Stack Overflow
Stack Overflow

Questions tagged [cancancan]

Continuation of CanCan, the authorization Gem for Ruby on Rails.

As in the project webpage:

CanCanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries

453 questions
2
votes
0 answers

Checking multiple actions in CanCanCan can? method

I would like to be able to check multiple actions in a given can? method (in the controller or view). The docs (https://github.com/CanCanCommunity/cancancan/wiki/Checking-Abilities) show the following syntax: can? :destroy, @project This works fine…
NateW
  • 2,101
  • 3
  • 28
  • 37
2
votes
1 answer

Rails CanCanCan/RoleModel/Canard: limit to user doesn't work

Setup: Rails 5.1, Ruby 2.4.0 User.rb created from Devise Extended with CanCanCan and Canard (which includes RoleModel) Collection has_many Items (Doed NOT work) Wishlist has_many WishlistItems (which DOES work) From user.rb: acts_as_user :roles…
John Athayde
  • 580
  • 2
  • 13
2
votes
1 answer

Nil user in CanCanCan ability.rb

Trying to get an async request working from a React component. However it always fails due to invalid permissions. Example working request: Started GET "/" for 127.0.0.1 at 2017-10-04 16:32:00 -0400 Processing by EventsController#index as HTML …
James L.
  • 12,893
  • 4
  • 49
  • 60
2
votes
1 answer

Cancancan nested resource authorization

I have a working ability defined as below: routes.rb resources :projects do resources :tasks end ability.rb can [:manage], Project, invites: {supplier: {:user_id => user.id}} can [:new, :create], Task can [:update, :show, :destroy, :edit], Task,…
GavinBelson
  • 2,514
  • 25
  • 36
2
votes
2 answers

Ruby on Rail - undefined method `admin?' for nil:NilClass

I am using gem 'devise' and 'cancancan' for defining roles for user. problem is when I run rails server its says: undefined method 'admin?' for nil:NilClass ability.rb: class Ability include CanCan::Ability def initialize(user) if…
Vinz_B
  • 57
  • 1
  • 10
2
votes
1 answer

Block redirect to other posts pages

I have 2 tables: posts and users(their relation is many-to-many), User has many favorite_posts(with FavoritePost table(it consists of user_id and post_id). So, i have a route: get 'favorite_posts', to:…
Kirill Tatchihin
  • 21
  • 2
2
votes
1 answer

cancancan Abilities with has_and_belongs_to_many

I have the following relationship between my classes user and page. class User < ApplicationRecord has_and_belongs_to_many :pages end class Page < ApplicationRecord has_and_belongs_to_many :users end How can I do in my Ability file for a user…
Emília Parsons
  • 135
  • 1
  • 6
2
votes
2 answers

How to restrict who can invite users with devise_invitable and cancancan

I'm using devise_invitable for inviting users, and cancancan for defining abilities in the app. How do I define the ability for who can send invites?
David Ham
  • 833
  • 3
  • 12
  • 27
2
votes
3 answers

How to authorize namespace, model-less controllers using CanCanCan?

What is the correct way to authorize and check abilities for a namespaced, model-less controller using CanCanCan? After much googling and reading the wiki, I currently have #controllers/namespaces/unattacheds_controller.rb def…
Andy Harvey
  • 12,333
  • 17
  • 93
  • 185
2
votes
1 answer

uninitialized constant Home -- thrown by CanCanCan for non-db backed resource

I am using CanCanCan for authorization purposes. Basically what I want to happen is non-logged in users can access Home#Index, but they need to be logged in for Home#Dashboard. I have this route: get 'dashboard', to: 'home#dashboard', as:…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
2
votes
1 answer

Capybara::Webkit::InvalidResponseError: Javascript failed to execute

I converted an app from Rails 3.2 to 4.2 that was using the cancan gem. Googling around and checking on their github says it's enought to just replace gem cancan with gem cancancan without changing anything. This doesn't seem to work. My test…
emi
  • 2,830
  • 5
  • 31
  • 53
2
votes
2 answers

Why can user create posts if `cannot :manage, Post` in Ability class (CanCanCan)?

I'm implementing CanCanCan for the first time. But am confused why users can still create posts when I've setup cannot :manage, Post in the Ability class. class Ability include CanCan::Ability def initialize(user) user ||= User.new # if a…
tim_xyz
  • 11,573
  • 17
  • 52
  • 97
2
votes
1 answer

Redirecting a request in a routing constraint

I have Sidekiq mounted in my routes file to the /sidekiq endpoint. I use a constraints option to have it call an external class for validation as a way of preventing non-privelaged users from accessing that endpoint. # config/routes.rb mount…
user2490003
  • 10,706
  • 17
  • 79
  • 155
2
votes
2 answers

Rails, Active Admin, Devise, routes

I've been working with Rails, Active Addmin and cancancan. Everything is working fine except one thing. Recently I have added separate namespaces for my admin type users and clients. Before that change, I redirected all authenticated users to the…
Michal
  • 139
  • 3
  • 14
2
votes
1 answer

How to understand load_resource and authorize_resource methods of cancancan gem?

I am using the cancancan gem in my rails application. But I am not much clear for the meaning of load_and_authorize_resource method. I know this is the same as calling load_resource and authorize_resource. load_resource will create a new instance of…
pangpang
  • 8,581
  • 11
  • 60
  • 96
1 2 3
30 31