How to share access to records in rails_admin?

There is a model with tasks. Pliz tell me how to allow edit only their own tasks and other people to ban. There are two models, admin and user.
June 10th 19 at 14:49
1 answer
June 10th 19 at 14:51
Solution
I used for similar tasks gem pundit
And here is a Policy Object:
class CommentPolicy
 attr_reader :user, :comment

 def initialize(user, comment)
 @user = user
 @comment = comment
end

 def update?
owner?
end

 def destroy?
owner?
end

private

 def owner?
 comment.user == user
end
end
Thanks, now I understand, it is necessary to add the field owner of type user in the model assignment? - elliott.Cronin commented on June 10th 19 at 14:54
If you currently have users and tasks are not connected, then Yes, you need through migration to add to the jobs table, the attribute for the communication between the user and the tasks. Also don't forget to declare the relationship in the models. - andre commented on June 10th 19 at 14:57
Here's what I did:
the new migration
class AddUserIdToTasks < ActiveRecord::Migration[5.1]
 def change
 add_reference :tasks, :user, foreign_key: true
end
end

in the model tasks belongs_to :user
in the model users has_many :tasks MB to need something else to choose, and I doubt has_many
in the controller tasks added authorize @task in the methods index, new, create, destroy (in method edit also necessary?)
ApplicationPolicy
class ApplicationPolicy
 attr_reader :user, :record

 def initialize(user, record)
 raise Pundit::NotAuthorizedError, "must be logged in" unless user
 @user = user
 @record = record
end

 def index?
false
end

 def show?
 scope.where(:id => record.id).exists?
end

 def create?
false
end

 def new?
create?
end

 def update?
owner?
end

 def edit?
owner?
end

 def destroy?
owner?
end


 def owner?
 task.user == user
end

 def scope
 Pundit.policy_scope!(user, record.class)
end

 class Scope
 attr_reader :user, :scope

 def initialize(user, scope)
 @user = user
 @scope = scope
end

 def resolve
scope
end
end
end

TaskPolicy
class TaskPolicy < ApplicationPolicy
 def index?
true
end

 def create?
user.present?
end

 def update?
 return true if user.present? && user == task.user
end

 def destroy?
 return true if user.present? && user == task.user
end

private

 def article
record
end
end


but still does not work properly ...
for example, added a selection box of users when creating a new task. That would remove the need to add some method current_user? Oh and there are minor inaccuracies in what I have yet to enter - elliott.Cronin commented on June 10th 19 at 15:00
In the documentation of rails_admin read how to configure the view model to a user field to hide. and in the controller create the model so the current_user.tasks.build(task_params) - andre commented on June 10th 19 at 15:03
that is , in the index controller to do so ?
def index
 #@task = Task.all
current_user.tasks.build(task_params)
 authorize @task
 end


then it will be necessary in task_params to add parameter with user id? - elliott.Cronin commented on June 10th 19 at 15:06
Try to raise and see how I was doing:
Github - andre commented on June 10th 19 at 15:09
OK , now dig deeper - elliott.Cronin commented on June 10th 19 at 15:12

Find more questions by tags Ruby gemsRuby on Rails