Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    mberman84
    @mberman84
    I'm a bit confused about something: I have users and users belong to a company. Do I need to make sure on every single ability that the user is trying to do something on something that they should have access to? Meaning, every single action should check if user.company == resource.company. Does that mean I need to do it on every single ability definition? Also, is it necessary at all if we're using devise and always use current_company and current_user ?
    Anton Antonov
    @syndbg
    Does anyone have trouble/confusion with can :manage, :all?
    I have the following ability
      def initialize(user)
        user ||= User.new # guest user (not logged in)
    
        if user.superadmin?
          can :manage, :all
        elsif user.admin?
          can :manage, :all
          cannot :manage, User, role: User.roles[:superadmin]
       end
    end
    and the result of Ability.new(User.find_by(role: User.roles[:admin])).can?(:manage, User, role: User.roles[:superadmin]) is true. Although it should be false due to the last statement.
    Kara A Carrell
    @KaraAJC
    Anyone in this room right now?
    Sudarshan Regmi
    @BarnaSir
    Me. :P
    Kara A Carrell
    @KaraAJC
    Awesome! At the time I posted, I was working on implementing cancancan into a rails 5 app with devise and devise_token_auth configured, and I was trying to figure out how to ensure cancancan doesn't interfere with tokens
    Punita Ojha
    @punitaojha
    This message was deleted
    H. Can Yıldırım
    @ccoeder
    guys, anyone in here can help me with cancancan nested resources?
    class List < ApplicationRecord
      belongs_to :listable, polymorphic: true
    end
    class Department < ApplicationRecord
      has_many :lists,  as: :listable
    end
    class Company < ApplicationRecord  
      has_many :lists, as: :listable
    end
    class ListsController < ApplicationController
      before_filter :authorize_parent
    
      load_resource :departments
      load_resource :companies
      load_resource :users
      load_and_authorize_resource :list, :through => [:departments, :companies, :users]
    
      def authorize_parent
          authorize! :read, (@companies || @departments || @user)
       end
    end
    class Ability
      include CanCan::Ability
    
      def initialize(user)
        user ||= User.new
    
        if user.has_role? :admin
          can :manage, :all
        else
          can :read, List, { :company => { :id => user.company_id } }
          can :read, List, { :department => { :id => user.departments.first.id } }
        end
      end
    end
    Jason Knebel
    @jasonknebel
    Hello. I'm getting a ForbiddenAttributes error in the create action of a namespaced controller. I've tried with the model added and not in ability.rb. It occurs whenever load_and_authorize_resource is added to the controller. Other actions work as expected. I've searched for details about namespaces and haven't found much. Any thoughts?
    Jason Knebel
    @jasonknebel
    Answer: Take namespace out of *_params method.
    David Stancu
    @mach-kernel
    I made a small layer on top of cancancan after developing this pattern in some of my personal projects and would appreciate some feedback: https://github.com/mach-kernel/warhol