multiple Organisations with just 1 field? – Jaliso Jul 29 '15 at 12:16
  • Parameter you have to consider is permission_level, you can change it in each user and use it in controller to say which user can do what. If you already have users_role perhaps you don't need to create the field "permission_level" – Lorenzo Camaione Jul 29 '15 at 12:46
0

you can render differents partial form into the register form: An example:

<%= render partial: 'admin/admin/form', locals: {f: f} if resource.company? %>
<%= render partial: 'admin/agents/form', locals: {f: f} if resource.agent? %>
<%= render partial: 'admin/managers/form', locals: {f: f} if resource.building_manager? %>
Pierangelo Orizio
  • 794
  • 7
  • 16
  • Currently, when a user is created by themselves via Devise sign up, they have no roles and are attached to no organisations. What I am currently doing is creating a user through organisations (/organisations/:id/users/new), then adding that user into the organisation (@organisation.users << current_user) and it is working as intended. My problem is when a user is involved in many organisations, and has 1 role for Org 1 and another for Org 2. – Jaliso Jul 29 '15 at 12:19