Skip to content

Basic newbie issue #537

vince opened this Issue Dec 28, 2011 · 1 comment

1 participant

vince commented Dec 28, 2011

I've got a very basic problem trying to protect a custom action where, no matter what I try, I keep getting "You are not authorized to access this page."


def sent
  @page_title = "Message Center"
  @company = Company.find(params[:company_id])
  @messages = @company.sent_messages
  authorize!(:view_sent_messages, current_user)


def initialize(user)
  user ||=

  if user.has_role? :admin
    can :manage, :all

    can :view_sent_messages, Message do |message|
      message.sender_company_id == user.company_id

I've also tried without success

can :view_sent_messages, Message
can :view_sent_messages, Message, sender_company_id: user.company_id
can :view_sent_messages, Message do |message|

From console:

ruby-1.9.2-p290 :004 > Message.accessible_by(ability)
 => [] 

or sometimes I get an error: CanCan::Error: The accessible_by call cannot be used with a block 'can' definition. Basically I'm at the wall at must be doing something really stupid since this isn't that complicated of a use case. Any help would be greatly appreciated!

vince commented Dec 28, 2011

Murphy's law.. figured it out a few minutes after posting.

changed my controller to:

authorize!(:view_sent_messages, @company)

changed ability.rb to

can :view_sent_messages, Company, id: user.company_id
@vince vince closed this Dec 28, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.