Rails core - Mar 2011 - Setting CanCan ability.rs model

I successfully made login system with Devise and CanCan, and I have 3
types of users. Admin, internal and global users. I created
Controllers and index actions: Admin, Cpanel, Report and State, and I
want to restrict access to this controllers for some users.

Admin user should have privilegies to access: Reports(all), State
(read), Admin (all)

Global user should have privilegies to access: Reports(only read),
State(read), Cpanel(all)

Internal user should have privilegies to access: Reports(all), State
(read)

And I tried to do this with following code in ability.rs:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)

    if user.role? :admin
      can :manage, [Report, Admin]
      can :read, State
    elsif user.role? :global_user
      can :read, [Report, State]
      can :manage, Cpanel
    elsif user.role? :internal_user
      can :manage, Report
      can :read, State
    end
   end
end
At this time I have only index actions in this controllers, and when I
login to app with internal user I CAN access to /admin for example,
and that is not behavior that I want. I want to restrict access to all
controllers instead of controllers listed in ability.rb class.

Source code is here: http://cl.ly/2E292R2m2B0X141q3C0S

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

This is not a question for the rails-core mailing list.

On Tue, Mar 1, 2011 at 7:56 PM, kondormit@gmail.com
<kondormit@gmail.com>wrote:
> I successfully made login system with Devise and CanCan, and I have 3
> types of users. Admin, internal and global users. I created
> Controllers and index actions: Admin, Cpanel, Report and State, and I
> want to restrict access to this controllers for some users.
>
> Admin user should have privilegies to access: Reports(all), State
> (read), Admin (all)
>
> Global user should have privilegies to access: Reports(only read),
> State(read), Cpanel(all)
>
> Internal user should have privilegies to access: Reports(all), State
> (read)
>
> And I tried to do this with following code in ability.rs:
>
> class Ability
>  include CanCan::Ability
>
>  def initialize(user)
>    user ||= User.new # guest user (not logged in)
>
>    if user.role? :admin
>      can :manage, [Report, Admin]
>      can :read, State
>    elsif user.role? :global_user
>      can :read, [Report, State]
>      can :manage, Cpanel
>    elsif user.role? :internal_user
>      can :manage, Report
>      can :read, State
>    end
>   end
> end
> At this time I have only index actions in this controllers, and when I
> login to app with internal user I CAN access to /admin for example,
> and that is not behavior that I want. I want to restrict access to all
> controllers instead of controllers listed in ability.rb class.
>
> Source code is here: http://cl.ly/2E292R2m2B0X141q3C0S
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To post to this group, send email to rubyonrails-core@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-core+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-core?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.