Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
An open source base app: CanCan 1 :: Ruby 2 :: Devise 3 :: Rails 4
Ruby Shell CSS JavaScript
branch: master

Merge pull request #1 from budhrg/master

Update required spacing and dots at appropriate places in README
latest commit 8dd73956dc
@brunopgalvao authored

README.md

Build Status Code Climate

Setting up CanCan 1 : Ruby 2 : Devise 3 : Rails 4

This guide was created partially following Tony Amoyal's tutorial here.
Create a new app:
rails new app
bundle install
Install Devise:
gem 'devise'
bundle install
rails generate devise:install
rails generate devise user
Install CanCan:
gem 'cancan'
bundle install
rails generate cancan:ability
rails generate model role name:string
rails generate migration UsersHaveAndBelongToManyRoles
Edit the migration
class UsersHaveAndBelongToManyRoles < ActiveRecord::Migration 
  def self.up 
    create_table :roles_users, :id => false do | t | 
      t.references :role, :user 
    end 
  end 

  def self.down 
    drop_table :roles_users 
  end 
end 
rake db:migrate
Edit User model
class User < ActiveRecord::Base 
  has_and_belongs_to_many :roles 

  def role?( role ) 
    !roles.find_by_name( role.to_s.camelize ).nil?
  end 
Edit Role model
class Role < ActiveRecord::Base 
  has_and_belongs_to_many :users 
end 
Edit Ability model
class Ability
  include CanCan::Ability 

  def initialize( user ) 
    user ||= User.new                          # guest user 

    if user.role :super_admin 
      can :manage, :all 
    elsif user.role :product_admin 
      can :manage, [ Product, Asset, Issue ] 
    elsif user.role :product_team 
      can :read, [ Product, Asset ] 
      # manage products, assets he owns 
      can :manage, Product do | product | 
        product.try( :owner ) == user
      end 
      can :manage, Asset do | asset | 
        asset.assetable.try( :owner ) == user
      end 
    end 
  end 
end 
mkdir app/controllers/users
vi app/controllers/users/registrations_controller.rb 
Edit RegistrationsController
class Users::RegistrationsController < Devise::RegistrationsController 
  before_filter :check_permissions, :only => [ :new, :create, :cancel ] 
  skip_before_filter :require_no_authentication 

  def check_permissions
    authorize! :create, resource
  end 
end 
Edit config/routes.rb and replace devise_for :users with:
devise_for :users, :controllers => { :registrations => "users/registrations" } 
Edit ApplicationController
class ApplicationController < ActionController::Base 
  ...
  rescue_from CanCan::AccessDenied do | exception | 
    flash[:error] = exception.message 
    redirect_to root_url
  end 
  ...
end 
Add WelcomeController
rails generate controller welcome#index
Navigating to /users/sign_up will now redirect you to welcome #index
Resources: http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers
Something went wrong with that request. Please try again.