cancan roles issue
45 views
Skip to first unread message
Phil
Jul 1, 2013, 6:22:46 PM7/1/13
to rubyonra...@googlegroups.com
Rails 3.2.11
Ruby 2
Hi,
I am building my first rails app and decided to use Devise(2.2.4) and Cancan(1.6.10) for auth and role management. The auth part works nicely but I haven't been able to get cancan working correctly. I have one role setup(admin). But when I try view the users index page it redirects me to the homepage even though I'm an admin. ANy advice on where I may be going wrong is most welcomed.
Here is my code:
# app/models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
else
can :read, :all
end
end
end
# app/controllers/users_controller.rb
class UsersController < ApplicationController
load_and_authorize_resource
before_filter :authenticate_user!
def index
@users = User.all
authorize! :manage, @users
respond_to do |format|
format.html
format.json { render :json => @users }
end
end
end
# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
def after_sign_in_path_for(resource)
root_url
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
def current_ability
@current_ability ||= Ability.new(current_user)
end
#load the permissions for the current user so that UI can be manipulated
def load_permissions
@current_permissions = current_user.role.permissions.collect{|i| [i.subject_class, i.action]}
end
end
Ruby 2
Hi,
I am building my first rails app and decided to use Devise(2.2.4) and Cancan(1.6.10) for auth and role management. The auth part works nicely but I haven't been able to get cancan working correctly. I have one role setup(admin). But when I try view the users index page it redirects me to the homepage even though I'm an admin. ANy advice on where I may be going wrong is most welcomed.
Here is my code:
# app/models/ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.role? :admin
can :manage, :all
else
can :read, :all
end
end
end
# app/controllers/users_controller.rb
class UsersController < ApplicationController
load_and_authorize_resource
before_filter :authenticate_user!
def index
@users = User.all
authorize! :manage, @users
respond_to do |format|
format.html
format.json { render :json => @users }
end
end
end
# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
def after_sign_in_path_for(resource)
root_url
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to root_url, :alert => exception.message
end
def current_ability
@current_ability ||= Ability.new(current_user)
end
#load the permissions for the current user so that UI can be manipulated
def load_permissions
@current_permissions = current_user.role.permissions.collect{|i| [i.subject_class, i.action]}
end
end
Dave Kimura
Jul 1, 2013, 6:26:22 PM7/1/13
to rubyonra...@googlegroups.com
if user.role? :admin looks strange. the .role? indicates that it is a boolean, no?
Walter Lee Davis
Jul 1, 2013, 8:11:09 PM7/1/13
to rubyonra...@googlegroups.com
Walter
>
> #load the permissions for the current user so that UI can be manipulated
> def load_permissions
> @current_permissions = current_user.role.permissions.collect{|i| [i.subject_class, i.action]}
> end
>
> end
>
>
>
>
>
>
>
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/98f2df7c-55e4-44d6-a352-47e9dff19a78%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Phillip
Jul 2, 2013, 4:26:42 PM7/2/13
to rubyonra...@googlegroups.com
Thanks for the replies, I got to the bottom of the issue. I was following this in a tutorial and had the following on my users model, which was converting the role name to camelcaze, so when I removed the ".camelize" it let me in to the restricted pages as expected. Thanks again for the help!
def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end
def role?(role)
return !!self.roles.find_by_name(role.to_s.camelize)
end
Reply all
Reply to author
Forward
0 new messages