If I’ve got a simple rails user model that has an array of roles,

Question

0

Asked: June 14, 20262026-06-14T22:36:36+00:00 2026-06-14T22:36:36+00:00

If I’ve got a simple rails user model that has an array of roles,

0

If I’ve got a simple rails user model that has an array of roles, is it sufficient enough to control access to actions by simply checking the model’s role attribute for that role and blocking/proceeding accordingly?

Is there an advanced system that I ought to leverage due to unforeseen complexity?

Important: I’m not looking to authorize users/roles to models (I am already aware of CanCan). I’m looking to do security at the controller level so that I can break out the functionality in finer detail.

Even more important: Seriously, I’m not necessarily asking about CanCan, please read the question carefully and pay attention! 🙂

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T22:36:37+00:00

Question 1: YES, Question 2: NO.

I just keep this simple

If you check the models attribute in the controller, the controller will restrict all users that do not have this attribute set.

ex:

def create
  @user.find(params[:user_id]) 
  if @user.admin?
  @post.new(params[:post]) 
  @post.create!
  end
end

make a method in the user model

def admin?
  role == "Admin"
end

You should make better code than this. To much logic in the controller, but this will keep all, except admins out.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If I’ve got a simple rails user model that has an array of roles,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply