Using accessible_by with overriding roles #47
Comments
|
Looks like the problem is the block section of the second ability is supposed to be run on instances of the business and the first scope is run on collections. ie: can [:ability], Model, Model.scope_to_select_on_index_action do |model_instance|
model_instance.condition_to_evaluate_for_new_create_edit_update_destroy
endYou should be able to do: can :read, Business, Business.user_related(user) do |business|
business.related_to?(user) # true/false
endThen, when an admin tries to read a Business it will do Generally I find it useful to separate out rules by roles: case user.role
when 'admin'
can :read, Business
# Other admin rules
when 'user'
# ...
else
# guest/not logged in rules
end |
|
Excellent, thanks a lot! Your "can [:ability]" example should be in the docs. This still doesn't solve the problem (I still get the same error) - but when I separate out the roles like you suggest, it works. I suppose it does make sense to not run the second block at all if we have an admin. For others, here's the working code: if user.admin?
can :read, Business
else
can :read, Business, Business.user_related(user) do |business|
business.related_to?(user)
end
end |
|
+1 on the "example should be in the docs". |
I am having trouble using cancancan to select records based on abilities.
My ability.rb file looks like this:
My controller tries this:
If I comment out the top rule, everything seems to work. That is, I can load businesses produced by the Business.user_related scope. But if I include the top rule I get the error: "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read Business ability."
If the user is an admin, cancancan doesn't need to consult the database at all - they have access to all businesses. How can I express this in ability.rb?
The text was updated successfully, but these errors were encountered: