Skip to content

Basic newbie issue #537

Closed
vince opened this Issue Dec 28, 2011 · 1 comment

1 participant

@vince
vince commented Dec 28, 2011

I've got a very basic problem trying to protect a custom action where, no matter what I try, I keep getting "You are not authorized to access this page."

messages_controller.rb

def sent
  @page_title = "Message Center"
  @company = Company.find(params[:company_id])
  @messages = @company.sent_messages
  authorize!(:view_sent_messages, current_user)
end

ability.rb

def initialize(user)
  user ||= User.new

  if user.has_role? :admin
    can :manage, :all
  else

    can :view_sent_messages, Message do |message|
      message.sender_company_id == user.company_id
    end
end

I've also tried without success

can :view_sent_messages, Message
can :view_sent_messages, Message, sender_company_id: user.company_id
can :view_sent_messages, Message do |message|
     true
end

From console:

ruby-1.9.2-p290 :004 > Message.accessible_by(ability)
 => [] 

or sometimes I get an error: CanCan::Error: The accessible_by call cannot be used with a block 'can' definition. Basically I'm at the wall at must be doing something really stupid since this isn't that complicated of a use case. Any help would be greatly appreciated!

@vince
vince commented Dec 28, 2011

Murphy's law.. figured it out a few minutes after posting.

changed my controller to:

authorize!(:view_sent_messages, @company)

changed ability.rb to

can :view_sent_messages, Company, id: user.company_id
@vince vince closed this Dec 28, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.