Skip to content
This repository

Skip roles for data relevant abilities, which are based on blocks #844

Open
mojovski opened this Issue March 27, 2013 · 3 comments

3 participants

mojovski Jared Beck xhoy
mojovski

Example: A user can manage itself, is implemented like this:

can :manage, User do |u|
        u.id==user.id 
end

However, the query

can?(:create, User)

is ALWAYS responded with "true",
since User is matches the class, but the block is never executed.

I would like to avoid this behaviour.
So I changed the Rule.match_conditions?
method as following:
mojovski@9061270

Currently it works for my use cases.

But did I miss something?? Maybe you already considered such cases and I just overlooked the trick?

Thank you

Jared Beck

When you ask can?(:create, User), it means "Can create any user". In Checking Abilities it says:

If a block or hash of conditions exist they will be ignored when checking on a class, and it will return true.

I believe this issue can be closed.

mojovski

Well, this does not fit to my logic. If I would like to evaluate an object before granting access, I need an object. Of none is given, no access is granted. This is the effect of the change I proposed above.

If this is not of interest for cancan, you can close this issue.

xhoy
xhoy commented April 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.