Hi, I've run in the following situation: I have an engine, with custom controllers and views, which is using cancan for authorization. The controllers from this engine are inheriting from the ApplicationController of the host application, which is also using cancan for their authorization system.
The thing is that I need the user to have all their abilities in place when using the engine, but the current_ability method is being overriden, so it loses their abilities from the host app. I need this because the app is rendering the main layout with a menu (cancan here to display the menu options) while the view is provided by the engine.
I thought it should be easy to fix, so I've made my own experiment adding a new #merge action to the Ability class. Now I'm able to do:
class SomeControllerInMyEngine < ApplicationController
@current_ability ||= super.merge(my_engine_ability)
The commit here.
Is there another way to do this? Thanks!
Roger, sorry you didn't receive any feedback. Did this approach work out for you or did you end up doing something different? Is this still a problem for you?
Hey @derekprior , thanks for answering. I'm still using the approach described here in some applications, but I understand this is not a typical use case. Not really in a hurry for this, feel free to do as you want. Thanks!
This merging, plus overriding the current_ability method (where the merging would then happen) in the ApplicationController, could be one way to handle being logged in as multiple roles under Devise. (Devise Allows you to have multiple roles (or models/scopes) signed in at the same time.)
Another way to handle this would be to pass multiple models to the Ability's initialize() and mix everything in one Ability class. However this seems much less clean/readable/preferable, ... to me.
Why don't you make a pull request from your patch?
For handling multiple roles, one could use cantago gem and there are few others.
I am going to close this issue and any further discussion can be carried out in the pull-request section. Thanks.