Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Controller without model - reloaded #45

j0llyr0g3r opened this Issue · 3 comments

3 participants


Hey guys,

IMHO cancan is lacking one important functionality: Right now there seems to be no way to use cancan for controllers without corresponding models.
Possible scenarios in which this feature is necessary:

  • ReportsController
  • AdminController
  • .....and possibly some other scenarios I can't think of now.

This guy here:
had the same question, but I couldnt find the "existing issue" he is talking about.

Any plans to implement this feature any time soon?


If I understand you correctly, you want to be able to do something like:

can :administer if user.is_system_admin?

and then check if a user can administer like this:

can? :administer

all without using any model, right? This can be done, simply pass :all as the second argument to the can method, and pass nil as the second argument to the can? method.

Personally I found it annoying to have to pass :all and nil, so I forked and made the secondary arguments default to those values if they're not set. See my commit here:

I've sent Ryan a pull request, and I'm hoping he'll accept the change :)


For the record, here is the other issue he was referring to.

It is possible to use a symbol like :report instead of a model class. However, there's not an easy way to use this with the authorize_resource method. I'll consider adding a :resource option where one can specify a symbol to use there.

@jimeh, CanCan is all about verbs and nouns. In your example you have a verb :administer but no noun. What are you administering? I can't think of a situation where you don't have a noun to go along with it. In j0llyr0g3r's example he has the Report. In the commit message in your fork you gave the noun which is can?(:administor, :site). Or it may make more sense to use :all if you mean the entire site: can?(:administor, :all).

If you provide a good usage scenario I'll consider pulling in that behavior. But in general I discourage not using a noun because it is an important piece of any authorization logic.

I do agree there is a lack of documentation in this area so I should add an article to the wiki.


renaming :class option to :resource for load_and_authorize_resource which now supports a symbol for non models - closed by 23a5888

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.