0

I'm using Rails 2.3.11 with cancan 1.1.
I want to add a new role that would allow the user to create/edit 'publications' and create/edit 'articles' in those 'publications' that belong to one specific Organization. As I mentioned, I could not try all the new examples in the doc due to the fact that I'm running the older cancan 1.1. This is an example of what I tried in Ability.rb:

class Ability
  include CanCan::Ability

  #additional roles require changes be made to config/environment.rb ROLES constant 
  def initialize(user)
    user ||= User.new # Guest user

    # Multirole environment

    if user.role? :admin
      can :manage, :all
      can :archive, Article
      can :review, Article
    end
   #several other roles ...

   #This is not working...I'm specify the organization that I want the super_user to be able to create and edit for

   if user.role? :super_user
     can [:create, :edit], Publication, :organization_id => 21
     can [:create, :edit], Article, :organization_id => 21  
   end

I have the following three models:

class Organization < ActiveRecord::Base
  #validations here

  has_many :publications, :dependent => :destroy
  has_many :articles, :through => :publications
end

class Publication < ActiveRecord::Base
  #validations here  
  has_many :articles, :dependent => :destroy

end

class Article < ActiveRecord::Base
  #validations here ...

  belongs_to :publication
  validates_associated :publication
  #...

end

Thank you for any suggestions.

Alkindi
  • 45
  • 8
  • y not update cancan also when you specific not working does are you actually getting error or the authorization is not working as expected – Viren Jun 20 '12 at 16:47
  • Thanks for your response. I'm working on migrating the application to Rails 3, but I can't run that in production as of yet. I upgraded cancan to 1.3.4, which is the highest I can run on Rails 2.3.11 I believe. – Alkindi Jun 20 '12 at 19:05
  • when you specific not working does are you actually getting error or the authorization is not working as expected – Viren Jun 20 '12 at 19:13
  • The authorization is working, but not restricted by the Organization_id. So the new role gives super_user access to create any publication regardless of Organization. I tried to follow this example from cancan wiki 'can :read, Project, :category => { :visible => true }' which looks similar except in my case I'm using id instead of a boolean. – Alkindi Jun 21 '12 at 02:29
  • ok so did you authorize your article and publication object in your controller action `create` and `edit` something like this `authorize! :create,@article` and `aurhorize! :edit,@article` same thing for publication as well – Viren Jun 21 '12 at 05:59
  • I'm using load_and_authorize_resource instead. I've used cancan with devise on this application for a while now, and I already have a role that creates/edit publication and article but without condition. So, I 'm pretty sure the problem is in how I'm setting the restriction in Ability.rb. I'm thinking may be the way I'm using the agency_id is not correct. – Alkindi Jun 21 '12 at 18:50
  • We've been using cancan with load_and_authorize_resource in production for a long time and all of the roles work perfectly. So for example the role "can :create, Article" works fine. It's when I'm trying to restrict this role to just the Organization it belongs to that I'm having problems. – Alkindi Jun 22 '12 at 14:47
  • I'm not sure what to say cuz i have done the exact same thing and it work.but i guess I using cancan 1.6.7 probably it would be nice if you can update cancan and then see if it work mean while i will downgrade my cancan and see it it works – Viren Jun 24 '12 at 14:05
  • Thanks Viren. I appreciate giving that a try. The only reason I haven't upgraded to a more recent version is because I'm still running Rails 2.3.11. I already have a git branch for that, but I wish it was that easy to just roll Rails 3.x out. In the meantime, I will keep trying to find why this is not working for me when it looks like it should. Thanks. – Alkindi Jun 25 '12 at 02:09
  • I have already suggested you this and I guess you had already tried too but still If this help you in any sort would b great `http://stackoverflow.com/questions/11190259/if-questions-with-devise-and-rails/11190644#11190644` – Viren Jun 26 '12 at 04:00

0 Answers0