Ability merge #501

Closed
rogercampos opened this Issue Oct 31, 2011 · 6 comments

Projects

None yet

4 participants

Contributor

Hi, I've run in the following situation: I have an engine, with custom controllers and views, which is using cancan for authorization. The controllers from this engine are inheriting from the ApplicationController of the host application, which is also using cancan for their authorization system.

The thing is that I need the user to have all their abilities in place when using the engine, but the current_ability method is being overriden, so it loses their abilities from the host app. I need this because the app is rendering the main layout with a menu (cancan here to display the menu options) while the view is provided by the engine.

I thought it should be easy to fix, so I've made my own experiment adding a new #merge action to the Ability class. Now I'm able to do:

class SomeControllerInMyEngine < ApplicationController
  def current_ability
    @current_ability ||= super.merge(my_engine_ability)
  end
end

The commit here.

Is there another way to do this? Thanks!

Collaborator

Roger, sorry you didn't receive any feedback. Did this approach work out for you or did you end up doing something different? Is this still a problem for you?

Contributor

Hey @derekprior , thanks for answering. I'm still using the approach described here in some applications, but I understand this is not a typical use case. Not really in a hurry for this, feel free to do as you want. Thanks!

vanne commented May 19, 2012

Hi @rogercampos

This merging, plus overriding the current_ability method (where the merging would then happen) in the ApplicationController, could be one way to handle being logged in as multiple roles under Devise. (Devise Allows you to have multiple roles (or models/scopes) signed in at the same time.)
Another way to handle this would be to pass multiple models to the Ability's initialize() and mix everything in one Ability class. However this seems much less clean/readable/preferable, ... to me.

Why don't you make a pull request from your patch?

Contributor

done: #625

Collaborator
andhapp commented May 20, 2012

For handling multiple roles, one could use cantago gem and there are few others.

Collaborator
andhapp commented May 28, 2012

I am going to close this issue and any further discussion can be carried out in the pull-request section. Thanks.

@andhapp andhapp closed this May 28, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment