search for: cancan

Hello I have a rails 3 app and I am trying to implement the redirect back action at access denied for cancan. If I try this in my application_controller: rescue_from CanCan::AccessDenied do |exception| redirect_to :back end It gives the following error: No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure to speci...

Hello Rails World, does anybody know a good solution for Strong Parameters in a Rails app authorized by Cancan (or a similar authorization gem)? def user_params if current_user.admin? params.require(:user).permit! else params.require(:user).permit(:password, :password_confirmation) end end Now I want to do this the "Cancan way". My first idea looks strange to me: def user_params...

Hi all, I am facing problem in getting subdomain name inside the model. The following is my setup. I am using cancan for authorization.I wanted a specific condition in Ability.rb ( the file which is placed in models if we install cancan gem). Below is the condition I wanted: ========================================================= user ||= User.new # guest user (not logged in) if (user.role == '...

Hi all, I just installed cancan on a new project and found out that it creates some problems with the new scoped mass assignment features of rails 3.2 . Basically, in my User model I create some attr_accessible attributes in order to avoid users to edit their roles or other sensitive information. From the administration I allow...

So I got CanCan and Devise working well. I have two types of users: Admins and Nonadmins. Admins can edit all of Nonadmins profiles. The problem is, every user (either Admin or Nonadmin) belongs to an Account or Organization. Admins should only be able to edit users from their own Account or Organization. I was a...

I just came across this so I thought I would post it on this board since I see cancan come up a lot. It seems that Ryan Bates (who is primarily responsible for cancan) is taking a hiatus and the gem is no longer being actively maintained. The collaborators on that gem have formed a new team and have released the gem cancancan which is now cancan updated for Rails 4. You read...

I successfully made login system with Devise and CanCan, and I have 3 types of users. Admin, internal and global users. I created Controllers and index actions: Admin, Cpanel, Report and State, and I want to restrict access to this controllers for some users. Admin user should have privilegies to access: Reports(all), State (read), Admin (all) Global...

...;spec_helper'' describe AdsController do render_views describe ''Guest role'' do it "should not display link to new ad" do visit ads_path page.should_not have_content(''New'') end end end Gems: rails (4.0.0),rake (10.1.0),cancan (1.6.10), * rspec-core (2.14.5) * rspec-expectations (2.14.3) * rspec-mocks (2.14.3) * rspec-rails (2.14.0) Can`t find any answer in google or github... Will be thankfully for any help. Attachments: http://www.ruby-forum.com/attachment/8954/bundle_exec_rake.txt -- Posted via http://www...

At the moment, I am running meta_search, and then filtering through CanCan after I have a set of results. Is there any other way to restrict the returned objects within the initial search query? def index @search = User .search :first_name_or_last_name_or_practice_name_or_role_contains_any => params[:search].to_s.split('' '') @users...

...count_number="+$("#account_number").val(),function(data) { $("#our_miles_balance").val(data); }); When this ajax post run it gives following error and sign out admin user You need to sign in or sign up before continuing Here is my Ability Class class Ability include CanCan::Ability def initialize(user) user ||= User.new # guest user if user.role == 1 #admin can :manage, :all can :read, :all elsif user.role == 2 #Vendor can :manage, VendorTransaction can :index, Account end end end Ok Here is my Transaction controller require ''csv...

Hello. I''ve installed cancan and bigbluebutton_rails, https://github.com/mconf/bigbluebutton_rails. The gem bigbluebutton_rails has some models and controllers, for example has bigbluebutton/servers_controller.rb. This controller has some actions like create, join, authorize, etc. I want that only users with role admin can cre...

Hi, I''ve opened a question on StackOverflow regarding #load_resources and a create action in UserController: http://stackoverflow.com/questions/12882284/load-resource-get-a-nil-resource Could anyone please give me some hints? thank you! enrico -- · Enrico Stano · · twitter @enricostano · skype ocirneonats -- You received this message because you are subscribed to the Google

I have the following scenario. Users have various levels of ability. They can only view and edit their own records (their profile). Their managers can only view and edit their employees records. The regional managers can view and edit only the people in their regions and the corporate headquarters can view and edit all records. There are multiple regions so somebody can be the manager of the

Hi, surely I''m missing something... but what!? in my spec I''ve User.should_receive(:find).with("1").and_return(@user) and in my controller User.find(params[:id]) green light... correct... but if I change my controller using another method, for example first: User.first or even User.all I get green light too... I was expecting an error like expected: 1 time

In an app where ordinary users are limited to viewing and editing their own "stuff", but someone with admin privs can view and edit anybody''s stuff, what''s the right strategy for routing? At first blush, I''d think that an ordinary user (e.g. with id 565) should see something like: http://example.com/mystuff.html ... where the controller assumes

I''m doing RSpec controller testing with CanCan authorization, and I''m seeing something I''ve never seen in RSpec before: the same test run twice fails on the second one. I am NOT doing before(:all) or other things that should cause state to persist between tests: Here''s the relevant code: context "POST create...

hi all, i am using 3 devises for 3 models in rails4. i need routes to my devise models.the devises are client,admin,employee. when i login into client then it will go to clients dashboard, when i login into admin then it will go to admins dashboard, the employee also has the employee dashboard. if i do not enter any login then the common dashboard body message is please signin. please let me

Hello,I am quite new on rails. Currently making CRUD apps in rails 3.0 in windows. I''ve used devise [1.1.rc0] for authentication.In those apps any logged in user can change other user''s details. How can I design the app, so that any logged in user can edit/remove his details only if he wishes to do so and can only view others'' records. After logging in he should be

My site is using Devise and Cancan. Currently I have 3 roles setup I am testing creating a new user using the following command (role is required): curl -H "Content-Type:application/json" -H "Accept:application/json" - d "{\"user\":{\"email\":\"test01-J0of1frlU80@public.gmane.org\&...

Right now in my view, I have a whole HUGE clump of <% if current_user %> and then <% if current_admin %> and then <% if current_teacher %> and then all that other stuff in my view. I have a ginourmous chunk of if and else statements in my views... is there a way to make it prettier? The if and else''s almost all have the same functions, expect for some minor changes.