Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
7
votes
2 answers

How do I use cancan to authorize an array of resources?

I have a non-restful controller that I am trying to use the cancan authorize! method to apply permissions to. I have a delete_multiple action that starts like so def delete_multiple @invoices =…
brad
  • 9,573
  • 12
  • 62
  • 89
7
votes
1 answer

CanCan custom actions not working with blocks

I'm changing some of my custom CanCan actions in the Ability class to use blocks instead of just a hash but now they've stopped actually restricting access. The odd thing is that the built in actions like :manage and :create, etc. seem to still be…
Matt
  • 337
  • 3
  • 15
7
votes
2 answers

CanCan error 'undefined method role?' with Devise

Hey I hope you can help me: I was going through this tutorial http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/ and I did every step by step. I wasnt quite sure where to put the…
daniel
  • 3,105
  • 4
  • 39
  • 48
7
votes
3 answers

CanCan - Access denied - Way to make CanCan Specify in the LOG Why?

I'm working to implement CanCan. For some reason CanCan keeps giving me Access Denied when I try to get specific about model permissions. And I can't figure out why. Is there a way to get CanCan to be specific, perhaps in the logs or in development…
AnApprentice
  • 108,152
  • 195
  • 629
  • 1,012
7
votes
0 answers

How to resolve record not found error using cancan load_and_authorize_resource :product , :through => :current_user

I have a controller where I have load_and_authorize_resource :product ,:through => :current_user ... def set_user_product @user_product = User::Product.find_by_id(params[:id]) end My ability.rb file contain can :edit, User::Product do…
Braham Shakti
  • 1,408
  • 4
  • 22
  • 39
7
votes
2 answers

Rails_admin: Should I have admin_user or user with admin role to manage users and admin panel

In my rails application website visitors can sign up and create content. It uses devise with user model and everything works well. Now I want to use rails_admin for managing website resources and users etc and only people with administrative…
lightsaber
  • 1,481
  • 18
  • 37
7
votes
2 answers

Rails: Using CanCan to define multiple roles depending on instances of single Model?

I'm currently stuck on how to separate roles for CanCan depending on each condition that we want. In our application, there are many categories (such as math, english, history, etc.) and within each are many courses. Each user can have many…
kibaekr
  • 1,319
  • 1
  • 21
  • 38
7
votes
4 answers

Rails4 authorization strategies

When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem. I can't shake the feeling that this approach…
8bithero
  • 1,474
  • 1
  • 18
  • 23
7
votes
3 answers

ActiveAdmin with CanCanAdapter causing infinite redirect on dashboard

When using the CanCan adapter in ActiveAdmin 0.6.0. I have a resource working and authorization is working. However, when I go to /admin, the root ActiveAdmin page, it redirects to /admin and continues this forever.
Robin Daugherty
  • 7,115
  • 4
  • 45
  • 59
7
votes
1 answer

Activeadmin can can authorization error

Getting following error on calling controller.load_and_authorize_resource protected method `authorize!' called for # This is happening right after the bundle update. Gem file contains the following entry, gem…
maximus ツ
  • 7,949
  • 3
  • 25
  • 54
7
votes
1 answer

RoR | Devise redirect loop because of cancan authorize

Hers is my application.rb class ApplicationController < ActionController::Base protect_from_forgery rescue_from CanCan::AccessDenied do |exception| flash[:error] = "You must first login to view this page" session[:user_return_to] =…
Polygon Pusher
  • 2,865
  • 2
  • 27
  • 32
6
votes
4 answers

Rails 3 ActiveAdmin CanCan. How to setup that User should only see records that belong to him?

I setup admin_users that belongs to a customer class (Customer is a company). So Customer has many admin_users. I'm trying to restrict access to Shipment records that belongs to a certain customer. I don't want customers watching other customers…
leonel
  • 10,106
  • 21
  • 85
  • 129
6
votes
3 answers

Getting Cancan's load_and_authorize_resource working within a custom create action

Trying to set up Cancan within an app of mine and having trouble with my PostsController. In a nutshell, when a Post is created I'd like it associated with the current_user so my create action looks something like this: class PostsController <…
Meltemi
  • 37,979
  • 50
  • 195
  • 293
6
votes
1 answer

Have CanCan use Active Admin user?

I'm using Devise and CanCan for authorization on the frontend of a Rails 3 app. I also have Active Admin as the interface for the backend. I'm trying to create different roles for admins in the backend. Both ends have a login form that uses…
Brady
  • 121
  • 1
  • 2
6
votes
2 answers

How to set up a typical users HABTM roles relationship

I'm quite new to this and I'm using cancan + devise for my user auth. However I'm not really sure what it means to set up a typical users HABTM roles relationship nor do I really understand what a HABTM relationship is. Can anyone explain it really…
Vasseurth
  • 6,354
  • 12
  • 53
  • 81
1 2 3
93 94