cancan and enums only on "show" action #479

Closed
refaelos opened this Issue Sep 23, 2011 · 7 comments

2 participants

@refaelos

I'm using cancan in my rails 3 application with mysql DB.

When i create a rule based on an enum column i always get AccessDenied only for "show" action. Any idea why?
I use enumerated_attribute to enforce enums in the models and an actual ENUM type column in the database.

Example:
I have a Post that has an enum field privacy with ['PUBLIC','PRIVATE','LOCAL']. I always get AccessDenied when i use this rule:

can :read, Post, :privacy => 'PUBLIC'

Every other rule works perfectly. The above rule also works great on "index" action.

@refaelos

The same happens for a string column of an association.

For example:
If a Student (with "name" field) belongs to Class with student_id than you get wrong AccessDenied when you have this rule:
can :read, Class, :student => { :name => "Jacob" }

@caironoleto

Hi @refaelos, I can't reproduce your problem.

@refaelos

The second part (with the string) is my mistake. It works now. I probably did something wrong.

As for the first part (the enum column): i changed my code and now i have a separate table for the enums (PUBLIC, PRIVATE ..) and i have a foreign key in the original table. It works but i don't use enums anymore in the way i explained here. I can close this issue but the problem with enums still exists.

@caironoleto

So, I tried to reproduce this error and everything was fine. I use Ruby 1.9.2 and the stable version of rails and cancan (3.1 and 1.6)

@refaelos

Did you create an ENUM column in the DB and used enumerated_attribute?

I'll try to find some time to reproduce it.

Again... i might be wrong here. I took another angle and left it.

@caironoleto

Now I can reproduce this error… This occur because the enum_attr return a symbol and not a string value. See

ruby-1.9.2-p290 :003 > Post.first.privacy
  Post Load (0.4ms)  SELECT `posts`.* FROM `posts` LIMIT 1
 => :PUBLIC

So, in Ability class you can use like this:

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new
    can :read, Post, :privacy => :PUBLIC
  end
end
@refaelos

Great answer !

Thanks.

@refaelos refaelos closed this Oct 2, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment