2

How do I get cancancan to check an parameter to see if the user can update?

Controller gets:

Parameters: {"offer"=>{"revoked"=>"1", "user_id"=>"14"}, "id"=>"53"}

ability.rb:

can :update, Controller, :user_id => user.id
cannot :update, Controller, { :revoked => nil }

controller code:

@offer.update(params)

This is giving me a Cancancan error saying that the user is not authorized. I think I need to specify that :revoked is inside the offer hash, but I can't figure out the correct code for that.

Denise Mauldin
  • 5,397
  • 5
  • 32
  • 51

1 Answers1

4

How to change what the Ability class can access:

https://github.com/ryanb/cancan/wiki/Accessing-Request-Data

Or how to pass params into the Ability class more specifically for your purposes:

https://stackoverflow.com/a/9472881/4880924

# CanCan - pass params in to Ability
# https://github.com/ryanb/cancan/issues/133
def current_ability
    @current_ability ||= Ability.new(current_user, params)
end

Then it's a matter of simply accessing the relevant part of the params and checking whether it passes.

Community
  • 1
  • 1
BenKoshy
  • 33,477
  • 14
  • 111
  • 80