authorization with cancan
16 views
Skip to first unread message
Mohammed Rashid
Jan 6, 2015, 8:28:30 AM1/6/15
to rubyonra...@googlegroups.com
After looking at the ability.rb. I have allowed the admins to manage
everything (that part works) but how do I allow the user to just, view
and edit their own Logg using cancan? At the moment the users cannot
view anything at all, not even their own created logg. But admins can do
everything.
class Logg < ActiveRecord::Base
has_and_belongs_to_many :user
end
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
ROLES = %w[admin moderator author banned]
has_and_belongs_to_many :logg
end
I have no User controller. I have the loggs controller:
class LoggsController < ApplicationController
before_action :set_logg, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
respond_to :html
def index
@loggs = Logg.all
respond_with(@loggs)
end
def show
respond_with(@logg)
end
def new
@logg = Logg.new
respond_with(@logg)
end
def edit
end
def create
@logg = Logg.new(logg_params)
@logg.save
respond_with(@logg)
end
def update
@logg.update(logg_params)
respond_with(@logg)
end
def destroy
@logg.destroy
respond_with(@logg)
end
private
def set_logg
@logg = Logg.find(params[:id])
end
def logg_params
params.require(:logg).permit(:name, :date, :time,
:whats_gone_well_this_week, :whats_not_gone_well_this_week,
:learnt_anything_new, :what_would_you_like_to_improve, :anything_else)
end
end
class Ability
include CanCan::Ability
def initialize(user)
if user.nil?
cannot :read, Logg
elsif user.admin?
can :manage, Logg
else
can :create, Logg, :user_id => user.id
can :update, Logg, :user_id => user.id
end
end
end
--
Posted via http://www.ruby-forum.com/.
everything (that part works) but how do I allow the user to just, view
and edit their own Logg using cancan? At the moment the users cannot
view anything at all, not even their own created logg. But admins can do
everything.
class Logg < ActiveRecord::Base
has_and_belongs_to_many :user
end
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
ROLES = %w[admin moderator author banned]
has_and_belongs_to_many :logg
end
I have no User controller. I have the loggs controller:
class LoggsController < ApplicationController
before_action :set_logg, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
respond_to :html
def index
@loggs = Logg.all
respond_with(@loggs)
end
def show
respond_with(@logg)
end
def new
@logg = Logg.new
respond_with(@logg)
end
def edit
end
def create
@logg = Logg.new(logg_params)
@logg.save
respond_with(@logg)
end
def update
@logg.update(logg_params)
respond_with(@logg)
end
def destroy
@logg.destroy
respond_with(@logg)
end
private
def set_logg
@logg = Logg.find(params[:id])
end
def logg_params
params.require(:logg).permit(:name, :date, :time,
:whats_gone_well_this_week, :whats_not_gone_well_this_week,
:learnt_anything_new, :what_would_you_like_to_improve, :anything_else)
end
end
class Ability
include CanCan::Ability
def initialize(user)
if user.nil?
cannot :read, Logg
elsif user.admin?
can :manage, Logg
else
can :create, Logg, :user_id => user.id
can :update, Logg, :user_id => user.id
end
end
end
--
Posted via http://www.ruby-forum.com/.
Reply all
Reply to author
Forward
0 new messages