Complex conditions in CanCanCan can method

Question

If I have user,client and request models as follows:

#user.rb


#client.rb
has_one :user
has_many :requests

#request.rb
belongs_to :client

I use user model for CanCanCan authentication. Inside ability class i want to specify ability for client. I want to user to allow read,update only for requests that belong to him. Her is what i try:

def client
  can [:read,:update], [Request], ['client_id = ?', user.client_id] do |client|
      ......something here
  end
end

score 1 · Answer 1 · answered Jun 22 '15 at 06:46

1

can [:read, :update], Request, :client_id => user.id

answered Jun 22 '15 at 06:46

max

96,212
14
104
165

score 1 · Answer 2 · answered Jun 22 '15 at 07:08

1

here is the simplest option:

can [:read, :update], Request, :client_id => user.id

if you have more complex abilities than this then you can do:

can [:read, :update], Request do |request|
  request.client_id == user.id
end

answered Jun 22 '15 at 07:08

Abdul Baig

3,683
3
21
48

Complex conditions in CanCanCan can method

2 Answers2