I'm using Devise for the first time with my Rails 4 project and I am trying to figure out how to lock down ownership of models to certain users.
For example, if a user creates a model only that user should be able to do the following to it,
So basically all crud actions should be restricted to the user who owns the model.
How would you you go about implementing ownership in a DRY idiomatic manner? It seems like I could do a check in the controller to see if the user owns the current object, but then if the object is used by another controller or used as part of a nested update I have to reimplement the logic, but it doesn't seem right for the model to have access to the current user.
I would check out the gem cancan, it assigns permissions to users, so if a user has a role of an owner is has the permissions for all the CRUD actions
RailsApp has an example, albeit in rails 3.2, https://github.com/RailsApps/rails3-bootstrap-devise-cancan, that uses devise and cancan
Hope this helps