Skip to content


Subversion checkout URL

You can clone with
Download ZIP


authorization for shared view #534

pviral opened this Issue · 1 comment

2 participants


The problem is: I have shared partial (description.rhtml) and it is used by two different models (Product and Orders). So when some one go to

This description section has edit button on it so the user can edit it but the condition is

  • the user must be owner of the product when on product/1 page or
  • owner of order when user is on order/1 page.

My ability class check for

if user is owner or not - depending on product or order controller However on shared description view, I have :

 if (can? :update, @orders) || (can? :update, @product)
 < hide edit button >

if can? :update, @orders

return true or false, if user is on order/1 page but it return false when user is viewing product/1 page. So the logic works fine when user view order page but when user view product page it hide edit button even though user is authorize to edit description.

So my question is how can make use CanCan to make sure if users are viewing product I can authorize user to edit Product description and when user is viewing Orders page I can authorize to edit Order description


Could you name @orders and @product to the same thing in the controller? That way it will be dynamically choosing a model either orders or products depending on which one they are viewing. So you would have

Orders Controller
@orders = Order.find(params[:id])
@items = @orders

Products Controller
@products = Product.find(params[:id])
@items = @products

if can? :update, @items

@pviral pviral closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.