Skip to content

(:can) + (:cannot with parameter) on same model results in wrong SQL query #807

Open
vectriss opened this Issue Jan 21, 2013 · 2 comments

3 participants

@vectriss

Hi,

I've got this code in Rails 3.2.11 project with CanCan 1.6.8:

Ability model:

if user.is_super_admin?
    can :manage, User
    cannot :manage, User, :rank => "root"
end

in UserController:

load_and_authorize_resource

def index
    # empty
end

and when I run WEBrick, log in as super_admin and go to user/index action cancan runs this SQL (from development.log):

SELECT users.* FROM users WHERE users.rank = 'root';

resulting in selecting only the 'root' user from the DB where I want the opposite effect.

CanCan should run something like this:

SELECT users.* FROM users WHERE users.rank != 'root';

i noticed that when i put this code in Ability instead of code mentioned earlier it all works fine:

if user.is_super_admin?
    can :manage, User, :rank => 'user'
    can :manage, User, :rank => 'admin'
    can :manage, User, :rank => 'super_admin'
end

am I missing something or is it a bug?

@alex-handley

@vectriss did you resolve the issue? if not i'd be happy to help.

@xhoy
xhoy commented Jul 1, 2014

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013.
Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.