I''ll be grateful to any cancan guru to give me some advice on how to
formulate the abilities in a structure with associations ...
I have the following tree association :
Subdomain (has_one) > Portfolio (has_many) > Projects (has_many) >
Payments
Subdomain (has_many) > Users (w roles)
I want a ''user'' with role ''owner'' to be able
to manage all model
instances in the hierarchy ONLY within his subdomain
I wrote ( need to understand if it''s fine ... or if there is a better
way... I know CanCan 2.0 is coming but..)
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
subdomain = user.subdomain
can :manage, Portfolio, :subdomain_id => subdomain[:id]
can :create, Project
can :modify, Project, :portfolio => {:subdomain_id =>
subdomain[:id]}
can :create, Payment
can :modify, Payment, :project => {:portfolio => {:subdomain_id
=> subdomain[:id]} }
Why is it not possible to check the subdomain on ''create''
when
resources are not nested ? I tried
can :create, Project, :portfolio => {:subdomain_id => subdomain[:id]}
but then it raises a CanCan::AccessDenied error on form submit..
thanks for your feedback
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.