Geek Answers Handbook

One controller, different views for ordinary users and administrators

in my application, I have a User model. Each user can have several addresses (email addresses) that are defined in the Address model:

Class User < ActiveRecord::Base has_many :addresses def is_authorized(op) # returns true or false end def is_owned_by(user) # returns true or false end end Class Address < ActiveRecord::Base belongs_to :user end

Inside the AddressController class, the current registered user is available in the instance variable "@user". The controller prevents ordinary users from editing, deleting, viewing, etc. Addresses that do not belong to them, but it allows the administrative user to edit them. The AddressController class can query for the AddressModel if the user who is currently logged on is a regular or superuser.

All this works great, and the database updates are performed as expected, however I would really like to have different HTML views depending on the mode of operation. I can only think of two ways to achieve this:

  • Make the operation mode (normal / privileged) known in the AddressController class (using an instance variable, for example @privileged), and use the "if" operator in the view.
  • Use something like "after_filter" in the address controller to display a different layout.

If you can display the results of one controller in two completely different layouts, depending on the mode of operation, what is a good way to achieve this?

Thanks in advance Stefan

+6
ruby-on-rails actionview actioncontroller
source share
5 answers

You can specify which view to use to display the result of an action in the action itself. You can also specify which layout to use, too. So for example:

 def my_action if @user.is_authorised(...) render :action => 'admin_action', :layout => 'admin' else render :action => 'non_admin_action', :layout => 'non_admin' end end

This will display either admin_action.html.erb or non_admin_action.html.erb depending on the return value from is_authorised . Option :layout , er, optional, and refers to the layout in the views / layouts. There are various other options for invoking rendering, which you can find in the documentation for rendering .

+9
source share

You can specify the location of the view for this particular controller or the entire application in the application controller:

 class SomeController < ApplicationController layout :set_layout def set_layout @user.is_authorized(...) ? "privileged_layout" : "normal_layout" end ... end

You can try to understand this here: http://guides.rubyonrails.org/layouts_and_rendering.html#using-render , under 2.2.12 Search for layouts

Hope this helps =)

+6
source share

You can simply call the render method manually at the end of your controller action:

 if @privileged render :action => 'show_privileged' else render :action => 'show' end

This will display app/views/myview/show_privileged.html.erb or app/views/myview/show.html.erb . Alternatively, you can use the :template parameter to provide an explicit template file to the rendering method.

+3
source share

If this is the only controller in your application where you are, if / otherwise, all over the place, which is probably good. If you start doing this type of logic everywhere, that should tell you that you do too much right away.

The answer you accepted (this works fine!) Has a different layout and a different view, for me, that says the controller does too much - I would split it into an administrator controller.

+2
source share

You must put administrative actions in the administrator namespace and restrict it. Create a directory called admin in the controller directory and add _application_controller.rb_ there:

 class Admin::ApplicationController < ApplicationController before_filter :check_authorized private def check_authorized? if !logged_in? || !current_user.admin? flash[:notice] = "You've been very bad. Go away. redirect_to root_path end end end

Now you can put the controllers in this namespace and make them inherit from Admin::ApplicationController too.

0
source share

More articles:


All Articles