Skip to content
This repository has been archived by the owner on Dec 12, 2021. It is now read-only.

authorize_resource :class => false does not work #944

Closed
dlbock opened this issue Sep 25, 2013 · 6 comments
Closed

authorize_resource :class => false does not work #944

dlbock opened this issue Sep 25, 2013 · 6 comments

Comments

@dlbock
Copy link

dlbock commented Sep 25, 2013

I have the following configuation:

screen shot 2013-09-25 at 12 45 40 pm

screen shot 2013-09-25 at 12 45 48 pm

screen shot 2013-09-25 at 12 45 56 pm

The only way I got it to work was to specifically call authorize! :index, :jobs, authorize! :trigger :jobs, etc on each action.
@graywh
Copy link

graywh commented Sep 26, 2013

According to the wiki page https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers, cancan will check permissions on :job, not :jobs. Try using the singular forms in your ability class.

@dlbock
Copy link
Author

dlbock commented Sep 26, 2013

That did it! Thanks @graywh!

@dlbock dlbock closed this as completed Sep 26, 2013
@dlbock
Copy link
Author

dlbock commented Sep 26, 2013

Actually @graywh, another clarification if you would indulge me (the wiki page isn't entirely clear). If the controller name is also in the singular format say BackgroundDeployController for example, would specifying in the singular in ability.rb mess things up as well? I can test this out, but thought if you can give me some quick insight that would be helpful. Thanks!

@graywh
Copy link

graywh commented Sep 26, 2013

The rails convention is to use the plural form for controller names, regardless of the resource being plural or singular.

@dlbock
Copy link
Author

dlbock commented Sep 26, 2013

Yes, I understand the rails convention. This is an app that I inherited
from someone who wasn't familiar with rails, and I've been trying to
implement authorization without having to make large, over-hauling changes.

On Thu, Sep 26, 2013 at 11:59 AM, Will Gray notifications@github.comwrote:

The rails convention is to use the plural form for controller names,
regardless of the resource being plural or singular.


Reply to this email directly or view it on GitHubhttps://github.com//issues/944#issuecomment-25179848
.

Dahlia Bock | +1718.640.0083 |
http://www.dahliabock.com/bloghttp://dahliabock.com/blog

@1v
Copy link

1v commented Nov 7, 2017

If you have class: false you can check controller name like that:

'BackgroundDeploy'.underscore.split('/').last.singularize.to_sym

Or just pass symbol:

load_and_authorize_resource class: :background_deploy

Or watch what can be passed:

cancan/lib/cancan/controller_resource.rb

Lines 144 to 151 in 4560928

def resource_class
case @options[:class]
when false then name.to_sym
when nil then namespaced_name.to_s.camelize.constantize
when String then @options[:class].constantize
else @options[:class]
end
end

Not documented at all.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@graywh @dlbock @1v