5

I am using "check authorization" in the application controller so every action will require a permission. I'm starting with giving me, the superadmin :=], permissions to manage all. I thought manage all would give me access to the whole app without naming a resource.

user model:

  def role?(role)
    roles.include? role.to_s
  end

application controller:

check_authorization

cancan's ability model:

  def initialize(user)
    if user.role? :superadmin
      can :manage, :all
    end
  end

error message:

This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check.

Thank you.

Jay
  • 6,206
  • 11
  • 48
  • 82

1 Answers1

4

As far as I am aware, you're going to need to call authorize_resource in your controller as a before filter so that this works.

Ryan Bigg
  • 106,965
  • 23
  • 235
  • 261
  • I thought that placing "check_authorization" in the application controller negated the need for that... but i am going to give this a shot. Thanks. – Jay Aug 11 '11 at 00:23
  • @Jay :all means every action in your controller... https://github.com/ryanb/cancan/wiki/defining-abilities – Hosemeyer Aug 11 '11 at 01:38
  • @Hosemeyer, thanks for your reference. I may be wrong, but the way i read it, it seems to mean every action in every controller. – Jay Aug 11 '11 at 01:46
  • @Jay it does, are you "load_and_authorize_resource" in each controller? – Hosemeyer Aug 11 '11 at 01:50