Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Calling can? without an object #544

zdennis opened this Issue Jan 9, 2012 · 3 comments


None yet
3 participants

zdennis commented Jan 9, 2012

Currently, the API of can is this:

def can?(action, subject, *extra_args)

This assumes you are always going to call #can? with an object specifically to check permissions on. It would be nice if the subject could be omitted when not applicable:

def can?(action, *args)
    subject, extracts_args = ... 

I'm not sure if this is possible base don how extra_args works, but it would be helpful when a rule being applied isn't tied to a particular object (and is instead system-wide).


  can? :do_thing

opposed having to pass in an object:

 can? :do_thing, object

I realize this is more the exception than the rule, but even attempting it fails because can? expects at least 2 arguments.


pokonski commented Jan 9, 2012

If it's system-wise, not based on any model then why do you use cancan for it? Make an if and a config variable?

zdennis commented Jan 9, 2012

While it is not based on a model it is based on other run-time determined conditions. We are using cancan's ability to take a block to provide some custom logic, ie:

can do |action, object_class, object|
  case action
  when :access_admin_app
    # dont care about object in this case
    # ...

So we can't rely on a config variable. We want to continue to use CanCan for consistency in how permissions are applied throughout the system (for the currently logged in user).


Seems like a stretch use case. You could always define an empty class and use that as a reference object, I would think... But this really doesn't feel like a good use case for cancan to me...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment