Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
0
votes
2 answers

CanCan 2.0 + Paperclip expiring_url

I set some files using Paperclip expiring_url. Those are working fine. I try using CanCan 2.0 to allow expiring_url only to signed members using the following code # /app/models/ability.rb class Ability include CanCan::Ability def…
Martin
  • 11,216
  • 23
  • 83
  • 140
0
votes
1 answer

Devise add authentication to creating a role

I'm using devise and cancan as an authentication solution. For devise I have added a role attribute, and created a constant ROLES: #Migration for adding roles class AddRoleToUsers < ActiveRecord::Migration def change add_column :users, :role,…
jethro kuan
  • 59
  • 5
0
votes
1 answer

I don't want any specific role.I want to assign permission to any user from GUI by check boxes. So that user can do whatever permissions he have

i just want an application through which i can dynamically assign roles to users through check boxes. Any answer will be appreciated. Thanks
Mohd Anas
  • 634
  • 1
  • 9
  • 22
0
votes
1 answer

cancan not recognizing read operations and rejecting messages

I have routes.rb: resource :account, :only => [:show, :update] In my ability.rb, I have can :read, Account, :id => user.account_id I have defined def update and def show functions in my AccountsController This configuration gives me 403, Access…
Rajat
  • 1,766
  • 2
  • 21
  • 42
0
votes
1 answer

Testing cancan abilities and getting MassAssignmentSecurity::Error

I have implemented cancan and would like to test abilities as recommended on the cancan wiki. I trying to replicate "user can only destroy projects which he owns." spec/models/ability_spec.rb: require "cancan/matchers" require…
Derek Hill
  • 5,965
  • 5
  • 55
  • 74
0
votes
1 answer

CanCan Current_Client Error

Hi Have the following setup I have a login system for clients to login into the system. They can edit thier details on the system. I need to block them editing other clients details. This can be do by changing the Id in the URL. There is a Namespace…
Clay
  • 149
  • 3
  • 11
0
votes
1 answer

Rails cancan gem

Hi i need help with new ( for me ) gem 'cancan' i have a next problem: in my app i have 'Post' model and 'Photo' model ( routes: ) resources :posts do resources :photos end and in ability.rb i write: class Ability include…
Dmytro Vasin
  • 823
  • 2
  • 11
  • 22
0
votes
2 answers

CanCan::Ability where is the current_user method defined?

Pretty much what I have mentioned in the title. I am using CanCan::Ability in my code to check permissions and abilities. It expects a current_user method to be defined. I am guessing it comes from devise (but not sure), and I wish to override it.…
Rajat
  • 1,766
  • 2
  • 21
  • 42
0
votes
1 answer

Rails 3 + ActiveAdmin + CanCan: preventing destroy if parent model has children

If a user wants to destroy a parent model record and it has children, I want to be able to show a custom error message. Or maybe to hide the destroy button if a record has no children. How can I do this?
Mexxer
  • 1,699
  • 5
  • 27
  • 40
0
votes
3 answers

Devise : clean way to only allow 1 single controller#action on condition X?

What would be the best way to allow a logged-in user only access to a certain controller#action if condition X is met? for example a user has deactivated his account ( user.is_deleted == true ) if the user logs in I want to redirect him to…
Rubytastic
  • 15,001
  • 18
  • 87
  • 175
0
votes
1 answer

Cancan 2.0, how to restrict user to update certain attributes on User model

There's a similar question already answered but seems to be a little outdated since it doesn't cover the new CanCan 2.0 version. I need to prevent certain fields (in this case :active and :limited) from being updated by the user and be able to only…
Martin
  • 11,216
  • 23
  • 83
  • 140
0
votes
1 answer

Adding roles to an OmniAuth log in so that Cucumber doesn't fail a test

I've been working on an app for learning purposes which includes OmniAuth for Facebook logins, Cucumber for BDD and CanCan & Rolify for permissions and roles. No Devise is used so far. I'm trying to write a test that involves logging a user with…
Manuel Santiago Yépez
  • 587
  • 2
  • 13
  • 26
0
votes
1 answer

CanCan abilities and additional rules by engine

I have application and engines (gems, Rails::Engine). CanCan used for authorization and I want to use it at engines. Engines isolated with namespace, but for example: module MyEngine class ApplicationController < ::ApplicationController …
Yuriy Kolodovskyy
  • 408
  • 3
  • 7
0
votes
2 answers

Rails 3.1 - Using Devise/Cancan with Prawn

In my html.erb views I can normally use code like: if current_user.role?(:label) "do something" end I'm trying to do the same in a Prawn based PDF but am getting a "undefined local variable or method `current_user'" error. I understand I need to…
Raoot
  • 1,751
  • 1
  • 25
  • 51
0
votes
1 answer

CanCan authorize by id

I have a many to many relationship in rails, a user has and belongs to many user_types and vice versa. Then user_type has many roles. Example table for roles_fruits table: role_id: 1, fruit_id: 6 Example for roles table: id: 1, name: Bannana…
Travis Pessetto
  • 3,260
  • 4
  • 27
  • 55
1 2 3
93 94