Stack Overflow
Stack Overflow

Questions tagged [cancancan]

Continuation of CanCan, the authorization Gem for Ruby on Rails.

As in the project webpage:

CanCanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries

453 questions
0
votes
2 answers

Setup cancancan that user couldn't destroy itself

I'm setting up cancancan to implement this function: if the user is admin, it can destroy every user but himself. This is my ability.rb class Ability include CanCan::Ability def initialize(user) if user.role == 'admin' cannot…
DevArenaCN
  • 131
  • 3
  • 17
0
votes
2 answers

Rails cancan(can) not recognizing data in test database

I have a thorough ability.rb defined that's working properly. However, when I write a controller spec that sends a request to an endpoint, cancan(can) repeatedly returns a 403. In my ability.rb in the respective section for handling the endpoint…
Noah
  • 390
  • 1
  • 3
  • 15
0
votes
1 answer

Rails cancancan how to prevent object from doing something to itself

Users can have many clubs. One club can tip another club. How can I prevent a club from tipping itself? (Note that if a user wants to engage as another club, they can tip another club they own, so I can't do this based on user id) I've tried a…
bft
  • 35
  • 1
  • 6
0
votes
1 answer

Cannot create nor destroy comments to a product in my demo rails app

I am studying Rails and I have a demo app to develop, on which I installed Devise and CanCanCan for authentication and authorization. I have some Products and I just added the comments functionality. If I comment a product, it won't let me create…
Anna Costalonga
  • 180
  • 2
  • 8
0
votes
1 answer

cancan rails code understanding

I am unable to debug some of cancancan code and looking for some help. can :update, Message do |m| false end But strangely cancancan always return true and i am unable to debug the issue.Here is a small piece of relevant cancancan code …
sethi
  • 1,869
  • 2
  • 17
  • 27
0
votes
0 answers

Error passing time in a form when using CanCanCan

I am using the gem 'bootstrap3-datetimepicker-rails', '~> 4.17' so that the user can select a date and time, which is passed to my controller and included in the model's attributes. However, when I add load_and_authorize_resource to the controller…
jackerman09
  • 2,492
  • 5
  • 29
  • 46
0
votes
1 answer

Rails, Cancancan, Devise, author

I'm working on a Rails app with cancancan and devise. I have a controller that receives three different petitions for any action contained on it (It's a RESTful-based controller) depending on the models the HTTP method is intended to work with. This…
diego mauricio puerto rojas
  • 3
  • 1
0
votes
0 answers

rescue_from in ApplicationController doesn't catch exception

I'm setting up a simple RoR application. It mixes ActiveAdmin with CanCan to manage authorizations. When I raise a CanCan::AccessDenied, the exception is never rescured as it should: class ApplicationController < ActionController::Base # Prevent…
Pirhoo
  • 680
  • 8
  • 21
0
votes
1 answer

Cancancan ability debugging fails in rails console and Rspec

I have this in models/ability.rb class Ability include CanCan::Ability def initialize(user) user ||= User.new if user.role? :registered can :read Post end end When I do this on rails console #this returns a user with a…
Optimus Pette
  • 3,250
  • 3
  • 29
  • 50
0
votes
0 answers

Integration Testing a rails API using devise_token_auth for authenticaton and cancancan for authorization using Rspec

I have a rails-api application that I'm testing using Rspec. The Application uses devise_token_auth gem for authentication and cancancan gem for authorization. devise_token_auth requires that the client include these authentication headers in every…
Optimus Pette
  • 3,250
  • 3
  • 29
  • 50
0
votes
1 answer

Rails: Using CanCanCan Abilities to hide elements

I'm using the CanCanCan gem. According to the documentation you can define abilities. That is working for me. What I want to do is to limit the access to records, that contain a value. Something like: can :crud, Order, :brand == empty? A User…
CottonEyeJoe
  • 720
  • 1
  • 7
  • 28
0
votes
1 answer

Using CanCanCan with views to hide/show content - Advice

This might be an obvious issue for some one good with CanCanCan, but I am finding it hard to wrap my head around it. I got an application that has many roles around it (campus_rep, campus_manager, operations_manager, admin etc). They all have acces…
Ziyan Junaideen
  • 3,270
  • 7
  • 46
  • 71
0
votes
1 answer

NameError in HomeController#action While Using CanCanCan Rails

I am new to rails. I am using CanCanCan (v1.10) and rails (v4.2). While I am putting "authorize_resource" inside ApplicationController, I can not access my home pages. Sample code in applcation controller: class ApplicationController <…
Manazir Ahsan
  • 113
  • 1
  • 2
  • 7
0
votes
1 answer

What is the best practice method of doing record level authorization with cancancan

I want to use the ability.rb file of the cancancan gem to do record level authorization. Let's say I have a User, which has_many Cars, which has_many Wheel. I want to do authorization for Wheels, so that only Users which own the Car that owns the…
kaizenx
  • 385
  • 1
  • 5
  • 15
0
votes
1 answer

Rails user-role system - Same user with multiple Rights on different sites

I have a Rails-Application, that serves different sites. E.g. www.example1.com www.example2.com These sites are stored in the Site-model. Also I have set up a User-Role system, using Devise, Rolify, and cancancan Now one user can have different…
Michael B
  • 1,660
  • 3
  • 28
  • 59
1 2 3
30 31