Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
0
votes
0 answers

How can specify condition for cancan

I'm using Rails 2.3.11 with cancan 1.1. I want to add a new role that would allow the user to create/edit 'publications' and create/edit 'articles' in those 'publications' that belong to one specific Organization. As I mentioned, I could not try…
Alkindi
  • 45
  • 8
0
votes
1 answer

Why is the user_id suddenly not being assigned when I add more models?

These are my associations: class User has_many :products has_many :prices has_many :businesses has_many :stores end class Price belongs_to :store belongs_to :user belongs_to :product end class Store belongs_to :user belongs_to…
LearningRoR
  • 26,582
  • 22
  • 85
  • 150
0
votes
1 answer

CanCan uninitialized constant Ability::CanCan

Any idea what I could be doing wrong here? I know it's not very useful to say ability.can? :manage, all; however I'm just trying to get started with CanCan. I do have the gem, and have run generate cancan:ability. Thanks. Error and…
camelCase
  • 303
  • 1
  • 3
  • 13
0
votes
1 answer

Creating an Rails based API. A bit lost what to do after object is saved

I'm creating an Rails based API to manage sms subscriptions. There's a subscriptions controller that respond_to :html, :json, :xml and a Subscription model. Both are working fine. When a subscription is made, the user still needs to confirm his…
Martin
  • 11,216
  • 23
  • 83
  • 140
0
votes
2 answers

Understanding Roles in Rails 3.2 with Rolify

Is there any easy tutorial for roles? I found that Devise is great & easy solution for authorization. And then when it comes to Cancan with Rolify there's a confusion eclipse for beginners like me. Currently I'm defining roles in ability.rb: if…
valk
  • 9,363
  • 12
  • 59
  • 79
0
votes
1 answer

How to load a resource using a subdomain in CanCan

Is it possible to load a resource using a subdomain in CanCan? The load_resource and load_and_authorize_resource methods are an alias to this: def load @foo = Resource.find(params[:id]) end In my case, I need to load the resource based on a…
Mohamad
  • 34,731
  • 32
  • 140
  • 219
0
votes
3 answers

How to let Users edit a resource they create but not others when resource doesn't belong to User?

In my application using CanCan I have permissions where users can view and create stores but I also want them to only be able to edit the ones they've created. Users can create as many stores as they like, which all should be editable by them. A…
LearningRoR
  • 26,582
  • 22
  • 85
  • 150
0
votes
1 answer

Mongoid and Cancan role inheritance / Many roles per User

I am playing around with Mongoid (NoMySQL Database), DEVISE and CANACN I have read the manual (https://github.com/ryanb/cancan/wiki/Role-Based-Authorization), but I dont wanna use the "roleMask"-calculation. I wanna use an Array (or Hash) -field…
Jan
  • 12,992
  • 9
  • 53
  • 89
0
votes
2 answers

CanCan 2.0 create/update authorization

From what I understand, CanCan authorizes the create and update actions once at load and again when the params hash is assigned. Is there a way to skip the second authorization check with the new params hash? Here's a scenario where this causes a…
Dowker
  • 69
  • 4
0
votes
1 answer

Cancan is not working well with active_admin

I have implemented the cancan with active_admin using below link. https://github.com/gregbell/active_admin/wiki/How-to-work-with-cancan Just in my case the only change is below written code. app/models/ability.rb class Ability include…
chaitanya
  • 1,974
  • 3
  • 17
  • 35
0
votes
1 answer

Devise 2.1 + Backbone.js 0.9.2 + Rails 3.2.0

I'm trying to create a webapp using Backbone.js 0.9.2 + Rails 3.2.0. I'm having trouble figuring how to link authentication & authorization (role management) with the app. I'd like to use as much off-the-shelf product as possible. After some…
netwire
  • 7,108
  • 12
  • 52
  • 86
0
votes
1 answer

How to define Ability.rb (CanCan) correctly?

I trying to define my abilities as following: class Ability include CanCan::Ability def initialize(user) user ||= User.new # guest user (not logged in) if user.role == 'admin' can :manage, :all elsif user.role == 'member' …
Kleber S.
  • 8,110
  • 6
  • 43
  • 69
0
votes
4 answers

Cancan ability definition: whole controller as an object

My question is absolutely theoretic, like "Is it right thing to do?". I'm new to Rails in particular and to Ruby in general, and I'm trying to use Cancan autorization solution for my Rails appilcation. Let's consider we have a simple contoller like…
Nikolay Rys
  • 137
  • 2
  • 9
0
votes
1 answer

Backbone.js and role based authorization/potential for client side hacks

I am used to using cancan in my rails views to show/hide visual elements depending on the users permissions. eg showing a 'Add New Post' link to users that are allowed to add new posts. In a backbone app, where I am sending the entire app to the…
robzolkos
  • 2,196
  • 3
  • 30
  • 47
0
votes
1 answer

Sharing Permissions in Ruby on Rails (CanCan or CanTango?)

I am starting my first full jump into RoR and have been looking at CanCan for permissions. I am interested in something that can allow the following: A User can belong to a Network, or just be a solo User. A User may be an admin or simply a user in…
dewyze
  • 979
  • 1
  • 7
  • 21
1 2 3
93 94