Geek asks and answers

Authentication and Authorization in Rails Engine

I am trying to extract a blog model and controller from a Rails application. I have a Rails Engine called Blog, and I'm going to install it on the /blogmain application track .

In my engine Blog, I have PostsControllerone that has the usual CRUD actions. The problem is that I want to use authentication methods from the main rails application.

# app/controllers/blog/posts_controller.rb
module Blog
  class PostsController < ApplicationController
    # Basically I want to have access to the require_login method
    # from the main app.
    before_filter :require_login, only: [:new, :create]

    def new
      @post = Post.new
      authorize! :create, Post
    end
  end
end

And I need access to the User model so that I can check CanCan for authorization. For example, only administrators can create blog entries.

# app/models/blog/ability.rb
module Blog
  class Ability
    include CanCan::Ability

    def initialize(user)
      user ||= User.new

      # The user.admin? method is defined on the User class
      # from the main rails app.
      if user.admin?
        can [:create, :update], Post
      end
    end
  end
end

Is there any way to accomplish these things?

+3
source share

More articles:


All Articles