If using Pundit for authorization in a Blog app, Devise for Authentication with different user tables for User and Admin, how can a Policy for Posts be implemented where:
- Users can update their own posts
- Admins can update anyone's post
In the examples I've seen online, there does not seem to be a provision for handling multiple user tables such as Admin and User.
Having a UserPolicy and AdminPolicy that are specific to their respective tables is straightforward, but how does the PostPolicy implement a feature something like:
def initialize(COULD BE A USER OR ADMIN, scope)
@user = USER OR ADMIN
@scope = scope
end
def update?
return true if user is either resource.user or ANY ADMIN
end