IMHO cancan is lacking one important functionality: Right now there seems to be no way to use cancan for controllers without corresponding models.
Possible scenarios in which this feature is necessary:
This guy here: http://github.com/ryanb/cancan/issues/closed#issue/30
had the same question, but I couldnt find the "existing issue" he is talking about.
Any plans to implement this feature any time soon?
If I understand you correctly, you want to be able to do something like:
can :administer if user.is_system_admin?
and then check if a user can administer like this:
all without using any model, right? This can be done, simply pass :all as the second argument to the can method, and pass nil as the second argument to the can? method.
Personally I found it annoying to have to pass :all and nil, so I forked and made the secondary arguments default to those values if they're not set. See my commit here: http://github.com/jimeh/cancan/commit/fc5431bcf6594ce9f4c05e66b3c8bbf5b3d4c1af
I've sent Ryan a pull request, and I'm hoping he'll accept the change :)
For the record, here is the other issue he was referring to.
It is possible to use a symbol like :report instead of a model class. However, there's not an easy way to use this with the authorize_resource method. I'll consider adding a :resource option where one can specify a symbol to use there.
@jimeh, CanCan is all about verbs and nouns. In your example you have a verb :administer but no noun. What are you administering? I can't think of a situation where you don't have a noun to go along with it. In j0llyr0g3r's example he has the Report. In the commit message in your fork you gave the noun which is can?(:administor, :site). Or it may make more sense to use :all if you mean the entire site: can?(:administor, :all).
If you provide a good usage scenario I'll consider pulling in that behavior. But in general I discourage not using a noun because it is an important piece of any authorization logic.
I do agree there is a lack of documentation in this area so I should add an article to the wiki.
renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - closed by 23a5888