Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Custom objects in abilities #8

Closed
ryanb opened this Issue · 1 comment

1 participant

Ryan Bates
Ryan Bates
Owner

There are times one needs to set permission on something which doesn't have to do with a model or ruby class. Perhaps there's a page which displays general statistics about the site. One should be able to use a symbol or any other object when defining abilities, and then it will only match that same object.

can :read, :stats
can? :read, :stats # => true

If one passes a block to this, then no additional objects should be passed since we aren't dealign with a class here.

can :read, :stats do
  # ...
end

So in this case the block is a little pointless since you can define conditions in an "if" condition outside of this. The only real difference is the block gets executed on each check.

The :stats symbol could be any object, so in theory this could be used to match a specific record in the database. However, I recommend using the block for performance reasons.

can :manage, user.profile # don't do this
can(:manage, Profile) { |profile| user.profile == profile } # do this

This will lead to better performance since you are only loading the record object when performing the check and not on every request.

This should be mentioned in the documentation.

Ryan Bates
Owner

support custom objects (usually symbols) in can definition - closed by e603655

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.