Basic newbie issue #537

Closed
vince opened this Issue Dec 28, 2011 · 1 comment

Comments

Projects
None yet
1 participant
@vince

vince commented Dec 28, 2011

I've got a very basic problem trying to protect a custom action where, no matter what I try, I keep getting "You are not authorized to access this page."

messages_controller.rb

def sent
  @page_title = "Message Center"
  @company = Company.find(params[:company_id])
  @messages = @company.sent_messages
  authorize!(:view_sent_messages, current_user)
end

ability.rb

def initialize(user)
  user ||= User.new

  if user.has_role? :admin
    can :manage, :all
  else

    can :view_sent_messages, Message do |message|
      message.sender_company_id == user.company_id
    end
end

I've also tried without success

can :view_sent_messages, Message
can :view_sent_messages, Message, sender_company_id: user.company_id
can :view_sent_messages, Message do |message|
     true
end

From console:

ruby-1.9.2-p290 :004 > Message.accessible_by(ability)
 => [] 

or sometimes I get an error: CanCan::Error: The accessible_by call cannot be used with a block 'can' definition. Basically I'm at the wall at must be doing something really stupid since this isn't that complicated of a use case. Any help would be greatly appreciated!

@vince

This comment has been minimized.

Show comment
Hide comment
@vince

vince Dec 28, 2011

Murphy's law.. figured it out a few minutes after posting.

changed my controller to:

authorize!(:view_sent_messages, @company)

changed ability.rb to

can :view_sent_messages, Company, id: user.company_id

vince commented Dec 28, 2011

Murphy's law.. figured it out a few minutes after posting.

changed my controller to:

authorize!(:view_sent_messages, @company)

changed ability.rb to

can :view_sent_messages, Company, id: user.company_id

@vince vince closed this Dec 28, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment