authorize_resource :class => false does not work #944

Closed
dlbock opened this Issue Sep 25, 2013 · 5 comments

Comments

Projects
None yet
2 participants

dlbock commented Sep 25, 2013

I have the following configuation:

screen shot 2013-09-25 at 12 45 40 pm

screen shot 2013-09-25 at 12 45 48 pm

screen shot 2013-09-25 at 12 45 56 pm

The only way I got it to work was to specifically call authorize! :index, :jobs, authorize! :trigger :jobs, etc on each action.

graywh commented Sep 26, 2013

According to the wiki page https://github.com/ryanb/cancan/wiki/Non-RESTful-Controllers, cancan will check permissions on :job, not :jobs. Try using the singular forms in your ability class.

dlbock commented Sep 26, 2013

That did it! Thanks @graywh!

dlbock closed this Sep 26, 2013

dlbock commented Sep 26, 2013

Actually @graywh, another clarification if you would indulge me (the wiki page isn't entirely clear). If the controller name is also in the singular format say BackgroundDeployController for example, would specifying in the singular in ability.rb mess things up as well? I can test this out, but thought if you can give me some quick insight that would be helpful. Thanks!

graywh commented Sep 26, 2013

The rails convention is to use the plural form for controller names, regardless of the resource being plural or singular.

dlbock commented Sep 26, 2013

Yes, I understand the rails convention. This is an app that I inherited
from someone who wasn't familiar with rails, and I've been trying to
implement authorization without having to make large, over-hauling changes.

On Thu, Sep 26, 2013 at 11:59 AM, Will Gray notifications@github.comwrote:

The rails convention is to use the plural form for controller names,
regardless of the resource being plural or singular.


Reply to this email directly or view it on GitHubhttps://github.com/ryanb/cancan/issues/944#issuecomment-25179848
.

Dahlia Bock | +1718.640.0083 |
http://www.dahliabock.com/bloghttp://dahliabock.com/blog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment