Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
0
votes
1 answer

Using CanCan with user_role table in rails3

I have user_role table like this: user_role_id (pk) name (e.g admin) access_one access_two acccess_three and user_table with columns like: user_id (pk) user_role_id (fk) username password I have view to create above users_roles through admin…
Chirag Rupani
  • 1,675
  • 1
  • 17
  • 37
0
votes
2 answers

How to unauthorize User actions when using Device?

I am using Devise and Cancan gems on a Rails 3.1 app. I added several additional columns to User. I managed to define the abilities and they work fine, I can see that it works but I haven't figured out how do I unauthorize actions (such as :update)…
zabumba
  • 12,172
  • 16
  • 72
  • 129
0
votes
1 answer

Use cancan on rails module

Just a very simple question, I have a module inside lib folder in rails. On that module, if we do something like Company.accessible_by(current_ability) we got a name error where current_ability is undefined. Anybody know the solution to this? As…
hudarsono
  • 389
  • 4
  • 19
0
votes
2 answers

Using Devise with CanCan

This might be a bit of a noob question, but I'm asking anyway. So I'm building an app where people make posts. So it's a social network. But I don't want people to be able to edit and delete other's posts. I don't think a role-based system would…
weddingcakes
  • 653
  • 1
  • 7
  • 14
0
votes
1 answer

CanCan with block will give permission to Class?

I have something that looks like this in my ability class def initialize(staff) staff ||= Staff.new can :manage, Store do |store| store.staff_privileges.select(&:owner?).map(&:staff_id).include? staff.id end end I am not sure why…
denniss
  • 17,229
  • 26
  • 92
  • 141
0
votes
1 answer

how to protect a send_file action with cancan

I can't seem to approve authorization for the web_videos_display action. I can make it work by using the skip_authorize_resource but then any user can access the URL for the file by knowing the :id. I need to require access to the asset to "see" the…
T. Weston Kendall
  • 349
  • 6
  • 17
0
votes
1 answer

CanCan is not authorizing a controller action when it will work just fine with accessible_by

I've been struggling with CanCan for the past few days and need some help. My users are supposed to be able to access Contacts they or their team-members create. I set up an ability for that, and it works for collecting data (CanCan limits the…
Jon Lehman
  • 19
  • 6
0
votes
2 answers

How to use Rolify in rails mountable engine in rails 3.2?

I have used cancan and rolify in my rails app. Now i want to use these, atleast rolify in my rails mountable engine(isolated namespace). i tried hard but went in vain. I put role model inside models/myengine/ and models/ also when prior fails. It…
Kundan Pandit
  • 412
  • 6
  • 17
0
votes
1 answer

cancan load_resource for nested resources don't build has_one association

I have an Owner model wich has_one Address, and accepts_nested_attributes for it. When loading a Owner, for the :new action, I expected the :load_resource method to build the association like @owner.build_address, but this don't happen with the code…
Gus
  • 942
  • 9
  • 32
0
votes
1 answer

Filtering a Model's associated collections based on a User's CanCan abilities

Users belong to an organization. Users can view all organizations, but can only view users within their organization. When a user views the organization, I have to add filter logic to the view, so @organizations.users becomes…
Anson
  • 6,575
  • 2
  • 39
  • 33
0
votes
1 answer

Cancan authorize custom module

I have a custom module in my lib directory that I load in my Application controller. I started using cancan and now I am getting Access Denied error for all the actions in my custom module. I don't want cancan to check authorization on my custom…
user1570144
  • 479
  • 3
  • 17
0
votes
2 answers

CanCan and Boolean User Authorization - Security Risk?

For using Multiple "roles" on Users in rails_admin CanCan seems to be a great choice. So I added a Boolean Attribute "admin" to the User-Model and tell CanCan to allow access to rails_admin only if this is present. But isn't this a security issue?…
PascalTurbo
  • 2,189
  • 3
  • 24
  • 41
0
votes
1 answer

CanCan abilities working in application but not in test

I have the following definition in my ability.rb file: can :index, Call, :country_id => user.countries I am trying to only index Calls whose country_id is in current user's countries array. This seems to be working when I try it: It only shows…
Betjamin Richards
  • 1,071
  • 2
  • 12
  • 34
0
votes
1 answer

if cancan access is denied it displays an error page or movie to another page, how to stay on same page?

I have used cancan and i have used rescue_from CanCan::AccessDenied do |exception| flash[:error] = "Access denied!" redirect_to root_url end in my application controller but i want to stay on the same page where i perform that action…
logesh
  • 2,572
  • 4
  • 33
  • 60
0
votes
1 answer

How to implement check boxesd in index view?

I am building an application in which when the user log in as an admin it will have the list of registered users and have four links show,edit destroy and settings.What i want is when the admin click on the settings link it will have the view of…
Mohd Anas
  • 634
  • 1
  • 9
  • 22
1 2 3
93 94