-
Notifications
You must be signed in to change notification settings - Fork 783
:read ability not being logically OR'ed as it says in the docs #613
Comments
Update!!! Actually I can use these two together and it works as expected: can :read, Message, :user_id => user.id It is a problem when group_id and tournament_id are blank......? |
Just a thought as I don't know all the code, but if its a problem when group_id and tournament_id are blank then maybe you need some sort of if/else to check for that and alter the ability so they can or cannot do what you need it to do if those variables are blank. If they are blank, I don't see this as an issue with CanCan specifically. Just my thoughts. - A |
I've verified the issue, though I'm not sure if it's intentional. The following fails: user = User.create!
group = Group.create!
@ability.can :read, Message, :user => {:id => user.id}
@ability.can :read, Message, :group => {:id => group.id}
message = Message.create!(:user => user)
Message.accessible_by(@ability).should == [message] I believe this fails due to the nature of the INNER JOIN generated by ActiveRecordAdapter#joins. #joins will generate Using IDs explicitly will get the spec to pass because it references message#group_id, circumventing the JOINS: user = User.create!
group = Group.create!
@ability.can :read, Message, :user_id => user.id
@ability.can :read, Message, :group_id => group.id
message = Message.create!(:user => user)
Message.accessible_by(@ability).should == [message] In this specific case, you can use a workaround which does not use associations via a nested conditionals hash: can :read, Message, :user_id => user.id
can :read, Message, :group_id => user.group_ids
can :read, Message, :tournament_id => user.tournament_ids |
Hi Mikepack, Thanks for the explanation, that makes more sense now. In the end I moved the tests into a block and created a method in User model to do all the checks I needed. can :read, Message do |message| However, I have just tested your suggestion and yes it works as originally intended. So now I have a choice to make... Thanks! |
Reopening: issue is still a bug and needs resolution/documentation. |
I'm facing a similar issue with abilities below
Calling accessible_by on the Activity results in an INNER_JOIN which eliminates activities with zero invitations
|
There are two issues with the current way cancan handles associations: 1) Records are returned multiple times in some circumstances 2) Several defined abilities prevent some records to show up under certain circumstances This commit includes tests for both cases. It fixes both problems by changing `joins` to `includes` for the AR adapters. This could have performance implications, since `includes` will also select all columns in the associated records. We tried various ways of achieving the same thing using Arel directly, but were unable to make this work due to lack of support for outer joins in Rails 3.1. This closes issues ryanb#724, ryanb#566 and ryanb#613
There are two issues with the current way cancan handles associations: 1) Records are returned multiple times in some circumstances 2) Several defined abilities prevent some records to show up under certain circumstances This commit includes tests for both cases. It fixes both problems by changing `joins` to `includes` for the AR adapters. This could have performance implications, since `includes` will also select all columns in the associated records. We tried various ways of achieving the same thing using Arel directly, but were unable to make this work due to lack of support for outer joins in Rails 3.1. This closes issues ryanb#724, ryanb#566 and ryanb#613
Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still. If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan) We hope to see you on the other side! |
I have a Message class which can belong to a Group, a Tournament or a User.
It can also be of type MsgScope = "System"
I want the user to be able to have :read access according to these restrictions logically OR'ed (as it says they should be in the docs):
However, these lines all work individually when I comment-out the others but as a group they exclude eachother and you never see any messages on the INDEX page. What am I doing wrong?
The text was updated successfully, but these errors were encountered: