Note for Devise / CanCan 2.0 users #959

Open
mribbons opened this Issue Nov 12, 2013 · 1 comment

2 participants

@mribbons

I had some trouble with this and couldn't find anything online so I'm just posting this one to help anyone who may come across the same problem:

Ruby 2.0
Rails 4.0.1
CanCan 2.0.0
Devise 3.2.0

Using

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  enable_authorization
end

When attempting to access sign_in resource I got this error:
CanCan::Unauthorized in Devise::SessionsController#new

I had to add this to ability.rb:

can :create, %i(devise/sessions)

(Or < ruby 2)
can :create :"devise/sessions"

I tried several things that didn't work:

# Note use of :access would not be secure in production
can :access :users
can :access Devise::SessionsController

Apologies if this is an inappropriate post.

Regards,
Mike Ribbons

@graywh

Instead of an issue, you could update the wiki https://github.com/ryanb/cancan/wiki/CanCan-2.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment