-
Notifications
You must be signed in to change notification settings - Fork 787
CanCan adds " AND (1=0)" to Sql Query #733
Comments
Please attach your ability file and the PartnerUser model. |
I had the same issue with cancan 2.0.0.alpha downgrading to latest stable 1.6.8 fixed that issue. class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new
can :read, Empfehlungscode
end
end # 2.0.0.alpha
>> Empfehlungscode.accessible_by(Ability.new(User.first)).to_sql
=> "SELECT `empfehlungscodes`.* FROM `empfehlungscodes` WHERE (1=0)"
# 1.6.8
=> ""SELECT `empfehlungscodes`.* FROM `empfehlungscodes` " |
Friends, I have the same problem, any suggestion to resolve it? Thanks Andrew |
Hi guys, I was facing the same issue and solved it. When the user is not allowed to Solution add
And it will no longer add the I hope that helps... All the best! |
I have also faced same issue. I have installed two versions(1.6.7 and 1.6.8) and configured cancan 1.6.7 in GemFile as If user is allowed only :show action and cancan will append There is no problem only on first request after restarting server. |
I'm really confused by the behaviour of the |
@callumlocke - By default, cancan adds some functionality based on the CRUD routes. Defining the https://github.com/ryanb/cancan/blob/master/lib/cancan/ability.rb#L303-309 Whenever you call For instance, you may want to allow certain users to view individual phone numbers that aren't deleted, but never be able to list (or index) all phone numbers. You could do that like this: ability.can :show,
PhoneNumber,
deleted => false
ability.cannot :index,
PhoneNumber
# Somewhere in controllers
phone = PhoneNumber.new
ability.can? :show, phone #=> true
PhoneNumber.accessible_by(ability, :index) #=> [] |
Does anyone already solved this issue?
This query works 98% of the time, but sometimes, randomly it adds 1=0 at the end of the query.
None of the replies above solved my issue, I tried to add read and index to all users in cancan, with no success, though I'm having this problem logged as admin, and admin I also thought that this was an empty hash being passed to the lambda scope, but even with emptiness validation it fails. |
Hi,
I found out that CanCan adds " AND (1=0)" to SqlQuery and break results, please look at this example:
If you have any suggestions I would be glad,
Thanks.
The text was updated successfully, but these errors were encountered: