allow actions based on parent object and child class? #623

emiltin opened this Issue May 17, 2012 · 6 comments


None yet

4 participants

emiltin commented May 17, 2012

suppose roles belong to user and projects, and that projects have many task and members. only if a user has admin role to a specific project, should she be able to index tasks on that project. however, any user can index members

how do i do this?

to handle this in a block, it seems to me that i need to tell cancan both the project and the class the user wants to create.


@emiltin Have you checked out Defining Abilities with Blocks?

If it doesn't document your particular use case can you create a gist with your model relationships so that we can better understand your problem and update the documentation?


emiltin commented May 18, 2012

thanks. yes i read about blocks. but blocks are only called when there's an object, not when i pass a class. i hope this gist illustrate my use case:

cmar commented May 18, 2012

It seems like it would be much cleaner to just define the ability for Theme and inside the block check the themes.challenge.

Since you've already defined the ability for Challenge above, you could try:

can :manage, Challenge do |challenge|
challenge.roles.exists? :user_id =>
can :manage, Theme do |theme|
can? :manage, theme.challenge

emiltin commented May 18, 2012

the point is that the block is not called if you pass a class to authorize, only when you pass an object. when you're in a collection method, there's no object:

authorize! :index, Theme #always return true, because the block is never called

emiltin commented May 18, 2012

also, permissions might need to be different on Challenges and Themes, so doing "can? :manage, theme.challenge" is not always good enough

xhoy commented Apr 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (

We hope to see you on the other side!

@emiltin emiltin referenced this issue in ibikecph/ibikecph-site Nov 18, 2014

Forked gems and hacks still necessary? #4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment