similar to: cancan gem being replaced

Hello Rails World, does anybody know a good solution for Strong Parameters in a Rails app authorized by Cancan (or a similar authorization gem)? def user_params if current_user.admin? params.require(:user).permit! else params.require(:user).permit(:password, :password_confirmation) end end Now I want to do this the "Cancan way". My first idea looks strange to me: def

Hello I have a rails 3 app and I am trying to implement the redirect back action at access denied for cancan. If I try this in my application_controller: rescue_from CanCan::AccessDenied do |exception| redirect_to :back end It gives the following error: No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure

Hi all, I just installed cancan on a new project and found out that it creates some problems with the new scoped mass assignment features of rails 3.2 . Basically, in my User model I create some attr_accessible attributes in order to avoid users to edit their roles or other sensitive information. From the administration I allow admins to edit those protected attributes by passing

I successfully made login system with Devise and CanCan, and I have 3 types of users. Admin, internal and global users. I created Controllers and index actions: Admin, Cpanel, Report and State, and I want to restrict access to this controllers for some users. Admin user should have privilegies to access: Reports(all), State (read), Admin (all) Global user should have privilegies to access:

At the moment, I am running meta_search, and then filtering through CanCan after I have a set of results. Is there any other way to restrict the returned objects within the initial search query? def index @search = User .search :first_name_or_last_name_or_practice_name_or_role_contains_any => params[:search].to_s.split('' '') @users =

I have implemented Devise for Authentication and Authorization in ROR application everything seems fine but getting one issue. I have two modals "Account" and "Transactiona" , and so two controllers respectively. My Transaction Index view call one of Account Controller method like this

Hello. I''ve installed cancan and bigbluebutton_rails, https://github.com/mconf/bigbluebutton_rails. The gem bigbluebutton_rails has some models and controllers, for example has bigbluebutton/servers_controller.rb. This controller has some actions like create, join, authorize, etc. I want that only users with role admin can create. What can I do? I need to put load_resource in

Hello! While running bundle exec rake, I receive following error (see in attached file) However, my tests are steel passing with command rspec spec/controllers/ Some info: ads_controller.rb: class AdsController < ApplicationController load_and_authorize_resource except: :create end ads_controller_spec.rb: require ''spec_helper'' describe AdsController do render_views

So I got CanCan and Devise working well. I have two types of users: Admins and Nonadmins. Admins can edit all of Nonadmins profiles. The problem is, every user (either Admin or Nonadmin) belongs to an Account or Organization. Admins should only be able to edit users from their own Account or Organization. I was able to do that too. The problem is, I can''t display the Create New User

Hi, I''ve opened a question on StackOverflow regarding #load_resources and a create action in UserController: http://stackoverflow.com/questions/12882284/load-resource-get-a-nil-resource Could anyone please give me some hints? thank you! enrico -- · Enrico Stano · · twitter @enricostano · skype ocirneonats -- You received this message because you are subscribed to the Google

Hi all, I am facing problem in getting subdomain name inside the model. The following is my setup. I am using cancan for authorization.I wanted a specific condition in Ability.rb ( the file which is placed in models if we install cancan gem). Below is the condition I wanted: ========================================================= user ||= User.new # guest user (not logged in) if

I''m doing RSpec controller testing with CanCan authorization, and I''m seeing something I''ve never seen in RSpec before: the same test run twice fails on the second one. I am NOT doing before(:all) or other things that should cause state to persist between tests: Here''s the relevant code: context "POST create" do context "with user logged

My site is hosted on Heroku and I am using Carrierwave to upload files to Amazon. How can i restrict file access based on roles? Is this possible? Using Devise and CanCan. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To

I created a sample application. Added devise in it, it works fine. Then added cancan gem into it. Created an ability class. define some permissions. Then added line load_and_authorize_resource to the Application Controller, after that when i go to the page http://0.0.0.0:3000/users/sign_in it gave the following error, NameError in Devise/sessionsController#new uninitialized constant Session

hi I use devise and cancan my model class PostsController < ApplicationController before_filter :authenticate_user!, only: [:create, :update, :destroy] ... end so an unauthentificate user can access new post form. Now when unauthentificate user submit new or edit forms, he is redirected to login form. But when he logs in, his post is not save in database. Is there anythings to do such

My site is using Devise and Cancan. Currently I have 3 roles setup I am testing creating a new user using the following command (role is required): curl -H "Content-Type:application/json" -H "Accept:application/json" - d "{\"user\":{\"email\":\"test01-J0of1frlU80@public.gmane.org\", \"role\":\"2\", \"name\":

Requesting /attachments/1.all does not work in Rails 3. It was changed here: https://github.com/rails/rails/commit/7e280c3bff8ac25f1c1938aeaeb1d0b4c0fbb726 The use case is a show action such as: def show @attachment = Attachment.find(params[:id]) respond_to do |format| format.html format.any { download } end end The pros of using this approach is take advantage of Cancan and

Not sure if this is right place for jobs post? Came across really nice London UK website, for retired people to pass on their knowledge: http://theamazings.org/about-us/ And they''re looking for freelance Rails dev: > enthusiastic dev with experience working on social applications, especially if you’ve used Activemerchant, CanCan and Devise. Experience building well tested apps using

I made new authorization gem. (https://github.com/randx/six) My goal is to make something like cancan but more easier to understand & without any magic. I''ll be grateful for any feddback and your opinion -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

Hi, I want to read data from Rails 3.1 app with PHP. I use REST with JSON for this. My problem is that Rails app have "devise" and "cancan" and i don''t want access to REST Services because i haven''t auth previously. Any example of this? Thanks and sorry for my english. -- You received this message because you are subscribed to the Google Groups