Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
10
votes
1 answer

How to use CanCan with gem controllers?

I've spent a while trying figure out the best way to authorize a controller that's from a gem with CanCan. I'm specifically using Comfortable Mexican Sofa. I have it all setup with Devise and CanCan but having trouble authorizing specific…
nick
  • 610
  • 5
  • 12
10
votes
2 answers

Why is Pundit not coupled with Rolify like CanCanCan is?

I am using Devise and interested in using Pundit but cannot find much on if it should be integrating with Rolify or if it is stand alone. CanCanCan works nicely with Rolify and I like the roles model. Am I missing a major reason why Pundit and…
MicFin
  • 2,431
  • 4
  • 32
  • 59
9
votes
3 answers

Admin Authorization with CanCan

A have a bunch of controllers with the Admin namespace. I want to restrict access to these unless the user is an admin. Is there a way to do this using CanCan without having to call unauthorized! in every method of every controller?
Kyle Decot
  • 20,715
  • 39
  • 142
  • 263
9
votes
2 answers

Rspec controller error expecting <"index"> but rendering with <"">

New to testing, I'm struggling to get some controller tests to pass. The following controller test throws the error: expecting <"index"> but rendering with <""> I have the following in one of my controller specs: require 'spec_helper' …
simonmorley
  • 2,810
  • 4
  • 30
  • 61
9
votes
5 answers

CanCan gem for MVC .NET

I am looking for NuGet package that provides similar functionality as the CanCan gem in rails ( https://github.com/ryanb/cancan ). Does anyone know a plugin that provides a similar functionality? Or a simple way to implement this? Thanks
Karan
  • 14,824
  • 24
  • 91
  • 157
8
votes
3 answers

Passing params to CanCan in RoR

I have a controller with a method like; def show if params[:format].eql?("pdf") // do something elsif params[:format].eql?("csv") // do something end end But i have users with different roles. So i use CanCan to manage access…
Çağdaş
  • 993
  • 1
  • 12
  • 33
8
votes
2 answers

How do you deal with a :create permission in cancan that's defined by the parent object?

Let's say you're writing the software for Blogger. Each user can create a blog post only if they are the owner of the blog. CanCan would normally define an ability check in this circumstance as: user.can? :create, Post However the user can only…
Peter Nixey
  • 16,187
  • 14
  • 79
  • 133
8
votes
1 answer

Rails cancan authorizing nested resources

I have Projects resource which is nested in Users resource. My Cancan Ability class is: class Ability include CanCan::Ability def initialize(user) #everyone can :read, Project if user.blank? # guest user ... else …
David Senkus
  • 280
  • 2
  • 11
8
votes
1 answer

How to use Devise/CanCan to protect mounted Engine resources?

I have an engine mounted to my main app and I want to protect certain controllers and actions within that engine. The engine is mounted with: mount SomeEngine::Engine => '/some_engine' Devise/CanCan is working with the rest of the main app's…
Zhao Li
  • 4,936
  • 8
  • 33
  • 51
8
votes
2 answers

CanCan - How to allow users to update and delete only their own objects

I've started a Rails application with Devise and CanCan. I have users which has a one-to-many relationship to articles. I'm new to CanCan, here's what I'm planning to do: Admin can do any action on articles Logged in user can read and create…
gerky
  • 6,267
  • 11
  • 55
  • 82
7
votes
1 answer

Reducing the load of ability.rb in cancan

I have a large ability file that decides what exactly users can do by searching from a table of 'Roles'. Each role corresponds to something a particular user can do, for example, being able to add a project or being able to edit the main company…
sscirrus
  • 55,407
  • 41
  • 135
  • 228
7
votes
1 answer

Context aware authorization using CanCan

I want to use CanCan to handle my permissions. My site has many different permissions levels, and most of them are context aware. For instance, Here are the relations in my 3 main models: class User < ActiveRecord::Base has_many :league_relations …
Max
  • 15,157
  • 17
  • 82
  • 127
7
votes
2 answers

How can I allow a user to only visit their own show page using cancan?

I've been going through the railscast on using the cancan gem but am stuck on how to only allow a user to visit their own show page. My code looks like this: Ability model class Ability include CanCan::Ability def initialize(user) user ||=…
Dave
  • 1,175
  • 2
  • 21
  • 49
7
votes
2 answers

How to do pagination with cancan?

I'm looking to do pagination with cancan however it's not obvious how to integrate this with gems such as will_paginate. Ideally cancan's load_resource will delegate to will_paginate and add extra conditions. For example in cancan I've declared…
bradgonesurfing
  • 30,949
  • 17
  • 114
  • 217
7
votes
2 answers

How to access 'can?' method from within cell?

I'm using cancan and cells gems in my ruby-on-rails project. How to access can? method from within cell? Thanks.
Максим Дмитриев
  • 71
  • 2
1 2
3
93 94