similar to: Cancan redirect back at AccessDenied

Hi all, In curl (the command line program), I can successfully log a user in using devise: def create respond_to do |format| format.json { if user_signed_in? return render :json => {:success => true, :errors => ["Already logged in."]} end resource = warden.authenticate!(:scope => resource_name, :recall =>

Hi all, I just installed cancan on a new project and found out that it creates some problems with the new scoped mass assignment features of rails 3.2 . Basically, in my User model I create some attr_accessible attributes in order to avoid users to edit their roles or other sensitive information. From the administration I allow admins to edit those protected attributes by passing

I successfully made login system with Devise and CanCan, and I have 3 types of users. Admin, internal and global users. I created Controllers and index actions: Admin, Cpanel, Report and State, and I want to restrict access to this controllers for some users. Admin user should have privilegies to access: Reports(all), State (read), Admin (all) Global user should have privilegies to access:

Hello! While running bundle exec rake, I receive following error (see in attached file) However, my tests are steel passing with command rspec spec/controllers/ Some info: ads_controller.rb: class AdsController < ApplicationController load_and_authorize_resource except: :create end ads_controller_spec.rb: require ''spec_helper'' describe AdsController do render_views

So I got CanCan and Devise working well. I have two types of users: Admins and Nonadmins. Admins can edit all of Nonadmins profiles. The problem is, every user (either Admin or Nonadmin) belongs to an Account or Organization. Admins should only be able to edit users from their own Account or Organization. I was able to do that too. The problem is, I can''t display the Create New User

Hello Rails World, does anybody know a good solution for Strong Parameters in a Rails app authorized by Cancan (or a similar authorization gem)? def user_params if current_user.admin? params.require(:user).permit! else params.require(:user).permit(:password, :password_confirmation) end end Now I want to do this the "Cancan way". My first idea looks strange to me: def

I''m doing RSpec controller testing with CanCan authorization, and I''m seeing something I''ve never seen in RSpec before: the same test run twice fails on the second one. I am NOT doing before(:all) or other things that should cause state to persist between tests: Here''s the relevant code: context "POST create" do context "with user logged

Hey guys, I''m new to ruby/rails and trying to sort something... I just created an app with composer, http://railsapps.github.com/rails-composer/ I used the command: rails new myapp -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb I set up the rails server, and tried to load the app on localhost:3000 However, I end up with: ArgumentError in HomeController#index

I just came across this so I thought I would post it on this board since I see cancan come up a lot. It seems that Ryan Bates (who is primarily responsible for cancan) is taking a hiatus and the gem is no longer being actively maintained. The collaborators on that gem have formed a new team and have released the gem cancancan which is now cancan updated for Rails 4. You read more about it

Howdy, I''m using Apache 2.2 + Mongrel with great success, using the sample configs from the Mongrel site. We have some MP3s on the site and recently someone has been stealing them and basically leaching them from the site, linking to them from an off-site location. I''ve been trying to modify my Apache conf to check the referrer and adjust accordingly as below but no

Hi all, I am facing problem in getting subdomain name inside the model. The following is my setup. I am using cancan for authorization.I wanted a specific condition in Ability.rb ( the file which is placed in models if we install cancan gem). Below is the condition I wanted: ========================================================= user ||= User.new # guest user (not logged in) if

Hey guys, Ok, basically I coded a ruby on rails CMS to manage a bunch of media files. I am finding that a lot of people are "hot linking" to these media files and would like to prevent this to save bandwidth. Usually in the past, it hasn''t been a problem, I would add something like the following to my .htaccess file RewriteEngine on RewriteCond %{HTTP_REFERER} !^$

At the moment, I am running meta_search, and then filtering through CanCan after I have a set of results. Is there any other way to restrict the returned objects within the initial search query? def index @search = User .search :first_name_or_last_name_or_practice_name_or_role_contains_any => params[:search].to_s.split('' '') @users =

I have implemented Devise for Authentication and Authorization in ROR application everything seems fine but getting one issue. I have two modals "Account" and "Transactiona" , and so two controllers respectively. My Transaction Index view call one of Account Controller method like this

Hello. I''ve installed cancan and bigbluebutton_rails, https://github.com/mconf/bigbluebutton_rails. The gem bigbluebutton_rails has some models and controllers, for example has bigbluebutton/servers_controller.rb. This controller has some actions like create, join, authorize, etc. I want that only users with role admin can create. What can I do? I need to put load_resource in

Hi. I would like to set @request.env["HTTP_REFERER"] in an integration test, but due to its nature, I would naturally set this value to the previousle request url. How do I do that. Thanks. Jarl

In production mode, I keep getting this error the 2nd time it loads a page with a serialized attribute: ActiveRecord::SerializationTypeMismatch (answers_container was supposed to be a Array, but was a NilClass): /vendor/rails/activerecord/lib/active_record/base.rb:1964:in `unserialize_attribute'' In development, it works fine. In fact, if I set to false config.cache_classes in

Hello, we want to read the referer URL from the HTTP headers, in order to be able to track where someone is coming from, in a Rails application. As I can see in the source, Mongrel doesn''t even parse the HTTP_REFERER field from HTTP requests. This would make a useful feature, I guess. Apart from that, Mongrel is (IMHO) simply the best solution for deploying Rails - keep on going!

Hello I have a strange problem with this code: <%unless (@students.empty? and params[:commit].nil?) %> <%="test"%> <%= render :partial => ''results'' %> <% end %> Even though in some cases @students.empty? returns false and params [:commit].nil? returns true (or the opposite), it displays the test and the render area. I put before and

Hi James, > Isn't this from the query template, ie from the main web page of search > results? (It might make sense from opensearch as well, though.) Yes, you are right; it is the query template. The reason I said opensearch template is that I haven't quite read all sections of the Omega docs and I'm still in the process. Thanks for pointing that out. I'm aiming to cover