Building a rails B2B application that will have various users. I’m pretty clear on restricting access for internal staff using Devise and CanCan but I want to be able to give suppliers and customers their own login as well. Customer will be fairly simple, however, I want to ensure the supplier (label) login enables them to view and amend their own product and sales data only.
The model is roughly:
User (as setup by Devise)
Label [has_many releases]
Release [belongs_to label / has_many products]
Product [belongs_release / has_many tracks]
Track [belongs_product]
I’m guessing I could add in a label_id field on the user model and associate that way but I need internal users (and customers) to have access to view all label data. I also need to allow a label to have many users.
Would it simply be a case of defining a ‘label’ role via Cancan that enforces the use of a label_id in the the views? If that’s the correct approach how do I then lock down the content to that label_id in my controllers/views? Role based if statements?
Thanks in advance!
What you’d first have to do is define some CanCan roles, like supplier, customer and staff, and then create an interstitial controller to handle the forking:
Then in your
routes.rbfile you can send users to either the root or index action of your controller by first sending them toCheckingController#indexwhich will redirect based on your CanCan roles.