Stack Overflow
Stack Overflow

Questions tagged [cancan]

The CanCan gem offers a straight forward and flexible way to define what a user can and cannot do.

CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access.

CanCan uses a model to define the abilities of a user. Inside the class you declare what a user can and cannot do by using the “can” method. From your controllers you use the "can?" method to test the current user's authorization.

As development on CanCan is no longer active, it has been continued on under the new name CanCanCan.

Wiki

1405 questions
0
votes
1 answer

Test for specific users with cancan

How do I setup the proper permission level for this scenario with cancan? Post has many Comments. The post's author can delete any comment. The comment's author can delete only his/her comment. Currently I have: authorize!(:remove_comment,…
AdamT
  • 6,405
  • 10
  • 49
  • 75
0
votes
2 answers

Allowing cancan Ability.rb manage access only specific fields of a model

I'm trying to add a button to mark a reply as read in Rails. I currently have something like this. # /app/models/ability.rb ... can :manage, Reply, :user_id => user.id ... I have also load_and_authorize_resource in my RepliesController #…
Martin
  • 11,216
  • 23
  • 83
  • 140
0
votes
1 answer

how do I structure CanCan abilities to control creation based on another model?

Imagine a has_many relationship for memberships for clubs: end class Club < ActiveRecord::Base has_many :memberships, :dependent => :destroy has_many :users, :through => :memberships validates :name, :is_enrollable, :presence => true end class…
fearless_fool
  • 33,645
  • 23
  • 135
  • 217
0
votes
2 answers

Error trying to run migrations in heroku with app using rolify gem, uninitialzed constant Rolify::Roles

I have basically a bare-bones rails 3.1 application that I want to deploy to heroku. I have followed this tutorial to use Devise, Cancan, and Rolify. (I added a username column to Users table) Everything is working just fine on my development…
n_i_c_k
  • 1,504
  • 10
  • 18
0
votes
2 answers

How can I limit records in CanCan based on an association truth?

I am trying to satisfy the following requirements using CanCan: If a deal is assigned to 1-many networks, the user can read the deal if s/he is a member of any of the assigned networks. If a deal is not assigned to any network, it can be viewed by…
Eric M.
  • 5,399
  • 6
  • 41
  • 67
0
votes
2 answers

In rails let the logged in user edit part of the database record for them

In rails (with cancan or otherwise) I want the logged in user to be able to edit some of their database record but not all. The database looks something like this: User: name, password, team_id, role_id, notes Role: name Team: name For instance, if…
James Brooks
  • 4,135
  • 4
  • 26
  • 25
0
votes
0 answers

How can I load the @user resource through current_user using CanCan

I want my edit and update actions to load @user by setting it to current_user. I have tried load_and_authorize_resource through: :current_user, only: [:edit, :update] but get the error "undefined method users for #user". Is this possible or do I…
Eric M.
  • 5,399
  • 6
  • 41
  • 67
-1
votes
1 answer

Custom RBAC with CanCan (or other plugin?)

i'm looking for a customized RBAC solution for an application i am making. The main difference than casual CanCan would be that the RBAC is not relying on a User model, but rather on some other models, totally custom. For instance, a user belongs to…
Spyros
  • 46,820
  • 25
  • 86
  • 129
-1
votes
1 answer

cancancan ability works as expected in tests, but not in practice?

I have reviews set up similar to Airbnb. These abilities should allow a guest to review a host, and a host to review a guest: # ability.rb can [:show], [Review] do |review| if review.reviewable_type == "Host" review.booking.guest_id ==…
stevec
  • 41,291
  • 27
  • 223
  • 311
-1
votes
1 answer

How to setup cancan with activeadmin without any side effect?

I have an active admin code running which is as below ActiveAdmin.register UserProcess, as: 'Summary' do .... end active_admin.rb - config.authorization_adapter = ActiveAdmin::CanCanAdapter config.cancan_ability_class =…
Vikas Verma
  • 84
  • 1
  • 6
-1
votes
2 answers

What's the best way to implement roles/permissions to users in a rails app?

Disclaimer: I'm not using Devise, My authentication is being handled using bcrypt. I want to know what are my best options, for the long run in adding roles to my users. For a while my users have been my Company model, and I've been holding off on…
gemart
  • 346
  • 1
  • 3
  • 18
-1
votes
1 answer

Manage user role in rails (Different attributes, permissions, etc...)

I'm looking for the best way, in ruby on rails 4.2, to create and manage users role with differente attributes and permissions. I don't want to create one table for each users roles, i have some solution with enum or some gem like cancan or rolify…
T1djani
  • 27
  • 1
  • 9
-1
votes
1 answer

If can in ruby on rails

In my application I have following code: @object.start if can? :start, @object I searched for it and found that app is using cancan gem, but as a beginner I am not getting what this code does exactly. There is no such a function defined with…
Vikram
  • 3,171
  • 7
  • 37
  • 67
-1
votes
1 answer

How to add this specific authorization feature to my rails app?

My rails app has a few cab operators and they have a few cabs associated with them, and they are related as follows: class Operator < ActiveRecord::Base has_many :cabs end I have used Devise as my authentication gem. It authenticates users,…
Rahul Poddar
  • 343
  • 1
  • 4
  • 12
-1
votes
2 answers

Ruby on Rails: Using Cancan and Devise How do you allow users to choose role via New and Edit Registration Views?

I have implemented Devise and Cancan using documentation for a simple Todo Rails App. I was able to hide the content Edit feature for user without admin role. However, I cannot verify that user with admin roll can access the Edit feature because I…
ThinkADRIAN
  • 1
  • 2
1 2 3
93
94