load_and_authorize_resource with nested and no nested route #931

Open
hylozero opened this Issue Sep 10, 2013 · 4 comments

Comments

Projects
None yet
4 participants

Hello everyone!

So I have this controller with two differents routes. One of it is a nested route and another is direct route. It means I have some parameter on nested route that does not exists on direct route.

I tried to perform the load_and_authorize_resource method with a before_filter, so I can detect the nested params presence but got no success.

So how can I perform this? Any help?

Thanks in advance!

This would be interesting as I faced the same problem here. Using the load_and_authorize_resource in another before_filter does not work, as it's not a method you can call.

gdott9 commented Oct 24, 2013

Hello,

You can use the shallow option with load_and_authorize_resource.
https://github.com/ryanb/cancan/wiki/Nested-Resources#shallow-nesting

edit: Ah I'm sorry, mixed up this one with another issue.

Of course, nested resource with shallow routing is the way to go.

bboy79 commented Jan 8, 2014

Hi there : ) I seem to have the same problem. I have this in my controller:

class RoomsController < ApplicationController
  load_and_authorize_resource :hotel
  load_and_authorize_resource through: :hotel, shallow: true   

My routes are "/hotels/:id/rooms" and "rooms/:id". I can access the first route, and the authorization is correct, meaning that the owner of an hotel can't access the rooms of other hotels. However, when I try to access rooms/:id, I get a RecordNotFound error (Couldn't find Hotel with id=). Anyone knows how to solve this? Thanks in advance!!

Edit: Nevermind, @francocatena's CanCan fork resolves this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment