So I got CanCan and Devise working well. I have two types of users:
Admins and Nonadmins. Admins can edit all of Nonadmins profiles.
The problem is, every user (either Admin or Nonadmin) belongs to an
Account or Organization. Admins should only be able to edit users from
their own Account or Organization. I was able to do that too.
The problem is, I can''t display the Create New User link. It seems
everything is correct but I must be doing something wrong.
HERE IS ABILITY.RB
---------------------------------------------
if user.role == "admin"
can :read, User do |u|
u.try(:account_id) == user.account_id
end
can :update, User do |u|
u.try(:account_id) == user.account_id
end
can :destroy, User do |u|
u.try(:account_id) == user.account_id
end
can :create, User
---------------------------------------------
HERE IS APP/VIEWS/USERS/INDEX.HTML.ERB
---------------------------------------------
<% if can? :create, @user %>
<div style="clear:both;padding-top:20px;"><%= link_to
''New User'',
new_user_path %></div>
<% end %>
---------------------------------------------
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
What message are you getting? On Thu, Dec 2, 2010 at 9:28 AM, Leonel *.* <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> So I got CanCan and Devise working well. I have two types of users: > Admins and Nonadmins. Admins can edit all of Nonadmins profiles. > > The problem is, every user (either Admin or Nonadmin) belongs to an > Account or Organization. Admins should only be able to edit users from > their own Account or Organization. I was able to do that too. > > The problem is, I can''t display the Create New User link. It seems > everything is correct but I must be doing something wrong. > > HERE IS ABILITY.RB > --------------------------------------------- > if user.role == "admin" > can :read, User do |u| > u.try(:account_id) == user.account_id > end > can :update, User do |u| > u.try(:account_id) == user.account_id > end > can :destroy, User do |u| > u.try(:account_id) == user.account_id > end > > can :create, User > --------------------------------------------- > > HERE IS APP/VIEWS/USERS/INDEX.HTML.ERB > --------------------------------------------- > <% if can? :create, @user %> > <div style="clear:both;padding-top:20px;"><%= link_to ''New User'', > new_user_path %></div> > <% end %> > --------------------------------------------- > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- _________________________________ Joshua S. Martin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Nothing, the New User link it''s just not displaying -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
According to the wiki.. https://github.com/ryanb/cancan/wiki/Checking-Abilities I think you may need to change the object that can? is evaluating from the @user variable to the class User like so: <% if can? :create, User %> <div style="clear:both;padding-top:20px;"><%= link_to ''New User'', new_user_path %></div> <% end %> On Thu, Dec 2, 2010 at 9:37 AM, Leonel *.* <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Nothing, the New User link it''s just not displaying > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > >-- _________________________________ Joshua S. Martin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Thu, Dec 2, 2010 at 10:38 AM, Joshua Martin <josmar52789-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>wrote:> According to the wiki.. > https://github.com/ryanb/cancan/wiki/Checking-Abilities > > I think you may need to change the object that can? is evaluating from the > @user variable to the class User like so: > > <% if can? :create, User %> >This would allow an admin to create any use regardless of the account it belongs to and that is not what , he wants. What i have notice is that cancan is very picky when you specify an action so try using others that have the same effect like write. <% if can? :write, @user %> -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Awesome! Thanks, I hadn''t read that info. Works great :) -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
>> According to the wiki.. >> https://github.com/ryanb/cancan/wiki/Checking-Abilities >> >> I think you may need to change the object that can? is evaluating from the >> @user variable to the class User like so: >> >> <% if can? :create, User %> >> > > This would allow an admin to create any use regardless of the account > it > belongs to and that is not what , he wants. > > What i have notice is that cancan is very picky when you specify an > action > so try using others that have the same effect like write. > > <% if can? :write, @user %>What do you mean? What does *write* do? I have been searching for a list of abilites but haven''t found one. All I see is that they use the 7 RESTful resources. Can you point me to a list of abilities that work with CanCan? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Hmm.. I''m in your same situation. In your code: <% if can? :create, @user %> I believe that @user is nil, so when your Ability.rb try''s to read :account_id, it returns nil, and it is never == user.account_id, thus your link is not displayed. I don''t know if it''s the correcto solution, but I''m adding new abilities. In your case, you could use a create_user ability, and check it against the Account in question. So in Ability.rb: if user.role == "admin" can :create_user, Account do |acc| acc.id == user.account_id end And in your view: link_to "New user", .... if can? :create_user, account # you have to set the account variable somewhere. Note that you don''t have to "create" the :create_user ability. You can just use it. FWIW, these are the only actions included by default in CanCan (no :write!) alias_action :index, :show, :to => :read alias_action :new, :to => :create alias_action :edit, :to => :update -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
I wish there were some DSL for this. I''d like to, for example, use this in my view: if can? :create, User :on => @account But I think the example I gave you previously achieves the same functionality. On Dec 2, 1:35 pm, "Leonel *.*" <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> >> According to the wiki.. > >>https://github.com/ryanb/cancan/wiki/Checking-Abilities > > >> I think you may need to change the object that can? is evaluating from the > >> @user variable to the class User like so: > > >> <% if can? :create, User %> > > > This would allow an admin to create any use regardless of the account > > it > > belongs to and that is not what , he wants. > > > What i have notice is that cancan is very picky when you specify an > > action > > so try using others that have the same effect like write. > > > <% if can? :write, @user %> > > What do you mean? What does *write* do? I have been searching for a list > of abilites but haven''t found one. All I see is that they use the 7 > RESTful resources. Can you point me to a list of abilities that work > with CanCan? > > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Maybe Matching Threads
- When adding a record in console, a parameter comes in as null even when I set it
- how to assign edit/remove privileges for only own details and not on others?
- Cancan redirect back at AccessDenied
- cancan breaks scoped mass assignment
- Cancan Rspec load_and_authorize_resource