Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Access model and Restrict controller actions #557

jmaniv opened this Issue · 1 comment

2 participants


I have Tool and ToolType resource.I want to set following permissions as per role
1) Admin can manage all
2) User can manage
a) Tool resources(both Toolscontroller's action and Tool model)
b) Should only be able to read the ToolType model which user_id is equal to

Menu links in layout/application.html.erb
<div id="menu">
<%=link_to "Tools", tools_url if can? :index, Tool%>
<%=link_to "ToolTypes", tool_types_url if can? :index, ToolType%>

in my ability.rb:

if user.has_role? :sysadmin
      can :manage, :all
      can :manage, Tool, :user_id =>
      can :read, ToolType, :user_id =>
      cannot :index, ToolType

My problem is: its enable tool types link in my menu even I was login as normal user.

How to access Tool resources( Tool model and ToolController's action)
and ToolType model only( restrict ToolTypeController's action).
Because while creating new Tools I need a list of ToolType and I want to restrict normal users from viewing all ToolType.


The :read action is an alias for :show and :index. You have declared that non :sysadmin users should be able to read and show ToolTypes that belong to them. That means they can also index the ToolTypes that belong to them - which is more specific than the later cannot call to disallow :index of all ToolTypes. I think you want to change your else block to:

can :manage, Tool, :user_id =>
can :show, ToolType, :user_id =>

If you still need assistance, please comment and we can reopen.

@derekprior derekprior closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.