----------------------------------------------------------- ability.rb ----------------------------------------------------------- can :update, User, :auth_token => current_user.auth_token ----------------------------------------------------------- ---------------------------------------------------------- users_controller.rb ---------------------------------------------------------- @user = User.find(params[:id]) authorize! :update, @user ---------------------------------------------------------- If go to the URL directy, it does work well. Authorizes where it''s supposed to, and it doesn''t authorize where it''s supposed to. The problem is, in users/index.html.erb I''m listing the users and it doesn''t display the Edit link at all. ------------------------------ index.html.erb ------------------------------ @users = User.all [...] <% if can? :update, @user %> <%= link_to ''Edit'', edit_user_path(user) %> <% end %> ----------------------------- I''m thinking I''m probably having this problem because I''m working with nested resources. ------------------ routes.rb ------------------ resources :companies do resources :users end ------------------ But I have also tried working with :through and it still doesn''t display the Edit link. Can somebody please tell me why? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
I kept on simplifying the code to get to the root of the problem and it seems it won''t work regardless of what I do. in ability.rb can :manage, :all so it''s supposed to allow the user to do ANYTHING right? wrong! if in users_controller.rb I tried working with nested resources, it ALWAYS gives me Access Denied error. users_controller.rb load_resource :company load_resource :user, :through => :company -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Aug 9, 2011, at 12:39 PM, Leonel *.* wrote:> I kept on simplifying the code to get to the root of the problem and > it > seems it won''t work regardless of what I do. > > in ability.rb > can :manage, :all > > so it''s supposed to allow the user to do ANYTHING right? wrong! > > if in users_controller.rb I tried working with nested resources, it > ALWAYS gives me Access Denied error. > > users_controller.rb > load_resource :company > load_resource :user, :through => :companyTry changing this to simply: #users_controller.rb load_and_authorize_resource I believe that will get all of the nested stuff automagically, you don''t have to specify the relationship. After all, that''s what your models are for. Walter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ok, I read the CanCan documentation more carefully and this jumped out the screen... "This will fetch the project using Project.find(params[:project_id]) on every controller action, save it in the @project instance variable..." When I was going to /users the companies resource was empty and it would throw the Access Denied error unless I used shallow nesting (:shallow => true). So I should''ve been going to /companies/45/users instead. Then companies get loaded as well as users. My problem with this is that it can only display users from a certain company. I''m still not accomplishing what I want. Because the page should display all companies and all users under each company. I''m closer to finding the answer than I was before. I''ll keep on trying. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ok. This is the question I''m looking the answer for: how can I load and authorize the companies in the users_controller.rb file? I already tried load_and_authorize_resource :company @companies and @company are empty in the view. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.