allow actions based on parent object and child class? #623

Open
emiltin opened this Issue May 17, 2012 · 6 comments

Projects

None yet

4 participants

@emiltin

suppose roles belong to user and projects, and that projects have many task and members. only if a user has admin role to a specific project, should she be able to index tasks on that project. however, any user can index members

how do i do this?

to handle this in a block, it seems to me that i need to tell cancan both the project and the class the user wants to create.

@rmcastil
Collaborator

@emiltin Have you checked out Defining Abilities with Blocks?

If it doesn't document your particular use case can you create a gist with your model relationships so that we can better understand your problem and update the documentation?

Thanks!

@emiltin

thanks. yes i read about blocks. but blocks are only called when there's an object, not when i pass a class. i hope this gist illustrate my use case: https://gist.github.com/2724033

@cmar
Collaborator

It seems like it would be much cleaner to just define the ability for Theme and inside the block check the themes.challenge.

Since you've already defined the ability for Challenge above, you could try:

can :manage, Challenge do |challenge|
challenge.roles.exists? :user_id => user.id
end
can :manage, Theme do |theme|
can? :manage, theme.challenge
end

@emiltin

the point is that the block is not called if you pass a class to authorize, only when you pass an object. when you're in a collection method, there's no object:

authorize! :index, Theme #always return true, because the block is never called

@emiltin

also, permissions might need to be different on Challenges and Themes, so doing "can? :manage, theme.challenge" is not always good enough

@xhoy

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

@emiltin emiltin referenced this issue in ibikecph/ibikecph-site Nov 18, 2014
Closed

Forked gems and hacks still necessary? #4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment