Index action ... is that the way it should be written ? #551

Closed
erwin16 opened this Issue Jan 20, 2012 · 3 comments

Comments

Projects
None yet
3 participants
@erwin16

erwin16 commented Jan 20, 2012

I defined an ability for admin users to avoid display of superadmin info :
( the superadmin record doesn't belongs to any area ... so area_id => nil )

class BackofficeAbility
  include CanCan::Ability
  def initialize(user)
   user ||= Admin.new
  if user.is? :admin
  cannot :index, Admin, :area_id => nil

It seems I have to define the :index action like that : ( as described in the wiki pages , Admin.accessible_by(ability).paginate ..)

 def index
   ability = BackofficeAbility.new(current_admin)
    @order = ["created_at desc", "name asc"]
    @page_number = params[:page].nil? ? 1 : params[:page].to_i
    @admins = Admin.accessible_by(ability).paginate(:page => @page_number, :per_page => Admin.per_page)
    @total_pages = @admins.count / Admin.per_page + (@admins.count % Admin.per_page > 0 ? 1 : 0 )
end

it running fine .... I tested without the ability check in the :index action and it's not fine , superadmin record is displayed ..
I thought the ability would have been already checked by the load_and_authorize_resource , isn't ???

thanks for clarifying it ...

@order

This comment has been minimized.

Show comment
Hide comment
@order

order Jan 20, 2012

I think that this email reached me in error. I have nothing to do with this
project.

On Fri, Jan 20, 2012 at 8:59 AM, Kadoudal <
reply@reply.github.com

wrote:

I defined an ability for admin users to avoid display of superadmin info :
( the superadmin record doesn't belongs to any area ... so area_id => nil
)

class BackofficeAbility
include CanCan::Ability
def initialize(user)
user ||= Admin.new
if user.is? :admin
cannot :index, Admin, :area_id => nil

It seems I have to define the :index action like that : ( as described in
the wiki pages , Admin.accessible_by(ability).paginate ..)
def index
ability = BackofficeAbility.new(current_admin)
@order = ["created_at desc", "name asc"]
@page_number = params[:page].nil? ? 1 : params[:page].to_i
@admins = Admin.accessible_by(ability).paginate(:page => @page_number,
:per_page => Admin.per_page)
@total_pages = @admins.count / Admin.per_page + (@admins.count %
Admin.per_page > 0 ? 1 : 0 )
end

it running fine .... I tested without the ability check in the :index
action and it's not fine , superadmin record is displayed ..
I thought the ability would have been already checked by the
load_and_authorize_resource , isn't ???

thanks for clarifying it ...


Reply to this email directly or view it on GitHub:
#551

order commented Jan 20, 2012

I think that this email reached me in error. I have nothing to do with this
project.

On Fri, Jan 20, 2012 at 8:59 AM, Kadoudal <
reply@reply.github.com

wrote:

I defined an ability for admin users to avoid display of superadmin info :
( the superadmin record doesn't belongs to any area ... so area_id => nil
)

class BackofficeAbility
include CanCan::Ability
def initialize(user)
user ||= Admin.new
if user.is? :admin
cannot :index, Admin, :area_id => nil

It seems I have to define the :index action like that : ( as described in
the wiki pages , Admin.accessible_by(ability).paginate ..)
def index
ability = BackofficeAbility.new(current_admin)
@order = ["created_at desc", "name asc"]
@page_number = params[:page].nil? ? 1 : params[:page].to_i
@admins = Admin.accessible_by(ability).paginate(:page => @page_number,
:per_page => Admin.per_page)
@total_pages = @admins.count / Admin.per_page + (@admins.count %
Admin.per_page > 0 ? 1 : 0 )
end

it running fine .... I tested without the ability check in the :index
action and it's not fine , superadmin record is displayed ..
I thought the ability would have been already checked by the
load_and_authorize_resource , isn't ???

thanks for clarifying it ...


Reply to this email directly or view it on GitHub:
#551

@derekprior

This comment has been minimized.

Show comment
Hide comment
@derekprior

derekprior May 14, 2012

Collaborator

@erwin, Are you still having an issue? I'm not entirely sure of the problem you're describing. If you are still having this problem and can provide some more context, then that would be helpful.

Collaborator

derekprior commented May 14, 2012

@erwin, Are you still having an issue? I'm not entirely sure of the problem you're describing. If you are still having this problem and can provide some more context, then that would be helpful.

@erwin16

This comment has been minimized.

Show comment
Hide comment
@erwin16

erwin16 May 14, 2012

thanks Derek, I'm not anymore;.. I got a better understanding of CanCan so I can control it better .... nice to test it easily...

erwin16 commented May 14, 2012

thanks Derek, I'm not anymore;.. I got a better understanding of CanCan so I can control it better .... nice to test it easily...

@erwin16 erwin16 closed this May 14, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment