Skip roles for data relevant abilities, which are based on blocks #844

mojovski opened this Issue Mar 27, 2013 · 3 comments


None yet

3 participants


Example: A user can manage itself, is implemented like this:

can :manage, User do |u| 

However, the query

can?(:create, User)

is ALWAYS responded with "true",
since User is matches the class, but the block is never executed.

I would like to avoid this behaviour.
So I changed the Rule.match_conditions?
method as following:

Currently it works for my use cases.

But did I miss something?? Maybe you already considered such cases and I just overlooked the trick?

Thank you


When you ask can?(:create, User), it means "Can create any user". In Checking Abilities it says:

If a block or hash of conditions exist they will be ignored when checking on a class, and it will return true.

I believe this issue can be closed.


Well, this does not fit to my logic. If I would like to evaluate an object before granting access, I need an object. Of none is given, no access is granted. This is the effect of the change I proposed above.

If this is not of interest for cancan, you can close this issue.

xhoy commented Apr 10, 2014

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment