Stack Overflow
Stack Overflow

Questions tagged [cancancan]

Continuation of CanCan, the authorization Gem for Ruby on Rails.

As in the project webpage:

CanCanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries

453 questions
4
votes
0 answers

CanCanCan rescue_from not catching

class ApplicationController < ActionController::Base protect_from_forgery with: :exception rescue_from CanCan::AccessDenied do |exception| redirect_to root_url, :alert => exception.message end end I have this inside of my…
nbucciarelli
  • 460
  • 2
  • 6
  • 16
4
votes
2 answers

Redirect/call method from another controller in a different namespace in Rails

I have a pretty typical situation where I have a '/dashboard' which should render a different view for different user roles (i.e. client, admin, etc.). I am open to more elegant suggestions but my thought was to have one route definition for…
tam5
  • 3,197
  • 5
  • 24
  • 45
4
votes
1 answer

Field level permissions using CanCanCan or Pundit

I am currently using Rails 4.1.14 with CanCanCan 1.13.1 and defined granular permissions on model/record level. Admins can manage all articles but users can edit only articles they authored. To prevent regular users for editing specific fields I…
Dmitry Polyakovsky
  • 1,535
  • 11
  • 31
4
votes
1 answer

Adding a Controller without corresponding model while using cancancan

I've added a controller collaborators to manage a particular type of join association between Users and Companies. The issue is that whenever I load anything from collaborators, I get the error uninitialized constant Collaborator From my…
neanderslob
  • 2,633
  • 6
  • 40
  • 82
4
votes
2 answers

Rolify and getting a list of User with specific access to a resource

I have two models Organization and Users which I'm using Rolify to connect. Users have roles and Organization is a resource. This works great however my problem is trying to get a list of users for a particular resource. I would like to get a list…
ere
  • 1,739
  • 3
  • 19
  • 41
4
votes
2 answers

Using CanCanCan, how do I authorize either/or in a controller?

I've got a page for administrating multiple objects (like users and groups), and I want to ensure that only users who have access to create at least one of those types of objects can view the page. Basically, I want to be able to write something…
David Rice
  • 208
  • 2
  • 4
4
votes
1 answer

Rails 4 + CanCanCan: "undefined method `role?' for User"

This is a follow-up question on Rails 4: CanCanCan abilities with has_many :through association and I am restating the problem here since I believe context has slightly changed and after 4 updates, the code from the initial question is pretty…
Thibaud Clement
  • 6,607
  • 10
  • 50
  • 103
4
votes
2 answers

How to modify cancan load and authorize resource to load resource using different id

How can I modify load and authorize resources to load resource using different id. for ex. my routes is http://localhost:3000/organization/user/12/event/20/edit and in my event controller I am accessing event using :event_id and user using :id Now…
Braham Shakti
  • 1,408
  • 4
  • 22
  • 39
4
votes
0 answers

Wrong queries with CanCan / CanCanCan in specs

I have a problem that CanCan (in past and CanCanCan now) adds some strange SQL code to queries in tests. My models: class Company < ActiveRecord::Base has_many :machines, dependent: :destroy end class Machine < ActiveRecord::Base …
Sergey Vernidub
  • 422
  • 5
  • 14
4
votes
1 answer

How to restrict a user from updating certain fields with CanCanCan?

So if I have a User, and he can create/update his Service, but he cannot :publish(bool) them, what would be the best solution to skip this field from the update_params hash? I found this similar question, but it links to CanCan 2.0 which never got…
The Whiz of Oz
  • 6,763
  • 9
  • 48
  • 85
3
votes
1 answer

Ruby CanCanCan reverse user lookup, faster way to do this?

I have extended the user model to allow me to do .can? checks on the user. class User < ApplicationRecord def ability @ability = Ability.new self end delegate :can?, :cannot?, :to => :ability end This allows me to do things like…
Jason Ellis
  • 625
  • 2
  • 8
  • 19
3
votes
2 answers

How to write CanCanCan Ability for user to read only their data?

How do you restrict user access so a user can only read their own record? I've tried: def initialize(user) can :read, User, :id => user.id and this: def initialize(user) can :read, user but I can still access every user in index and show. I…
Mark Robinson
  • 1,479
  • 2
  • 15
  • 34
3
votes
1 answer

rails administrate with cancancan

Im using rails administrate for my application, but I want to limit access via the administrate dashboard to the resources being administered. Im also using cancancan in the other parts of my rails app to manage access and permissions. Has anyone…
Mohith Thimmaiah
  • 93
  • 1
  • 6
3
votes
1 answer

Session[:user_return_to] getting nil in redirecting back to current page after sign in

I want to redirect back to current page after sign in I have devise already in my rails application. I have followed this tutorial of devise …
Ammar Nadeem
  • 31
  • 3
3
votes
1 answer

Filter by self-referencing association in CanCanCan rules

In my project I have a Post class, which could be a comment to an other Post with a self-join. Beside other rules, I want to enable Posts which belong to a 'published' Post as a comment I use the following gems: gem 'rails', '5.0.6' gem 'cancancan',…
Zsolt Kozaróczy
  • 56
  • 5
1
2
3
30 31