You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
I'm having an issue with CanCan allowing access, when I don't think it should, when using a hash of conditions.
I have a rails model/table called projects, which controls access to documents and collections (sets of documents). Projects may be accessed by multiple users, called collaborators, if given permission by the project owner. There is also a collaborators table that tracks which users have access to which projects.
This all works as expected for read only access using a single permission or a single nested permission. For example, this works for collaborators:
I have a case where users other than the owner may need to manage a project. I call these users "editors". To check for editors I have a boolean field in the collaborators table called "editor". To allow editors access I created the following hash of conditions in CanCan:
However, this grants manage access to all collaborators if the editor field is true for any collaborator. I only want to grant manage access to a collaborator if the collaborator is also an editor, all other collaborators should only have read access. Since the above ability dose not work, I have an idea that what I need is something like this:
can :manage, Project, :collaborators => { :user_id => user.id AND :editor => true}
But I don't know how to do this. We are using PostgreSQL as our database if that helps. Thanks.
The text was updated successfully, but these errors were encountered:
This issue is also on stack overflow.
http://stackoverflow.com/questions/18643913/rails-cancan-overly-permissive-with-hash-of-conditions
I'm having an issue with CanCan allowing access, when I don't think it should, when using a hash of conditions.
I have a rails model/table called projects, which controls access to documents and collections (sets of documents). Projects may be accessed by multiple users, called collaborators, if given permission by the project owner. There is also a collaborators table that tracks which users have access to which projects.
This all works as expected for read only access using a single permission or a single nested permission. For example, this works for collaborators:
can :read, Project, :collaborators => { :user_id => user.id }
can :read, Collection, :projects => { :collaborators => { :user_id => user.id } }
can :read, Document, :collection => { :projects => { :collaborators => { :user_id => user.id }}}
I have a case where users other than the owner may need to manage a project. I call these users "editors". To check for editors I have a boolean field in the collaborators table called "editor". To allow editors access I created the following hash of conditions in CanCan:
can :manage, Project, :collaborators => { :user_id => user.id }, :collaborators => { :editor => true }
However, this grants manage access to all collaborators if the editor field is true for any collaborator. I only want to grant manage access to a collaborator if the collaborator is also an editor, all other collaborators should only have read access. Since the above ability dose not work, I have an idea that what I need is something like this:
can :manage, Project, :collaborators => { :user_id => user.id AND :editor => true}
But I don't know how to do this. We are using PostgreSQL as our database if that helps. Thanks.
The text was updated successfully, but these errors were encountered: