CanCan(Can) and Activeadmin: Index on nested relations
ruby-on-rails,activeadmin,cancan,cancancan
Try this: can :read, Invoice, :user => { :id => adminuser.user.id }
How to restrict user to search for a particular model in view?
ruby-on-rails,ruby-on-rails-4.2,cancancan,ruby-2.2
You need to declare a can rule to actually allow users to :filter. can :filter, Article do |article| !user.client? end Or unless user.client? can :filter, Article end An example of using cannot: can :friend, User cannot :friend, User do |other_user| other_user.blocks?(user) end ...
Cancancan authorisation of nested resources
ruby-on-rails,nesting,cancancan
if user can :crud, Parameter, meter: { account_id: user.account_id } end ...
cancancan custom action not working
ruby-on-rails,activeadmin,ruby-on-rails-4.1,cancancan
can :manage, User already includes all custom actions. So, both your roles can perform both custom actions. You can describe only crud actions: can %i(create read update delete), User instead can :manage, User for both roles....
undefined method `total_pages' error in rails4
ruby-on-rails,ruby,devise,cancancan
So you have to define authorization manually for your index action. load_and_authorize_resource skip_load_and_authorize_resource :only => [:getProjectId, :getResult, :index] def index @projects = Project.find_by_sql("SELECT project_id, project_name FROM projects WHERE company_id = "+ current_dashboard_user.company_id.to_s + " ORDER BY project_name") authorize! :read, @projects getProjectId getResult #get search result authorize! :read, @assessments respond_to do...
Cancancan in a engine
ruby-on-rails,ruby,ruby-on-rails-4,rubygems,cancancan
I could solve my problem by updating Cancancan from 1.9.2 to actual 1.10.1 and compare my engine with the one from this post: https://github.com/CanCanCommunity/cancancan/issues/151#issuecomment-69487040
undefined method `total_pages'- When use load_and_authorize_resource
ruby-on-rails,ruby-on-rails-4,authorization,cancancan
Change the object name used for pagination . def getAssignments @assignments = Assignment.all if (@assignments != nil && @assignments.length > 0) then @assignment = @assignments.paginate(:per_page => 5, :page => params[:page]) end end and in your view like this <% if @assignment != nil then%> <%= will_paginate @assignment, :class => @paginationClass.to_s,...
role based route authentication
devise,ruby-on-rails-4.1,ruby-2.1,cancancan
# config/initializers/admin.rb class CanAccessResque def self.matches?(request) current_user = request.env['warden'].user return false if current_user.blank? Ability.new(current_user).can? :manage, Resque end end # routes.rb namespace :admin do constraints CanAccessResque do mount Resque::Server, at: 'resque' end end # ability.rb class Ability include CanCan::Ability def initialize(user) user ||= User.new if user.is_admin? can :manage, Resque end end...
cancancan + devise: handling timeoutable exception
ruby-on-rails,ruby-on-rails-3,devise,cancancan
When the session times out, the value of flash[:alert] is set to :timeout, which by default is defined in config/locales/devise.en.yml. So instead of reading the message from exception, try reading from flash[:alert] and make your app react accordingly. For example, this is the code I use in my apps: rescue_from...
Multiple Devise users or one user and permissions with CanCanCan?
ruby-on-rails,devise,cancan,cancancan
I would say single model with permissions. I made a detailed response on how to approach this here: Setting up different User models and registration paths for Devise on Ruby on Rails...
Devise with CanCan(can)
ruby-on-rails,devise,cancan,cancancan
For simplicity, you could add an admin boolean column on the users table. You would check for an admin user with user.admin?. Here is what the migration will look like. > rails g migration add_admin_to_users In your migration file, I would set a default value to false prior to running...
CanCanCan throws a regular Rails error on an exception rather than a flash message like I specified
ruby-on-rails-4,devise,cancan,rolify,cancancan
It turns out that the issue was with the way I authorized my Newsroom Controller - because Newsroom was a non-restful controller (i.e. there was no model associated with Newsroom. I had to add this to the top of my controller: authorize_resource :class => false As specified here: https://github.com/CanCanCommunity/cancancan/wiki/Non-RESTful-Controllers#alternative-authorize_resource...
Defining a complex ability using CanCanCan
ruby-on-rails,ruby,authorization,cancan,cancancan
can :edit, Appointment, office_id: employee.office_ids ...
Cannot access attribute in ActiveRecord
ruby-on-rails,rails-activerecord,cancancan
Remove the attr_accessor for role, it's shielding the role attribute generated by AR automatically.
RSpec and Cancancan: all negative tests failing
ruby-on-rails,ruby-on-rails-3,rspec,cancan,cancancan
I have no idea why but I've refactored my tests and they now work as expected. Maybe this'll help someone. RSpec.describe User do describe 'Abilities' do context 'guest' do let(:user) { create(:user, state: 'guest') } (client_made_resources + administrator_resources).each do |r| it "cannot manage #{r}" do ability = Ability.new(user) assert ability.cannot?(:manage,...
ActiveAdmin Devise Cancancan and Three User Models — infinite loop
ruby-on-rails-4,devise,activeadmin,infinite-loop,cancancan
You are not using the user object inside the initialize method in ability.rb anywhere. def initialize(user) user ||= User.new if user.admin? can :manage, :all can :read, ActiveAdmin::Page, :name => "Dashboard" end if user.customer? can :read, [:index], HomeController cannot :read, ActiveAdmin::Page, :name => "Dashboard" end if user.supplier? can :read, [:index], HomeController...
CanCan: Check permission on record including dependency
ruby-on-rails,cancan,cancancan
Just found the solution, which is quite simple: can :read, Car, :car_pool => { :users => { :id => user.id } } can :create, CarPickup, :car => { :car_pool => { :users => { :id => user.id } } # Add this line in order for it to work when...
Using Vanity URLs and CanCanCan gem (load_and_authorize_resource error)
ruby-on-rails,vanity-url,cancancan
I figured it out; adding find_by: :slug to the load_and_authorize_resource did exactly what I was looking for. load_and_authorize_resource only: [:dashBoard], find_by: :slug ...
Rails + CanCan: Disallow User from Joining a Group if Already a Member
ruby-on-rails,authorization,cancan,cancancan
CanCan blocks only work on model instances (see this wiki page) and right now your can? sends the model class, not an instance. In order for this to work, you need to pass an instance of Membership. You can do something like this (assuming @group is the group the user...
Why does my test try to render a different & invalid route?
ruby-on-rails,rails-routing,minitest,cancancan
Take a look at the stack trace for this exception: SubscriptionsControllerTest#test_admin_can_not_view_subscriptions_that_don't_exist: ActionView::Template::Error: No route matches {:action=>"edit", :controller=>"subscriptions", :id=>nil} missing required keys: [:id] app/views/subscriptions/show.html.erb:13:in `_app_views_subscriptions_show_html_erb__1518678276755260966_70268849069860' test/controllers/subscriptions_controller_test.rb:58:in `block (2 levels) in <class:SubscriptionsControllerTest>'...
How to use cancancan?
ruby-on-rails,authorization,cancancan
Cancancan lets you only define permissions for given context. This context might be a user role which is not a part of cancancan and hence roles have to be defined by yourself. There are various ways to define user role, e.g. as a Role model, Rails enum, as suggested here,...
How do I setup my CanCanCan permissions correctly?
ruby-on-rails,ruby-on-rails-4,cancan,cancancan
For what it's worth, I had to setup my NewsroomController like this: class NewsroomController < ApplicationController authorize_resource :class => false This is what the working version of my ability.rb looks like after I got it to work with the permissions I needed: #Roles #Admin if user.has_role? :admin can :manage, :all...
authorise view user to not access some pages in rails4 app by using cancancan
ruby-on-rails,ruby,devise,cancan,cancancan
Okey, just do this trick for now. Somehow the current_user helper method is being called. So the quickest solution would be if you can do the following. In your application_controller.rb file put this block: def current_user current_dashboard_user end # method_alias :current_user=, current_user # you may need this line if required....