Rails: editable/non-editable field depending on user permissions
I'd like to display a single form in which each user can edit different fields.
Currently, the code looks like this:
<% if can? :update, item %>
` <%= f.text_field :title %>
<% else %>
<%=h f.object.title %>
<% end %>
I can package this in a series of helpers (one for each field type) but I also have to check in the controller whether the user can update all submitted fields (in case a malicious user tries to submit fields he is not authorized for).
Is there a cleaner pattern in rails for this type of 开发者_运维百科task? Ideally, I would like to define these access permissions in the model and have the changes propagate to controller and view.
Edit:
Using the readonly
tag is not a viable option; It doesn't take care of validations and replaces the view logic with lots of CSS. Not the best trade-off.
You can make them readonly
<%= f.text_field :title, :readonly=> (can? :update, item)? true : false %>
Take a look at the acl9 plugin for authorization .
I dont belive theres any way to solve this with a plugin, the only option would be to change the controller code to:
@model=Model.new
@model.field = params[:model][:field] if can? ....
@model.save
精彩评论