Skip to content

Index action ... is that the way it should be written ? #551

Closed
erwin16 opened this Issue Jan 20, 2012 · 3 comments

3 participants

@erwin16
erwin16 commented Jan 20, 2012

I defined an ability for admin users to avoid display of superadmin info :
( the superadmin record doesn't belongs to any area ... so area_id => nil )

class BackofficeAbility
  include CanCan::Ability
  def initialize(user)
   user ||= Admin.new
  if user.is? :admin
  cannot :index, Admin, :area_id => nil

It seems I have to define the :index action like that : ( as described in the wiki pages , Admin.accessible_by(ability).paginate ..)

 def index
   ability = BackofficeAbility.new(current_admin)
    @order = ["created_at desc", "name asc"]
    @page_number = params[:page].nil? ? 1 : params[:page].to_i
    @admins = Admin.accessible_by(ability).paginate(:page => @page_number, :per_page => Admin.per_page)
    @total_pages = @admins.count / Admin.per_page + (@admins.count % Admin.per_page > 0 ? 1 : 0 )
end

it running fine .... I tested without the ability check in the :index action and it's not fine , superadmin record is displayed ..
I thought the ability would have been already checked by the load_and_authorize_resource , isn't ???

thanks for clarifying it ...

@order
order commented Jan 20, 2012
@derekprior
Collaborator

@erwin, Are you still having an issue? I'm not entirely sure of the problem you're describing. If you are still having this problem and can provide some more context, then that would be helpful.

@erwin16
erwin16 commented May 14, 2012

thanks Derek, I'm not anymore;.. I got a better understanding of CanCan so I can control it better .... nice to test it easily...

@erwin16 erwin16 closed this May 14, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.