Stack Overflow
Stack Overflow

Questions tagged [cancancan]

Continuation of CanCan, the authorization Gem for Ruby on Rails.

As in the project webpage:

CanCanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries

453 questions
3
votes
1 answer

CanCanCan: authorize/unauthorize specific model attributes

I've been fiddling with CanCanCan gem to limit a regular user's actions, but so far I only managed to limit authorizations to a whole model, and what I really need is to limit access to some of its attributes. For example, on my User model, besides…
Filipe Gorges Reuwsaat
  • 856
  • 1
  • 9
  • 23
3
votes
0 answers

Github style permissions - Multi-tenant or complex Authorizations?

I’m building a multi-tenant application using Rails 4, Postgres, and Devise. Act as Tenant is being used for the partitioning, and devise for authentication. I haven’t chosen an authorization scheme, but leaning towards Pundit. I had a feature…
pchowdhry
  • 303
  • 5
  • 12
3
votes
1 answer

cancan ability : allow site admin with rolify role create_user to create or sign_up new devise users

For the application, I am trying to implement job_code style access using cancan/cancancan, devise and rolify. Only site admins with job_code :create_user will be able to create new users Following is the code: class RegistrationsController <…
gkolan
  • 1,571
  • 2
  • 20
  • 37
3
votes
0 answers

Cancancan nested resources Routes

I got a controller named FileRecord, it can be accessed from two different paths From a User with Role Admin /customers/:customer_id/record_types/:record_type_id/file_records From a Common User record_types/:record_type_id/file_records Is there…
jupazave
  • 33
  • 3
3
votes
0 answers

Devise + Cancan cause a redirection loop in production but not in development

I have had Devise working in my rails4 app for quite some time already. Now I had a need to add different roles decided to use Cancan to accomplish this. Everything was working just fine in development but when I deployed code to production all I…
thepanu
  • 121
  • 1
  • 1
  • 12
2
votes
1 answer

Slow MySQL query when using ORDER BY id

I have a very slow query where the first part is created by a gem (https://github.com/CanCanCommunity/cancancan, it creates the select and the inner query) and where I add an ORDER BY and LIMIT for a cursor based pagination. SELECT…
23tux
  • 14,104
  • 15
  • 88
  • 187
2
votes
1 answer

How to divide a big rspec file into smaller parts

So, in my project I am using cancancan for authorization. For writing ability spec we are maintaining in ability_spec.rb. From last few years the files size has grown enormousely. Now it has around 3000 lines which is pretty much and the main…
Aniket Tiwari
  • 3,561
  • 4
  • 21
  • 61
2
votes
2 answers

How to check if value is in array on CanCanCan hash of conditions

I have three model classes: PatientBoard, Medication and Customer, which relates to each other like the following: PatientBoard associations do has_and_belongs_to_many :customers has_many :medications end Medication associations do …
Lucas Vieira
  • 96
  • 2
  • 8
2
votes
0 answers

Deprecation warning when using cancancan and rails

I always get this when I test with rspec-rails: DEPRECATION WARNING: Initialization autoloaded the constant Ability. Being able to do this is deprecated. Autoloading during initialization is going to be an error condition in future versions of…
Chiara Ani
  • 918
  • 7
  • 25
2
votes
2 answers

Rails authorization CanCanCan

I'm trying to implement some authorization to routes with the CanCanCan gem but for some routes, it won't work and it's either always authorizes no matter what or not authorized at all. I want only users with a role id of 5 (admin) to access the…
Max Kirsch
  • 441
  • 5
  • 24
2
votes
1 answer

Rails CanCanCan ability issue with model-less controller

I have a simple controller method: WelcomeController#dashboard that is intended to be the landing page AFTER a user logs in (the user has the role of 'manager' for this test). I'm starting out simple, so there isn't much to this controller yet…
Godzilla74
  • 2,358
  • 1
  • 31
  • 67
2
votes
2 answers

how to write rspec for ability using cancancan

I have a implemented the post and user model where post model belongs to user model. I defined the ability model for authorisation so that only user who created the post can able to delete or update the post. i have the post controller like…
Praveen R
  • 190
  • 3
  • 13
2
votes
1 answer

Export all user policies using Pundit gem

How do I can retrieve all user policies and scopes using Pundit Gem? I need to return a json object with all user policies to check permissions in Frontend javascript templates. Using CanCanCan gem, I can do something like this: class Ability …
plcosta
  • 345
  • 4
  • 9
2
votes
2 answers

CanCan ability on association

My question is about defining cancancan ability in this following context. I have a common model with many to many relationship between User and Company entities class User < ApplicationRecord has_many :company_users, dependent: :destroy …
P.Bra
  • 264
  • 1
  • 12
2
votes
0 answers

Rails 5 cancancan defining scope abilities

The project uses cancancan gem 2.0.0. I have two actions in my controller where both show a list of articles and within the lists they share partials. Here's a reduced version of the abilities where I can point out the problem: Article.rb class…
fabianraf
  • 155
  • 7
1 2 3
30 31