Skip to content

Latest commit

 

History

History
34 lines (25 loc) · 909 Bytes

Ability-for-Other-Users.md

File metadata and controls

34 lines (25 loc) · 909 Bytes

What if you want to determine the abilities of a User record that is not the current_user? Maybe we want to see if another user can update an article.

some_user.ability.can? :update, @article

You can easily add an ability method in the User model.

def ability
  @ability ||= Ability.new(self)
end

I also recommend adding delegation so can? can be called directly from the user.

class User < ActiveRecord::Base
  delegate :can?, :cannot?, to: :ability
  # ...
end

some_user.can? :update, @article

Finally, if you're using this approach, it's best to override the current_ability method in the ApplicationController so it uses the same method.

def current_ability
  @current_ability ||= current_user.ability
end

The downside of this approach is that [[Accessing Request Data]] is not as easy, so it depends on the needs of your application.