I have model called Person. It has two child models Admin and Owner.
I have created rails_admin dashboard with multiple models with associations.
I have added devise to Person, that is why Admin and Owner can log in to my dashboard.
I have added authorization with cancan and defined their abilities. Admin can manage everything while Owner can manage his own data.
Now here is the problem. When Owner logs in and tries to edit himself, he need to write his own password and that is good.
However, when admin logs in and tries to edit Owner, it asks to write password of Owner.
How to exclude some fileds in actions, depending on who is now changing it?
I though to use current_person which is logged in mby devise, but how to get it when my rails_admin do /* my code */ end is placed inside my models code?
Here is one way to hide password field so only user editing his/her record can see it.
edit do
include_all_fields
[:password, :password_confirmation].each do |f|
field f do
visible do
bindings[:object].id == bindings[:view].current_user.id
end
end
end
end
You could create a custom action to reset password restricted only to Admins.