Authorizing resource through another fails with multiple joins in Rails 3.1rc6 #445

mattmueller opened this Issue Aug 17, 2011 · 2 comments


None yet

3 participants


Setup: a place habtm clients (pure join table), a client account has many clients.

Client Account Abilities defined like this:

can :manage, Place, :clients => { :id => client_ids }
can :manage, Client, :client_account_id =>

Authorizing like this:

before_filter :check_authenticate_user
load_and_authorize_resource :client
load_and_authorize_resource :place, :through => :client

The index action is using an invalid query:

PGError: ERROR:  table name "clients_places" specified more than once
: SELECT COUNT(*) FROM "places" INNER JOIN "clients_places" ON "clients_places"."place_id" = "places"."id" INNER JOIN   "clients" ON "clients"."id" = "clients_places"."client_id" INNER JOIN "clients_places" ON "places"."id" =   "clients_places"."place_id" WHERE "clients_places"."client_id" = 2 AND ('t'='t')

This was working fine in 3.0.9.


Can you try the most recent version of cancan (currently 1.6.10) to see if your issue has been resolved?

This is one of the oldest CanCan issues with no discussion. CanCan is struggling right now to implement support for rails 4, and the issue count is nearing 200. It would be a big help if we could close a few old issues and get the issue count down. Thanks!

xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment