Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
6
votes
3 answers

Java authorization library like "CanCan" for Ruby on Rails

Everyone I was wondering if anyone knows of any Java libraries that are similar to or offer the same functionality as CanCan (Ruby on Rails). Would love to know your experiences with them if any. CanCan is an authorization library for Ruby on…
Mark Ellul
  • 1,906
  • 3
  • 26
  • 37
6
votes
2 answers

Cannot test with rspec controller POST create action( devise and cancan)

I am having difficulty getting a rspec test for a controller to pass. I would like to test that the POST create action works. I am using rails (3.0.3), cancan (1.4.1), devise (1.1.5), rspec (2.3.0) The model is dead simple class Account <…
Dimitris
  • 2,501
  • 3
  • 21
  • 28
6
votes
3 answers

cancancan authorize_resource not working as expected

I am getting an unexpected behaviour for a simple cancancan authorization. ability.rb class Ability include CanCan::Ability def initialize(user) # Define abilities for the passed in user here. For example: # user ||= User.new #…
Augusto Samamé Barrientos
  • 1,314
  • 14
  • 36
6
votes
3 answers

How do I specify a custom exception message from my ability.rb?

In my ability.rb, I have the following rule: elsif user.has_role? :demo can :read, Profile, demo_featured: true, demo_linked: true, message: "To access this profile, please subscribe here." But that doesn't produce the message I want. How do I…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
6
votes
4 answers

How do I setup my CanCanCan permissions correctly?

I am a little confused about how to configure CanCanCan properly. For starters, do I have to add load_and_authorize_resource to every controller resource I want to restrict access to? This is what I would like to do: Admin can manage and access all…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
6
votes
2 answers

What's the point of Rolify and CanCan?

I'm working on a RoR project and I'm a little confused about this new gem that was recommended for my purposes, Rolify. As I understand it, rolify does pretty much the same thing as CanCan except it persists abilities (roles for rolify) to the…
Dylan Karr
  • 3,304
  • 4
  • 19
  • 29
6
votes
2 answers

CanCan and polymorphic associations (Eager Loading error)

I'm trying to define a user's ability to access something based on a column on an associated model (so something like can :read, Step, 'steppable' => {published: true}), the problem is that it's a polymorphic association so it can't find the…
mattangriffel
  • 819
  • 1
  • 7
  • 18
6
votes
2 answers

Rails: Using CanCan to assign multiple roles to Users for each organization they belong to?

A User can belong to many Organizations. I would like User to be able to be assigned different roles/authorizations for each of the organization it belongs to. For example, user "kevin" may belong to organization "stackoverflow" and "facebook."…
kibaekr
  • 1,319
  • 1
  • 21
  • 38
6
votes
4 answers

Is it possible to use cancan with two ability class

I'm using rails 3.0.9, cancan 1.6.7 and devise 1.4.8 I'm using two devise models(User and Admin) for different log-in and registration process So I want to divide the abilities depend upon the logged-in user(resource), because there are more…
nishanthan
  • 460
  • 1
  • 5
  • 19
6
votes
3 answers

CanCan: load_and_authorize_resource in namespace other than that of MainApp

I'm using CanCan for permissions in my Rails application in which I have built my own engine for some generic form functionality. I would like to lock down permissions in my system so that users cannot freely access my engine controllers' actions.…
Chiubaka
  • 801
  • 2
  • 11
  • 27
6
votes
1 answer

Using Devise/Cancan/Rolify together

I'm trying to set up an authorization/authentication system, and I'm getting confused, so I have a couple of questions: In a lot of tutorials, people set up a user/role HABTM relationship. I get that this allows for each user to have multiple…
kli216
  • 75
  • 1
  • 4
6
votes
1 answer

RecordNotFound raised when using find_by_id to get non-existent record in RSpec

I've written this spec in products_controller_spec.rb, that is intended to test a redirect when destroy is called on a non-existent record: it "deleting a non-existent product should redirect to the user's profile page with a flash error" do …
theflyingbrush
  • 248
  • 2
  • 10
5
votes
2 answers

Ruby on Rails: CanCan and static pages

I am using CanCan 2.0 gem for authorization and high_voltage gem for static pages. In my routes.rb file I have: match 'about' => 'high_voltage/pages#show', id: 'about' And I want to make it public in my ability.rb file, but none of these two lines…
krn
  • 6,715
  • 14
  • 59
  • 82
5
votes
3 answers

Accessing main app's CanCan rules from within Rails 3.1 engine

I am trying to use a Forem gem which happens to utilise CanCan authorisation framework as well as my main application. Both the main application and Rails Engine have their own ability.rb files. The problem happens in the layout, when I am trying…
alexs333
  • 12,143
  • 11
  • 51
  • 89
5
votes
1 answer

How do I properly test CanCan abilities with RSpec

I am testing CanCan abilities for the first time and am stumped. I'm missing something...even if I return false/true inside of the can :invite_to block I am still not getting passing specs. Am I missing using the CanCan matchers? or stubs? or…
Eric M.
  • 5,399
  • 6
  • 41
  • 67
1 2 3
93 94