5

I having quite a bit of troubling getting cancan to authorize my new routes setup below: 

namespace :api do
namespace :v1 do
  resources :users do
    resources :user_songs
    resources :friendships
    resources :plays
    resources :likes
    resources :songs

I have followed what was posted here https://github.com/ryanb/cancan/wiki/Nested-Resources and tested it with the likes controller by putting this above: 

class Api::V1::LikesController < Api::V1::BaseController

load_and_authorize_resource :user
load_and_authorize_resource :like, :through => :user

Using a can :access, :all in ability.rb works but anything else I have tried to limit is has not for example: 

can :access, :likes
can :access, Like
can :access, :users
can :access, User
can :access, [:"users/likes", :users_likes]

I am not too sure if the blame is because of the namespace routes or not. Any guidance would be extremely appreciated!

nvd
  • 322
  • 3
  • 9

1 Answers1

5

Found out the answer: It was the namespace after all, it just needed a

can :access, "api/v1/likes"

nvd
  • 322
  • 3
  • 9
  • Seems like this only works for get requests and not post requests added can :create, "api/v1/likes" to see if it mattered and it didn't make a difference. – nvd Sep 10 '12 at 16:49
  • Figured it out needed a can :access, :likes right below it for it to work. – nvd Oct 01 '12 at 19:05
  • 1
    There was a bug with this, but it's been [fixed in 1.6.10](https://github.com/ryanb/cancan/pull/675) – Jared Beck Jun 02 '13 at 17:44