You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
We have an app that is using an authorization scheme that is based on models (as opposed to controller actions).
For instance, we have admin, member and guest roles and say, User, Post and Comment models. We then declaratively define which CRUD operation each role is allowed, per model. We also define the scope at which each role is able to perform the operation, where scope can be All, Mine or None. All means that the current_user can perform an operation on data owned by herself as well as any other user. Mine means she can only operate on data owned by her self. None means no access.
Having looked at cancan briefly, I felt like this is not a well supported scenario, so I implemented a solution modeled loosely after Ryan's Authorization from Scratch railscast.
Was I correct in my understanding that cancan does not support this model out of the box?
If there is interest, I can help investigate building this into the gem (v2.x?).
Thanks for your input.
The text was updated successfully, but these errors were encountered:
What makes you think it wouldn't support your scheme? Have you looked at the documentation on defining abilities? It comes down to can [CRUD action(s)], [model], [condition--all,mine].
yes, your scnario is supported. you can also use callback (block methods) to check the authorization for a speicifc action using the data behind an instance:
Thanks for clarifying this. I will take a closer look and see if I can replace my custom scheme with this. If I run into a specific roadblock, will open a new issue to discuss. Thanks.
We have an app that is using an authorization scheme that is based on models (as opposed to controller actions).
For instance, we have
admin
,member
andguest
roles and say,User
,Post
andComment
models. We then declaratively define which CRUD operation each role is allowed, per model. We also define the scope at which each role is able to perform the operation, where scope can beAll
,Mine
orNone
. All means that the current_user can perform an operation on data owned by herself as well as any other user. Mine means she can only operate on data owned by her self. None means no access.Having looked at cancan briefly, I felt like this is not a well supported scenario, so I implemented a solution modeled loosely after Ryan's Authorization from Scratch railscast.
Was I correct in my understanding that cancan does not support this model out of the box?
If there is interest, I can help investigate building this into the gem (v2.x?).
Thanks for your input.
The text was updated successfully, but these errors were encountered: