CanCan and InheritedResources: load and authorize resource through a singleton resource without ID param in the URL

Question

My users can define their own vocabularies.

class User < ActiveRecord::Base
  has_many :vocabularies
end

class Vocabulary < ActiveRecord::Base
  belongs_to :user
end

Routes:

resource :user do
  resources :vocabularies
end

Now I want to use CanCan to load and authorize the vocabulary resource through the loaded user resource in the CategoriesController, but I'm pretty unsure how to configure CanCan correctly.

One thing is that I don't pass the user's ID through the URL params, so I have to tell CanCan somehow manually how to load the user. My guess is that I can simply do a through: :current_user. And because it is a singleton resource, I think I will have to pass the singleton: true option:

class VocabulariesController < ApplicationController
  inherit_resources
  belongs_to :current_user # Is this correct?
  load_and_authorize_resource through: :current_user, singleton: true
end

But when trying to access user/vocabularies, I'm getting a Couldn't find Vocabulary without an ID error. And user/vocabularies/new results in undefined methodcurrent_user=' for #`. No idea where's the problem, is it CanCan? InheritedResources? Misconfig?

Personally I'd ditch CanCan. Have used it and other gems in the past but these days find it far simpler to code up a simple permissions class. — dmcnally, Mar 04 '14 at 09:47
I find it very convenient, and the CanCanCan project has taken care of maintaining the gem while Ryan Bates cures from burn out. — Joshua Muheim, Mar 05 '14 at 17:21

CanCan and InheritedResources: load and authorize resource through a singleton resource without ID param in the URL

0 Answers0