Nested routing and authorization using CanCanCan in Rails

Asked Aug 24 '15 at 13:17

Active Aug 24 '15 at 13:17

Viewed 252 times

There is the following routing:

resources :accounts, only: [:update] do
  get 'search', on: :collection
  resources :transactions, only: [:create]
end

Abilities:

  can [:update, :search], Account
  can [:create, :index], Transaction

Controller:

# Web API controller for actions on Transaction
class Api::V1::Web::TransactionsController < Api::V1::Web::ApplicationController
  load_and_authorize_resource :account
  load_and_authorize_resource :transaction, through: :account

  def create
    render json: params and return
  end
end

When I try to create a new transaction I get an error:

CanCan::AccessDenied
  in Api::V1::Web::TransactionsController#create

What am I doing wrong? How can I fix it? Thanks in advance.

asked Aug 24 '15 at 13:17

malcoauri

11,904
28
82
137

Nested routing and authorization using CanCanCan in Rails

0 Answers0