Cancancan ActiveAdmin: skip authorization for :create

Question

I'm using Cancancan for authorization in ActiveAdmin. Everything work fine except the :create. When create a new admin, cancancan will check is admin_user.id = id. However, ActiveAdmin make id = nil, so I can't create a new admin.

  include CanCan::Ability

  def initialize(admin_user)
    can :manage, AdminUser, id: admin_user.id
    ....

  end
end 

My solution is everyone can skip authorization for create. My application controller:

class ApplicationController < ActionController::Base
  load_and_authorize_resource 
  skip_authorize_resource :only => :new  
end 

but it does nothing. Please help!

Answer 1

You can specify what actions need authorization like this...

def initialize(admin_user)
  can [:edit, :destroy], AdminUser, id: admin_user.id
end

Just replace/add to [:edit, :destroy] with whatever actions you need that authorization for.

If you want all admin users to be able to perform an action on AdminUser...

can :some_action, AdminUser