Comments (4)
Looks like the problem is the block section of the second ability is supposed to be run on instances of the business and the first scope is run on collections. ie:
can [:ability], Model, Model.scope_to_select_on_index_action do |model_instance|
model_instance.condition_to_evaluate_for_new_create_edit_update_destroy
end
You should be able to do:
can :read, Business, Business.user_related(user) do |business|
business.related_to?(user) # true/false
end
Then, when an admin tries to read a Business it will do (can read all businesses) or (can read user_related businesses)
... which will always return all.
Generally I find it useful to separate out rules by roles:
case user.role
when 'admin'
can :read, Business
# Other admin rules
when 'user'
# ...
else
# guest/not logged in rules
end
from cancancan.
https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities-with-Blocks
from cancancan.
Excellent, thanks a lot! Your "can [:ability]" example should be in the docs.
This still doesn't solve the problem (I still get the same error) - but when I separate out the roles like you suggest, it works. I suppose it does make sense to not run the second block at all if we have an admin.
For others, here's the working code:
if user.admin?
can :read, Business
else
can :read, Business, Business.user_related(user) do |business|
business.related_to?(user)
end
end
from cancancan.
+1 on the "example should be in the docs".
from cancancan.
Related Issues (20)
- Polymorphic associations do not support computing the class HOT 12
- STI normalizer fails when existing rule conditions are relation HOT 2
- undefined method `#{parent_name}=' for singleton associations
- Nil values on enums fails to authorize
- Gemspec does not have Rails version dependency for various version of the gem
- cancancan is chaninging my get request ID HOT 1
- Deep conditions nesting on sqlite => stack overflow
- Selective permissions on STI sub-classes not respected by accessible_by HOT 1
- Granting read permission on intermediate STI table prevents any records being returned HOT 4
- inconsistent behaviour with Hash subjects
- `can?` unnecessarily loads relationships in memory when it could leverage `accessible_by` HOT 1
- can? should return false when there are no attributes that the current user can perform action on
- Possible breaking change with handling of `nil` conditions in 3.5.0
- How to define ability action name that is same as the default action aliases?
- Why are merged rules still bound to the merged Ability class?
- Extra table alias is being generated, but then ignored in the final stage of an accessible_by query HOT 1
- Creating resource failes when association is polymorphic and singleton.
- Can't apply rules to `create` action without affecting `new` because of aliasing HOT 12
- Resource Loader gets ignored with Whitespace-Only ID in URL (e.g., "\n")
- Support Rails's `attribute` in Cancancan's `permitted_attributes` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cancancan.